Hi everyone, Welcome to issue #162. If you like this newsletter, please help spread the words out. Thank you.
How experts debug production issues in complex distributed systems
FireFox or Chrome warns you when you visit a malicious URL. How do they store that list of URL? In a big database with million of URLs on your computer. Nope. They use bloom filter.
KVM allows you to view screen, control keyboard mouse of a remote system even before the OS is fully loaded(otherwise you can use VNC or any remote desktop). But they are usually expensive. In this post the author build thing together, run on a raspberry pi.
Despite a fundamental problem of every application and many best practice. Yet, implementaion of many OAuth still has bug when first rolling out. Even Apple. NCCGroup developed the desire for a comprehensive and digestible enumeration of security concerns in the OAuth 2.0 Authorization Code flow, from an end-user (or penetration tester)’s external vantage. This post will introduce, break down the observable vulnerabilities, and explain the exploitation of each the following aspects of the Authorization Code flow.
As software engineers our job is not to produce code per se, but rather to solve problems. Unstructured text, like in the form of a design doc, may be the better tool for solving problems early in a project lifecycle
TouchID is so convenience. It would be great to make it work with sudo. It useds to have bug when running inside tmux but now they are all fixed. Worth to look into this if you use a MacBook that supports TouchID or a watch.
The core of online text editor like google doc is Conflict-free replicated data types. This post looks into LOGOOT, an example of CRDT.
UUID is used in distrubited system a lot to avoid the need of a centraliza place to generate ID. Will collision happen? Yes. And some interesting fact about googlebot that have fake JavaScript random/datetime utils which make collision likely to happen.
I probably won’t do this soon but it’s good to know what part and piece of a video hosting platform
In DIY, self-hosted spitrit, let’s see pieces and parts of email server too
Practice DEF CON CTF absolutely improve your security skill. DEF CON is one of the world’s largest and most notable hacker conventions. Basically this site give you endpoint that has vulnerability that you can try to attack it
an online game based on Qwirkle. It’s interesting because both of client and server are written in Rust. The client is compiled to webassembly and have some minimal JS to load WebAssembly
RustA set of functions for drawing perfect arrows between points and shapes..Good if you want to know about the magic behind generating smooth curve.
JavaScripta CLI-based intercepting proxy for TCP connections written in Python without third-party dependencies
PythonA chat with Brian Kernighan, author of awk, the C Programming Language, and AMPL, an algebraic modeling language for large-scale optimization
a simple, lightweight, open-source and privacy-friendly alternative to Google Analytics. It doesn’t use cookies and is fully compliant with GDPR, CCPA and PECR
a self-hosted, lightweight, and simple (yet functional) comment engine, which doesn’t spy on users. It can be embedded into blogs, articles or any other place where readers add comments.
If you have double key press issue on butterfly Mac keyboard. This small tool will save you.
a cross-platform Redis, Memcached, SSDB, LevelDB, RocksDB, UnQLite, LMDB, UpscaleDB, ForestDB, Pika management tool, also FastoNoSQL is platform for NoSQL databases,
Scale down Kubernetes Deployments, StatefulSets, and/or HorizontalPodAutoscalers during non-work hours.
BetterDev Link
Every Monday