Divers
La newsletter du dév de Septembre 2024
septembre 2, 2024
-
When Regex Goes Wrong (4 minute read) In 2016, Stack Overflow suffered a 34-minute outage due to a regex that caused catastrophic backtracking when processing a malformed input string. In 2019, Cloudflare experienced a global outage due to a regex that led to CPU exhaustion. More recently, CrowdStrike faced a kernel issue caused by a regex mismatch. |
Bypassing airport security via SQL injection (6 minute read) The authors of this article discovered a critical vulnerability in FlyCASS, a system used by smaller airlines to participate in the TSA’s Known Crewmember (KCM) and Cockpit Access Security System (CASS) programs. They exploited a SQL injection flaw to gain administrative access to FlyCASS, allowing them to add unauthorized individuals to the KCM and CASS programs, bypass security screening, and gain access to cockpits. |
The secret inside One Million Checkboxes (12 minute read) One Million Checkboxes was a website where users could check or uncheck boxes, with their actions affecting everyone. When the site became popular, a group of teenagers discovered a way to leave secret messages in the website’s data by manipulating the checkboxes to form binary codes that spelled out URLs and even a QR code. |
JS Dates Are About to Be Fixed (10 minute read) The Temporal API in JavaScript offers a new approach to handling time with the Temporal.ZonedDateTime object, which accurately represents dates and times with their corresponding time zones. This addresses the limitations of JavaScript’s Date object, which doesn’t capture the nuances of human-readable dates and the impact of time zones and daylight savings time. The new API introduces a standardized format for representing zoned dates and times, allowing developers to work with different calendars and time zones easily. |
Postgres as a search engine (15 minute read) PostgreSQL can be used as a search engine. Combining full-text search, semantic search with pgvector and fuzzy matching with pg_trgm makes PostgreSQL a good-enough search engine for a majority of use cases. This article goes into more advanced techniques to personalized search experiences, adjust for document length, debug rankings, and more. |
Common Sense Refactoring of a Messy React Component (23 minute read)
This is a practical guide to refactoring a messy React component through gradual improvements. First, one should make sure that tests are written so that no functional changes occur during refactoring. Then, linting rules should be used to prevent future code duplication and dead code. The guide highlights several key areas for refactoring, including splitting components based on responsibilities and extracting utility functions to improve code organization and maintainability.