Hi all, This week is an issue of network knowledge, tips and tricks. The fundamental of how computers can talk to each others :-). If you enjoy this newsletter, make a small contribution to help me to keep working on it.
This team found and reported 1-click code execution vulnerabilities in popular software including Telegram, Nextcloud, VLC, Libre-/OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark and Mumble. Read on so we know more about these attacking vector to better secure our software when writing code and handle the URLs securely.
Do you know 192.168.0.1 can be written in octal as 0300.0250.0.01 or in hexadecimal as 0xc0.0xa8.0x00.0x01. And bonus point 16843009 is 1.1.1.1 so you can do ping 16843009
HTTP supports a header accept-ranges: bytes and Ranges bytes:start-end to signal it only need a part of the file. It’s usually use in streaming so we can seek to any part of video/auto. In this post we made use of it to only fetch a particular file in zip bundle
The mantra “don’t roll your own crypto” is widely known and accepted amongst programmers, but what does it actually mean? It turns out that such a simple statement is not so simple to follow.
Given a project with years of development and actively use in production? How would you go about switching to a different language? Especially in a space that move incrediblly fast as Frontend? Sentry.com shares their strategy for JavaScript to TypeScript migration to learn. If you don’t have time this week, then only read this article
In Postgres, Transaction ID can be compared is used for isolated data access control. A row version with an insertion XID greater than the current transaction’s XID is “in the future” and should not be visible to the current transaction. But it’s only 32 bits. This blog post is going to cover is an easy way to monitor for it and what can be done to prevent it ever being a problem.
Storing BLOBs in database is an open-ended discussion. When working on my email forwarding project, I did that and it isn’t that bad. If you are in the “pro BLOB” camp, we want to share some insights into how binary data can be handled in PostgreSQL with maximum efficiency.
Searching for “per process network usage linux” is disappointing. Most of the recommended tools – like iftop, nload, bmon, and iptraf. But they mostly report per-interface or per-socket traffic. In this post, OP is going to explain line-by-line how to write a bpftrace program that measures per-process network traffic. The code is C but once you learn eBPF, it’s easy to find binding for Ruby/Python/Go etc.
Content-aware image resizer based on Seam Carving algorithm. Here is the result code repository
uPnP is a features of router that allow you to port forward a client on LAN to the internet without manually configure the router. The client adverise its service, the router picks up and auto configure. It’s interesting to learn about those small protocol. Another similar project, but a bit more complex implementation is playfull so check its out too
RubyThe zero dependency Node.js module for tailing a file. Similar to tail -f but in NodeJS.
The Go backend framework with superpowers: distributed tracing, no boilerplate, secret management, api doc
GoScan git repos (or files) for secrets using regex and entropy 🔑
Feature Store for Machine Learning
a static analysis tool for shell scripts. Seriously, run your shell script through it.
The Language Server Protocol (LSP) defines the protocol used between an editor or IDE and a language server that provides language features like auto complete, go to definition, find all references etc. This is an LSP implementation for bash so you can use it in any text editor that speak LSP protocol such as vim, vscode, atom, emacs, Sublime Text.
The open-source Calendly alternative
Divide full port scan results and use it for targeted Nmap runs
BetterDev Link
Every Monday