BetterDev #277 - When You Deleted /lib on Linux While Still Connected via SSH
Better Dev #277 Mar 25, 2025
Hi all,
Last week, NextJS has a new security vulnerability, CVE-2025-29927 that allow by pass middleware auth checking by setting a header to trick it into thinking this is an internal request and skip the auth middleware check. If you’re hosted on Vercel there is no action to take, but if you run the vercel server in your infra, you should update.
Another one for k8s, if you’re running ingress-nginx, you should update this patch. The attack require the ability to have a pod already running inside K8S network, such as sharing namespace with other users, or exposing admission controller webhook to internet. So if your cluster is dedicated to you, and not doing stuff like host network or expose admission controller service, you can buy sometime for the upgrade.
If you enjoy BetterDev, please spread the word by sharing it with your friends. And if you’d like to support my work, buying me a coffee would be much appreciated.
A classic tale of Linux horror. You’re SSH’d into a machine, you make one wrong move, and suddenly your system is broken. This post walks through how to recover from this self-inflicted nightmare.
RIGHT JOIN is an esoteric feature in the SQL language, and hardly ever seen in the real world, because almost every RIGHT JOIN can just be expressed as an equivalent LEFT JOIN. There is, however, one place in the SQL language where RIGHT JOIN is surprisingly ubiquitous and today we learn about it.
An approachable introduction to the magic of zero-knowledge proofs—how they let you prove something without revealing the details. Perfect for anyone curious about cryptography without diving into hardcore math.
This one’s a bit outside the usual programming realm, but trust me—it’s fascinating. A deep dive into how solar panels actually work, the engineering behind them, and why understanding electricity at this level is surprisingly useful.
Syncing data is one of those things that sounds easy until you try to build it. This post walks through a synchronization engine design that’s both simple and powerful.
A deep dive into how macOS can unintentionally leak sensitive data like passwords, thanks to clipboard behavior and debugging tools. A must-read for anyone who cares about security.
Ever tried putting text over an image and ended up with weird background overlaps? This post explains why that happens and how to fix it. If you do anything with CSS, you’ll want to bookmark this one.
BPF is like a superpower for peeking into Linux. Whether you care about performance monitoring, security, or just love cool system hacks, this is a fantastic read.
A nostalgic yet technical look at how null pointer dereferences have plagued macOS over the years. Great for those who love debugging deep OS issues.
AI-powered recommendations are everywhere, but how do they really work? This post explores how LLMs are changing search and recommendation engines for the better.
If you’re a Rubyist curious about parallelism, this is for you. A practical look at Ruby’s Ractors and how they enable truly parallel execution without locks.
Code to read
an HTML5 Canvas JavaScript framework that extends the 2d context by enabling canvas interactivity for desktop and mobile applications.
JavaScriptA physics engine in Go that makes simulating motion, collisions, and forces as simple as possible.
GoA blazing-fast plotting library for massive datasets, using modern GPU rendering to keep things smooth.
PythonVideo
How do you handle 32 million concurrent viewers? Ashutosh Agrawal, former Chief Architect at JioCinema, breaks down the tech behind this mind-blowing achievement.
Tools
A Model Context Protocol (MCP) server that provides browser automation capabilities using Playwright. This server enables LLMs to interact with web pages through structured accessibility snapshots, bypassing the need for screenshots or visually-tuned models.
an open source agent that monitors your database, finds root causes of issues, and suggests fixes and improvements. It’s like having a new SRE hire in your team, one with extensive experience in Postgres.
Free Online version of pgFormatter a PostgreSQL SQL syntax beautifier (no line limit here up to 100000 characters). This SQL formatter/beautifier supports keywords from SQL-92, SQL-99, SQL-2003, SQL-2008, SQL-2011 and PostgreSQL specifics keywords. May
A database schema management tool that works like Terraform—diff, apply, and keep your schema in check.
Define your API once in a simple tsp file, then generate OpenAPI, gRPC, client code, and docs automatically.
A fast, memory-safe web server powered by Rust. Similar to Caddy or Nginx but written in Rust.
Self Hosted
A lightweight, no-nonsense analytics tool that runs on SQLite—great for privacy-conscious tracking.
A self-hosted authentication system that balances security, flexibility, and ease of integration.
An enterprise-grade SSO and directory sync solution to make authentication for B2B apps easier.
A modern identity provider supporting OAuth2, SAML, LDAP, and SCIM, perfect for self-hosted authentication.
A Firebase/Supabase alternative that runs anywhere—ideal for serverless apps and Next.js projects.
A local tool for serving and managing AI models—run your own LLMs without relying on cloud services.
You can view this issue in web browser.
If you have any suggestion/feedback, do tell me by replying to this email. I read them all.
No longer want to receive these emails? Unsubscribe
Older messages
BetterDev #276 - IO devices and latency
Wednesday, March 19, 2025
Better Dev #276 Mar 18, 2025 Hi all, This week the github action tj-actions/changed-files are compromise and steeling credential of github action env. I had always found the concept of trusting randome
BetterDev #275 - Tracking You from a Thousand Miles Away! Turning a Bluetooth Device into an Apple AirTag Without Root Privileges
Monday, March 10, 2025
Better Dev #275 Mar 10, 2025 Hi all, In the wave of ByBit exchange being hack for 1.6billion, and the hack is very sophisciated, exploit developer access key to change an s3 bucket. The attack start by
BetterDev #273 - Operating System in 1,000 Lines
Monday, January 13, 2025
Better Dev #273 Jan 12, 2025 Hi all, Happy new year. Welcome to the first issue of 2025. I'm trying to become more regular this year. Looking forward to a new year and hope everyone continue to
BetterDev #272 - Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection
Tuesday, December 10, 2024
Better Dev #272 Dec 09, 2024 Hi all, It's chrismast time. Time for led lighting project. This year I came across this WLED project, a fast and feature-rich implementation of an ESP8266/ESP32
BetterDev #271 - Memory: The Forgotten History and Why did Windows 95 setup use three operating systems?
Wednesday, November 27, 2024
Better Dev #271 Nov 26, 2024 Hi all, Welcome to thanksgiving issue of BetterDev. Hope everyone had a safe and warm thanksgiving. It's getting so cold these days. If you are in warzone such as
You Might Also Like
JSK Daily for Mar 25, 2025
Tuesday, March 25, 2025
JSK Daily for Mar 25, 2025 View this email in your browser A community curated daily e-mail of JavaScript news Easily Render Flat JSON Data in JavaScript File Manager The Syncfusion JavaScript File
Want to create an AI Agent?
Tuesday, March 25, 2025
Tell me what to build next ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
LangGraph, Marimo, Django Template Components, and More
Tuesday, March 25, 2025
LangGraph: Build Stateful AI Agents in Python #674 – MARCH 25, 2025 VIEW IN BROWSER The PyCoder's Weekly Logo LangGraph: Build Stateful AI Agents in Python LangGraph is a versatile Python library
Charted | Where People Trust the Media (and Where They Don't) 🧠
Tuesday, March 25, 2025
Examine the global landscape of public trust in media institutions. Confidence remains low in all but a few key countries. View Online | Subscribe | Download Our App Presented by: BHP >> Read
Daily Coding Problem: Problem #1728 [Medium]
Tuesday, March 25, 2025
Daily Coding Problem Good morning! Here's your coding interview problem for today. This problem was asked by Square. Assume you have access to a function toss_biased() which returns 0 or 1 with a
LW 175 - Shopify uses AI to Prepare Stores for Script Editor Deprecation
Tuesday, March 25, 2025
Shopify uses AI to Prepare Stores for Script Editor Deprecation Shopify Development news and
Reminder: Microservices rules #7: Design loosely design-time coupled services - part 1
Tuesday, March 25, 2025
You are receiving this email because you subscribed to microservices.io. Considering migrating a monolith to microservices? Struggling with the microservice architecture? I can help: architecture
Delete your 23andMe data ASAP 🧬
Tuesday, March 25, 2025
95+ Amazon tech deals; 10 devs on vibe coding pros and cons -- ZDNET ZDNET Tech Today - US March 25, 2025 dnacodegettyimages-155360625 How to delete your 23andMe data and why you should do it now With
Post from Syncfusion Blogs on 03/25/2025
Tuesday, March 25, 2025
New blogs from Syncfusion ® Create AI-Powered Smart .NET MAUI Data Forms for Effortless Data Collection By Jeyasri Murugan This blog explains how to create an AI-powered smart data form using our .NET