Programmer Weekly (Issue 72 September 16 2021)

Programmer Weekly - Issue 72

September 16, 2021

Programmer Weekly

Welcome to issue 72 of Programmer Weekly. Let's get straight to the links this week.

Quote of the Week

 

"It's not a bug — it's an undocumented feature." - Anonymous

News

An international team of researchers has developed a firmware solution to the ransomware problem, detecting and stopping malicious activity on your SSD before its contents are lost to criminals.

GitHub Actions has new functionality that can vend OpenID Connect credentials to jobs running on the platform. This is very exciting for AWS account administrators as it means that CI/CD jobs no longer need any long-term secrets to be stored in GitHub.

A new version of the OMG Cable is a USB-C to Lightning Cable that hackers can use to steal your passwords or other data.

"Our experts did manage to repel a record attack of nearly 22 million requests per second (RPS). This is the biggest known attack in the history of the internet," Yandex said in a statement.

Version 14.0 of the Unicode Standard is now available, including the core specification, annexes, and data files. This version adds 838 characters, for a total of 144,697 characters. These additions include five new scripts, for a total of 159 scripts, as well as 37 new emoji characters.

Reading List

CloudKit, the data storage framework by Apple, has various access controls. These access controls could be misconfigured, even by Apple themselves, which affected Apple’s own apps using CloudKit. This post explains in detail three bugs found in iCrowd+, Apple News and Apple Shortcuts with different criticality uncovered by Frans Rosen while hacking Cloudkit. All bugs were reported to and fixed by the Apple Security Bounty program.

There’s been a lot of buzz around the “no code” movement and shifts like SaaS and APIs. But with developers spending less than a third of their time actually writing code, the developer experience now includes all the other stuff, maintenance, operations, testing, incidents, more. So how exactly are developers supposed to coordinate all these systems? By focusing on developer experience (and tools) that actually embraces the messy complexities of their tech stacks: rainforests, not planned gardens.

This step-by-step guide will allow you to create your first REST API and deploy it to the AWS cloud.

The part 1 of the two part series explains why you should use a custom Private Email Relay and how you can setup one using AWS.

This post is to give others evaluating GitHub Actions a brief experience report.

The services of a good leader is an important gap that development teams desperately need filled. However, very few managers know how to properly serve software development teams.

There are three new categories, four categories with naming and scoping changes, and some consolidation in the Top 10 for 2021.

Azurescape allowed malicious users to compromise the multitenant Kubernetes clusters hosting ACI, establishing full control over other users' containers. This post covers the research process, presents an analysis of the issue and suggests best practices for securing Kubernetes, with a focus on multitenancy, that could help prevent similar attacks.

Ship/Show/Ask is a branching strategy that combines the features of Pull Requests with the ability to keep shipping changes. Changes are categorized as either Ship (merge into mainline without review), Show (open a pull request for review, but merge into mainline immediately), or Ask (open a pull request for discussion before merging).

In our previous post, we discussed how we utilize FieldMask as a solution when designing our APIs so that consumers can request the data they need when fetched via gRPC. In this post we will continue to cover how Netflix Studio Engineering uses FieldMask for mutation operations such as update and remove.

An in-browser, freely explorable, 3D game across infinite universes procedurally generated. Go from universe to universe and discover the origin of everything. A four chapter story with an epic revelation at the end.

Watch and Listen

In this Linux course, you will learn the 20% you need to know to be efficient with Linux. This course will teach all the common Linux skills used in cyber-security and ethical hacking.

An interview with Donald Knuth, a computer scientist, Turing Award winner, father of algorithm analysis, author of The Art of Computer Programming, and creator of TeX. 

A chat with Paul Fremantle, VP of Product Engineering at Weaveworks, about managing Kubernetes entirely within Git. It’s GitOps! It’s a philosophy where you externalize your runtime configuration as a set of resources in a Git repository.

Interesting Projects, Tools and Libraries

Run Amazon EKS on your own infrastructure.

A cookbook with the best practices for working with kubernetes.

KDL is a document language with xml-like semantics that looks like you're invoking a bunch of CLI commands! It's meant to be used both as a serialization format and a configuration language, much like JSON, YAML, or XML.

A simple and modern Java and Kotlin web framework.

SQL Database Engine as a Library.

A mock JSON API in 10 seconds.

A Blazing Fast Multipage Portfolio Template for Developers.

Plugin driven WYSIWYG markdown editor framework. 

Our Other Newsletters

- A free weekly newsletter featuring the best hand curated news, articles, tools and libraries, new releases, jobs etc related to Python.

- A free weekly newsletter for entrepreneurs featuring best curated content, must read articles, how to guides, tips and tricks, resources, events and more.