BetterDev #196 - Allow arbitrary URLs, expect arbitrary code execution and curl those funny ipv4 addresses
Better Dev #196 Apr 19, 2021
Hi all, This week is an issue of network knowledge, tips and tricks. The fundamental of how computers can talk to each others :-). If you enjoy this newsletter, make a small contribution to help me to keep working on it.
This team found and reported 1-click code execution vulnerabilities in popular software including Telegram, Nextcloud, VLC, Libre-/OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark and Mumble. Read on so we know more about these attacking vector to better secure our software when writing code and handle the URLs securely.
Do you know 192.168.0.1 can be written in octal as 0300.0250.0.01 or in hexadecimal as 0xc0.0xa8.0x00.0x01. And bonus point 16843009 is 1.1.1.1 so you can do ping 16843009
HTTP supports a header accept-ranges: bytes and Ranges bytes:start-end to signal it only need a part of the file. It’s usually use in streaming so we can seek to any part of video/auto. In this post we made use of it to only fetch a particular file in zip bundle
The mantra “don’t roll your own crypto” is widely known and accepted amongst programmers, but what does it actually mean? It turns out that such a simple statement is not so simple to follow.
Given a project with years of development and actively use in production? How would you go about switching to a different language? Especially in a space that move incrediblly fast as Frontend? Sentry.com shares their strategy for JavaScript to TypeScript migration to learn. If you don’t have time this week, then only read this article
In Postgres, Transaction ID can be compared is used for isolated data access control. A row version with an insertion XID greater than the current transaction’s XID is “in the future” and should not be visible to the current transaction. But it’s only 32 bits. This blog post is going to cover is an easy way to monitor for it and what can be done to prevent it ever being a problem.
Storing BLOBs in database is an open-ended discussion. When working on my email forwarding project, I did that and it isn’t that bad. If you are in the “pro BLOB” camp, we want to share some insights into how binary data can be handled in PostgreSQL with maximum efficiency.
Searching for “per process network usage linux” is disappointing. Most of the recommended tools – like iftop, nload, bmon, and iptraf. But they mostly report per-interface or per-socket traffic. In this post, OP is going to explain line-by-line how to write a bpftrace program that measures per-process network traffic. The code is C but once you learn eBPF, it’s easy to find binding for Ruby/Python/Go etc.
Content-aware image resizer based on Seam Carving algorithm. Here is the result code repository
Code to read
uPnP is a features of router that allow you to port forward a client on LAN to the internet without manually configure the router. The client adverise its service, the router picks up and auto configure. It’s interesting to learn about those small protocol. Another similar project, but a bit more complex implementation is playfull so check its out too
RubyThe zero dependency Node.js module for tailing a file. Similar to tail -f but in NodeJS.
The Go backend framework with superpowers: distributed tracing, no boilerplate, secret management, api doc
GoTools
The Language Server Protocol (LSP) defines the protocol used between an editor or IDE and a language server that provides language features like auto complete, go to definition, find all references etc. This is an LSP implementation for bash so you can use it in any text editor that speak LSP protocol such as vim, vscode, atom, emacs, Sublime Text.
You can view this issue in web browser.
If you have any suggestion/feedback, do tell me by replying to this email. I read them all.
No longer want to receive these emails? Unsubscribe
Older messages
BetterDev #194 - This man thought opening a txt file is fine, he thought wrong. macos cve-2019-8761
Monday, April 5, 2021
Better Dev #194 Apr 05, 2021 Hi all, This week, We had some interesting low level links about font rendering, IP parse, and a few tools which I'm sure will make you engineer life easier, checkout
BetterDev #191 - A developers guide to HIPAA compliance and application development
Monday, March 15, 2021
Better Dev #191 Mar 15, 2021 Hi all, This week, We had some interesting tools which I'm sure will make you engineer life easier, checkout tools section. If you enjoy this newsletter, make a small
BetterDev #190 - Common Nginx misconfigurations that leave your web server open to attack
Monday, March 1, 2021
Better Dev #190 Mar 01, 2021 Hi all, I hope you enjoy this week's newsletter. We had some interesting links to help secure Nginx and practice breaking and fixing K8S. If you enjoy this newsletter,
BetterDev #189 - How Buffer Pool Works and Reconnecting your application after a Postgres failover
Monday, February 22, 2021
Better Dev #189 Feb 22, 2021 How Buffer Pool Works: An Implementation In Go a database need to read and write data from disk in an efficient manner. And the answer to that is: buffer pool. In this post
BetterDev #187 - Build a Regex Engine in Less than 40 lines of code
Tuesday, February 9, 2021
Better Dev #187 Feb 08, 2021 This week is a short issue since I have been focus a bit on my side project, hanami, an email forwarding service that support webhook and SMTP as well. Give it a try if you
You Might Also Like
Get Compliant in 2024 - Download Ultimate PAM Policy Template Today
Wednesday, May 1, 2024
Privileged Access Management Policy Template What are your PAM policies for 2024? Get ready for the New Year Is your approach to Privileged Access Management as current and effective as it could be? In
What's new in Autodesk Inventor 2025?
Wednesday, May 1, 2024
Post from Syncfusion Blogs on 05/01/2024
Wednesday, May 1, 2024
New blogs from Syncfusion Chart of the Week: Creating a WPF 100% Stacked Area Chart to Visualize the World Vehicle Production in Major Countries By Karthikeyan V Let's visualize the world vehicle
New U.K. Law Bans Default Passwords on Smart Devices Starting April 2024
Wednesday, May 1, 2024
THN Daily Updates Newsletter cover Webinar -- Uncovering Contemporary DDoS Attack Tactics -- and How to Fight Back Stop DDoS Attacks Before They Stop Your Business... and Make You Headline News.
Our verdict on Beats' $200 Solo 4 headphones
Wednesday, May 1, 2024
The Morning After It's Wednesday, May 01, 2024. Beats today announced the Solo 4, a $200 set of familiar-looking cans with significant upgrades inside, even if they look almost entirely the same as
Power BI Weekly #256 - 1st May 2024
Wednesday, May 1, 2024
Power BI Weekly Newsletter Issue #256 powered by endjin Welcome to the 256th edition of Power BI Weekly! No announcements this week, so we'll jump straight into the highlighted articles. Firstly,
Apple AI browser 🌎, Tesla fires Supercharger team ⚡, new sudo replacement 👨💻
Wednesday, May 1, 2024
Apple is testing a version of its Safari web browser that includes an AI-powered tool called Intelligent Search Sign Up |Advertise|View Online TLDR Together With Modern Treasury TLDR 2024-05-01 The
JSter #218 - Libraries and more
Wednesday, May 1, 2024
All JavaScript is good JavaScript. I'm close to done with my SurviveJS rework. The new site will have more content while being much lighter and faster to compile so that's all good. Libraries
BetterDev #258 - Build an 8-bit computer from scratch and Home automation with ESP8266
Wednesday, May 1, 2024
Better Dev #258 Apr 30, 2024 Hi all, We come back with a new issue this week. If you like BetterDev, please help spead word out by refer to your friends. Buy me a coffee would be great too. Build an 8-
Interface Interference 👎
Wednesday, May 1, 2024
Amid the AI device dunking, should everything “just be an app”? Here's a version for your browser. Hunting for the end of the long tail • April 30, 2024 Interface Interference The problem