Motion Canvas

A TypeScript library for creating animated videos using the Canvas API.

https://motioncanvas.io/

@DevMisc
#typenoscript #video #misc

3D DOM viewer

Copy-paste this into your console to visualize the DOM topographically.

https://gist.github.com/OrionReed/4c3778ebc2b5026d2354359ca49077ca

@DevMisc
#web #js #tools #misc

Supabase

Supabase is an open source Firebase alternative. Start your project with a Postgres database, Authentication, instant APIs, Edge Functions, Realtime subnoscriptions, Storage, and Vector embeddings.

https://supabase.com/

@DevMisc
#tools #framework #misc

My favourite animation trick: exponential smoothing

https://lisyarus.github.io/blog/posts/exponential-smoothing.html

@DevMisc
#gamedev #web #math #learn

How an empty S3 bucket can make your AWS bill explode

Imagine you create an empty, private AWS S3 bucket in a region of your preference. What will your AWWS bill be the next morning?

https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1

@DevMisc
#aws #devops #fun

@DevMisc
#meme #extra

A Single Div

A CSS drawing experiment to see what's possible with a single div.

https://a.singlediv.com/

@DevMisc
#css #web #design #fun

Hardest Problem in Computer Science: Centering Things

https://tonsky.me/blog/centering/

@DevMisc
#web #css #learn

@DevMisc
#rust #meme #extra

How to read C type declarations

http://www.unixwiz.net/techtips/reading-cdecl.html

@DevMisc
#c #learn #misc

@DevMisc
#meme #extra #fun

Python's many command-line utilities

Every command-line tool included with Python. These can be run with python -m module_name.

https://www.pythonmorsels.com/cli-tools/

@DevMisc
#python #utils #cli

Hacking Millions of Modems (and Investigating Who Hacked My Modem)

The author discovered that someone was intercepting and replaying his web traffic, which indicated his home network or modem had been compromised. After investigating, he found the IP address belonged to DigitalOcean and had previously been used for phishing and malware campaigns. The author was unable to keep the potentially compromised modem when getting a replacement, so he had to give it back to his ISP, Cox. Years later, the author's cybersecurity friends looked into the incident further and discovered the IP address was part of a domain generation algorithm used by malware. They also found that the Cox business portal had an exposed API that could be used to access and control customer modems without authorization. The author reported the vulnerabilities to Cox, who quickly fixed the issues.

https://samcurry.net/hacking-millions-of-modems

@DevMisc
#security #writeup #misc

Sei pays out $2M bug bounty

In April 2024, the author discovered and reported two critical bugs to the Sei Network blockchain. The first bug would have caused the chain to halt if exploited, while the second bug would have allowed an attacker to freely transfer funds out of any account. The Sei Foundation awarded the author $75,000 and $2,000,000 respectively for these reports. The issues were caught after auditing but before being deployed to mainnet, preventing any funds from being put at risk. The author provided detailed technical explanations of how the bugs worked and how they were ultimately fixed by the Sei team.

https://usmannkhan.com/bug%20reports/2024/06/17/sei-bug-report.html

@DevMisc
#security #crypto #misc

Reverse Engineering Ticketmaster's Rotating Barcodes

- TicketMaster has moved away from traditional printable PDF tickets in favor of a proprietary "SafeTix" system that uses rotating barcodes displayed on a mobile device.
- The rotating barcodes are meant to prevent ticket fraud, but the author argues they create significant usability issues, especially when cell service is poor at venues.
- TicketMaster markets SafeTix as a solution to ticket scalping and fraud, but the author believes the real motivations are to lock users into TicketMaster's ecosystem and make it harder to resell tickets outside their platform.
- The author was able to reverse engineer the SafeTix system and discovered it uses Time-based One-Time Passwords (TOTPs) along with a static bearer token to authenticate tickets.
- With the TOTP secrets and bearer token, the author could theoretically generate valid barcodes and bypass TicketMaster's security measures.
- TicketMaster makes it easy to extract the necessary token information by printing it to the browser console when the barcode is loaded.
- The author is uncertain about the lifetime of the TOTP tokens, but believes they may only be valid for up to 20 hours before the event based on TicketMaster's documentation.
- The author developed a tool called "TicketGimp" that can render valid SafeTix barcodes using the extracted token information.
- The author is highly critical of TicketMaster's practices, accusing them of using technology to exclude and disadvantage customers for their own financial gain.
- The author calls on TicketMaster's developers to have more integrity and use their technical skills responsibly, rather than enabling TicketMaster's "cruel business practices".

https://conduition.io/coding/ticketmaster/

@DevMisc
#web #rev #misc

Python has too many package managers

- Python has a fragmented package and environment management ecosystem, with over a dozen different tools, each with their own strengths and weaknesses.
- The lack of a standardized, efficient, and user-friendly package manager in Python has been an "inexcusable pain-in-the-ass" for many years.
- Other programming languages like Rust, C#, and JavaScript have developed more cohesive and widely-loved package management solutions like Cargo, NuGet, and npm.
- Python's legacy package manager pip has historically had poor dependency resolution, only recently adding backtracking capabilities. It also lacks environment management features.
- The proliferation of various configuration files like requirements.txt, setup.py, Pipfile, environment.yml etc. has led to a lot of redundancy and lack of standardization in Python package management.
- The introduction of PEP 621 in 2020 aimed to consolidate dependencies and configuration into a single pyproject.toml file, leading to the emergence of new tools like Poetry, PDM, Flit, and Hatch.
- Poetry is currently the closest Python tool to the Cargo experience, but it suffers from slow dependency resolution, especially for large projects.
- Conda is a popular choice for data scientists and experimentalists as it can manage non-Python dependencies, but it lacks some features like lock files and can be cumbersome for production use.
- The Rust community's influence is evident in promising new Python package management tools like uv, which aims to be a fast, Cargo-like drop-in replacement for pip.
- The Python community still lacks a cohesive, standardized, and widely-adopted package management solution, but tools like uv hold promise for the future.

https://dublog.net/blog/so-many-python-package-managers/

@DevMisc
#python #pip #extra

Why German Strings are Everywhere

- Developed by Umbra (CedarDB's predecessor)
- Adopted by DuckDB, Apache Arrow, Polars, and Facebook Velox

German Strings are a custom string type highly optimized for data processing. They offer significant improvements over traditional C and C++ string implementations.

Key Features:
- 128-bit struct representation (vs. 192 bits in C++)
- Short string optimization for strings ≤12 characters
- Long string format with 4-char prefix for quick comparisons
- Immutable design for better performance and concurrency
- Storage classes: persistent, transient, temporary

Advantages:
- Space-efficient, fitting in two CPU registers
- Reduced allocations and data movement
- Easier parallelization due to immutability
- Flexible lifetime management with storage classes
- Optimized for common database operations (comparisons, sorting)

Trade-offs:
- Requires careful consideration of string usage and lifetime
- Updates are more expensive (but rare in database systems)
- Maximum string length limited to 4 GiB

https://cedardb.com/blog/german_strings/

@DevMisc
#cpp #data #misc