There are multiple vulnerabilities in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted images. The exploit for this vulnerability is being used in the wild.
North encourages an agile, content-first, approach to product development and a mobile-first, in-browser, system based approach to design and development.
In the modern era, software is commonly delivered as a service: called web apps, or software-as-a-service. The twelve-factor app is a methodology for building software-as-a-service apps that:
- Use declarative formats for setup automation, to minimize time and cost for new developers joining the project;
- Have a clean contract with the underlying operating system, offering maximum portability between execution environments;
- Are suitable for deployment on modern cloud platforms, obviating the need for servers and systems administration;
- Minimize divergence between development and production, enabling continuous deployment for maximum agility;
- And can scale up without significant changes to tooling, architecture, or development practices.
The twelve-factor methodology can be applied to apps written in any programming language, and which use any combination of backing services (database, queue, memory cache, etc).
Learn how security is designed into Google's technical infrastructure. Google uses this infrastructure to build its internet services, including both consumer and enterprise services.
Web/app projects these days often have many distributed parts. It's not uncommon for groups to use the right tool for the job. The right tools are often something like the choice below.
Redis for queuing, and caching.
Elastic Search for searching, and log stash.
Influxdb or RRD for timeseries.
S3 for an object store.
PostgreSQL for relational data with constraints, and validation via schemas.
Celery for job queues.
Kafka for a buffer of queues or stream processing.
Exception logging with PostgreSQL (perhaps using Sentry)
KDB for low latency analytics on your column oriented data.
Mongo/ZODB for storing documents JSON (or mangodb for /dev/null replacement)
SQLite for embedded.
Neo4j for graph databases.
RethinkDB for your realtime data, when data changes, other parts 'react'.
...
For all the different nodes this could easily cost thousands a month, require lots of ops knowledge and support, and use up lots of electricity. To set all this up from scratch could cost one to four weeks of developer time depending on if they know the various stacks already. Perhaps you'd have ten nodes to support.
Could you gain an ops advantage by using only PostgreSQL?
SymbolHound is a search engine that doesn't ignore special characters. This means you can easily search for symbols like &, %, and π. We hope SymbolHound will help programmers find information about their chosen languages and frameworks more easily.
Example searches: === javascript scala => lisp #' ruby $$
Dozens of facts about the SSH protocol and why we should use it for more things. A few weeks ago, I wrote ssh-chat. The idea is simple: You open your terminal and type, $ ssh chat.shazow.net Unlike many others, you might stop yourself before typing "ls" and notice - that's no shell, it's a chat room!
quality happens only if somebody has the responsibility for it, and that "somebody" can be no more than one single person.
anyone who has ever wondered whether using m4 macros to configure autoconf to write a shell script to look for 26 Fortran compilers in order to build a Web browser was a bit of a detour, Brooks offers well-reasoned hope that there can be a better way.
Unicode has always been a bit misunderstood even by professionals. This is why several years ago we pulled these slides together to clear things up. The presentation is a bit old but still relevant. You may still learn a few things about Unicode that you did not know.
World Wide Web Consortium (W3C) zahájilo nový projekt, v jehož rámci se bude pracovat na standardizaci alternativních metod autentizace - tedy jiných, než téměř všude používaných hesel. Na projektu bude spolupracovat FIDO Alliance, která se o něco podobného snaží už skoro tři roky a která má víc než dvě stě členů. Nechybí mezi nimi velké technologické nebo finanční společnosti. Asociace už připravila návrh API FIDO 2.0, který se v rámci W3C bude podrobněji zkoumat a připomínkovat. Mezi nejatraktivnější alternativní metody v současnosti patří hlavně autentizace pomocí otisků prstů.