Programmer Weekly (Issue 90 January 27 2022)

Programmer Weekly - Issue 90

January 27, 2022

Programmer Weekly

Welcome to issue 90 of Programmer Weekly. Let's get straight to the links this week.

Quote of the Week

 

"Law 1: Every program can be optimized to be smaller. Law 2: There's always one more bug. Corollary: Every program can be reduced to a one-line bug." - Anonymous

News

Met has built data2vec, the first general high-performance self-supervised algorithm for speech, vision, and text. When applied to different modalities, it matches or outperforms the best self-supervised algorithms.

Awards of up to EUR 5000 are available for finding security vulnerabilities in LibreOffice, LEOS, Mastodon, Odoo, and CryptPad, open source solutions used by public services across the European Union. There is a 20% bonus for providing a code fix for the bugs they discover.

The Qualys Research Team has discovered a memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration.

Reading List

Starting October 28th and fully resolving on October 31st, Roblox experienced a 73-hour outage. We’re sharing these technical details to give our community an understanding of the root cause of the problem, how we addressed it, and what we are doing to prevent similar issues from happening in the future.

Gaining unauthorized camera access via Safari UXSS: the story of how a shared iCloud document can hack every website you've ever visited.

Amazon DynamoDB was introduced 10 years ago today; one of its key contributors reflects on its origins and discusses the 'never-ending journey' to make DynamoDB more secure, more available, and more performant.

Writing is an increasingly important skill for engineering leaders. Indeed, poor writing can hamper career progression, above a certain level. Tactics for more clear, more frequent and more confident.

Look at some of the most interesting features and changes introduced since last time.

Augmented and virtual worlds are expanding, and someday soon, people will do many of the things they currently do in real life inside of them. It’s easy to imagine all the exciting possibilities for entertainment, commerce, industrial applications, gaming, self-driving cars, just to name a few. Our mobile devices can certainly act as a personal plug-in to these augmented worlds, so let’s dive into Apple’s iOS AR frameworks and find out some of the awesome options that engineers have at their fingertips.

If you can’t decide if testing in production is a foolish or a genius idea, this tutorial will definitely help.

Lockfiles often protect you from malicious new versions of dependencies. When something bad happens, they empower you to know exactly which systems were affected and when, which is critical during incident response. This posts discusses "why lockfiles" and the details of setting them up properly across ~9 different package managers.

Watch and Listen

When Dan Reich and his friend lost the code to their Trezor hardware wallet, they thought their coins were gone forever — but when the value reached into the millions, they decided to try hacking the device.

A discussion on Open Source Model Business Models, Cloud Migrations and the prospect of cloud providers becoming “dumb pipes.”

In this presentation, Eric Smith makes the case for Rust as the first real improvement to a game developer’s toolkit. He walks through some basic tools, including rendering, structuring code, and engines. And ultimately, he demonstrates Rust’s effectiveness with a new game of his own.

Learn how to build React apps using TypeScript. First, learn the basics of TypeScript. Then, learn how to integrate TypeScript in a React app by building an awesome project. You will learn how to use TypeScript with React Hooks such as useState, useRef, and useReducers. You will also learn how to pass props from one component to another by defining prop types of the component. And you will learn much more!

Interesting Projects, Tools and Libraries

Tools to make the command line glamorous

All the Fake Data for All Your Real Needs.

Dead-simple framework for shareable web components.

Get your own file-hosting service in minutes.

Generation of diagram and flowchart from text in a similar manner as markdown.

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios in the means of Exercises.

PRQL is a modern language for transforming data — a simpler and more powerful SQL.

Utilities for packing/unpacking fields in a bitstream.

CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser.

Our Other Newsletters

- A free weekly newsletter featuring the best hand curated news, articles, tools and libraries, new releases, jobs etc related to Python.

- A free weekly newsletter for entrepreneurs featuring best curated content, must read articles, how to guides, tips and tricks, resources, events and more.