BetterDev #196 - Allow arbitrary URLs, expect arbitrary code execution and curl those funny ipv4 addresses
Better Dev #196 Apr 19, 2021
Hi all, This week is an issue of network knowledge, tips and tricks. The fundamental of how computers can talk to each others :-). If you enjoy this newsletter, make a small contribution to help me to keep working on it.
This team found and reported 1-click code execution vulnerabilities in popular software including Telegram, Nextcloud, VLC, Libre-/OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark and Mumble. Read on so we know more about these attacking vector to better secure our software when writing code and handle the URLs securely.
Do you know 192.168.0.1 can be written in octal as 0300.0250.0.01 or in hexadecimal as 0xc0.0xa8.0x00.0x01. And bonus point 16843009 is 1.1.1.1 so you can do ping 16843009
HTTP supports a header accept-ranges: bytes and Ranges bytes:start-end to signal it only need a part of the file. It’s usually use in streaming so we can seek to any part of video/auto. In this post we made use of it to only fetch a particular file in zip bundle
The mantra “don’t roll your own crypto” is widely known and accepted amongst programmers, but what does it actually mean? It turns out that such a simple statement is not so simple to follow.
Given a project with years of development and actively use in production? How would you go about switching to a different language? Especially in a space that move incrediblly fast as Frontend? Sentry.com shares their strategy for JavaScript to TypeScript migration to learn. If you don’t have time this week, then only read this article
In Postgres, Transaction ID can be compared is used for isolated data access control. A row version with an insertion XID greater than the current transaction’s XID is “in the future” and should not be visible to the current transaction. But it’s only 32 bits. This blog post is going to cover is an easy way to monitor for it and what can be done to prevent it ever being a problem.
Storing BLOBs in database is an open-ended discussion. When working on my email forwarding project, I did that and it isn’t that bad. If you are in the “pro BLOB” camp, we want to share some insights into how binary data can be handled in PostgreSQL with maximum efficiency.
Searching for “per process network usage linux” is disappointing. Most of the recommended tools – like iftop, nload, bmon, and iptraf. But they mostly report per-interface or per-socket traffic. In this post, OP is going to explain line-by-line how to write a bpftrace program that measures per-process network traffic. The code is C but once you learn eBPF, it’s easy to find binding for Ruby/Python/Go etc.
Content-aware image resizer based on Seam Carving algorithm. Here is the result code repository
Code to read
uPnP is a features of router that allow you to port forward a client on LAN to the internet without manually configure the router. The client adverise its service, the router picks up and auto configure. It’s interesting to learn about those small protocol. Another similar project, but a bit more complex implementation is playfull so check its out too
RubyThe zero dependency Node.js module for tailing a file. Similar to tail -f but in NodeJS.
The Go backend framework with superpowers: distributed tracing, no boilerplate, secret management, api doc
GoTools
The Language Server Protocol (LSP) defines the protocol used between an editor or IDE and a language server that provides language features like auto complete, go to definition, find all references etc. This is an LSP implementation for bash so you can use it in any text editor that speak LSP protocol such as vim, vscode, atom, emacs, Sublime Text.
You can view this issue in web browser.
If you have any suggestion/feedback, do tell me by replying to this email. I read them all.
No longer want to receive these emails? Unsubscribe
Older messages
BetterDev #194 - This man thought opening a txt file is fine, he thought wrong. macos cve-2019-8761
Monday, April 5, 2021
Better Dev #194 Apr 05, 2021 Hi all, This week, We had some interesting low level links about font rendering, IP parse, and a few tools which I'm sure will make you engineer life easier, checkout
BetterDev #191 - A developers guide to HIPAA compliance and application development
Monday, March 15, 2021
Better Dev #191 Mar 15, 2021 Hi all, This week, We had some interesting tools which I'm sure will make you engineer life easier, checkout tools section. If you enjoy this newsletter, make a small
BetterDev #190 - Common Nginx misconfigurations that leave your web server open to attack
Monday, March 1, 2021
Better Dev #190 Mar 01, 2021 Hi all, I hope you enjoy this week's newsletter. We had some interesting links to help secure Nginx and practice breaking and fixing K8S. If you enjoy this newsletter,
BetterDev #189 - How Buffer Pool Works and Reconnecting your application after a Postgres failover
Monday, February 22, 2021
Better Dev #189 Feb 22, 2021 How Buffer Pool Works: An Implementation In Go a database need to read and write data from disk in an efficient manner. And the answer to that is: buffer pool. In this post
BetterDev #187 - Build a Regex Engine in Less than 40 lines of code
Tuesday, February 9, 2021
Better Dev #187 Feb 08, 2021 This week is a short issue since I have been focus a bit on my side project, hanami, an email forwarding service that support webhook and SMTP as well. Give it a try if you
You Might Also Like
Import AI 399: 1,000 samples to make a reasoning model; DeepSeek proliferation; Apple's self-driving car simulator
Friday, February 14, 2025
What came before the golem? ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
Defining Your Paranoia Level: Navigating Change Without the Overkill
Friday, February 14, 2025
We've all been there: trying to learn something new, only to find our old habits holding us back. We discussed today how our gut feelings about solving problems can sometimes be our own worst enemy
5 ways AI can help with taxes 🪄
Friday, February 14, 2025
Remotely control an iPhone; 💸 50+ early Presidents' Day deals -- ZDNET ZDNET Tech Today - US February 10, 2025 5 ways AI can help you with your taxes (and what not to use it for) 5 ways AI can help
Recurring Automations + Secret Updates
Friday, February 14, 2025
Smarter automations, better templates, and hidden updates to explore 👀 ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
The First Provable AI-Proof Game: Introducing Butterfly Wings 4
Friday, February 14, 2025
Top Tech Content sent at Noon! Boost Your Article on HackerNoon for $159.99! Read this email in your browser How are you, @newsletterest1? undefined The Market Today #01 Instagram (Meta) 714.52 -0.32%
GCP Newsletter #437
Friday, February 14, 2025
Welcome to issue #437 February 10th, 2025 News BigQuery Cloud Marketplace Official Blog Partners BigQuery datasets now available on Google Cloud Marketplace - Google Cloud Marketplace now offers
Charted | The 1%'s Share of U.S. Wealth Over Time (1989-2024) 💰
Friday, February 14, 2025
Discover how the share of US wealth held by the top 1% has evolved from 1989 to 2024 in this infographic. View Online | Subscribe | Download Our App Download our app to see thousands of new charts from
The Great Social Media Diaspora & Tapestry is here
Friday, February 14, 2025
Apple introduces new app called 'Apple Invites', The Iconfactory launches Tapestry, beyond the traditional portfolio, and more in this week's issue of Creativerly. Creativerly The Great
Daily Coding Problem: Problem #1689 [Medium]
Friday, February 14, 2025
Daily Coding Problem Good morning! Here's your coding interview problem for today. This problem was asked by Google. Given a linked list, sort it in O(n log n) time and constant space. For example,
📧 Stop Conflating CQRS and MediatR
Friday, February 14, 2025
Stop Conflating CQRS and MediatR Read on: my website / Read time: 4 minutes The .NET Weekly is brought to you by: Step right up to the Generative AI Use Cases Repository! See how MongoDB powers your