Plurrrr

a tumblelog
week 13, 2021

Spirited Away: Wonderful

During her family's move to the suburbs, a sullen 10-year-old girl wanders into a world ruled by gods, witches, and spirits, and where humans are changed into beasts.

In the evening we watched Spirited Away (2001) as requested by Alice. I enjoyed the movie a lot. Great work of art; recommended.

Securing Your PostgreSQL Database

Databases are the Holy Grail for hackers, and as such, must be protected with utmost care. This is the first in a series of articles in which we’ll give an overview of best practices for securing your databases. We’re starting with one of the most popular open-source databases, PostgreSQL, and will go over several levels of security you’d need to think about:

  • Network-level security
  • Transport-level security
  • Database-level security

Source: PostgreSQL Security Hardening, an article by Roman Tkachenko.

What problems do people solve with strace?

Yesterday I asked on Twitter about what problems people are solving with strace and as usual everyone really delivered! I got 200 answers and then spent a bunch of time manually categorizing them into 9 categories of problems.

All of the problems are about either finding files a program depends on, figuring out why a program is stuck or slow, or finding out why a program is failing. These generally matched up with what I use strace for myself, but there were some things I hadn’t thought of too!

Source: What problems do people solve with strace?, an article by Julia Evans.

Go HTTPS servers with TLS

This post is a basic introduction to running HTTPS servers and clients in Go using TLS. It assumes some familiarity with public-key crypto. Feel free to check out my earlier posts about RSA and the Diffie-Hellman Key Exchange; TLS uses the elliptic-curve version of Diffie-Hellman. I won't be covering how the protocol itself works in detail here, but if you're interested I recommend to read up on the subject.

Source: Go HTTPS servers with TLS, an article by Eli Bendersky.

A Desolation Called Peace

An alien armada lurks on the edges of Teixcalaanli space. No one can communicate with it, no one can destroy it, and Fleet Captain Nine Hibiscus is running out of options.

In a desperate attempt at diplomacy with the mysterious invaders, the fleet captain has sent for a diplomatic envoy. Now Mahit Dzmare and Three Seagrass—still reeling from the recent upheaval in the Empire—face the impossible task of trying to communicate with a hostile entity.

Their failure will guarantee millions of deaths in an endless war. Their success might prevent Teixcalaan’s destruction—and allow the empire to continue its rapacious expansion.

Or it might create something far stranger . . .

The 9th of September 2019 I wrote that I was looking forward to a sequel to Arkady Martine's A Memory Called Empire. A sequel was written, so in the evening I started to read A Desolation Called Peace, Teixcalaan Book 2.

All C++20 core language features with examples

The story behind this article is very simple, I wanted to learn about new C++20 language features and to have a brief summary for all of them on a single page. So, I decided to read all proposals and create this “cheat sheet” that explains and demonstrates each feature. This is not a “best practices” kind of article, it serves only demonstrational purpose. Most examples were inspired or directly taken from corresponding proposals, all credit goes to their authors and to members of ISO C++ committee for their work. Enjoy!

Source: All C++20 core language features with examples, an article by Oleksandr Koval.

Get Started With Tmux

Before getting started with tmux, let us go over some questions to see if tmux is right for you:

  • Do you use a terminal as part of your your development workflow?
  • Do you use multiple terminals in different tabs or windows to navigate files, edit text, compile and run code, tail log files, push code to repository, and run one-time adhoc commands?
  • Do you work on multiple projects at a time, each with its own set of workflow and environment requirements, and often have to switch context?
  • Do you SSH into remote systems?
  • Have you ever got disconnected from a remote SSH session in the middle of a task that you were running and monitoring?

If you answered yes to any of these questions, then tmux is for you!

Source: Get Started With Tmux, an article by Sunaina Pai.

The Conspiracy Club: Good

In the evening I finished The Conspiracy Club by Jonathan Kellerman. I did enjoy the book; recommended.

A few Git tips

I don’t do that much that’s clever with git, but I’ve found the following helpful.

Source: A few Git tips, an article by Rob Allen.

Writing Makefiles for Python Projects

Makefiles give your contributors an entry point on how to do certain things like, building, testing, deploying. And if done correctly, they can massively simplify your CI/CD pipeline scripts as they can often just stupidly call the respective make targets. Most importantly, they are a very convenient shortcut for you as a developer as well.

For Python projects, where I'm almost always using virtual environments, I've been using two different strategies for Makefiles:

  1. assuming that make is executed inside the virtual environment
  2. wrapping all virtual environment calls inside make

Both strategies have their pros and cons.

Source: Writing Makefiles for Python Projects, an article by Bastian Venthur.

HTML Inputs and Labels: A Love Story

Most inputs have something in common — they are happiest with a companion label! And the happiness doesn’t stop there. Forms with proper inputs and labels are much easier for people to use and that makes people happy too.

Source: HTML Inputs and Labels: A Love Story, an article by Amber Wilson.

Tools for Auditing CSS

Auditing CSS is not a common task in a developer’s everyday life, but sometimes you just have to do it. Maybe it’s part of a performance review to identify critical CSS and reduce unused selectors. Perhaps is part of effort to improve accessibility where all the colors used in the codebase evaluated for contrast. It might even be to enforce consistency!

Source: Tools for Auditing CSS, an article Silvestar Bistrović.

A tool to spy on your DNS queries: dnspeep

Hello! Over the last few days I made a little tool called dnspeep that lets you see what DNS queries your computer is making, and what responses it’s getting. It’s about 250 lines of Rust right now.

I’ll talk about how you can try it, what it’s for, why I made it, and some problems I ran into while writing it.

Source: A tool to spy on your DNS queries: dnspeep, an article by Julia Evans.

How to Improve CSS Performance

Combined with the complexity of modern websites and the way browsers process CSS, even a moderate amount of CSS can become a bottleneck for people who deal with constrained devices, network latency, bandwidth, or data limits. Because performance is a vital part of the user experience, it’s essential to make sure you deliver a consistent, high-quality experience across devices of all shapes and sizes and that requires optimising your CSS too.

This post will cover what kinds of performance issues CSS can cause and best practices for crafting CSS that doesn’t get in people’s way.

Source: How to Improve CSS Performance, an article by Milica Mihajlija.

Know Your Nil

In Golang, nil is an interesting value. You may be familiar with Go’s philosophy of making the “zero value” meaningful.

Uninitialized variables and fields are set to the zero value. For example, if you have a uninitialized variable of an integer type, its value will always default to 0. An uninitialized string will be the empty string. Likewise, the zero value for a pointer is nil.

Source: Know Your Nil, an article by Jeremy Mikkola.

Improving shell workflows with fzf

Working in a shell usually involves executing the same set of commands again and again; what changes is the order in which the commands are executed, and the parameters that are passed to the command. One way to improve shell workflows is finding patterns in the execution order of commands and extracting those into little scripts; this can often be helpful and is part of what makes working in a shell so powerful. Another way is to understand how the parameters are added and try to simplify this; that’s what I will focus mostly on in this blog post.

Source: Improving shell workflows with fzf, an article by Sebastian Jambor.

Building a Magical 3D Button

I had a neat realization recently: Buttons are the “killer feature” of the web.

Every significant thing we do online, from ordering food to scheduling an appointment to playing a video, involves pressing a button. Buttons (and the forms they submit) make the web dynamic and interactive and powerful.

But so many of those buttons are lackluster. They can trigger enormous changes in the real world, but they don't feel tangible at all. The feel like dull everyday pixels.

In this tutorial, we'll build a whimsical 3D button.

Source: Building a Magical 3D button with HTML and CSS, an article by Joshua Comeau.

Dropping hashes

There exists an idiom called “dropping a hash” which is widely understood in the security community and not widely understood elsewhere. Somewhat surprisingly, there does not appear to be a canonical explanation. I have dropped hashes before and wrote this up to explain the significance of it to non-specialists.

Source: Dropping hashes: an idiom used to demonstrate provenance of documents, an article by Patrick McKenzie.

VPN over SSH? The SOCKS Proxy

Some resources on the internet might be only accessible from clients with particular IP addresses. For example, suppose you want to download a paper published in a journal purchased by your university. In that case, you have to connect to the journal’s website from a computer with an IP address that belongs to your university. If you are working at home, it is well-known that you may connect to the university’s VPN such that your IP address will be disguised as a campus’s IP address that allows you to download the paper paid by your university. However, it is not always possible to use VPN provided by your school. For instance, some VPN requires special client software, which may not support OS like Linux. Is there any simple alternative solution to VPN? The answer is YES if you can SSH to a server running with a university’s IP address, e.g., a workstation running in your laboratory.

Source: VPN over SSH? The SOCKS Proxy, an article by Cory Chu.

10 Kubernetes Security Context settings you should understand

Securely running workloads in Kubernetes can be difficult. Many different settings impact security throughout the Kubernetes API, requiring significant knowledge to implement correctly. One of the most powerful tools Kubernetes provides in this area are the securityContext settings that every Pod and Container manifest can leverage. In this cheatsheet, we will take a look at the various securityContext settings, explore what they mean and how you should use them.

Source: 10 Kubernetes Security Context settings you should understand, an article by Eric Smalling and Matt Jarvis.