BetterDev #190 - Common Nginx misconfigurations that leave your web server open to attack
Better Dev #190 Mar 01, 2021
Hi all,
I hope you enjoy this week’s newsletter. We had some interesting links to help secure Nginx and practice breaking and fixing K8S.
If you enjoy this newsletter, make a small contribution to help me to keep working on it.
Now, onward to our links.
Nginx is the web server powering one-third of all websites in the world. Detectify Crowdsource has detected some common Nginx misconfigurations that, if left unchecked, leave your web site vulnerable to attack. Here’s how to find some of the most common misconfigurations before an attacker exploits them.
Kubernetes solves complex problem and it is itself complex. Today we will break the cluster, delete certificates, rejoin nodes on live, and doing all this fancy stuff without possible downtime for already running services.
Solving all puzzles in under a second. Yes, in less than one second total. Pretty impressive and techniques to achieve this performance.
In last issue we link to this serid on physical hardware side, this week we’ll learn about logical side.
Read Replicas are great to reduce load on primary node. But they can be lagged behind? In this post, Shopify show us the solution the Database Connection Management team at Shopify chose to solve variable lag and how they solved the issues we ran into.
walk through the tradeoffs to consider while using pg_dump and pg_restore for your Postgres database migrations—and how you can optimize your migrations for speed, too.
reverse engineering GTA to fix a bottle neck in JSON parsing. Really impressive on figuring out the bottle beck without accessing to souce code and even patch it with a hash map to utilize caching.
Site traffic leapt up in the second quarter, when lockdowns went into widespread effect, by an amount it normally would have taken several years to achieve. For context about Etsy, as of 2020 Q4 they had 81 million active buyers and over 85 million items for sale.
A quick overview of a few tools that are helpful for monitoring linux system.
Understanding XSS and its mitigations provides substantial insight into how the web works and how sites are safely (and unsafely) isolated from each other.
Code to read
An incremental parsing system for programming tools with Ruby, Python, JavaScript binding
RustThis is a pure Ruby implementation of the Secure Remote Password protocol (SRP-6a), which is a ‘zero-knowledge’ mutual authentication system. You’ll some cool trick such as constant time string comparison.
Rubya JavaScript library to extract hostnames, domains, public suffixes, top-level domains and subdomains from URLs. Claim to be Blazing Fast
JavaScriptTypeScriptGo package to make lightweight ASCII line graph ╭┈╯ in command line apps with no other dependencies.
GoTools
transforms your cloud infrastructure into SQL or Graph database for easy monitoring, governance and security.
A tool similar to cloc, sloccount and tokei. For counting physical the lines of code, blank lines, comment lines, and physical lines of source code in many programming languages.
a small CLI tool for generating a TLS self-signed (“TOFU”) ECC certificate and private key, suitable for using in small distributed networks, like gemini.
Hanami is a service that allow you to forward email from your domain to personal email and sending email through your domain as well. You can also create unlimited alias on your domain and all of them will be foreward to your personal email.
SponsorYou can view this issue in web browser.
If you have any suggestion/feedback, do tell me by replying to this email. I read them all.
No longer want to receive these emails? Unsubscribe
Older messages
BetterDev #189 - How Buffer Pool Works and Reconnecting your application after a Postgres failover
Monday, February 22, 2021
Better Dev #189 Feb 22, 2021 How Buffer Pool Works: An Implementation In Go a database need to read and write data from disk in an efficient manner. And the answer to that is: buffer pool. In this post
BetterDev #187 - Build a Regex Engine in Less than 40 lines of code
Tuesday, February 9, 2021
Better Dev #187 Feb 08, 2021 This week is a short issue since I have been focus a bit on my side project, hanami, an email forwarding service that support webhook and SMTP as well. Give it a try if you
BetterDev #186 - What am I running inside my bash
Monday, February 1, 2021
Better Dev #186 Feb 01, 2021 Happy February everyone. Time flews so fast these day. Cannot imagine it is amost one year since the world started to deal with COVID. Last week I launched my side project,
BetterDev #185 - KindleDrip — From Your Kindle’s Email Address to Using Your Credit Card
Tuesday, January 26, 2021
Better Dev #185 Jan 25, 2021 Beside our normal link, this week I want to say about what I have been working on. Due to lock down policy, I have more time to work on my side project. Today I'm
BetterDev #184 - User-defined Order in SQL and and Building DigitalOcean's API gateway
Monday, January 18, 2021
Better Dev #184 Jan 18, 2021 User-defined Order in SQL How do you design a system that allow user to define their own ordering of item in SQL. The challenge is that the order is arbitrary and can
You Might Also Like
The Long Road Home: A Story of Loss, Learning, and Renaissance - PART 4
Wednesday, November 27, 2024
Top Tech Content sent at Noon! How the world collects web data Read this email in your browser How are you, @newsletterest1? 🪐 What's happening in tech today, November 27, 2024? The HackerNoon
Top Tech Deals 🏷️ PS5 Slim, 4K TVs, 10th Gen iPad, and More!
Wednesday, November 27, 2024
The Black Friday madness is here! How-To Geek Logo November 27, 2024 Top Tech Deals: PS5 Slim, 4K TVs, 10th Gen iPad, and More! The Black Friday madness is here! Black Friday sales are here, and we
The 165+ best Black Friday deals
Wednesday, November 27, 2024
Windows Super God Mode; Bluesky starter packs; Tech gifts under $100 -- ZDNET ZDNET Tech Today - US November 27, 2024 Black Friday 2024 live blog Best Black Friday deals 2024: 165+ sales live now
⚙️ Neuralink's new trial
Wednesday, November 27, 2024
Plus: Zoom is becoming an AI-first company
Matrix Botnet Exploits IoT Devices in Widespread DDoS Botnet Campaign
Wednesday, November 27, 2024
THN Daily Updates Newsletter cover The AI Value Playbook ($35.99) FREE for a Limited Time Business leaders are challenged by the speed of AI innovation and how to navigate disruption and uncertainty.
The Sequence Chat: Why are Foundation Models so Hard to Explain and What are we Doing About it?
Wednesday, November 27, 2024
Addressing some of the interpretability challenges of foundation models and the emerging fields of mechanistic interpretability and behavioral probing. ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
Overcoming Perfectionism: How to Break Free from the Enemy of Progress
Wednesday, November 27, 2024
Discover how perfectionism hinders progress and learn practical strategies to overcome the fear of imperfection, boost productivity, and achieve your goals without getting stuck in the pursuit of
🖤 Laravel Black Friday Deals!
Wednesday, November 27, 2024
The biggest deals of the year Laravel Black Friday Deals View in browser Laravel News Editor Note: We are sending this outside the regular Sunday newsletter schedule because some of these specials end
BetterDev #271 - Memory: The Forgotten History and Why did Windows 95 setup use three operating systems?
Wednesday, November 27, 2024
Better Dev #271 Nov 26, 2024 Hi all, Welcome to thanksgiving issue of BetterDev. Hope everyone had a safe and warm thanksgiving. It's getting so cold these days. If you are in warzone such as
Mapped | Unemployment Rate By U.S. State in 2024 💼
Tuesday, November 26, 2024
As of October 2024, DC and Nevada tied for the highest unemployment rate in the US at 5.7%. Which states saw the lowest rates? View Online | Subscribe | Download Our App FINAL CHANCE - ENDS TONIGHT!