Newslurp

<< Stories

When regex goes wrong 🀯, reduce cognitive load 🧠, Web Design Museum πŸ›

TLDR Web Dev <dan@tldrnewsletter.com>

August 30, 11:22 am

TLDR WebDev
In 2016, Stack Overflow suffered a 34-minute outage due to a regex that caused catastrophic backtracking when processing a malformed input string. 

TLDR

 TLDR Web Dev 2024-08-30

πŸ§‘β€πŸ’»

Articles & Tutorials

When Regex Goes Wrong (4 minute read)

In 2016, Stack Overflow suffered a 34-minute outage due to a regex that caused catastrophic backtracking when processing a malformed input string. In 2019, Cloudflare experienced a global outage due to a regex that led to CPU exhaustion. More recently, CrowdStrike faced a kernel issue caused by a regex mismatch.
Bypassing airport security via SQL injection (6 minute read)

The authors of this article discovered a critical vulnerability in FlyCASS, a system used by smaller airlines to participate in the TSA's Known Crewmember (KCM) and Cockpit Access Security System (CASS) programs. They exploited a SQL injection flaw to gain administrative access to FlyCASS, allowing them to add unauthorized individuals to the KCM and CASS programs, bypass security screening, and gain access to cockpits.
The secret inside One Million Checkboxes (12 minute read)

One Million Checkboxes was a website where users could check or uncheck boxes, with their actions affecting everyone. When the site became popular, a group of teenagers discovered a way to leave secret messages in the website's data by manipulating the checkboxes to form binary codes that spelled out URLs and even a QR code.
🧠

Opinions & Advice

Cognitive Load is what matters (15 minute read)

Cognitive load is the mental effort required to understand code. High cognitive load leads to confusion, which wastes time and money. Code can be written to minimize cognitive load, such as through using clear variable names, avoiding deep inheritance hierarchies, and favoring deep modules over shallow ones.
Is it better to be a Jack-of-All-Trades or a Master-of-One? (Reddit Thread)

A Redditor asks if it's better to be a generalist or a specialist. The consensus is that it's best to be a β€œT-shaped” engineer, where you have general knowledge of a variety of subjects, but are specialized in a certain area. In general, developers should try to be as knowledgeable as possible while also trying to be the β€œexpert” in certain areas on their team.
πŸš€

Launches & Tools

Material UI v6 is out now (9 minute read)

Material UI v6 is out now. Some of the new features include CSS theme variables, color schemes, and container queries. CSS theme variables allow you to access variables from the theme.vars object with the same structure as the theme.
Onlook (GitHub Repo)

Onlook enables developers to build their React + TailwindCSS apps visually in the browser. It's an open-source, local-first visual editor that lets you make live edits directly in the browser DOM.
🎁

Miscellaneous

OpenAI is shockingly good at unminifying code (11 minute read)

ChatGPT successfully deobfuscated a complex React application that generates ASCII art based on character sets, time, and window size. At first, the developer believed ChatGPT's implementation was inaccurate but later discovered it was due to a copy-paste error in the input code, leading to incorrect character encoding. After correcting the input, ChatGPT's output matched the original component perfectly.
The Balkanized Internet: the Role of Large Cloud Providers (11 minute read)

The "balkanized internet" is caused by the dominance of large cloud providers. This trend contrasts with the internet's early days, when public access was strictly non-commercial and operated on a shared infrastructure. Today, cloud providers control significant portions of internet infrastructure, leading to a situation where users are increasingly confined within their respective cloud environments.
The Top Programming Languages 2024 (3 minute read)

Python continues to lead IEEE Spectrum's 2024 programming language rankings, driven by its dominance in AI and education, while SQL remains highly sought after by employers. Rising stars include TypeScript and Rust, with the latter gaining attention for its memory safety features.
⚑

Quick Links

CodeViz (Website)

CodeViz is a VSCode extension for visualizing and navigating through your codebase's architecture and functions.
Elasticsearch is Open Source, Again (5 minute read)

Elasticsearch is again considered Open Source software as Elastic has added the AGPL license as an option alongside ELv2 and SSPL, allowing users to choose the license best suited for their needs.
Web Design Museum (Website)

Thousands of screens and videos of old websites, mobile apps, and software from the 1990s to mid-00s.
Anthropic's Prompt Engineering Interactive Tutorial (GitHub Repo)

An interactive tutorial on prompt engineering for Claude that covers topics from basic prompt structure to advanced techniques for building complex prompts.

Love TLDR? Tell your friends and get rewards!

Share your referral link below with friends to get free TLDR swag!
https://refer.tldr.tech/d76eafc3/3
Track your referrals here.

Want to advertise in TLDR? πŸ“°

If your company is interested in reaching an audience of web developers and engineering decision makers, you may want to advertise with us.

If you have any comments or feedback, just respond to this email!

Thanks for reading,
Priyam Mohanty, Jenny Xu & Ceora Ford


If you don't want to receive future editions of TLDR Web Dev, please unsubscribe from TLDR Web Dev or manage all of your TLDR newsletter subscriptions.