Towards A Safer Footgun | codahale.com
Modern symmetric encryption is built around Authenticated Encryption with Associated Data (AEAD) constructions: combinations of ciphers and message authentication codes which provide strong guarantees of both confidentiality and integrity. These constructions avoid the “doom principle” which made so many older cryptosystems vulnerable to online attacks, but many of the standard AEAD constructions have problems of their own.
What’s an AEAD?

An AEAD is essentially a pair of functions:...
encryption  cryptography  security 
22 hours ago
security - How can bcrypt have built-in salts? - Stack Overflow
Stored in the database, a bcrypt "hash" might look something like this:


This is actually three fields, delimited by "$":

2a identifies the bcrypt algorithm version that was used.
10 is the cost factor; 210 iterations of the key derivation function are used (which is not enough, by the way. I'd recommend a cost of 12 or more.)
vI8aWBnW3fID.ZQ4/zo1G.q1lRps.9cGLcZEiGDMVr5yUP1KUOYTa is the salt and the cipher...
bcrypt  authentication  gotcha  algorithms 
22 hours ago
gin osx firewall issue · Issue #12 · codegangsta/gin
Same happened to me, because if your HOST environment variable is empty, the server is trying to bind to :3000, which needs permission from the firewall. The solution is to invoke gin like this: HOST="localhost" gin.
golang  gin  firewall  osx 
Building a Go Web App - Part 2 - Gregory Trubetskoy
This is a continuation of part 1.
(There is also part 3
and part 4). So our app is going to have two major parts to it: client and
server. (What year …
golang  go  web-development 
2 days ago
Ask HN: What is your Golang web-dev tech stack? | Hacker News
I've started using Echo[1] and it seems to provide most of what I'm looking for (routing, context, sessions, CSRF protection, form/json binding, etc). For templating, I'm using QuickTemplate[2] which creates statically generated templates, but Pongo2[3] and Jet[4] also look reasonable. sqlx[5], gorm[6], and sqlboiler[7] all seem reasonable for database access, depending on what your style is (sqlx being oriented toward manual statements, gorm being reflection-based orm-ish, and sqlb...
golang  go  web-development 
2 days ago
go-echo-sqlboiler/Makefile at master · ken-aio/go-echo-sqlboiler
Golang + echo + sqlboiler sample. Contribute to ken-aio/go-echo-sqlboiler development by creating an account on GitHub.
golang  makefile 
2 days ago
volatiletech/sqlboiler: Generate a Go ORM tailored to your database schema.
SQLBoiler is a tool to generate a Go ORM tailored to your database schema.

It is a "database-first" ORM as opposed to "code-first" (like gorm/gorp). That means you must first create your database schema. Please use something like goose, sql-migrate or some other migration tool to manage this part of the database's life-cycle.
golang  orm  database 
2 days ago
Echo - High performance, minimalist Go web framework
Automatic TLS

Automatically install TLS certificates from Let's Encrypt.
golang  web-development  letsencrypt  auto-ssl 
2 days ago
ohler55/agoo: A High Performance HTTP Server for Ruby
A simple hello world Ruby handler at over 100,000 requests per second on a desktop computer. That places Agoo at about 85 times faster than Sinatra and 1000 times faster than Rails. In both cases the latency was two orders of magnitude lower or more. Checkout the benchmarks. Note that the benchmarks had to use a C program called Perfer to hit the Agoo limits. Ruby benchmarks driver could not push Agoo hard enough.

Agoo supports the Ruby rack API which allows for the use of rack comp...
ruby  performance  benchmark 
2 days ago
the-benchmarker/web-frameworks: Which is the fastest web framework?
Which is the fastest web framework? Contribute to the-benchmarker/web-frameworks development by creating an account on GitHub.
benchmark  web-development  frameworks  microservices  microframeworks  golang  ruby  python  benchmarks 
2 days ago
jackc/pgx: PostgreSQL driver and toolkit for Go
pgx is a pure Go driver and toolkit for PostgreSQL. pgx is different from other drivers such as pq because, while it can operate as a database/sql compatible driver, pgx is also usable directly. It offers a native interface similar to database/sql that offers better performance and more features.
golang  database  go  postgresql 
2 days ago
upper/db: Productive data access layer for Go.
The upper.io/db.v3 package for Go is a productive data access layer for Go that provides a common interface to work with different data sources such as PostgreSQL, MySQL, SQLite, MSSQL, QL and MongoDB.
golang  database  go  postgresql 
2 days ago
Building the Topic Exchange tutorial with STOMP – Google Grupper

and for subscribing:




or (multiple)
destination:/exchange/topic_logs/kern.* *.critical
stomp  rabbimq  routing-key  multiple  api  gotcha 
4 days ago
Consistent Hash Rings Explained Simply
- you may want to take a URL and get back the server the website is hosted on.

- The problem of mimicking a hash table when the number of locations are constantly changing was exactly why consistent hashing was invented.

- For 2,000 keys spread across 100 locations, you now need to move only 20 keys to a new location if 1 location with only 20 keys goes down.

- This is the main benefit of consistent hashing: you now no longer need to move so many things just because one location has disappea...
algorithms  algorithm  distributed  consistent-hash  hash  cs 
4 days ago
'this' in TypeScript · Microsoft/TypeScript Wiki
Red Flags for this

The biggest red flag you can keep in mind is the use of a class method without immediately invoking it. Any time you see a class method being referenced without being invoked as part of that same expression, this might be incorrect.


var x = new MyObject();
x.printThing(); // SAFE, method is invoked where it is referenced

var y = x.printThing; // DANGER, invoking 'y()' may not have correct 'this'

window.addEventListener('click', x.printThing, 10); // DANGER, meth...
typescript  javascript  this  idiots 
5 days ago
JavaScript Garden
JavaScript Garden is a growing collection of documentation about the most quirky parts of the JavaScript programming language. It gives advice to avoid common mistakes and subtle bugs, as well as performance issues and bad practices, that non-expert JavaScript programmers may encounter on their endeavours into the depths of the language.
javascript  gotchas  idiots  programming  js 
5 days ago
Online regex tester and debugger: PHP, PCRE, Python, Golang and JavaScript
Online regex tester, debugger with highlighting for PHP, PCRE, Python, Golang and JavaScript.
regex  testing  regexp 
5 days ago
asdf-vm/asdf: Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more
extendable version manager

Supported languages include Ruby, Node.js, Elixir and more. Supporting a new language is as simple as this plugin API.
ruby  elixir  python  nodejs  version  rvm  rbenv 
7 days ago
Debugging Node.js with Chrome DevTools – Medium
Support for Node.js debuggability landed in Node.js in 2016. Here’s how to get up and running. (Post updated Jan 2018) Next, you used to open the big chrome-devtools:// URL it spits out, but don’t…
node.js  nodejs 
7 days ago
[rabbitmq-discuss] Headers Exchange
> Seems to be from the RabbitMQ
> AMQP compatibility chart but it's hard to find any concrete
> information on using it. What is the advantage if any over topic?
Short and fairly useless answer: Headers exchanges route based on the headers of the message. Topic exchanges route based on the routing key usd to publish the mesage. Longer answer: - Headers exchanges can express an "any field matches" or an "all fields match" condition. Topic exchanges can only express an "all words matc...
rabbitmq  headers-exchange  topic-exchange  messaging  architecture 
7 days ago
Vector Clocks Explained
Vector Clocks by Example

We’ve all had this problem:

Alice, Ben, Cathy, and Dave are planning to meet next week for
dinner. The planning starts with Alice suggesting they meet on
Wednesday. Later, Dave discuss alternatives with Cathy, and they
decide on Thursday instead. Dave also exchanges email with Ben, and
they decide on Tuesday. When Alice pings everyone again to find out
whether they still agree with her Wednesday suggestion, she gets
mixed message...
algorithms  distributed  distributed-systems  clock  vector  time 
8 days ago
GoogleChromeLabs/pptraas.com: Puppeteer as a service
Puppeteer as a service. Contribute to GoogleChromeLabs/pptraas.com development by creating an account on GitHub.
puppeteer  saas  crawler  automation  service 
9 days ago
ChromeDevTools/awesome-chrome-devtools: Awesome tooling and resources in the Chrome DevTools & DevTools Protocol ecosystem
Awesome tooling and resources in the Chrome DevTools & DevTools Protocol ecosystem - ChromeDevTools/awesome-chrome-devtools
chrome  devtools  debugging  web-development 
10 days ago
Now – Global Serverless Deployments
Now makes serverless application deployment easy.
Don’t spend time configuring the cloud. Just push your code.
serverless  deployment  golang 
10 days ago
Rancher 2 Hetzner Cloud UI Driver | ui-driver-hetzner
Rancher 2 UI driver for the Hetzner Cloud. For the Rancher 1 version check out the readme from the v1.6 branch which you can find here.
10 days ago
RethinkDB: the open-source database for the realtime web
RethinkDB is probably the most interesting new ‘on-disk + complex queries’ database out there. For sure made by people who get it.
Salvatore Sanfillipo, creator of Redis
database  json  nosql  db  streaming 
10 days ago
Open Source Release: postgresql-hll –
Dynamic COUNT(DISTINCT ...) queries that would have taken minutes or hours to compute from a fact table or would have been impossible in traditional cube aggregates return in milliseconds. Combine that speed with PostgreSQL’s window and aggregate functions and you have the ability to present interactive, rich distinct-value reporting over huge data sets. I’ll point you to the README and our blog posts on HyperLogLog for more technical details on storage, accuracy, and in-depth use cases.

I beli...
hll  postgresql  postgres  count  distinct  aggregate 
10 days ago
Active recall - Wikipedia
Active recall is a principle of efficient learning, which claims the need to actively stimulate memory during the learning process. It contrasts with passive review, in which the learning material is processed passively (e.g. by reading, watching, etc.). For example, reading a text about George Washington, with no further action, is a passive review. Answering the question "Who was the first US President?", is active recall.
learning  school  kids  studying  memory  best  details 
19 days ago
Testing effect - Wikipedia
The testing effect is the finding that long-term memory is often increased when some of the learning period is devoted to retrieving the to-be-remembered information.[1] The effect is also sometimes referred to as retrieval practice, practice testing, or test-enhanced learning.[2][3][4] The testing effect on memory should be distinguished from more general practice effects, defined in the APA Dictionary of Psychology (2007) as "any change or improvement that results from practice or ...
learning  school  kids  studying  memory  best  details 
19 days ago
Distribunomicon | Learn You Some Erlang for Great Good!
The basics of distributed computing, including the 8 fallacies (or assumptions) of distribution, the CAP theorem, and a hands on guide to getting things distributed with Erlang.

- 1. The CAP Theorem basically specifies that in any distributed system, you can only have two of CAP: either CA, CP, or AP. There is no possible way to have all of them.
- 2. Of the three possibilities, one that we can usually dismiss is the idea of CA (Consistency + Availability). The reason f...
cap  theorem  availability  partition-tolerance  consistency  erlang 
19 days ago
Message order and delivery guarantees in Elixir/Erlang
Same applies to the inter-node communication. Order in which messages sent between two processes is preserved, but message flow may be interrupted at any given moment and skip any number of messages in between.
two-generals  erlang  at-least-once  messaging  message-queues  architecture  gotcha 
19 days ago
Tesla Adds Larry Ellison and Kathleen Wilson-Thompson as Board Directors | Hacker News
Bruce Scott, the co-founder of Oracle says, “I remember Larry very distinctly telling me one time: Bruce, we can’t be successful unless we lie to customers.” And adds: “All the things that you would read in books of somebody being a leader, he wasn’t. But he was tenacious; he would never give up on anything.” [0]

Elon stretches the truth constantly. Should be a good fit.

[0]: https://techcrunch.com/2010/12/01/larry-ellison-hearsay-we-c...
larry-ellison  tenacious  business 
21 days ago
BEM — Block Element Modifier
The naming convention follows this pattern:

.block {}
.block__element {}
.block--modifier {}

.block represents the higher level of an abstraction or component.
.block__element represents a descendent of .block that helps form .block as a whole.
.block--modifier represents a different state or version of .block.

The reason for double rather than single hyphens and underscores is so that your block itself can be hyphen delimited, for example:

.site-search {} /* Block */
css  design  bem  naming  framework  frontend 
21 days ago
Katacoda - Interactive Learning Platform for Software Engineers
Learn new technologies using real environments
right in your browser
Interactive Learning and Training Platform for Software Engineers
Helping Developers Learn and Companies Increase Adoption
learning  education  devops  kubernetes 
21 days ago
Ask HN: What do you use for authentication and authorization? | Hacker News

arkadiyt 10 hours ago [-]

Hard to say without more concrete details, but if I had to reply in broad strokes:

- For web, user/pass login exchanged for plain session cookies. Should be marked httpOnly/Secure, and bonus points for SameSite and __Host prefix [1]

- For web, deploy a preloaded Strict-Transport-Security header [2]

- For api clients, use a bearer token. Enforce TLS (either don't listen on port 80, or if someone makes a request over port 80 revoke that token).

- If ...
authentication  api  security  cors  web-development  https 
22 days ago
Famed impulse control 'marshmallow test' fails in new research | Education | The Guardian
Now, though, there is relief for the parents of the many children who would gobble down a marshmallow before the lab door was closed, after academics from New York University and the University of California-Irvine tried and largely failed to replicate the earlier research, in a paper published earlier this week.

The new research by Tyler Watts, Greg Duncan and Hoanan Quen, published in Psychological Science, found that there were still benefits for the children who were able to hold out for a ...
marshmallow  test  impulse  gratification 
24 days ago
Nassim Nicholas Taleb på Twitter: "3- Look at the hordes with "high IQ" (from measurement) who are failures in real world rather than the ~50% correlation between IQ and success in 1) salaried employment, 2) jobs that select for edjukashion. Yuuge surviv
2- It takes a certain type of person to waste intelligent concentration on classroom/academic problems. These are lifeless bureaucrats who can muster sterile motivation. Some people can only focus on problems that are REAL, not fictional textbook ones.

3- Look at the hordes with "high IQ" (from measurement) who are failures in real world rather than the ~50% correlation between IQ and success in 1) salaried employment, 2) jobs that select for edjukashion. Yuuge survivorship bias. 37 out of 38 P...
intelligence  iq  nassim-taleb 
24 days ago
Nassim Nicholas Taleb på Twitter: ""IQ" THREAD "IQ" measures an inferior form of intelligence, stripped of 2nd order effects, meant to select paper shufflers, obedient IYIs. 1- When someone asks you a question in REAL LIFE, you focus first on "WHY is he
"IQ" THREAD "IQ" measures an inferior form of intelligence, stripped of 2nd order effects, meant to select paper shufflers, obedient IYIs. 1- When someone asks you a question in REAL LIFE, you focus first on "WHY is he asking me that?", which slows down. (Fat Tony vs Dr John)
iq  intelligence 
24 days ago
Scanning books at 250 pages a minute (2008) | Hacker News

I am not the domain expert on this project, but here at the Internet Archive we ended up developing our own system (not dissimilar from this one, albeit with significantly less automation) at a fairly low cost. Some links for details:


https://archive.org/details/tabletopscribesystem (links to additional detail pages there)

https://motherboard.vice.com/en_us/article/jp5kjy/saving-hum... (a few years old)

We've found that high-cost implementations are ...
scanning  scan  hn 
25 days ago
​GitOps - Operations by Pull Request
What exactly is GitOps? By using Git as our source of truth, we can operate almost everything. For example, version control, history, peer review, and rollback happen through Git without needing to poke around with tools like kubectl.

Our provisioning of AWS resources and deployment of k8s is declarative
Our entire system state is under version control and described in a single Git repository
Operational changes are made by pull request (plus build & release pipelin...
gitops  git  kubernetes  deployment  devops 
29 days ago
Evaluating High Availability Solutions for TimescaleDB + PostgreSQL
How we evaluated several third-party tools and ultimately selected Patroni as our preferred method.

While there are many third party solutions available, ultimately we went with Patroni because it combined robust and reliable failover with a simple architecture and easy-to-use interface.
postgres  postgresql  high-availability  architecture 
4 weeks ago
Polymail — Email Collaboration for Teams
Polymail is a new kind of email platform that helps teams collaborate, be more productive, and work better, together.
email  productivity 
5 weeks ago
Berkson's paradox - Wikipedia
For example, if the risk factor is diabetes and the disease is cholecystitis, a hospital patient without diabetes is more likely to have cholecystitis than a member of the general population, since the patient must have had some non-diabetes (possibly cholecystitis-causing) reason to enter the hospital in the first place. That result will be obtained regardless of whether there is any association between diabetes and cholecystitis in the general population.

An example presented by Jordan Ellenb...
statistics  math  mathematics  paradox  probability 
5 weeks ago
Peter Norvig: Being good at programming competitions correlates negatively with being good on the job at Google. : programming
- Norvig: Maybe... Competitive programmers are used to doing things fast and move on to the next thing. You perform better on the job if you're a little bit more reflective and go slowly and make sure you get things right.

- Commenter: Wild guess: those who trained in programming competitions overperform during Google interviews. As a result, the bar for them is lower than for the general software engineer population. For example, someone who should be just below the bar, but trained for years ...
competition  competitive-programming  programming  hiring  career  google  idiots 
5 weeks ago
04_Linear_Regression - Colaboratory
- Apply backpropagation to update the weights 𝑊 using a learning rate 𝛼 and an optimization technique (ie. stochastic gradient descent). The simplified intuition is that the gradient tells you the direction for how to increase something so subtracting it will help you go the other way since we want to decrease loss 𝐽(𝜃).


- Linear regression offers the great advantage of being highly interpretable. Each feature has a coefficient which signifies it's importance/impact on the output variable y. We can interpret our coefficient as follows: By increasing X by 1 unit, we increase y by 𝑊 (~3.65) units.
linear-regression  regression  ml 
5 weeks ago
Bootstrap 3.4.0 released | Hacker News
- Use something to remove unused css in your build process. i use purgeCss for that.. https://github.com/FullHuman/purgecss so simple and yet so powerful!

- We have switched to https://bulma.io/ recently. Combined with Vue.js we can finally get rid of Jquery.

- The biggest gotcha for Semantic UI is that it requires FlexBox support which is extremely buggy (or non-existent) in IE 10 and 11. Edge is OK (mostly), but there are a lot of users still on IE 10/11.


- Bulma is a ...
bootstrap  css-framework  css  web-development 
5 weeks ago
smallstep - Everything you should know about certificates and PKI but are too afraid to ask
- A certificate can be interpreted as the statement: “Some Issuer says Bob’s public key is 01:23:42…“

- Remember: certificates and PKI bind names to public keys.

- You’ll need to decide what type of key you want to use. That’s another post entirely, but here’s some quick guidance (as of December 2018). There’s a slow but ongoing transition from RSA to elliptic curve keys (ECDSA or EdDSA). If you decide to use RSA keys make them at least 2048 bits, and don’t bother with anything bigger than 409...
signing  der  pem  tls  pki  certificates  security  certs  crypto  openssl  best  details  certificate 
5 weeks ago
After landing a lucrative job at a tech startup, I had made a terrible mistake | Hacker News
"Competitive" company cultures are an enormous red flag for me, almost always a mechanism to help executives drain employees to a lifeless husk without having to actually pay for the privilege.

In my experience, companies have three ways to motivate employees.

One is to compensate them at a level commensurate with what is expected of them (too few companies do this, even in tech).

One is to make them feel like they have a genuine stake in the performance of the company, either because they ...
competition  management  agile  career  startup  work-culture 
5 weeks ago
Practical AI - Empowering you to use machine learning to get valuable insights from data. 🔥 Implement basic ML algorithms and deep neural networks with PyTorch. 🖥️ Run everything on the browser without any set up using Google Colab. 📦 Learn obj
Empowering you to use machine learning to get valuable insights from data.

🔥 Implement basic ML algorithms and deep neural networks with PyTorch.
🖥️ Run everything on the browser without any set up using Google Colab.
📦 Learn object-oriented ML to code for products, not just tutorials.
ai  ml  machine-learning  github  jupyter 
5 weeks ago
Colaboratory is a free Jupyter notebook environment that requires no setup and runs entirely in the cloud. See our FAQ for more info.
Colaboratory is a free Jupyter notebook environment that requires no setup and runs entirely in the cloud. See our FAQ for more info.
jupyter  python  ai  ml 
5 weeks ago
AdventOfCode Day 4 - High-Entropy Passphrases | Accelerated Science
Part 1: mathematical approach

1. Looking at the bottom right of the grid above we see that the maximum square root in each ring is actually giving us the number of elements in the row and column of its ring. This is easy to convert into the number of the ring, because as we have already seen we add two at each step, starting from one, so to get from the number of elements to the number of the ring we need to just subtract one and divide by two:

2. First though, to be able to do it for any numb...
advent-of-code  2017  algorithms 
5 weeks ago
Dokku - The smallest PaaS implementation you've ever seen
The smallest PaaS implementation you've ever seen

Dokku helps you build and manage the lifecycle of applications
paas  deployment  docker  hosting 
5 weeks ago
Flutter — The sky’s the limit – TAB Edit
It is highly portable which means it can run on virtually anything which has an OpenGL, Metal or Vulcan rendering capability. Mobile phones are the obvious target but desktops and Raspberry Pi as well.

It has extremely flexible UI allowing the user to create experiences easily which before were usually reserved for the most expensive and time-consuming projects.

It is straightforward to learn. It makes your resourcing problems disappear. Flutter also makes projects run smoothly and leaves enou...
6 weeks ago
Facebook accused of striking 'secret deals over user data' | Hacker News
Google's guidance for this stuff was always in the form of "don't leave a trail", not "don't do it in the first place".

Sketchy stuff comes up on a list? "Let's take it offline", not "no, stop this now".

That kind of thing. It was systemic.
google-evil  google  facebook-evil 
6 weeks ago
How to Live Without Google – DuckDuckGo – Medium
Gmail, Calendar & Contacts -> FastMail (paid)
We host duckduckgo.com addresses on FastMail, an independent, paid service that also includes calendar and contacts support across all devices. There are also several ways to get encrypted email between trusted parties by integrating PGP encryption tools. Even more private email alternatives are ProtonMail and Tutanota, both of which offer end-to-end encryption by default.

YouTube -> Vimeo (free with paid options)
For videos that are only on YouTube...
google  google-evil  alternatives  recherche  privacy 
6 weeks ago
The On-Line Encyclopedia of Integer Sequences® (OEIS®)
The On-Line Encyclopedia of Integer Sequences® (OEIS®)

Most people use the OEIS to get information about a particular number sequence. If you are a new visitor, then you might ask the database if it can recognize your favorite sequence, if you have one. To do this, go to the main look-up page, enter the sequence, and click Search. You could also look for your sequence in the Index.
integers  math  mathematics  sequences  reference  cs  list  advent-of-code  algorithms 
6 weeks ago
Ask HN: What should an ideal developer interview process look like? | Hacker News
My most enjoyable interview was for an internship in college. I had a take home coding challenge where I had to write some simple code to fetch information from an API using whatever language I liked. I was given a week to do it, but it only took me an hour or so to meet all of their explicit requirements. I liked that there was no time pressure in that regard.

After the week was up I went into the onsite and in the "technical" portion of my interview two engineers went over the code I had wri...
interview  developer  hiring  career  process  hn 
6 weeks ago

Contribute your solutions to Advent of Code 2018 and be inspired by others.
7 weeks ago
Google Shut Out Privacy and Security Teams from Secret China Project | Hacker News
“However, the Dragonfly teams were instructed that they were not permitted to discuss the issue directly with Brin or other members of Google’s senior leadership team, including Pichai, co-founder Larry Page, and legal chief Kent Walker.”

My personal conclusions:

- Google can't be trusted on anything to do with building responsible AI (they violated ACM Code of Ethics and their own AI at Google Principles).

- Google has no authority to talk about ethical use of technology and human resource...
google-evil  google  evil  idiots 
7 weeks ago
> I also heard one investor mention how Tumblr struggled with technical debt rel... | Hacker News
> I also heard one investor mention how Tumblr struggled with technical debt related to their feed

Not sure I'd agree with that, but I suppose it depends on the context and timing of the statement.

Tumblr's solution for reverse-chrono activity feed is, at its core, <1000 lines of PHP and a few extremely heavily optimized sharded MySQL tables. It is creaky and old, but its relatively small code footprint means it isn't terrible on the tech debt scale.

Tumblr's feed is computed entirely at rea...
twitter  tumblr  architecture  details  best  newsfeed  news  infinite-scrolling  denormalization  mysql  innodb  activity-feed  feed-aggregator 
7 weeks ago
Docker is the dangerous gamble which we will regret | Smash Company
The guiding rule should be “What is the simplest way to do what we need to do?” If the older technology gets the job done, and is the simpler approach, then it should be preferred. But if there is a new technology that allows us to simplify our systems, then we should use the new technology.

chmike wrote:

Containers are not only a solution for dependencies. It’s also protection boundary.

neilwilson replied:

It’s just a process with a fancy chroot. Don’t believe all the docker hype. ...
kubernetes  docker  chroot  bash  nomad  consul  hashicorp  architecture  devops  best  details  containers  sysadmin 
7 weeks ago
I’m harvesting credit card numbers and passwords from your site. Here’s how.
The malicious code itself is very simple, it does its best work when it runs on a page that meets the following criteria:

The page has a <form>
an element matches input[type="password"] or name="cardnumber" or name="cvc" etc.
The page contains words like “credit card”, “checkout”, “login”, “password” etc.

Then, when there’s a blur event on a password/credit card field, or a form submit event is heard, my code:

Takes data from all form fields (document.forms.forEach(…)) on the ...
security  hacking  hacker  npm  best 
7 weeks ago
« earlier      
2009 2010 2011 6-star 7-star 8-star 9-star aapl advertising advice ai aig algorithm algorithms analytics api apple architecture bac banks bdd best best-practices book brk bruce-berkowitz bubble business career china chk cocoa color commodities comparison contrarian contrarian-investing conversion corruption csco css data database dell deployment design details development documentary domaining e-commerce economics economy email entrepreneur entrepreneurship european-banks european-investing example facebook ffh filetype:pdf finance finland fonts food framework francis-chou free funny germany git github go golang gold google gotcha government guru-investor hacking health history hn hosting housing housing-bubble howto hpq html html5 http idiots inflation inspiration interview investing ios-development iphone iphone-development japan java javascript jquery kids language learning life linux luk mac mac-development machine-learning management maps market-timing marketing math media media:document mobile-development money movie movies msft mysql news nginx nlp node.js objective-c oil open-source optimization ostk osx performance philosophy photoshop plugin pmts politics postgres prediction presentation productivity programming psychology python rails recipe reference ruby running saas sales scaling sd search security seo seth-klarman shld shopping sinatra ski-technique social-media software startup startups statistics strategy sweden sysadmin testing tips todo tool tools toread tosite1 totry toview travel tutorial twitter typography ui usability ux valuation value-investing value_investing valueline video viewed warren-buffett web-design web-development webdesign work writing

Copy this bookmark: