Cross-reading #4


Abstract

Cross-reading is a series in which I present articles that I have read in the last few days and which might be interesting for you as well.

Hackers Are Exploiting a 5-Alarm Networking Equipment Bug (www.wired.com)

Given the relative simplicity of the F5 attack1 technique, any organization that owns one of those 8,000 BIG-IP devices and didn’t move quickly to patch it may already be compromised.

r2c blog — Hardcoded secrets, unverified tokens, and other common JWT mistakes (r2c.dev)

These are the most common mistakes developers make when using JWT2 in their Node.js projects. Stay secure and don’t forget to automate security scans in your codebase.

php.internals: Microsoft Support of PHP on Windows (news-web.php.net)

We are not, however, going to be supporting PHP for Windows in any capacity for version 8.0 and beyond.

Linus Torvalds: ‘I Do No Coding Any More’ (linux.slashdot.org)

I read a lot more email than I write, because what my job really is — in the end, my job is to say no. Somebody has to be able to say no to people. Because other developers know that if they do something bad, I will say no.

Beginner’s Guide To Abstraction (jesseduffield.com)

No matter where you stand, it’s important to know that there are no clear cut right answers with the majority of debates around abstractions. So long as you can consider the pros/cons of abstracting more, less, and differently, and you make your case clear in a PR review, you should be fine. Happy coding!

Things You Should Never Do, Part I (www.joelonsoftware.com)

We’re programmers. Programmers are, in their hearts, architects, and the first thing they want to do when they get to a site is to bulldoze the place flat and build something grand. We’re not excited by incremental renovation: tinkering, improving, planting flower beds.

A look at the Gemini protocol: a brutally simple alternative to the web - ToffelBlog (toffelblog.xyz)

I have really come to hate the World Wide Web. It is bloated at every level! Websites themselves are doubling in size at an alarming rate. The web standards are expanding at an alarming rate.

Help message for shell scripts — samizdat (samizdat.dev)

Have you ever thought how good it would be to have a help message for your shell script that you wrote a month ago and already forgot what it is supposed to do?

How Stack Overflow hires engineers - Stack Overflow Blog (stackoverflow.blog)

Since COVID we have moved from a 40% to a 100% remote company, but we’ve always been focused on delivering a great remote experience for candidates. We believe in hiring smart people and empowering them to get the job done. Regardless of where they are located.

Opinion | Can Covid Damage the Brain? (www.nytimes.com)

Among patients hospitalized for Covid-19 in Wuhan, China, more than a third experienced nervous system symptoms, including seizures and impaired consciousness. Earlier this month, French researchers reported that 84 percent of Covid patients who had been admitted to the I.C.U. experienced neurological problems, and that 33 percent continued to act confused and disoriented when they were discharged

Mission Control: A History of the Urban Dashboard (placesjournal.org)

Futuristic control rooms with endless screens of blinking data are proliferating in cities across the globe. Welcome to the age of Dashboard Governance.

NASA’s InSight Flexes Its Arm While Its ‘Mole’ Hits Pause News @NASAJPL (www.jpl.nasa.gov)

Now that the lander’s robotic arm has helped the mole get underground, it will resume science activities that have been on hold.

Simone’s Computer (simone.computer)

If you are a fan of websites, web apps and portfolios which resemble desktop graphical user interfaces here is a curated list

  1. The BIG-IP Traffic Management User Interface (TMUI) has a Remote Code Execution vulnerability (CVE-2020-5902) in undisclosed pages. F5 recommends upgrading to a fixed software version to fully mitigate this vulnerability. — twitter.com/F5Networks
  2. JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties. — jwt.io