Issue #16: 10 Reads, A Handcrafted Weekly Newsletter for Humans


Hello All,
Here are 10 reads I thought were worth sharing this week. The total time to read this newsletter is 165 minutes.  This week has stories on writing, remote code execution on Facebook servers, peter principle, Java 11 ZGC, Serverless patterns, PostgreSQL fast column creation, and few more.
Leadership is nature’s way of removing morons from the productive flow. – Dilbert

  1. Remote Code Execution on a Facebook server: 10 mins read. This post shares a story of how the author of the post found vulnerability in one of the Facebook servers. The server that was comprised was running Sentry, a log collection framework web application written in Python and Django framework. Following are the main points for me in the post:
    1. Never run Django services in debug mode. In the case of exception, debug mode prints the server information including all the environment variables. I have not used Django but have used Python’s flask. Flask also has the flag to run application in debug mode. Developers at times forget to turn off debug flag mode on leaving their servers at risk.
    2. Understand if your serialization/deserliaztion library save you from remote code execution. Django uses Pickle which does not protect its users from remote code execution. Same is true with JDK native serialization.
  2. Writing Documentation When You Aren’t A Technical Writer: 15 mins read. I think software engineers need to learn how to document their stuff. In this post, Taylor Barnett shares lessons that can help us write better documentation. To write good docs, you need to know two things — audience and purpose. Some of these lessons are:
    1. Don’t oversimplify stuff
    2. Show empathy to user by using the right language
    3. Consider error messages as a form of documentation
    4. Pay attention to choosing right words
  3. The Peter Principle is a joke taken seriously. Is it true?: 15 mins read. It turns out Laurence Peter was right when he said every employee tends to rise to his level of incompetence. I read The Peter principle book 3 years back. It is a refreshing take on management.
  4. Be Kind: 5 mins read. This is a hard skill to acquire. Keeping calm when others make mistake. In this post, author shares a story how he brought the client application down by making a hurried push to the production without proper testing and verification. We all have done this. The key point is to learn from these mistakes and try to not repeat the same mistake in future.
  5. 13 Brain Hacks That Will Allow You To Conquer Your Fears: 15 mins read. This post cover 13 brain hacks shared by members of Young Entrepreneur Council. My favourite is “Use the five-second rule”. A simple rule that anyone can follow. Read the post to learn about all the brain hacks.
  6. A Case Against Optimizing Your Life:  15 mins read. I totally agree with the author. I have experienced it first hand. Last year for few months I tried to optimise every minute of my day. I was tracking everything in calendar and doing weekly analysis of my time. For first few months it felt good but after that it started to take its toll. I was working more but always feeling the pressure.
  7. Java’s new Z Garbage Collector (ZGC) is very exciting: 30 mins read. Java 11 is coming up with new Garbage Collector ZGC. This will be ideal for applications that uses 100’s of GB of RAM. This article goes deeper into the ZGC does garbage collection. It is a good read for any Java developer.
  8. Serverless Microservice Patterns for AWS: 30 mins read. This is a great post on different patterns that are feasible with AWS Lambda. I have used few of these patterns when I was using lambda. My biggest problem with lambda is that integration testing has to happen in cloud. This at times slows you down. This post is useful for anyone interested in Serverless. Building applications in Serverless way is different. This post will give help you understand patterns that are at your disposal.
  9. Lessons Learned: Switching from CircleCI to Google Cloud Build: 10 mins read. I was not aware of Google Cloud Build. Looks like a good alternative if you already use Google Cloud. I have used CircleCI for personal projects and it worked great.
  10. A Missing Link in Postgres 11: Fast Column Creation with Defaults: 15 mins read. It is always good to learn how features are implemented. This post covers how PostgreSQL will be able to do fast column creation from version 11. The trick is to use pg_attribute system table to provide a default value and write default value to the table when they are updated.

Leave a comment