BetterDev #270 - Should We Chat, Too? Security Analysis of WeChat’s MMTLS Encryption Protocol
Better Dev #270 Oct 21, 2024
Hi all,
Welcome to another issue of BetterDev! This week I come across Colmi, a smart ring where you can write your own software to interact with it. It’s also have a $12.51 deal on AliExpress so very affordable to toy around with hardware.
If you enjoy BetterDev, please spread the word by sharing it with your friends. And if you’d like to support my work, buying me a coffee would be much appreciated.
WarpStream is a drop-in replacement for Apache Kafka that has no interzone networking fees, no disks to manage and requires zero cross-account IAM access, so raw data never leaves your environment. You’ll never again have to do things like partition or broker rebalancing, deal with snapshot replication issues or worry about over-provisioning, as auto-scaling is automatic and you’re always right-sized. Join customers that have saved over 80% by replacing self-hosted Kafka and MSK with WarpStream. Sign up for a free WarpStream account and get $400 in credits that never expire.
The first public analysis of the security and privacy properties of MMTLS, the main network protocol used by WeChat, an app with over one billion monthly active users. While they were unable to develop an attack to completely defeat WeChat’s encryption, the implementation is inconsistent with the level of cryptography you would expect in an app used by a billion users, such as its use of deterministic IVs and lack of forward secrecy.
Colmi is a cheap (as in $20) “smart ring” / fitness wearable that includes the following sensors: Accelerometer, sleep tracking, gestures, heart rate and blood oxygen. The coolest thing is you can write your own client to interact with it through bluetooth.
How cool it’s to setup a website run on solar powered at home? Follow this journey.
Uber upgraded their databae from 5.7 to 8.0. If you had use Uber app, you can use the app is no joke. Routing driver, provide real time upgrade etc. A very complicated app. The strategy that they used to upgraded it is worth a read for us. One important point is not being able to rollback once a v8.0 node is promoted to primary. There is risk and they careful testing to accept that risk.
SQLite got a lot of attention recently. If you ever try to use it for some high load you most likely disappointed at its performance. In this post we will look at a few sensible default to help that.
Many a beginner falls into the trap of trigger recursion at some point. Usually, the solution is to avoid recursion at all. But for some use cases, you may have to handle trigger recursion. This article tells you what you need to know about the topic. If you were ever troubled by the error message “stack depth limit exceeded”, here is the solution.
There are two classes of breakage that can occur when applying database migrations: Migrations that make incompatible changes to the schema, breaking client applications, Migrations that lock a database object for an unacceptable amount of time, causing the application to become unavailable as reads and writes start to fail. Today we’re going to talk about the second type of breakage: how long running queries together with DDL statements can lock out reads and writes from a table, causing application downtime.
Resolve DNS on k8s is a bit messy. For convenience there is a few way to hit a servie with just a name, a name and namespace or the cluster domain. What is the rule there?
After Turkey banned Discord, I had to jump through some hoops, fix my VPN, and learn a bit about how DNS works. Today I’m here to share what I have learned while trying to… you know. Find a way to use Discord again. Surprisingly, this ban ended up being a positive experience for me.
In this tutorial, we’ll build a simple chat interface that allows users to upload a PDF, retrieve its content using OpenAI’s API, and display the responses in a chat-like interface using Streamlit. W
Code to read
Video
Attempt to draw a figure that looks like made out of clay. We’ll learn: Positioning, Gradient, mask, Clip-path and more.
Tools
With new of Bitwarden moving to close source, this is an alternative client for the Bitwarden® platform, created to provide the best user experience possible.
Trippy combines the functionality of traceroute and ping and is designed to assist with the analysis of networking issues.
a PostgreSQL extension to use Groonga as index. PGroonga makes PostgreSQL fast full text search platform for all languages!
If you ever want a way to export and load parquet file like how BigQuery does it, this finally happens for PostgreSQL.
Self Hosted
A TTS solution that support English, Japanaese, Korenan, Chinese, French, German, Arabic and Spanish. Including UI and WEBUI. Very well document on self-hosted setup too
You can view this issue in web browser.
If you have any suggestion/feedback, do tell me by replying to this email. I read them all.
No longer want to receive these emails? Unsubscribe
Older messages
BetterDev #269 - LLM from scratch with Pytorch
Sunday, October 20, 2024
Better Dev #269 Oct 14, 2024 Hi all, Welcome to another issue of BetterDev! I've been exploring LLMs more and, while they're not perfect or likely to replace programming jobs, they're great
BetterDev #268 - Compiling to Assembly from Scratch and A Reintroduction to Programming
Tuesday, October 1, 2024
Better Dev #268 Sep 30, 2024 Hi all, Welcome to another issue of BetterDev. This week PostgreSQL 17 is released. It has a lot of amazing feature. Time to update and look over the release note. If you
BetterDev #267 - Cryptography 101 with Alfred Menezes and Introduction to WebAssembly
Monday, September 23, 2024
Better Dev #267 Sep 23, 2024 Hi all, Welcome to another issue of BetterDev. This week we will learn about some crypto, a topic many time we are taugh to just use a library instead of writing our own.
BetterDev #266 - How to Send a SWIFT Wire From Scratch
Monday, September 16, 2024
Better Dev #266 Sep 16, 2024 Hi all, Welcome to another issue of BetterDev. This week we will learn about making SWIFT payment, imagine you don't have to rely on Stripe, and just be able to make
BetterDev #265 - A collaborative IPv6 book and How SSH Secures Your Connection
Tuesday, September 3, 2024
Better Dev #265 Sep 01, 2024 Hi all, Now, let's dive into the newsletter. If you enjoy BetterDev, please spread the word by sharing it with your friends. And if you'd like to support my work,
You Might Also Like
New Blogs on ThomasMaurer.ch for 10/22/2024
Tuesday, October 22, 2024
View this email in your browser Thomas Maurer Cloud & Datacenter Update This is the update for blog posts on ThomasMaurer.ch. Azure Hybrid Cloud Pre-Day at Microsoft Ignite 2024 By Thomas Maurer on
JSK Daily for Oct 21, 2024
Monday, October 21, 2024
JSK Daily for Oct 21, 2024 View this email in your browser A community curated daily e-mail of JavaScript news Getting Started with Piecesjs: Building Native Web Components with a Lightweight Framework
📑 Microsoft Word Helps Me Overcome Writer's Block — VR Mods That'll Make You Want a Headset
Monday, October 21, 2024
Also: How to Check Your iPhone's Battery Health, and More! How-To Geek Logo October 21, 2024 Did You Know The brand name "Crayola" was created by Alice (Stead) Binney, the wife of the
Daily Coding Problem: Problem #1585 [Easy]
Monday, October 21, 2024
Daily Coding Problem Good morning! Here's your coding interview problem for today. This problem was asked by Square. The Sieve of Eratosthenes is an algorithm used to generate all prime numbers
Off to the AI Races
Monday, October 21, 2024
Apple's XR and AI Fight -- A New OpenAI Offshoot -- An OpenAI Co-Founder Nears Return -- Google Play Stay -- Trump and Cook Chat -- Disney's Succession Off to the AI Races Apple's XR and AI
THN Cybersecurity Recap: Top Threats, Tools and News (Oct 14 - Oct 20)
Monday, October 21, 2024
Catch up on last week's top cybersecurity stories.
⚙️ Trouble in paradise: OpenAI & Microsoft
Monday, October 21, 2024
Plus: Tesla is under investigation ... again
Import AI 388: Simulating AI policy; omni math; consciousness levels
Monday, October 21, 2024
Will UX innovations be just as important as research innovations? ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
Microsoft's AI agent-building 'LEGO set'
Monday, October 21, 2024
Turn a phone into a ham radio; How to fly away from X; New AI finance tool -- ZDNET ZDNET Tech Today - US October 21, 2024 LEGOs Microsoft's upgraded Copilot Studio is like a LEGO set for building