I've recently changed DNS provider for this blog, and that forced me to look into how DNS works a bit closer. I did manage a DNS server for a couple years circa 2006, but I have to say I'd forgotten most of it. In case I forget it again, I'm recording my notes here.
Source: A short overview of DNS, an article by Gary Verhaegen.
In the evening I finished The Burning White, the final book in the Lightbringer series by Brent Weeks. I was a bit disappointed by this book. Too much text that didn't really add to the story in my opinion and an ending that could've been better. Still, I would recommend this series, especially book 2. But I also consider the Night Angel Trilogy better. Maybe The Lightbringer series should've been a trilogy as well.
In the last few months, I migrated both my workstation and my servers (a DigitalOcean VPS and a Raspberry Pi 3) to NixOS. To best summarize the benefits, let's just say that it's like having a "dotfiles" repo, but for your entire system (or multiple!), including custom software, service configuration, drivers, kernel tweaks, etc.
Source: NixOS in the Cloud, step-by-step: part 1, an article by Justinas Stankevičius.
Performance is one of the top reasons developers choose Rust for their applications. In fact, it's the first reason listed under the "Why Rust?" section on the rust-lang.org homepage, even before memory safety. This is for good reason too--many benchmarks show that software written in Rust is fast, sometimes even the fastest. This doesn't mean that everything written in Rust is guaranteed to be fast, though. In fact, it's surprisingly easy to write slow Rust code, especially when attempting to appease the borrow checker by cloning or
Arc-ing instead of borrowing, a strategy which is generally recommended to new Rust users. That's why it's important to profile and benchmark Rust code to see where any bottlenecks are and to fix them, just like you would in any other language. In this post, I'll demonstrate some basic tools and techniques for doing so, based on my recent experience working to improve the performance of themongodbcrate.
Soruce: Making slow Rust code fast, an article by Patrick Freed.
If you’re using Python in the world of data science or scientific computing, you will soon discover that Python has two different packaging systems: pip and Conda. Which raises some questions:
- How are they different?
- What are the tradeoffs between the two?
- Which should you use?
Source: Pip vs Conda: an in-depth comparison of Python’s two packaging systems, an article by Itamar Turner-Trauring.
One of the fundamental selling points of Rust is zero-cost abstractions. This means that you can write high-level generic code, and the compiler will optimize it in such a way that you couldn’t have written better code by hand.
Source: Rust async can truly be zero-cost, an article by Arpad Borsos.
IP address allow lists aka IP whitelists can be used to restrict your tunnel servers to only a set list of IP addresses or CIDRs.
Source: Restrict your tunnels with IP allow lists, an article by Alex Ellis.
What changed in Python 3.10 and which of those changes matter for you?
I’ve spent this week playing with Python 3.10. I’ve primarily been working on solutions to Python Morsels exercises that embrace new Python 3.10 features. I’d like to share what I’ve found.
Source: What's great about Python 3.10?, an article by Trey Hunner.
Python developers are in demand in the cybersecurity industry. Malware analysis, a huge part of cybersecurity, is the process of examining malicious software to understand how it operates. Malware analysts need to be skilled in reverse engineering and programming, as well as familiar with the operation of computers and how they work.
Python is a popular programming language for malware analysis and reverse engineering because it's easy to learn, fast to code, and runs on Windows, Linux, Unix and Mac. This blog post will discuss some of the best python tools (libraries and command-line programs) you can use for malware analysis.
Today while running an
apt full-upgradeI asked myself howaptdoes this nice progress bar stuck at the bottom line while still writing scrolling text.
Source: How APT does its fancy progress bar?, an article by Julien Palard.
Sticking to container security best practices is critical for successfully delivering verified software, as well as preventing severe security breaches and its consequences.
Source: Container security best practices: Ultimate guide, an article by Álvaro Iradier.
n algebraic data type is a structured type that’s formed by composing other types. Or, even shorter, it’s a type made of other types. That’s it. Not super complicated at all. If you’re a working programmer, you use them already every day.
Source: Algebraic Data Types: Things I wish someone had explained about functional programming, an article by James Sinclair.
GOAL: Build a lightweight, bootable *.img file that you can flash onto a Raspberry Pi SD card. This will be the shortest, fastest Buildroot tutorial you read, and the tutorial is optimized for speed and simplicity. For a deep dive, see the Buildroot manual.
Source: Building Tiny Raspberry Pi Linux Images With Buildroot, an article by Rick Carlino.
Whether learning a programming language, working through a problem, or trying to understand a new library, it may be tempting to flail around crafting just the right search engine query or cry for help on a forum like Stack Overflow. But look at any guide to asking good questions and you’ll find this commandment at the top: do your research. And one of the primary sources of that research is the official documentation for the language or library in question.
Source: Read The Fantastic Manual: How to get the most out of Perl documentation, an article by Mark Gardner.
I remain convinced that Python’s
functools.partial()is underappreciated. Following my previous post, here are three more ways to usepartial()with Django.
Source: Three more uses for functools.partial() in Django, an article by Adam Johnson.
JSON is the de facto standard when it comes to (un)serialising and exchanging data in web and mobile programming. But how well do you really know JSON? We'll read the specifications and write test cases together. We'll test common JSON libraries against our test cases. I'll show that JSON is not the easy, idealised format as many do believe. Indeed, I did not find two libraries that exhibit the very same behaviour. Moreover, I found that edge cases and maliciously crafted payloads can cause bugs, crashes and denial of services, mainly because JSON libraries rely on specifications that have evolved over time and that left many details loosely specified or not specified at all.
Source: Parsing JSON is a Minefield, an article by Nicolas Seriot.
Python as a language is comparatively simple. And I believe, that you can learn quite a lot about Python and its features, just by learning what all of its builtins are, and what they do. And to back up that claim, I’ll be doing just that.
Source: Understanding all of Python, through its builtins, an article by Tushar Sadhwani.
A while ago, I was inspecting facebook.com home page feed to learn and see how they build things out. I’m always curious to see how people write CSS. I noticed a very, very interesting
border-radiusvalue for the card component in the main feed.
Source: Conditional Border Radius In CSS, an article by Ahmad Shadeed.
A few weeks ago Tom Sydney Kerckhove (@kerckhove_ts) published an excellent writeup of a serious DoS vulnerability in aeson, a widely used Haskell JSON library. A new aeson release addresses the hash flooding issue, but you need more than a version bump to ensure your programs are protected. This post outlines how aeson addressed the vulnerability and what action you need to take.
Source: How to protect aeson code from hash flooding, an article by Fraser Tweedale.