I've recently changed DNS provider for this blog, and that forced me
to look into how DNS works a bit closer. I did manage a DNS server
for a couple years circa 2006, but I have to say I'd forgotten most
of it. In case I forget it again, I'm recording my notes here.
In the evening I finished The Burning
the final book in the Lightbringer series by Brent Weeks. I was a bit
disappointed by this book. Too much text that didn't really add to the
story in my opinion and an ending that could've been better. Still, I
would recommend this series, especially book 2. But I also consider
the Night Angel Trilogy better. Maybe The Lightbringer series
should've been a trilogy as well.
In the last few months, I migrated both my workstation and my
servers (a DigitalOcean VPS and a Raspberry Pi 3) to NixOS. To best
summarize the benefits, let's just say that it's like having a
"dotfiles" repo, but for your entire system (or multiple!),
including custom software, service configuration, drivers, kernel
Performance is one of the top reasons developers choose Rust for
their applications. In fact, it's the first reason listed under the
section on the rust-lang.org homepage, even before memory
safety. This is for good reason too--many benchmarks show that
software written in Rust is fast, sometimes even the
doesn't mean that everything written in Rust is guaranteed to be
fast, though. In fact, it's surprisingly easy to write slow Rust
code, especially when attempting to appease the borrow checker by
cloning or Arc-ing instead of borrowing, a strategy which is
generally recommended to new Rust users. That's why it's important
to profile and benchmark Rust code to see where any bottlenecks are
and to fix them, just like you would in any other language. In this
post, I'll demonstrate some basic tools and techniques for doing so,
based on my recent experience working to improve the performance of
the mongodb crate.
One of the fundamental selling points of Rust is zero-cost
abstractions. This means that you can write high-level generic code,
and the compiler will optimize it in such a way that you couldn’t
have written better code by hand.
Python developers are in demand in the cybersecurity
industry. Malware analysis, a huge part of cybersecurity, is the
process of examining malicious software to understand how it
operates. Malware analysts need to be skilled in reverse
engineering and programming, as well as familiar with the operation
of computers and how they work.
Python is a popular programming language for malware analysis and
reverse engineering because it's easy to learn, fast to code, and
runs on Windows, Linux, Unix and Mac. This blog post will discuss
some of the best python tools (libraries and command-line programs)
you can use for malware analysis.
n algebraic data type is a structured type that’s formed by
composing other types. Or, even shorter, it’s a type made of other
types. That’s it. Not super complicated at all. If you’re a working
programmer, you use them already every day.
GOAL: Build a lightweight, bootable *.img file that you can
flash onto a Raspberry Pi SD card. This will be the shortest,
fastest Buildroot tutorial you read, and the tutorial is optimized
for speed and simplicity. For a deep dive, see the Buildroot
JSON is the de facto standard when it comes to (un)serialising and
exchanging data in web and mobile programming. But how well do you
really know JSON? We'll read the specifications and write test cases
together. We'll test common JSON libraries against our test
cases. I'll show that JSON is not the easy, idealised format as many
do believe. Indeed, I did not find two libraries that exhibit the
very same behaviour. Moreover, I found that edge cases and
maliciously crafted payloads can cause bugs, crashes and denial of
services, mainly because JSON libraries rely on specifications that
have evolved over time and that left many details loosely specified
or not specified at all.
Python as a language is comparatively simple. And I believe, that
you can learn quite a lot about Python and its features, just by
learning what all of its builtins are, and what they do. And to back
up that claim, I’ll be doing just that.
A while ago, I was inspecting facebook.com home page feed to learn
and see how they build things out. I’m always curious to see how
people write CSS. I noticed a very, very interesting border-radius
value for the card component in the main feed.
A few weeks ago Tom Sydney Kerckhove
(@kerckhove_ts) published an
writeup of a
serious DoS vulnerability in
aeson, a widely used
Haskell JSON library. A new aeson release addresses the hash
flooding issue, but you need more than a version bump to ensure
your programs are protected. This post outlines how aeson
addressed the vulnerability and what action you need to take.