View this email in your browser

Programmer Weekly

Welcome to issue 72 of Programmer Weekly. Let's get straight to the links this week.

Quote of the Week

"It's not a bug — it's an undocumented feature." - Anonymous

News

Researchers Bake Malware Protection Directly Into SSDs
An international team of researchers has developed a firmware solution to the ransomware problem, detecting and stopping malicious activity on your SSD before its contents are lost to criminals.

AWS federation comes to GitHub Actions
GitHub Actions has new functionality that can vend OpenID Connect credentials to jobs running on the platform. This is very exciting for AWS account administrators as it means that CI/CD jobs no longer need any long-term secrets to be stored in GitHub.

This Seemingly Normal Lightning Cable Will Leak Everything You Type
A new version of the OMG Cable is a USB-C to Lightning Cable that hackers can use to steal your passwords or other data.

Russia's Yandex says it repelled biggest DDoS attack in history
"Our experts did manage to repel a record attack of nearly 22 million requests per second (RPS). This is the biggest known attack in the history of the internet," Yandex said in a statement.

Announcing The Unicode® Standard, Version 14.0
Version 14.0 of the Unicode Standard is now available, including the core specification, annexes, and data files. This version adds 838 characters, for a total of 144,697 characters. These additions include five new scripts, for a total of 159 scripts, as well as 37 new emoji characters.

Reading List

Hacking CloudKit - How I accidentally deleted your Apple Shortcuts
CloudKit, the data storage framework by Apple, has various access controls. These access controls could be misconfigured, even by Apple themselves, which affected Apple’s own apps using CloudKit. This post explains in detail three bugs found in iCrowd+, Apple News and Apple Shortcuts with different criticality uncovered by Frans Rosen while hacking Cloudkit. All bugs were reported to and fixed by the Apple Security Bounty program.

The Case for ‘Developer Experience’
There’s been a lot of buzz around the “no code” movement and shifts like SaaS and APIs. But with developers spending less than a third of their time actually writing code, the developer experience now includes all the other stuff, maintenance, operations, testing, incidents, more. So how exactly are developers supposed to coordinate all these systems? By focusing on developer experience (and tools) that actually embraces the messy complexities of their tech stacks: rainforests, not planned gardens.

Easy practical guide to serverless framework with AWS
This step-by-step guide will allow you to create your first REST API and deploy it to the AWS cloud.

How to setup a Custom Private Email Relay like Hide My Email - Part 1
The part 1 of the two part series explains why you should use a custom Private Email Relay and how you can setup one using AWS.

GitHub Actions Limitations and Gotchas
This post is to give others evaluating GitHub Actions a brief experience report.

Bad engineering managers think leadership is about power, good managers think leadership is about competently serving their team
The services of a good leader is an important gap that development teams desperately need filled. However, very few managers know how to properly serve software development teams.

Introduction to OWASP Top 10 2021
There are three new categories, four categories with naming and scoping changes, and some consolidation in the Top 10 for 2021.

Finding Azurescape – Cross-Account Container Takeover in Azure Container Instances
Azurescape allowed malicious users to compromise the multitenant Kubernetes clusters hosting ACI, establishing full control over other users' containers. This post covers the research process, presents an analysis of the issue and suggests best practices for securing Kubernetes, with a focus on multitenancy, that could help prevent similar attacks.

Ship / Show / Ask
Ship/Show/Ask is a branching strategy that combines the features of Pull Requests with the ability to keep shipping changes. Changes are categorized as either Ship (merge into mainline without review), Show (open a pull request for review, but merge into mainline immediately), or Ask (open a pull request for discussion before merging).

Practical API Design at Netflix, Part 2: Protobuf FieldMask for Mutation Operations
In our previous post, we discussed how we utilize FieldMask as a solution when designing our APIs so that consumers can request the data they need when fetched via gRPC. In this post we will continue to cover how Netflix Studio Engineering uses FieldMask for mutation operations such as update and remove.

I built the entire universe (and beyond) in JavaScript
An in-browser, freely explorable, 3D game across infinite universes procedurally generated. Go from universe to universe and discover the origin of everything. A four chapter story with an epic revelation at the end.

Watch and Listen

Linux Essentials for Ethical Hackers
In this Linux course, you will learn the 20% you need to know to be efficient with Linux. This course will teach all the common Linux skills used in cyber-security and ethical hacking.

Donald Knuth: Programming, Algorithms, Hard Problems & the Game of Life
An interview with Donald Knuth, a computer scientist, Turing Award winner, father of algorithm analysis, author of The Art of Computer Programming, and creator of TeX.

Managing Kubernetes entirely in Git? Meet GitOps
A chat with Paul Fremantle, VP of Product Engineering at Weaveworks, about managing Kubernetes entirely within Git. It’s GitOps! It’s a philosophy where you externalize your runtime configuration as a set of resources in a Git repository.

Interesting Projects, Tools and Libraries

eks-anywhere
Run Amazon EKS on your own infrastructure.

kubernetes-best-practices
A cookbook with the best practices for working with kubernetes.

KDL
KDL is a document language with xml-like semantics that looks like you're invoking a bunch of CLI commands! It's meant to be used both as a serialization format and a configuration language, much like JSON, YAML, or XML.

Javalin
A simple and modern Java and Kotlin web framework.

GlueSQL
SQL Database Engine as a Library.

Mockachino
A mock JSON API in 10 seconds.

Dopefolio
A Blazing Fast Multipage Portfolio Template for Developers.

milkdown
Plugin driven WYSIWYG markdown editor framework.

Our Other Newsletters

Python Weekly - A free weekly newsletter featuring the best hand curated news, articles, tools and libraries, new releases, jobs etc related to Python.

Founder Weekly - A free weekly newsletter for entrepreneurs featuring best curated content, must read articles, how to guides, tips and tricks, resources, events and more.

Copyright © 2021 Programmer Weekly, All rights reserved.
You are receiving our weekly newsletter because you signed up at http://www.ProgrammerWeekly.com

Our mailing address is:

Programmer Weekly

Brooklyn

Brooklyn, NY 11228

Add us to your address book

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Programmer Weekly - Programmer Weekly - Issue 72

Programmer Weekly

Older messages

Programmer Weekly - Issue 69

Programmer Weekly - Issue 68

Programmer Weekly - Issue 66

Programmer Weekly - Issue 64

Programmer Weekly - Issue 62

You Might Also Like

Import AI 399: 1,000 samples to make a reasoning model; DeepSeek proliferation; Apple's self-driving car simulator

Defining Your Paranoia Level: Navigating Change Without the Overkill

5 ways AI can help with taxes 🪄

Recurring Automations + Secret Updates

The First Provable AI-Proof Game: Introducing Butterfly Wings 4

GCP Newsletter #437

Charted | The 1%'s Share of U.S. Wealth Over Time (1989-2024) 💰

The Great Social Media Diaspora & Tapestry is here

Daily Coding Problem: Problem #1689 [Medium]

📧 Stop Conflating CQRS and MediatR