1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies (11 minute read)
A 15-year-old bug hunter discovered a vulnerability in Zendesk's email collaboration feature that allowed attackers to access customer support tickets from any company using the service. This exploit was initially dismissed by Zendesk's bug bounty program as "out of scope," but subsequent public disclosure of the vulnerability forced Zendesk to take action. The bug hunter then discovered a second, more serious exploit that could allow attackers to gain access to private Slack workspaces using Zendesk, which was fixed later.
|
Node.js, Pipes, and Disappearing Bytes (5 minute read)
Piping large amounts of JSON data from a Node.js command to another command results in truncated output. The issue stems from the asynchronous nature of Node.js's `process.stdout.write` when writing to a pipe on POSIX systems. When the pipe buffer is full, `process.stdout.write` returns false, and further writes are blocked until the pipe is read. The solution involves subscribing to the `drain` event of the `process.stdout` stream to resume writing after the pipe has been filled.
|
The interactive guide to rendering in React (15 minute read)
React re-renders a component only when its state changes, triggered by an event handler that modifies the state using useState's updater function. It handles multiple updates within an event handler by batching them, applying only the result of the last invocation. StrictMode is a development mode that forces components to re-render twice to ensure purity and resilience.
|
|
3 Career Principles that got me to Director at Google (10 minute read)
A former Google director shares three career principles that helped her achieve five promotions in ten years: Glue, Grit, and Friction. Glue refers to the less glamorous tasks that are vital for team success but might not be directly promotable. Grit is a commitment to pursuing long-term goals despite challenges and viewing failures as opportunities for learning. Friction represents the gap between reality and the ideal state. It must be overcome to show a force multiplier effect.
|
Write Down the Plan (2 minute read)
Writing down plans is a simple yet powerful habit that can help one's career. It forces better thinking and clarity, builds alignment amongst teams, and increases visibility.
|
Lessons from Plain Text (10 minute read)
Plain text is more complex than it seems on the surface. For example, tabs and spaces differences can cause inconsistencies during collaboration. Soft-wrapping text is better for improved readability and compatibility.
|
|
Canary (GitHub Repo)
Canary is an open-source, self-hostable search engine that offers both a core server and web components for building a search bar for your application.
|
Mitata (GitHub Repo)
Mitata is a benchmark tooling library for JavaScript and C++ that offers accurate timing down to picoseconds, helpful visualizations, and features like automatic garbage collection and argument handling for benchmarks.
|
|
$2 H100s: How the GPU Bubble Burst (23 minute read)
The price of H100 GPUs has plummeted from $8/hour to under $2/hour in just a year. This is due to the resales of reserved compute, the rise of open-source models for fine-tuning, and a decline in the number of companies developing new foundation models.
|
How GenAI will impact data engineering (11 minute read)
Generative AI is a fundamental shift that will push data engineers to merge with data analysts to focus on business needs and merge with software engineers to own online systems end-to-end. Current data engineers should try to get ahead by incorporating LLMs into their workflows, exploring AI infrastructure, and staying informed about advancements in the field.
|
Designing A Fast Concurrent Hash Table (17 minute read)
Papaya is a fast and concurrent hash table for Rust. It uses a novel approach to address the challenges of lock-free design, including using a metadata table for cache efficiency and a probabilistic approach to resizing. It also uses various memory reclamation strategies to be faster than other concurrent Rust hash tables in terms of read throughput, latency, and async support.
|
|
Inline Scope for CSS (3 minute read)
The @scope rule in CSS allows developers to directly attach styles to HTML elements, limiting the scope of the CSS to the children of the targeted DOM node.
|
|
|
Love TLDR? Tell your friends and get rewards!
|
|
Share your referral link below with friends to get free TLDR swag!
|
|
|
|
| Track your referrals here. |
|
Want to advertise in TLDR? π°
|
If your company is interested in reaching an audience of web developers and engineering decision makers, you may want to advertise with us.
If you have any comments or feedback, just respond to this email!
Thanks for reading,
Priyam Mohanty, Jenny Xu & Ceora Ford
|
|
|
|
