Hi all,
In the wave of ByBit exchange being hack for 1.6billion, and the hack is very sophisciated, exploit developer access key to change an s3 bucket. The attack start by having the developer run some untrusted docker compose with privileged: true
I’ll include a few more tools in security, vulnerable scan, and supply chain attack.
If you enjoy BetterDev, please spread the word by sharing it with your friends. And if you’d like to support my work, buying me a coffee would be much appreciated.
Lots of coding AIs have cool X demos on greenfield apps. But the day-to-day of a pro software engineer working on a team looks…a little different from vibe coding. Enter Augment Code. The first developer AI built for teams and large codebases, Augment works on codebases of millions of lines of code and thousands of files, bringing full codebase context to every keystroke. Customers like Datastax, Observe, Kong, and Lemonade trust Augment because it’s fast, high quality, and secure. Even better - you don’t have to switch your IDE - Augment works in VS Code, JetBrains, and even Vim. Augment is free to try and never trains on code without consent. Start building for free today.
Imagine someone could turn your laptop, smartphone, or even your gaming console into a tracking device without your knowledge. Our research team discovered a way this can happen through Apple’s Find My network The Find My network uses over a billion Apple devices worldwide. We found a security problem that lets hackers use this system to track almost any device with Bluetooth capabilities - not just Apple products. We call this attack “nRootTag.”
In this post, we’ll cover how to prevent ransomware and provide resources & code for 11 different ransomware prevention use cases to ensure preventative controls are in place to prevent against types of ransomware attacks targeting AWS S3.
The internet is insecure by default. Attackers can intercept and modify traffic, so we need a way to secure communication and verify the server’s identity. Encryption ensures data privacy, but without verification, hackers could impersonate a legitimate website, intercepting traffic while still using encryption. This is why TLS/SSL combines encryption with authentication.
When consuming Kafka in a consumer group, the offset each consumer has bit read the message and ack it is recorded by Kafka. When they crashed or restart, they can resume from the commited ack position. But what happen if a record has been processed by consumer but failed to send the ack, the app will consume the record again on restarting. How can we somehow do 2 thing: commit the offset and the result of operation somehow in a single atomic operation. Enter Kafka transactions allow.
We usually don’t include this tutorial style link but this one is really interesting to see. We will learn how transforms, perspective, and stacked grids can create a fully addressable 3D space and push the boundaries of what’s possible with pure CSS
In this tutorial, we learn how to create a simplified clone of the mobile game Crossy Road with React Three Fiber. The goal of the game is to move a character through an endless path of static and moving obstacles. We have to go around the trees and avoid getting hit by a car or a truck. We start with the basic setup: setting up the scene, camera, and lighting. We learn how to draw the player and the map’s trees, cars, and trucks. We cover how to animate the vehicles and add event handlers to move the player through the map. Finally, we add logic to detect collisions between the player and the cars.
A very command problem when we need to re-present a relationship in databsae such as family, friend. Can come in very handy to write a single SQL query to find relationship instead of building them from the app level
XOR is every where. We use them in Linux permission: umask, chmod. We use them in Cryptography. We will learn about their hardware implementation, about their usage and all kind of trick to use them efficiently.
Write up when following “Build a large language model from scratch” book.
Den has been running podcast for half a decade. He use WhistpeX, run it locally and build a workflow to transcibe his podcast to text. He shared with us the setup. I think local ai is really useful and worth to explorer the self hosted path. It is much easiser to self hosted than we think even
Go specific but come in very handy when working with Go app.
FastDOOM was a port of DOOM but it is 30% faster. On some complicated map, it’s even 48% faster. We will dive into the secret sauce of the technique that is used to optimized it. very low level thing like use the right assembly instruction to make code run in fewer instructions.
I recently tried to optimize convolutions using SIMD instructions, but what I thought would be a simple task ended up taking me days, with issue after issue popping up one after another. Some of them make sense in hindsight, but others were utterly baffling. While the specific examples are for direct convolution, these considerations apply to pretty much any code with a hot loop.
A complete search engine and RAG pipeline in your browser, server or edge network with support for full-text, vector, and hybrid search in less than 2kb.
JavaScripta library which enables viewing of and interaction with PDF documents in React and SolidJS apps. It’s build on top of Mozilla’s PDF.js, and utilises Zustand to provide a reactive store for the loaded documents.
JavaScriptI recently pickup Zig and I think this is going to replace Rust and C for me when I needed them. It has all the power of Rust while less restricted, and have power of C while being more friendly than C.
ZigYet another Go REPL that works nicely. Featured with line editing, code completion, and more.
GoIf you ever need to keep postgres in-sync with another datawarehouse, or even another postgres, this is the way to go.
A text-to-speech (TTS) and Speech-to-Speech (STS) library built on Apple’s MLX framework, providing efficient speech synthesis on Apple Silicon
Idempotent schema management for MySQL, PostgreSQL, and more
An intelligent web vulnerability scanner agent powered by Large Language Models
The Most Advanced Client-Side Prototype Pollution Scanner
A truly Open Source MongoDB alternative
powerful tool designed to bring actionable insights for tasks such as security monitoring and threat hunting on Linux systems. Think of it as the Linux counterpart to Sysmon on Windows, tailored for comprehensive and precise event monitoring.
Manage GPU clusters for running AI models
Open-source webhook server that helps you provide webhooks to your users. It handles for you a great amount of features that are usually tedious to (re)implement.
A powerful document AI question-answering tool that connects to your local Ollama models. Create, manage, and interact with RAG systems for all your document needs. Check out the home page too.
Sky-T1: Train your own O1 preview model within $450. Every setup and step is document in the repository. if you are about self hosted ai, this is for you.
a symbolic music generation model that explores the potential of producing high-quality classical sheet music. Inspired by the success of Large Language Models (LLMs), NotaGen adopts a three-stage training paradigm
BetterDev Link
Every Monday