week 41, 2021

A short overview of DNS

I've recently changed DNS provider for this blog, and that forced me to look into how DNS works a bit closer. I did manage a DNS server for a couple years circa 2006, but I have to say I'd forgotten most of it. In case I forget it again, I'm recording my notes here.

Source: A short overview of DNS, an article by Gary Verhaegen.

The Burning White: Not So Good

In the evening I finished The Burning White, the final book in the Lightbringer series by Brent Weeks. I was a bit disappointed by this book. Too much text that didn't really add to the story in my opinion and an ending that could've been better. Still, I would recommend this series, especially book 2. But I also consider the Night Angel Trilogy better. Maybe The Lightbringer series should've been a trilogy as well.

NixOS in the Cloud, step-by-step: part 1

In the last few months, I migrated both my workstation and my servers (a DigitalOcean VPS and a Raspberry Pi 3) to NixOS. To best summarize the benefits, let's just say that it's like having a "dotfiles" repo, but for your entire system (or multiple!), including custom software, service configuration, drivers, kernel tweaks, etc.

Source: NixOS in the Cloud, step-by-step: part 1, an article by Justinas Stankevičius.

Making slow Rust code fast

Performance is one of the top reasons developers choose Rust for their applications. In fact, it's the first reason listed under the "Why Rust?" section on the homepage, even before memory safety. This is for good reason too--many benchmarks show that software written in Rust is fast, sometimes even the fastest. This doesn't mean that everything written in Rust is guaranteed to be fast, though. In fact, it's surprisingly easy to write slow Rust code, especially when attempting to appease the borrow checker by cloning or Arc-ing instead of borrowing, a strategy which is generally recommended to new Rust users. That's why it's important to profile and benchmark Rust code to see where any bottlenecks are and to fix them, just like you would in any other language. In this post, I'll demonstrate some basic tools and techniques for doing so, based on my recent experience working to improve the performance of the mongodb crate.

Soruce: Making slow Rust code fast, an article by Patrick Freed.

What's great about Python 3.10?

What changed in Python 3.10 and which of those changes matter for you?

I’ve spent this week playing with Python 3.10. I’ve primarily been working on solutions to Python Morsels exercises that embrace new Python 3.10 features. I’d like to share what I’ve found.

Source: What's great about Python 3.10?, an article by Trey Hunner.

Top Python Tools for Malware Analysis

Python developers are in demand in the cybersecurity industry. Malware analysis, a huge part of cybersecurity, is the process of examining malicious software to understand how it operates. Malware analysts need to be skilled in reverse engineering and programming, as well as familiar with the operation of computers and how they work.

Python is a popular programming language for malware analysis and reverse engineering because it's easy to learn, fast to code, and runs on Windows, Linux, Unix and Mac. This blog post will discuss some of the best python tools (libraries and command-line programs) you can use for malware analysis.

Source: Top Python Tools for Malware Analysis.

How to get the most out of Perl documentation

Whether learning a programming language, working through a problem, or trying to understand a new library, it may be tempting to flail around crafting just the right search engine query or cry for help on a forum like Stack Overflow. But look at any guide to asking good questions and you’ll find this commandment at the top: do your research. And one of the primary sources of that research is the official documentation for the language or library in question.

Source: Read The Fantastic Manual: How to get the most out of Perl documentation, an article by Mark Gardner.

Parsing JSON is a Minefield 💣

JSON is the de facto standard when it comes to (un)serialising and exchanging data in web and mobile programming. But how well do you really know JSON? We'll read the specifications and write test cases together. We'll test common JSON libraries against our test cases. I'll show that JSON is not the easy, idealised format as many do believe. Indeed, I did not find two libraries that exhibit the very same behaviour. Moreover, I found that edge cases and maliciously crafted payloads can cause bugs, crashes and denial of services, mainly because JSON libraries rely on specifications that have evolved over time and that left many details loosely specified or not specified at all.

Source: Parsing JSON is a Minefield, an article by Nicolas Seriot.

Conditional Border Radius In CSS

A while ago, I was inspecting home page feed to learn and see how they build things out. I’m always curious to see how people write CSS. I noticed a very, very interesting border-radius value for the card component in the main feed.

Source: Conditional Border Radius In CSS, an article by Ahmad Shadeed.

How to protect aeson code from hash flooding

A few weeks ago Tom Sydney Kerckhove (@kerckhove_ts) published an excellent writeup of a serious DoS vulnerability in aeson, a widely used Haskell JSON library. A new aeson release addresses the hash flooding issue, but you need more than a version bump to ensure your programs are protected. This post outlines how aeson addressed the vulnerability and what action you need to take.

Source: How to protect aeson code from hash flooding, an article by Fraser Tweedale.