For years, I was just a reader, consume information and share with BetterDev audience. But that’s going to chance. I’m trying to make article and video screencast so I had some thing to offer to the world to share my limited knowledge and experience. This will be my first post ever, and I don’t even have blog setup yet so I’m leverage “buymeacoffee” link. I read about many hacks recently, some are very high profile hack on some dependencies, so how do we defend these hack? Since our app now run untrusted cost? I want to share my though and my approach on how I defense these attacks.

SSH is the defactor to get a shell run in a remote host. But it can do more such as port forwarding or an intermediate host to access other host

Explain HTTP at a very deep but at same time in a very practical manner so you can see and simule how thing work at plain text level. You will see the whole HTTP requests payload, how it was made and how to send it ray character by character.

One of Python great feature IMHO is its decorator system. Literally just by adding @decorator_name right before your function definiton, suddenly we can run custom code around the function. That power is being brough to JavaScript. The proposal are at stage 3. Once its reach stage 4 it will be ready for standarization.

Every classes we added to our CSS has a cost in term of space and parse time. BEM standarize the modifier concept so we have class like menu--is-active. Modern HTML utilize ARIA for accessibility so stuff like screen reader can understand its current page/active syntax for example. So why don’t we use `menu[aria-current=‘page’] to customize its style. Make it broader we can even customize a link based on its domain, instead of adding extra parameter and at the same time it’s super flexible. Example: a[href^=https://specific-domain.com].

Some of the most common questions asked when it comes to work with performance are, How do you convince stakeholders that improving the performance of your project is actually worth the investment? How can you prove that the work is necessary to begin with? Or prove that you have shipped improvements? And what is the impact of certain changes on users in different scenarios?

Postgres update conflict is very powerful to update if row is already existed. But there is tricky case such as if data is already existed, delete it. Such as toggle a row by insert/delete, not easy to do with updatte conflict but now can do with merge. update conflict also rely on a contrain,

Honeycomb is an event logging platform where log and metric can be send to it for viewing and analyzing. They have an outage of 8 hours on Sep 8th, 2022. This post is an analysis of that incident. We will learn a lot from these real world incident, seeing how those world class term debug and troubleshoot their infra. What interesting is that Honeycomp cannot find the root cause and have accepted that they probably won’t find out how it all came together. The data simply isn’t there, their runway has been extended, and they’re now looking for longer-term fixes that circumvent the overall pattern.

PAM is an amazing feature of Linux that allows to customization the authentication process of an application on Linux. Such as when SSH to the node, we can add extra MFA verification. You can write PAM plugin by writing dynamic so lib that Linux can load, and PAM can call the specific funciton. Think of its like a set of function we have to expose to be called. They usually written in C, but in modern way we can easily hook up to Go, Rust, Zig and make it super easy to custimization the authentication process on a SSH server for example