Better Dev Link

An inexpensive, simple, vulnerable-by-design AWS environment that can be deployed and shutdown at will. So that you can try to attack this special environment and learn how to better secure your system.

A few months ago the NSA released LemonGraph, a graph database based on LMDB. Ayende read the code in lexical order, and mostly trying to figure out where things are happening and what the code is doing. It’s very interesting to see how expert explore a new codebase.

These stories are more extreme than most software bugs engineers will encounter during their careers, they are worth studying for the insights they can offer into software development and deployment.

The art of managing systems at scale lies in embracing failure and being at the edge — pushing the limits of your system and software performance ‘almost’ to breaking point, yet still being able to recover.

The main hypothesis is that we should be able to prevent access to specific rows of data based on a policy. That means our application logic only has to worry about SELECT * FROM my_table and RLS will handle the WHERE user_id = my_user_id part automagically.

WPA-2 (802.11i) has some fundamental security problems, and these have thus led to the creation of WPA-3. A core problem is around the 4-way handshake, and here is me cracking WPA-2 by listening to the handshake with just a Raspberry PI and a $10 wi-fi transceiver

As always, I like the article of real-world scaling. This is how CoinBase scale their infrastructure by keep upgrading to new version, build better tooling to identify the bottle neck, capture and replay traffic. The issue of user-device many to many relationship is interesting too.

The API, shipping in Chrome 68, provides lifecycle hooks so your pages can safely handle these browser interventions without affecting the user experience, just similar to how Android, iOS can started and stopped app anytime to reallocate resources.