BetterDev #190 - Common Nginx misconfigurations that leave your web server open to attack
Better Dev #190 Mar 01, 2021
Hi all,
I hope you enjoy this week’s newsletter. We had some interesting links to help secure Nginx and practice breaking and fixing K8S.
If you enjoy this newsletter, make a small contribution to help me to keep working on it.
Now, onward to our links.
Nginx is the web server powering one-third of all websites in the world. Detectify Crowdsource has detected some common Nginx misconfigurations that, if left unchecked, leave your web site vulnerable to attack. Here’s how to find some of the most common misconfigurations before an attacker exploits them.
Kubernetes solves complex problem and it is itself complex. Today we will break the cluster, delete certificates, rejoin nodes on live, and doing all this fancy stuff without possible downtime for already running services.
Solving all puzzles in under a second. Yes, in less than one second total. Pretty impressive and techniques to achieve this performance.
In last issue we link to this serid on physical hardware side, this week we’ll learn about logical side.
Read Replicas are great to reduce load on primary node. But they can be lagged behind? In this post, Shopify show us the solution the Database Connection Management team at Shopify chose to solve variable lag and how they solved the issues we ran into.
walk through the tradeoffs to consider while using pg_dump and pg_restore for your Postgres database migrations—and how you can optimize your migrations for speed, too.
reverse engineering GTA to fix a bottle neck in JSON parsing. Really impressive on figuring out the bottle beck without accessing to souce code and even patch it with a hash map to utilize caching.
Site traffic leapt up in the second quarter, when lockdowns went into widespread effect, by an amount it normally would have taken several years to achieve. For context about Etsy, as of 2020 Q4 they had 81 million active buyers and over 85 million items for sale.
A quick overview of a few tools that are helpful for monitoring linux system.
Understanding XSS and its mitigations provides substantial insight into how the web works and how sites are safely (and unsafely) isolated from each other.
Code to read
An incremental parsing system for programming tools with Ruby, Python, JavaScript binding
RustThis is a pure Ruby implementation of the Secure Remote Password protocol (SRP-6a), which is a ‘zero-knowledge’ mutual authentication system. You’ll some cool trick such as constant time string comparison.
Rubya JavaScript library to extract hostnames, domains, public suffixes, top-level domains and subdomains from URLs. Claim to be Blazing Fast
JavaScriptTypeScriptGo package to make lightweight ASCII line graph ╭┈╯ in command line apps with no other dependencies.
GoTools
transforms your cloud infrastructure into SQL or Graph database for easy monitoring, governance and security.
A tool similar to cloc, sloccount and tokei. For counting physical the lines of code, blank lines, comment lines, and physical lines of source code in many programming languages.
a small CLI tool for generating a TLS self-signed (“TOFU”) ECC certificate and private key, suitable for using in small distributed networks, like gemini.
Hanami is a service that allow you to forward email from your domain to personal email and sending email through your domain as well. You can also create unlimited alias on your domain and all of them will be foreward to your personal email.
SponsorYou can view this issue in web browser.
If you have any suggestion/feedback, do tell me by replying to this email. I read them all.
No longer want to receive these emails? Unsubscribe
Older messages
BetterDev #189 - How Buffer Pool Works and Reconnecting your application after a Postgres failover
Monday, February 22, 2021
Better Dev #189 Feb 22, 2021 How Buffer Pool Works: An Implementation In Go a database need to read and write data from disk in an efficient manner. And the answer to that is: buffer pool. In this post
BetterDev #187 - Build a Regex Engine in Less than 40 lines of code
Tuesday, February 9, 2021
Better Dev #187 Feb 08, 2021 This week is a short issue since I have been focus a bit on my side project, hanami, an email forwarding service that support webhook and SMTP as well. Give it a try if you
BetterDev #186 - What am I running inside my bash
Monday, February 1, 2021
Better Dev #186 Feb 01, 2021 Happy February everyone. Time flews so fast these day. Cannot imagine it is amost one year since the world started to deal with COVID. Last week I launched my side project,
BetterDev #185 - KindleDrip — From Your Kindle’s Email Address to Using Your Credit Card
Tuesday, January 26, 2021
Better Dev #185 Jan 25, 2021 Beside our normal link, this week I want to say about what I have been working on. Due to lock down policy, I have more time to work on my side project. Today I'm
BetterDev #184 - User-defined Order in SQL and and Building DigitalOcean's API gateway
Monday, January 18, 2021
Better Dev #184 Jan 18, 2021 User-defined Order in SQL How do you design a system that allow user to define their own ordering of item in SQL. The challenge is that the order is arbitrary and can
You Might Also Like
Import AI 399: 1,000 samples to make a reasoning model; DeepSeek proliferation; Apple's self-driving car simulator
Friday, February 14, 2025
What came before the golem? ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
Defining Your Paranoia Level: Navigating Change Without the Overkill
Friday, February 14, 2025
We've all been there: trying to learn something new, only to find our old habits holding us back. We discussed today how our gut feelings about solving problems can sometimes be our own worst enemy
5 ways AI can help with taxes 🪄
Friday, February 14, 2025
Remotely control an iPhone; 💸 50+ early Presidents' Day deals -- ZDNET ZDNET Tech Today - US February 10, 2025 5 ways AI can help you with your taxes (and what not to use it for) 5 ways AI can help
Recurring Automations + Secret Updates
Friday, February 14, 2025
Smarter automations, better templates, and hidden updates to explore 👀 ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
The First Provable AI-Proof Game: Introducing Butterfly Wings 4
Friday, February 14, 2025
Top Tech Content sent at Noon! Boost Your Article on HackerNoon for $159.99! Read this email in your browser How are you, @newsletterest1? undefined The Market Today #01 Instagram (Meta) 714.52 -0.32%
GCP Newsletter #437
Friday, February 14, 2025
Welcome to issue #437 February 10th, 2025 News BigQuery Cloud Marketplace Official Blog Partners BigQuery datasets now available on Google Cloud Marketplace - Google Cloud Marketplace now offers
Charted | The 1%'s Share of U.S. Wealth Over Time (1989-2024) 💰
Friday, February 14, 2025
Discover how the share of US wealth held by the top 1% has evolved from 1989 to 2024 in this infographic. View Online | Subscribe | Download Our App Download our app to see thousands of new charts from
The Great Social Media Diaspora & Tapestry is here
Friday, February 14, 2025
Apple introduces new app called 'Apple Invites', The Iconfactory launches Tapestry, beyond the traditional portfolio, and more in this week's issue of Creativerly. Creativerly The Great
Daily Coding Problem: Problem #1689 [Medium]
Friday, February 14, 2025
Daily Coding Problem Good morning! Here's your coding interview problem for today. This problem was asked by Google. Given a linked list, sort it in O(n log n) time and constant space. For example,
📧 Stop Conflating CQRS and MediatR
Friday, February 14, 2025
Stop Conflating CQRS and MediatR Read on: my website / Read time: 4 minutes The .NET Weekly is brought to you by: Step right up to the Generative AI Use Cases Repository! See how MongoDB powers your