Biggest story of the week in all of tech is easily the ZombieLoad vulnerability, but the scope definitely doesn’t end there. Let’s see what else caught the staff’s attention this week. We invite you to Codest’s weekly report of best tech articles.
ZombieLoad: Cross Privilege-Boundary Data Leakage
By Jacek Galowicz, Thomas Prescher, Julian Stecklina
We’re still reeling from the implications of vulnerabilities such as RowHammer, Meltdown and Spectre – and here’s another one. What’s known as a side-channel attack, ZombieLoad can cause memory to leak between processes – that’s the skinny, for a deep dive click below.
https://www.cyberus-technology.de/posts/2019-05-14-zombieload.html
GitHub Package Registry
By GitHub
Ever thought how nice it would be to have your own gem source or a private NPM? Never satisfied with the performance and maintainability of solutions like geminabox? Ache no more and check this out. (Elixir enthusiast’s note: custom Hex hosting next, please!)
https://help.github.com/en/articles/about-github-package-registry
Git ransom campaign incident report
By Atlassian Bitbucket, GitHub, GitLab
With a recent spate of “git ransom” repository kidnappings rumors ran wild. We’ve probably all checked our 2FAs, pruned SSH keys and generally battened down the hatches (which is a good thing, but still). Read this collaborative incident report from three major hosted git providers.
https://about.gitlab.com/2019/05/14/git-ransom-campaign-incident-report-atlassian-bitbucket-github-gitlab/
Weird Ruby: Positive and Negative Strings
By Bozhidar Batsov
From the one and only bbatsov, here’s some really weird Ruby strings. At the risk of sounding like clickbait, this will genuinely surprise most Rubyists.
https://metaredux.com/posts/2019/05/10/weird-ruby-positive-and-negative-strings.html
HTTP headers for the responsible developer
By Stefan Judis
Whether front-end or back-end, there’s never a better time to brush up on your HTTP security than right now. Great refresher for the pros, eye-opening resource for beginners.
https://www.twilio.com/blog/a-http-headers-for-the-responsible-developer
Bonus! Want more still? How about some surprising Bash variables?
Read also: