Hi everyone, Welcome to issue #170.
I have noticed many companies has reduced their head count during Covid-19. So if you are looking for a job now, or want a job soon, you can check out a few resource such as data science interview questions or cracking LeetCode, not only how but also why. And this great post, laid off now what.
We linked to a few artciles on this such as The New Illustrated TLS Connection. This one focus on HTTPS and present it in a funway. If you are fan of xkcd, you gonna love this
It’s been one year since we moved GitLab.com to Kubernetes. We unpack the challenges and learnings from this major migration.
PNG is an image format that has a history of development beginning in 1995, and it is still a popular, long living format. Generally, it is known for its features such as lossless compression and the ability to handle transparent pixels. However, we do not look at image formats from a general point of view, but rather think of ways to glitch them. When we look at PNG from the point of view of glitch, what kind of peculiarity does it have?
If you could characterize state of JS cryptography in one word, it would be: “sad”. Paul has decided create TypeScript libraries that don’t use dependencies & are simple to audit for non-cryptographer. Having no math background, it wasn’t that simple.
In author’s word: I wrote a command line tool that uses BPF uprobes to intercept the TLS encrypted data that zoom sends over the network, and here I’m going to show the process I went through to write it. After I wrote this post I made the tool generic so that it can now instrument any program that uses OpenSSL. I published the code at https://github.com/alessandrod/snuffy.
JWT is no doubt very useful and simple on how to use them, but they has many vector attacks. This post look ino Hardcoded secrets, Allowing the none algorithm for signing, Missing or incorrect token validation, Sensitive data exposure
How do you response to DOS/DDOS attach? This article tries to cut through those arguments. It provides a framework for engineering and application security teams to think about denial-of-service risk, breaks down DoS vulnerabilities into high-, medium-, and low-risk classes, and has recommendations for mitigations at each layer.
These notes describe the most efficient hash functions currently known for hashing integers and strings. These modern hash functions are often an order of magnitude faster than those presented in standard text books. They are also simpler to implement, and hence a clear win in practice, but their analysis is harder.
Shopify’s core monolith has over 2.8 million lines of Ruby code and 500,000 commits. Rails doesn’t provide patterns or tooling for managing the inherent complexity and adding features in a structured, well-bounded way. Shopify founded a team to investigate how to make their Rails monoliths more modular. The goal was to help them scale towards ever increasing system capabilities and complexity by creating smaller, independent units of code they called components.
Last week I included a links to how Gitlab upgrade their database. This is the recording of that process in 2 hours. You gotta see their engineers doing this live :-). It’s interesting to shadow how companies upgrade their database, the trickiest thign to upgrade as always. Require lot of planning and cordination
Diagrams lets you draw the cloud system architecture in Python code
An extensible platform for infrastructure managementa
debugging applications that use postgres as DBMS. It aims to help the user to understand his application by displaying the database events triggered by the application in real time.
yet another rss reader.
a Javacript plugin for embedding interactive code snippets in tech blogs. A simple client-side code evaluator pluggable on any web page: clojure, ruby, javascript, python, scheme, es2017, jsx, brainfuck, c++, reagent, lua, ocaml, reasonml, prolog, common lisp
BetterDev Link
Every Monday