Databases are the Holy Grail for hackers, and as such, must be
protected with utmost care. This is the first in a series of
articles in which we’ll give an overview of best practices for
securing your databases. We’re starting with one of the most popular
open-source databases, PostgreSQL, and will go over several levels
of security you’d need to think about:
All of the problems are about either finding files a program depends
on, figuring out why a program is stuck or slow, or finding out why
a program is failing. These generally matched up with what I use
strace for myself, but there were some things I hadn’t thought of
This post is a basic introduction to running HTTPS servers and
clients in Go using TLS. It assumes some familiarity with public-key
crypto. Feel free to check out my earlier posts about
and the Diffie-Hellman Key
TLS uses the elliptic-curve version of Diffie-Hellman. I won't be
covering how the protocol itself works in detail here, but if you're
interested I recommend to read up on the subject.
An alien armada lurks on the edges of Teixcalaanli space. No one can
communicate with it, no one can destroy it, and Fleet Captain Nine
Hibiscus is running out of options.
In a desperate attempt at diplomacy with the mysterious invaders,
the fleet captain has sent for a diplomatic envoy. Now Mahit Dzmare
and Three Seagrass—still reeling from the recent upheaval in the
Empire—face the impossible task of trying to communicate with a
Their failure will guarantee millions of deaths in an endless
war. Their success might prevent Teixcalaan’s destruction—and allow
the empire to continue its rapacious expansion.
Or it might create something far stranger . . .
The 9th of September
2019 I wrote that I was
looking forward to a sequel to Arkady Martine's A Memory Called
Empire. A sequel was written, so in the evening I started to read A
Teixcalaan Book 2 by Arkady Martine.
The story behind this article is very simple, I wanted to learn
about new C++20 language features and to have a brief summary for
all of them on a single page. So, I decided to read all proposals
and create this “cheat sheet” that explains and demonstrates each
feature. This is not a “best practices” kind of article, it serves
only demonstrational purpose. Most examples were inspired or
directly taken from corresponding proposals, all credit goes to
their authors and to members of ISO C++ committee for their
Makefiles give your contributors an entry point on how to do
certain things like, building, testing, deploying. And if done
correctly, they can massively simplify your CI/CD pipeline scripts
as they can often just stupidly call the respective make
targets. Most importantly, they are a very convenient shortcut for
you as a developer as well.
For Python projects, where I'm almost always using virtual
been using two different strategies for Makefiles:
assuming that make is executed inside the virtual environment
wrapping all virtual environment calls inside make
Most inputs have something in common — they are happiest with a
companion label! And the happiness doesn’t stop there. Forms with
proper inputs and labels are much easier for people to use and that
makes people happy too.
Auditing CSS is not a common task in a developer’s everyday life,
but sometimes you just have to do it. Maybe it’s part of a
performance review to identify critical CSS and reduce unused
selectors. Perhaps is part of effort to improve accessibility where
all the colors used in the codebase evaluated for contrast. It might
even be to enforce consistency!
Combined with the complexity of modern websites and the way browsers
process CSS, even a moderate amount of CSS can become a bottleneck
for people who deal with constrained devices, network latency,
bandwidth, or data limits. Because performance is a vital part of
the user experience, it’s essential to make sure you deliver a
consistent, high-quality experience across devices of all shapes and
sizes and that requires optimising your CSS too.
This post will cover what kinds of performance issues CSS can cause
and best practices for crafting CSS that doesn’t get in people’s
In Golang, nil is an interesting value. You may be familiar with
Go’s philosophy of making the “zero value” meaningful.
Uninitialized variables and fields are set to the zero value. For
example, if you have a uninitialized variable of an integer type,
its value will always default to 0. An uninitialized string will be
the empty string. Likewise, the zero value for a pointer is nil.
Working in a shell usually involves executing the same set of
commands again and again; what changes is the order in which the
commands are executed, and the parameters that are passed to the
command. One way to improve shell workflows is finding patterns in
the execution order of commands and extracting those into little
scripts; this can often be helpful and is part of what makes working
in a shell so powerful. Another way is to understand how the
parameters are added and try to simplify this; that’s what I will
focus mostly on in this blog post.
I had a neat realization recently: Buttons are the “killer feature”
of the web.
Every significant thing we do online, from ordering food to
scheduling an appointment to playing a video, involves pressing a
button. Buttons (and the forms they submit) make the web dynamic and
interactive and powerful.
But so many of those buttons are lackluster. They can trigger
enormous changes in the real world, but they don't feel tangible at
all. The feel like dull everyday pixels.
In this tutorial, we'll build a whimsical 3D button.
There exists an idiom called “dropping a hash” which is widely
understood in the security community and not widely understood
elsewhere. Somewhat surprisingly, there does not appear to be a
canonical explanation. I have dropped hashes before and wrote this
up to explain the significance of it to non-specialists.
Some resources on the internet might be only accessible from clients
with particular IP addresses. For example, suppose you want to
download a paper published in a journal purchased by your
university. In that case, you have to connect to the journal’s
website from a computer with an IP address that belongs to your
university. If you are working at home, it is well-known that you
may connect to the university’s VPN such that your IP address will
be disguised as a campus’s IP address that allows you to download
the paper paid by your university. However, it is not always
possible to use VPN provided by your school. For instance, some VPN
requires special client software, which may not support OS like
Linux. Is there any simple alternative solution to VPN? The answer
is YES if you can SSH to a server running with a university’s IP
address, e.g., a workstation running in your laboratory.
Securely running workloads in Kubernetes can be difficult. Many
different settings impact security throughout the Kubernetes API,
requiring significant knowledge to implement correctly. One of the
most powerful tools Kubernetes provides in this area are the
securityContext settings that every Pod and Container manifest can
leverage. In this cheatsheet, we will take a look at the various
securityContext settings, explore what they mean and how you
should use them.