System Design Pastebin

X.520: What’s in a name? (2022)

Escaping misconfigured VSCode extensions

Issue #339

2/27/2023

{{PreviewText}} 

Yeello
Spring is in the air!
Here's the issue.

====================================================================

Today's Sponsor: Could be you!

Are you or your company interested in sponsoring the newsletter? Feel free to reach out to me by replying to this email or clicking the link above.

====================================================================

System Design Pastebin

Published: 9 December 2022
Tags: api, software architecture

NK explores the design and implementation of Pastebin from a interviewing perspective (as if you're asked to implement it in a job interview).
Some highlights:

  • Covers how Pastebin works
  • Presents questions you should be asking the interviewer
  • Goes on a fairly detailed explanation of the system's implementation


====================================================================

X.520: What’s in a name? (2022)

Published: 31 January 2023
Tags: dns, history, networking, web

Ryan Sleevi discusses the incompatibility between the RFC 2459, 3280, and RFC 5280 (often just referred to as “PKIX”) and the ITU.T X.509.
Some highlights:

  • ETSI, the European Telecommunications Standards Institute, submitted Liaison Statement 1773 to the IETF recently, which raised concerns that there are limits to how many characters certain Subject/Issuer fields can contain within RFC 2459, 3280, and RFC 5280
  • The Directory was a competitor to other contemporaneous protocols such as HTTP (1990) and Gopher (1991), but more of a database-style protocol, focused on attributes and objects
  • The web's certificate authority system is kind of dated


====================================================================

Escaping misconfigured VSCode extensions

Published: 21 February 2023
Tags: infosec, javascript

This two-part blog series covers how Vasco Franco found and disclosed three vulnerabilities in VSCode extensions and one vulnerability in VSCode itself.
Some highlights:

  • The underlying cause of each vulnerability is identified and fully working exploits are demonstrated
  • Recommends ways to prevent similar issues from occurring in the future
  • The first part of the series focuses on vulnerabilities in VSCode extensions, in particular two Microsoft extensions: SARIF viewer and Live Preview


-

How did I do?

* Amazing
* Articles not relevant to me
* Articles were relevant, but badly written
* Summaries told me everything I wanted to know
* I like turtles

Want to help?
Thank you for reading! If you enjoy the newsletter, I would really appreciate you helping me spread the word by forwarding this to your friends and colleagues or sharing it on social media! Get cool stuff for your referrals using your link https://abyteofcoding.com.

Your referrals:


If you want to discuss or comment on this issue, head on over to this page at A Byte of Coding. You can also subscribe there if you're new!

Have comments or feedback? Just reply to this email or hit me up on Twitter @AByteOfCoding.

Email landed in your promotions tab? Please move it over to primary so you don't miss the latest issues in the future.
Thanks for your Support! 
Big thanks to all of the Patreon supports and company sponsors. If you want to support the newsletter you can checkout the Patreon page. It's not necessary, but it lets me know that I'm doing a good job and that you're finding value in the content.


Stats (updated daily)

Sent: 3050

Opens: 1428

Clicks: 331

Link Clicks Clicks % Unique Clicks Unique Clicks %
System Design Pastebin 167 65.49% 187 65.38
X.520: What’s in a name? (2022) 43 16.86% 49 17.13
Escaping misconfigured VSCode extensions 45 17.65% 50 17.48

Previous

Back to Issues

Next