Programmer Weekly

Welcome to issue 85 of Programmer Weekly. Let's get straight to the links this week.

Quote of the Week

"Compatibility means deliberately repeating other people's mistakes." - David Wheeler

News

Log4j RCE 0-day actively exploited

The widely-used java logging library, Log4j, has an unauthenticated RCE vulnerability if a user-controlled string is logged. This could allow the attacker full control of the affected server. Reports from online users show that this is being actively exploited in the wild and that proof-of-concept code has been published.

GitHub Improves Code Search

Find more, search less. With GitHub code search, your code—and the world’s—is at your fingertips.

OpenAI begins allowing customers to fine-tune GPT-3

OpenAI has launched a new capability that allows users of the OpenAI API to fine-tune GPT-3 models for specific use cases.

Reading List

Using GitHub’s security features to help identify Log4j exposure in your codebase

Use GitHub’s security features to assess Apache Log4j exposure and, where possible, mitigate this vulnerability within your GitHub repos.

Great engineering teams focus on milestones instead of projects

Managing projects is hard. Companies contort themselves to do it well. Instead of playing chess, switch to checkers. Milestones are an easier game, and you get better results.

Writing a simple 16 bit VM in less than 125 lines of C

By the end of the article, we will have a working register-based VM capable of interpreting and running a limited set of ASM instructions + some bonus programs to test if everything works well.

How a bug in Android and Microsoft Teams could have caused this user’s 911 call to fail

So what actually happened in this case and what exactly are Google and Microsoft doing to mitigate this problem? 

Reverse Engineering Crypto Functions: AES

The Advanced Encryption Standard (AES) algorithm is a successor to the Data Encryption Standard (DES). With the advancement of technology, the key length and small block size of DES made it less secure. This post explains how the AES algorithm works and how you can identify it when reverse engineering an application.

Defensive CSS

Oftentimes, we wish that there was a way to avoid a certain CSS issue or behaviors from happening. You know, content is dynamic, and things can change on a web page, thus increasing the possibility of a CSS issue or weird behavior. Defensive CSS is a collection of snippets that can help you in writing CSS that is protected. 

Vanilla Vim is fun

Here's how I dropped from 35 Vim plugins to just six.

Hiring (and Retaining) a Diverse Engineering Team

Stories from six engineering leaders who succeeded in building and growing diverse teams.

Howie: The Post-Incident Guide

This guide will provide you with an explanation of how to get the most out of your incidents. This process has been developed by a number of leading experts in the field and shows the steps to conduct an in-depth investigation.

A Simple Kubernetes Admission Webhook

We’ll look at how to write a Kubernetes admission webhook in Go with minimal dependencies. This illustrates how admission webhooks work and offers a lightweight solution to real problems.

Watch and Listen

How To Do Canary Deployments In Kubernetes Using Flagger And Linkerd?

What are canary deployments? How can we combine Weaveworks Flagger and Linkerd service mesh to deploy canary releases in Kubernetes? 

Web App Vulnerabilities - DevSecOps Course for Beginners

In this DevSecOps course, you will learn how to take advantage of common web vulnerabilities, how to fix those vulnerabilities, and how to use DevSecOps tools to make sure your applications (and containers) are secure. You will also learn all about DevSecOps.

API Lifecycles, Specifications, and Standards

A talk about managing your API lifecycle using standards and specifications, including OpenAPI, AsyncAPI, and JSON Schema. These specifications and the tooling based on them can help reduce communication problems, by creating documentation, generating code, and automating testing.

Robot as Vehicle

Self-driving cars are seemingly just around the corner. These robots aren’t quite ready for the streets. For every hyped-up self-driving showcase, there’s a news story about its failure. But the good news is that we get closer every year. Learn about the history of autonomous vehicles, the current self-driving landscape, and under the hood of these robots’ computers to better understand how they make decisions.

Interesting Projects, Tools, and Libraries

Tabby

A terminal for a more modern age.

Mess with DNS

It's fun to learn by experimenting and breaking things! Here you can do weird DNS experiments with no consequences if you mess something up. 

NGS

Next Generation Shell is a powerful programming language and a shell designed specifically for Ops. 

soft-serve

A tasty, self-hostable Git server for the command line.

Percival

Web-based, reactive Datalog notebooks for data analysis and visualization.

slashbase

The open-source collaborative IDE for your databases in your browser.

ant-design

An enterprise-class UI design language and React UI library.

Kr8s

Docker/Kubernetes Visualization Tool.

logo-ls

Modern ls command with vscode like File Icon and Git Integrations. 

memory-stack

Memory stack is a developer-oriented journaling social platform.

GitHub Wrapped,

See your developer stats.

Our Other Newsletters

Python Weekly

- A free weekly newsletter featuring the best hand curated news, articles, tools and libraries, new releases, jobs etc related to Python.

Founder Weekly

- A free weekly newsletter for entrepreneurs featuring best curated content, must read articles, how to guides, tips and tricks, resources, events and more.