Utku Sen utkusen.com

Security by obscurity is underrated

Utku Sen:

In the information security field, we have developed lots of thoughts that can’t be discussed (or rarely discussed):

  • Never roll your own crypto
  • Always use TLS
  • Security by obscurity is bad

I certainly learned these in my Infosec classes in college. Back then I didn’t really question it much, because what did I know? But I definitely remember thinking, “Okay security by obscurity is bad, but maybe why not do it anyway? Defense in depth, right?” Back to Utku:

Most of them are very generally correct. However, I started to think that people are telling those because everyone is telling them. And, most of the people are actually not thinking about exceptional cases. In this post, I will raise my objection against the idea of “Security by obscurity is bad”.

GitHub github.blog

The GitHub CLI goes 1.0

If you haven’t given the new gh a look since they announced the beta earlier this year, a lot has changed:

Since we released the beta, users have created over 250,000 pull requests, performed over 350,000 merges, and created over 20,000 issues with GitHub CLI.

It’s available for all major operating systems and if your development workflow goes through GitHub you will undoubtedly save some time and typing by adopting it.

Heroku Icon Heroku – Sponsored

🎧 Processing large datasets with Python

logged by @logbot permalink

Python is familiar to most developers as a high-level scripting language that’s popular in scientific communities. But some of its main benefits include the data processing ecosystem that’s been built around it. In particular, the machine learning communities, coupled with its lightweight asynchronous frameworks, have brought a new interest in how Python works with massive datasets.

J.T. Wolohan, the author of “Mastering Large Datasets with Python,” joined Greg Nokes, Master Technical Architect at Heroku, to talk about the application of Python and massive datasets.

Bonus — they share a 40% discount code for J.T.’s book!

Kottke Icon Kottke

Reprogramming a game by playing it (an unbelievable Super Mario 3 speedrun)

Here’s a fun rabbit hole to go down if you have some free time to spend.

After a fellow named Zikubi beat the speedrun record for Super Mario Bros 3 by about 8 minutes with a time of just over three minutes, speedrun analyst Bismuth made the video above to explain how he did it…by changing the game with the gameplay itself.

The first couple minutes go exactly as you’d expect, but the speedrun takes a weird turn when, instead of using the second warp whistle to go to level 8, he uses it to go to level 7. And once in level 7, Mario races around randomly, letting opportunity slip away like a blindfolded birthday boy unwittingly steering himself away from the piñata. It’s only later, during the explanation of how he got from level 7 to the final screen so quickly, that you realize Mario’s panicky idiot behavior is actually the player actively reprogramming the game to open up a wormhole to the ending.

Mat Ryer pace.dev

Passive user preferences with persisted stores in Svelte

Mat Ryer makes the case for passive user preferences, which is where you store their last used setting for them without asking and then set it as the default the next time they interact with that part of your app. He then goes on to describe how they accomplish this with Svelte. Good stuff!

If you want to hear more about how they’re using Svelte and Go to build Pace, we did a pair of podcasts on the topic earlier this year.

Ars Technica Icon Ars Technica

What can we expect from 5G?

An in-progress series by the Ars Technica team looking at all the implications, limitations, and current realities of the much-hyped next generation in cellular networking. There are 3 articles thus far:

  1. 5G in rural areas bridges a gap that 4G doesn’t, especially low- and mid-band
  2. Taking 5G to work, in offices, and on the factory floor—will it help?
  3. What the advent of 5G—mmWave and otherwise—will mean for online gaming

Security github.com

Endlessh – an SSH tarpit that slowly sends an endless banner

The idea here is you put your real SSH server on a different port and let Endlessh lock up the script kiddies for hours and even days.

Since the tarpit is in the banner before any cryptographic exchange occurs, this program doesn’t depend on any cryptographic libraries. It’s a simple, single-threaded, standalone C program. It uses poll() to trap multiple clients at a time.

I’m not sure if this is actually a good idea or just fun to put into practice like those people who dedicate their precious free time scambaiting.

Linode Icon Linode – Sponsored

Linode Kubernetes Engine is here!

logged by @logbot permalink

Linode Kubernetes Engine (LKE) is a fully-managed container orchestration engine for deploying and managing containerized applications and workloads. LKE combines Linode’s ease of use and simple pricing with the infrastructure efficiency of Kubernetes. You can now get your infrastructure and workloads up and running in minutes instead of days.

If you’ve been following along with the Changelog infrastructure, you’ll be pleased to know we’re rolling out LKE as we speak. We love what we’ve seen so far! Oh and be sure to use the code changelog2019 or changelog2020 (whichever works) to get our special pricing.

Brain Science Brain Science #29

Clarity and expectation

When you lack clarity or have uncertainty for a direction or goal, it’s going to be difficult to succeed in your actions. Today Mireille and Adam discuss the topic of clear communication and expectation, two of the most important ingredients of success. How do we create better clarity? Like so many things — clarity begins with awareness, and awareness of yourself. You have to know what you want and what you value in life. We must assume 100% responsibility for creating our own clarity in our lives. After all, “if you don’t have clarity, you are operating from assumption.”

Elixir dockyard.com

Creating a Sonos volume knob with Elixir and LiveView

Steven Fuchs loves his Sonos, but…

While it is the radio of the future, our most common usage is as the radio of the past. We tend to tune it to one station and leave it there. By far, our most common interactions with the system are changing the volume and pausing/playing the music, often creating scrambles to find a phone to turn down the volume in order to answer a different phone. What we needed was an analog interface to this digital system that was always at arms reach.

Hackers gonna hack. Steven reached for Elixir and scratched his own itch with this very cool little hardware project. Here’s a demo video of it in action.

Tooling github.com

youtube-dlc is the new youtube-dl

Open source software shows its resiliency once again:

youtube-dlc is a fork of youtube-dl with the intention of getting features tested by the community merged in the tool faster, since youtube-dl’s development seems to be slowing down.

If you’re unaware of youtube-dl, it’s like a Swiss Army Knife for downloading videos from the web. It’s a great tool and I’m happy to see the community rally around its maintenance.

Practical AI Practical AI #105

When AI goes wrong

So, you trained a great AI model and deployed it in your app? It’s smooth sailing from there right? Well, not in most people’s experience. Sometimes things goes wrong, and you need to know how to respond to a real life AI incident. In this episode, Andrew and Patrick from BNH.ai join us to discuss an AI incident response plan along with some general discussion of debugging models, discrimination, privacy, and security.

Elixir simplabs.com

Writing Rust NIFs for Elixir with Rustler

A Native Implemented Function is implemented in C (or Rust when using Rustler) and can be called from Elixir or Erlang just like any other function. It’s the simplest and fastest way to run native code from Erlang but it does come with a caveat: a crash in a NIF can bring down the whole BEAM. This makes Rust a safer option than C for implementing NIFs as its type system and ownership model guarantee memory and thread-safety.

Daniel Moch danielmoch.com

Regarding semantic versioning

Daniel Moch shared his thoughts on semantic versioning and how he treats external libraries that violate its inherent contract with developers.

So as not to bury the lede, I’ll get to my point: Semantic Versioning is a meta-API, and maintainers who are cavalier about violating it can’t be trusted to created stable contracts. I’ve lost patience for breaking changes making their way to my code bases without the maintainers incrementing the major version of their projects, especially in language ecosystems where Semantic Versioning is expected, and in such cases I’m going to begin exploring alternative options so I can ban such libraries from my projects—personal and professional—altogether.

If you work in a language ecosystem where Semantic Versioning is the de facto norm, where violating it can wreak havoc downstream, then please play nice and follow its dictates. Instead of viewing it as a straight jacket, try to see it as an algorithm to determine what your next release number should be. We should all like algorithms!

Yaron Wittenstein gryphon.dev

Train your own neural network

There is the classic saying that “Practice makes Perfect”. This is partly true because it’s also that “Practice also makes you Permanent”.

Now usually comes the part saying that we need to do Deliberate Practice consistently for many years. The thing is that there is a multitude of ways to practice deliberately. There is no one size fits all formula applicable to all domains. And of course - people are different.

I’d like this article to focus on a single deliberate practice side - I call it the “Train Your Own Neural Technique” technique.

Podcasts from Changelog

Weekly shows about software development, developer culture, open source, building startups, artificial intelligence, brain science, and the people involved.

0:00 / 0:00