Digests » 471

sponsor

SSRF Attack Examples and Mitigations

Server-Side Request Forgery along with XSS and CSRF are some of the most serious web security vulnerabilities due to pervasiveness and impact. Strengthen your cybersecurity IQ with these attack and mitigation examples.

this week's favorite

Changing Tires at 100mph: A Guide to Zero Downtime Migrations

As a backend developer at a mobile app company, a common task was migrating a database schema. This could be to improve query performance, change column names/types, or adapt data to new use cases. While this may seem like a straightforward set of SQL commands, it becomes a complex choreographed dance to be achieved with zero downtime.

The worst bug I've ever worked on – randomly losing our best players

Imagine discovering a serious bug in production immediately after releasing your game. Imagine this bug hurts only your paying customers. Imagine it freezes the game immediately after players complete an in-app purchase. Imagine that when the player restarts, the game freezes during start-up. Imagine the player can never get unstuck and has to uninstall the game. Imagine your app is currently featured on the Apple Store. This is a story of such a bug, the worst bug I have ever dealt with in 30 years of programming. This is a story of how we tracked it down and worked with Unity to fix it.

Modern Microprocessors - A 90-Minute Guide!

Okay, so you're a CS graduate and you did a hardware course as part of your degree, but perhaps that was a few years ago now and you haven't really kept up with the details of processor designs since then.

The niche programmer

For the vast majority of my programming career, I've been a mainstream developer. By mainstream, I mean writing in a language and using the tools that most of the category of software development I have been in (mostly web development) has used, such as PHP, JavaScript, and the most popular tools of those ecosystems.

The Code Review Pyramid

When it comes to code reviews, it’s a common phenomenon that there is much focus and long-winded discussions around mundane aspects like code formatting and style, whereas important aspects (does the code change do what it is supposed to do, is it performant, is it backwards-compatible for existing clients, and many others) tend to get less attention.