Know what's happening in the tech world
Weaponizing Open Source?
A user committed malicious code to “node-ipc” package of npm, that detected user’s IP address and deleted all files on the machine, if the user is in Russia or Belarus. It also created new text files with peace message.
It particularly affected Vue.js users that had node-ipc dependency.
Several people expressed strong objections in the discussion that ensued on github.
This is a huge damage to the credit of the whole open source community. I wish your account can be blocked soon.
Any supply chain attack should be punished with no mercy!
AirBnB uses Viaduct, a GraphQL based service mesh to fetch internal data and serve public-facing API requests.
But, they did not have a good way to measure runtime overhead in Viaduct because metrics on end-to-end query latencies are confounded by the performance of downstream services.
So, they defined a metric called ‘Own time’ that is portion of a request’s wall-clock time that occurs when there are zero downstream requests in flight. It thus focus on aspects of Viaduct’s overhead that are unrelated to downstream service dependencies.
Log levels: Very common logs should be lower level. You should inspect the logging output occasionally and re-assign the level of items that are too noisy.
Structured logging: Any decent logging library supports structured logging. If you're inserting a variable into the log message string, consider if it would be better as a field.
You should be able to find the source code for any given log entry. Use unique messages, prefixes, etc. When debugging, you may want to trace a code path using log messages, but that's more difficult if multiple places create the same log entry.
Since logging is normally used after something goes wrong, you need to create logs that will be useful later. It's not always possible to get this right first try. After changing code, you can have a review step where you think about what new information should be logged (factoring in past issues).
Log viewer: Reading a text file of log messages isn't very helpful. Good log viewers help filter information (hide or highlight fields), show trends (eg log frequency over time), and preform structured searches.
One important thing with logging is context. You should be able to search for a uuid primary key from your database and find all the relevant logging information later when you need. Like searching a user_id, order_id or whatever else should find you relevant logs, Having a log that has nothing but a string message saying "the code got here" isn't particularly helpful.
Whenever you build a feature, ask yourself, if someone does something stupid with this, how would I know about it? And work from there.
from a QA perspective, keep things consistent and well formatted to make errors easier to spot.
Elastic apm is dope
Lapsus$ hacks into Microsoft and Okta
Lapsus$ leaked 37 GB of Microsoft’s alleged source code for Bing, Cortana etc.
Lapsus$ hacked into Okta (user authentication manager) and posted screen shots of its super user access on Telegram.
Suhail of Mighty App predicts that such incidents are going to increase in future.
Apple didn’t give official statement but many predict that it is probably due to Google’s 30% commission fee.