BetterDev #216 - Why Authorization is Hard and The pitfalls of using ssh-agent, or how to use an agent safely
Better Dev #216 Sep 20, 2021
A very practical issue. Dealing with authorization, SSH agent, design API, optimize big JS bundle, text vs varchar in database design. I hope you like these as much as I do.
Have a great week everyone.
There’s a fundamental tension in authorization. Is it business logic or authorization logic? Should it be in the app, or separate? Authorization wasn’t particularly fashionable in tech circles. Fast-forward to today, and Airbnb, Carta, Slack, and Intuit are all writing blog posts about the internal authorization systems they built. Suddenly it seems like authorization is a topic as cool as moving to Kubernetes!
rogramming hasn’t fundamentally changed in a long time. Building an app usually means Googling for the right component library, debugging dependencies, rewriting a lot of boilerplate code, and figuring out where to deploy. Everything but solving the problem at hand. Retool is a new approach: we’ve unified the ease of visual programming with the power and flexibility of real code. Connect to any database or API. Drag-and-drop a UI while simultaneously live programming it. Deploy instantly. Allbirds uses Retool to measure billboard efficacy. Amazon uses Retool to handle GDPR requests. You, too, can use it to build business-critical applications fast.
Using ssh-agent, your key can be transfered securely to a jumpbox and from that jump box you an login to another server using that key. But it has so many pitfall to the point many suggest to never use it. In this posts, we will see how we can leverage it safely. Because while proxyjump is useful for SSH, it’s won’t superuseful for thing like git clone
.
Tooling, process, strategy to understand Apple Dictionary format. Like how the author walked us through his though process. These kind of article can be very helpful to show how to approach a problem when its knowledge isn’t searchable on google and you gotta be figure it yourself
Nextflix heavily uses gRPC for the purpose of backend to backend communication. When processing a request it is often beneficial to know which fields the caller is interested in and which ones they ignore. How can they understand which fields the caller doesn’t need to be supplied in the response in a gRPC request?
browser always has to parse your JavaScript, regardlesss if that is run on the page or not, they still have to parse, and the bigger the bundles, it takes more time to load. What can we do about it?
Deep dive into how percentile works, when it will shift and why it’s beeter to monitor trend thant average or median.
Lesson from Stripe engineering on why they used text
, then switch to varchar(n)
. The TLDR is that client may not enforce length limit and cause huge text ended up in database
Maynot related to our daily work that much but it’s a really good post to laid our how we can look at a bunch of hexdump and understand what is what. Even if you don’t use C or gdb I’m strongly advise to give this a read
Code to read
Simple and performant client for PostgreSQL, MySQL, and SQLite. If you want to see how to write a database client, look no more. It also supports migration.
GoLightweight, fully spec-compliant HTML5 server-sent events library. If your communication is one-way such as you are only interested into event return from servers, then SSE is much more lightweight and easy to implement than websocket.
GoA script language like Python or Lua written in Rust, with exactly the same syntax as Go’s.
RustBasically allow you to create userbots that can record and broadcast in voice chats, make and receive private calls.
PythonTools
Based on Wireguard VPN, allow you to create a mesh network between multiple hosts. Including a webui for management as well.
checks the configuration of given server accessible over internet during SSH handshake - notably supported encryption and MAC algorithms, and an overview of offered server public keys.
rogramming hasn’t fundamentally changed in a long time. Building an app usually means Googling for the right component library, debugging dependencies, rewriting a lot of boilerplate code, and figuring out where to deploy. Everything but solving the problem at hand. Retool is a new approach: we’ve unified the ease of visual programming with the power and flexibility of real code. Connect to any database or API. Drag-and-drop a UI while simultaneously live programming it. Deploy instantly. Allbirds uses Retool to measure billboard efficacy. Amazon uses Retool to handle GDPR requests. You, too, can use it to build business-critical applications fast.
You can view this issue in web browser.
If you have any suggestion/feedback, do tell me by replying to this email. I read them all.
No longer want to receive these emails? Unsubscribe
Key phrases
Older messages
BetterDev #215 - Can Podcasts Predict the Stock Market?
Monday, September 13, 2021
Better Dev #215 Sep 13, 2021 Hi everyone, full of security related articles this week. I want to shift gear a bit to give everyone gain more knowledge and exposure to cyber security. Can Podcasts
BetterDev #214 - Picturing Git: Conceptions and Misconception
Tuesday, September 7, 2021
Better Dev #214 Sep 07, 2021 This issue is arrived one day later than our usual schedule due to US holiday. We're back now and hope everyone had a great week despite of the holiday or not Picturing
BetterDev #213 - An amazing error message if you put more than 2^24 items in a JS Map object
Monday, August 30, 2021
Better Dev #213 Aug 30, 2021 An amazing error message if you put more than 2^24 items in a JS Map object Can you guess that? a map with 2^24 items? Probaly some limit exceed error? Indeed, JS will
BetterDev #212 - One does not simply calculate the absolute value
Monday, August 23, 2021
Better Dev #212 Aug 23, 2021 Happy monday everyone. I hope this week's issue bring you some joy. We got stories of Rakuten, Clubhouse, Target deploy and debug their system. Infrastructure is hard
BetterDev #211 - Mixpanel Saving $30000 a month by improving Garbage Collection
Tuesday, August 17, 2021
Better Dev #211 Aug 16, 2021 Hi all, Let's get straight to our link this week. If you like our content, please share it with your friends or co-workers :) Saving $30000 a month by improving Garbage
You Might Also Like
Tesla Autopilot investigation closed
Friday, April 26, 2024
Inside the IBM-HashiCorp deal and Thoma Bravo takes another company private View this email online in your browser By Christine Hall Friday, April 26, 2024 Good afternoon, and welcome to TechCrunch PM.
Microsoft's and Google's bet on AI is paying off - Weekly News Roundup - Issue #464
Friday, April 26, 2024
Plus: AI-controlled F-16 has been dogfighting with humans; Grok-1.5 Vision; BionicBee; Microsoft's AI generates realistic deepfakes from a single photo; and more! ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
🤓 The Meta Quest Might Be the VR Steam Deck Soon — Games to Play After Finishing Wordle
Friday, April 26, 2024
Also: Why a Cheap Soundbar Is Better Than Nothing, and More! How-To Geek Logo April 26, 2024 Did You Know TMI: Rhinotillexomania is the medical term for obsessive nose picking. 🖥️ Get Those Updates
JSK Daily for Apr 26, 2024
Friday, April 26, 2024
JSK Daily for Apr 26, 2024 View this email in your browser A community curated daily e-mail of JavaScript news A Solid primer on Signals with Ryan Carniato (JS Party #320) Ryan Carniato joins Amal
So are we banning TikTok or what?
Friday, April 26, 2024
Also: Can an influencer really tank an $800M company? View this email online in your browser By Haje Jan Kamps Friday, April 26, 2024 Image Credits: Jonathan Raa/NurPhoto / Getty Images Welcome to
[AI Incubator] 300+ people are already in. Enrollment closes tonight at 11:59pm PT.
Friday, April 26, 2024
How to decide if you're ready.
Daily Coding Problem: Problem #1423 [Medium]
Friday, April 26, 2024
Daily Coding Problem Good morning! Here's your coding interview problem for today. This problem was asked by Google. You are given an array of nonnegative integers. Let's say you start at the
Data science for Product Managers
Friday, April 26, 2024
Crucial resources to empower you with data that matters.
Inner Thoughts
Friday, April 26, 2024
'The Inner Circle' Comes Around... Inner Thoughts By MG Siegler • 26 Apr 2024 View in browser View in browser If you'll allow me a brief meta blurb this week (not a Meta blurb, plenty of
Digest #135: Kubernetes Hacks, Terraform CI/CD, HashiCorp Acquisition, AWS Data Transfer Monitoring
Friday, April 26, 2024
Explore Advanced Kubernetes Techniques, Dive Into Terraform CI/CD Frameworks, Monitor AWS Data Transfer, and Explore Cloud Security with Gitleaks! ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏