Hi all, This week homebrew is hack because a writeable GitHub api token is stored in a public readable Jenkins. It’s so important to get the basic security right, so I include quite a bit of DevOps, best practice for production, security tools in this issue.
And thank you for subscribing to BetterDev. If you have a moment, please share this newsletter to friends.
An inexpensive, simple, vulnerable-by-design AWS environment that can be deployed and shutdown at will. So that you can try to attack this special environment and learn how to better secure your system.
A few months ago the NSA released LemonGraph, a graph database based on LMDB. Ayende read the code in lexical order, and mostly trying to figure out where things are happening and what the code is doing. It’s very interesting to see how expert explore a new codebase.
These stories are more extreme than most software bugs engineers will encounter during their careers, they are worth studying for the insights they can offer into software development and deployment.
The art of managing systems at scale lies in embracing failure and being at the edge — pushing the limits of your system and software performance ‘almost’ to breaking point, yet still being able to recover.
The main hypothesis is that we should be able to prevent access to specific rows of data based on a policy. That means our application logic only has to worry about SELECT * FROM my_table and RLS will handle the WHERE user_id = my_user_id part automagically.
WPA-2 (802.11i) has some fundamental security problems, and these have thus led to the creation of WPA-3. A core problem is around the 4-way handshake, and here is me cracking WPA-2 by listening to the handshake with just a Raspberry PI and a $10 wi-fi transceiver
As always, I like the article of real-world scaling. This is how CoinBase scale their infrastructure by keep upgrading to new version, build better tooling to identify the bottle neck, capture and replay traffic. The issue of user-device many to many relationship is interesting too.
The API, shipping in Chrome 68, provides lifecycle hooks so your pages can safely handle these browser interventions without affecting the user experience, just similar to how Android, iOS can started and stopped app anytime to reallocate resources.
No more putting secret in env file on local laptop
mathematical models representing causal relationships within an individual system or population
state consistency and operation consistency
Mitigating Cascading Failure at Lyft
modular and lightweight standard library framework for bashBash
translates a target-independent intermediate representation into executable machine codeRust
open source code of dev.to platformRuby
Self-hosted, easily-deployable monitoring and alerts service like PagerDutyPython
A collection of parallel image processing algorithms in pure GoGo
manage different Postgres version
Time Series Benchmark Suite
rsync for cloud storage
a Make/rake-like build tool using Go
Terraform Automation By Pull Request
Browser Extension to full-text search your browsing history & bookmarks
high-level parallel and distributed programming framework build on top of C/C++
On-device wake word detection engine powered by deep learning
Large-scale Metrics Platform for Prometheus
Darwin/macOS emulation layer for Linux
Better Dev Link