TheHole New World - how a small leak will sink a great browser (CVE-2021-38003)

A Look at dyn* Code Generation

Troubleshooting Kafka for 2000 Microservices at Wix

Issue #312



Looking good
The speed of your feedback loop is probably one of the biggest factors affecting how quickly you can write good code. I've been doing most of my back-end development using clojure and I've become a bit spoiled, since I can pretty much test every piece of code I write as a write it. Switching back to typescript has been annoying to say the least. Want to test a database call? Well unless I write it in a separate file that I then have to compile and run with node, the only other option is execute through something like a page load via front-end part of the website. NodeJS does have a repl though, and you can technically load in files, so I wonder if it's theoretically possible to plug into it somehow. Hmmm... I think I could use something like this for nvim.
Unrelated, but I'm going to be building in public and decided to start another newsletter to write about the progress. It'll be on a weekly schedule and will be more focused on the business side of things (think marketing and sales), rather than the technical details. Of course I'll mention technical things, but not planning on going into extreme detail. I'm going to be using it as a journal to track what's working and what isn't. If you're interested, I'd recommend subscribing. First update will be sent out later this week.
Anyway, here's the issue.


Today's Sponsor: Could be you!

Are you or your company interested in sponsoring the newsletter? Feel free to reach out to me by replying to this email or clicking the link above.


TheHole New World - how a small leak will sink a great browser (CVE-2021-38003)

Published: 6 December 2022
Tags: browser, infosec, web

Bruce Chen discusses a vulnerability (CVE-2021-38003) in the V8 Javascript engine that affects the Chrome browser.
Some highlights:

  • The vulnerability will cause a special value in V8 called being leaked to the script
  • The root cause of the vulnerability is that V8 tries to handle the exception in JSON.stringify()
  • The end result is you can write shellcode that gets executed


A Look at dyn* Code Generation

Published: 12 December 2022
Tags: rust

Eric Holk presents the new experimental type called dyn* being added in Rust that will give the language more flexibility to support dynamic dispatch for async methods.
Some highlights:

  • The aim is to be able to support async functions everywhere in Rust, including in trait objects
  • A trait object is an opaque value of another type that implements a set of traits
  • dyn* should not impose significant costs above what’s already incurred by dyn


Troubleshooting Kafka for 2000 Microservices at Wix

Published: 9 December 2022
Tags: distributed systems, microservices

Natan Silnitsky underlines three must-have features and two remediation tools for troubleshooting and fixing event-streaming related production issues for microservices using Kafka.
Some highlights:

  • Features are: trace events flow, easily lookup a specific event payload, investigate “Slow” Consumers root cause, easy events skip/replay, and redistribution of single partition lags
  • Trace, Lookup, Longest-Running, Skip, Redistribute, form the Acronym TLLSR
  • Distributed systems are hard


How did I do?

* Amazing
* Articles not relevant to me
* Articles were relevant, but badly written
* Summaries told me everything I wanted to know
* I like turtles

Want to help?

Thank you for reading! If you enjoy the newsletter, I would really appreciate you helping me spread the word by forwarding this to your friends and colleagues or sharing it on social media! Get cool stuff for your referrals using your link

Your referrals:

If you want to discuss or comment on this issue, head on over to this page at A Byte of Coding. You can also subscribe there if you're new!

Have comments or feedback? Just reply to this email or hit me up on Twitter @AByteOfCoding.

Email landed in your promotions tab? Please move it over to primary so you don't miss the latest issues in the future.
Thanks for your Support! 

Big thanks to all of the Patreon supports and company sponsors. If you want to support the newsletter you can checkout the Patreon page. It's not necessary, but it lets me know that I'm doing a good job and that you're finding value in the content.

Stats (updated daily)

Sent: 2995

Opens: 1426

Clicks: 287

Link Clicks Clicks % Unique Clicks Unique Clicks %
TheHole New World - how a small leak will sink a great browser (CVE-2021-38003) 65 34.76% 71 34.63
A Look at dyn* Code Generation 62 33.16% 67 32.68
Troubleshooting Kafka for 2000 Microservices at Wix 60 32.09% 67 32.68


Back to Issues