Reading Material
A collection of resources that I found interesting and useful across various domains.
Contents
- Go
- Containers
- Data Structures and Algorithms
- Internet
- Git
- Linux
- OS Dev
- C
- Ruby
- Rails
- Haskell
- Javascript
- Rust
- Database
- Tor
- Functional Programming
- OAuth
- Regex
- Distributed Systems
- Kafka
- Spark
- Monitoring
- System Design
- Privacy
- Security
- x vs y 🔪
- Useful Command Line Tools
- Blogs
- More
- Fun
- More Books
- Courses
- Papers
- Notes [WIP]
Legend
You might see some emojis (✨, 🚧 etc) crawling all over this collection.
| emoji | meaning |
|---|---|
| More the number, the more I liked the blog :3 | |
| super duper awesome blog | |
| Pending learning on this :( | |
| It's video! | |
| It's a book! | |
| It's a white paper! | |
| 🔧 | It's Debugging related |
| faceoff | |
| 📁 | It's a list |
Go
Go Pilot run
- Tour of Go
- Go by example
- Effective Go
- Golang channels tutorial
- Resources for new Go programmers
- The zero value
- Darker Corners of Go ✨
- Know Your Nil
Concepts
Do not communicate by sharing memory; instead, share memory by communicating.
Concurrency
Concurrency is not Parallelism
- Go Concurrency from the Ground Up
- How Goroutines Work
✨ - Concurrency is not Parallelism
✨ ⚡ - Concurrency in golang and a mini Load-balancer
- Channels in Go
- Go Concurrency Patterns
- Concurrent programming, with examples
- Slow down your code with goroutines
- How to Gracefully Close Channels
✨ - Go channels on steroids
- Visualizing Concurrency in Go
- Go’s Extended Concurrency: Semaphores (Part 1)
- Channel Axioms
✨ - Go Concurrency Patterns: Pipelines and cancellation
- Using contexts to avoid leaking goroutines
- Why is a Goroutine’s stack infinite ?
- Advanced Go Concurrency Patterns
- sync.RWMutex
Profiling 🔍
- Profiling Go
- Profiling and optimizing Go web applications
- Profiling Go Programs
- pprof
- go tool trace
- Various go profiling methods
- pprof++: A Go Profiler with Hardware Performance Monitoring
Go Internals
Everything about Go: internals, concurrency, compiler, or packages available in the Go community.
- Go Internals
- How does the go build command work?
- Introducing the Go Race Detector
- String interning in Go
- Arrays, slices (and strings): The mechanics of 'append'
- Go’s hidden #pragmas
- Detecting Race Conditions With Go
Scheduler
- The Go scheduler ✨
- Scheduler Tracing In Go
- Analysis of the Go runtime scheduler 📃
- Go's work-stealing scheduler
Garbage Collector
- Golang’s Real-time GC in Theory and Practice
✨ - Getting to Go: The Journey of Go's Garbage Collector
- runtime: Large maps cause significant GC pauses
- How We Saved 70K Cores Across 30 Mission-Critical Services (Large-Scale, Semi-Automated Go GC Tuning @Uber)
- A Guide to the Go Garbage Collector
Compiler
Memory
- The Go Memory Model ✨
- Go memory ballast: How I learnt to stop worrying and love the heap
- Memory Leaking Scenarios
- Memory Order Guarantees in Go
- GO MEMORY MANAGEMENT
- Contiguous stacks in Go
- Memory Optimizations for Go Systems
- A few bytes here, a few there, pretty soon you’re talking real memory
🚧 - Golang escape analysis
🚧 - Are large slices more expensive than smaller ones? 🔍
- There is no pass-by-reference in Go
- Allocation efficiency in high-performance Go services
Networking with Go
- Network Programming with Go
- A Million WebSockets and Go
- TCP/IP Networking in Go
- An Implementation and Analysis of a Kernel Network Stack in Go with the CSP Style
📃 - Gotchas in the Go Network Packages Defaults ✨
More
- Interfaces in Go
- Go Data Structures: Interfaces
- Applied Go
- Golang Has Generics
- Go-tcha: When nil != nil
- SOLID Go Design
- Simple techniques to optimise Go programs
- A whirlwind tour of Go’s runtime environment variables
- How we optimized our DNS server using go tools
✨ - Optimizing M3: How Uber Halved Our Metrics Ingestion Latency by (Briefly) Forking the Go Compiler
✨ - Writing a very fast cache service with millions of entries in Go
- Go, without package scoped variables
- How to generate a random string of a fixed length in Go?
- Building efficient statsd library in Go
- Gopher Puzzlers
⚡ - Visually Understanding Worker Pool
- The Case For A Go Worker Pool
- Go at Google: Language Design in the Service of Software Engineering
- Life of an HTTP request in a Go server
- Send data from file without loading into memory
- Data Race Patterns in Go
- Optimizing Large File Transfers in Linux with Go - An Exploration of TCP and Syscall
- Pardon the Interruption: Loop Preemption in Go 1.14
- Mastering WebSockets With Go
Containers
- A Practical Introduction to Container Terminology
⚡ - Container networking is simple
🚧 - Introduction to Container Security
📃 - Linux Containers in 500 lines
- Container security best practices: Comprehensive guide
- Three bugs in the Go MySQL Driver
⚡
Docker
- Docker Internals
- Understanding Docker Internals
- Docker Secure Deployment
- Docker Curriculum
- A tiny but valid
initfor containers - Intro Guide to Dockerfile Best Practices
- Docker security
- 3 simple tricks for smaller Docker images
- Best practices for building containers
- Reverse Engineering a Docker Image
- docker pause
Kubernetes 🚧
- What even is a kubelet?
- Kubernetes from the ground up: the API server
- Kubernetes from the ground up: the scheduler
- Kubernetes: Getting Started With a Local Deployment
- Awesome Kubernetes
- There and Back Again: The Unexpected Journey of a Request
- Life of a Packet in Kubernetes — Part 1
Data Structures and Algorithms
Algorithms
- Complexity of Python Operations
- Heap Algorithm
- Linked lists are still hard
- Understanding Dijkstra's Algorithm
- How to think in graphs
- Ask HN: What's your favorite elegant/beautiful algorithm?
- Algorithms Behind Modern Storage Systems
- The Knuth-Morris-Pratt Algorithm in my own words
- Why is processing a sorted array faster than processing an unsorted array?
✨ ⚡ - Introduction to Algorithms
📚 - 10 Optimizations on Linear Search
Data Structures
Advanced Data Structures
Bloom filter
Internet
Webservers
- Apache vs Nginx: Practical Considerations
- The C10K problem
- nginx
- How WebSocket server handles multiple incoming connection requests?
- Inside NGINX: How We Designed for Performance & Scale
- Tuning NGINX for Performance
Web Caching
Protocols
HTTP(S)
- HTTP
- Capturing HTTP Packets
- HTTPS in the real world
- How does HTTPS actually work?
- Designing Headers for HTTP Compression
- HTTP headers for the responsible developer
- Evolution of HTTP
- The First Few Milliseconds of an HTTPS Connection
✨ - The HTTP part 1 - Let's start small
- How HTTPS works ...in a comic!
- How HTTPS Works in Layman's Terms - TLS 1.2 and 1.3
- HTTP Caching
- HTTP Security Headers - A Complete Guide
HTTP/2
HTTP/3
- Comparing HTTP/3 vs. HTTP/2 Performance
- HTTP3
- QUIC
- Employing QUIC Protocol to Optimize Uber’s App Performance
- HTTP/3: the past, the present, and the future
- HTTP/3 Deep Dive
- HTTP/3 explained
TLS
- How does SSL/TLS work?
- The Illustrated TLS Connection
- The New Illustrated TLS Connection
- What is TLS (Transport Layer Security)?
- Even faster connection establishment with QUIC 0-RTT resumption
- A Detailed Look at RFC 8446 (a.k.a. TLS 1.3)
TCP/UDP
- Discussion: UDP in web
- Let's code a TCP/IP stack
- When TCP sockets refuse to die
- Messing With Telnet
- How TCP Sockets Work
- How Does TCP Work?
- Once Again on TCP vs UDP
- Nagle's algorithm
- What every developer should know about TCP
- What I learned attempting the TCP Reset attack
DNS
- DNS in One Picture
- The Web Developer's Guide to DNS
- The uncertainty of measuring the DNS
- DNS Encryption Explained
- A cartoon intro to DNS over HTTPS
- Hello and welcome to DNS!
- How DNS Works
- Beyond DNS over HTTPS: Trustless DNS Privacy
BGP
Websockets
- WebSockets for fun and profit
- The WebSocket Protocol: RFC 6455
- How WebSockets Work
- HTTP and Websockets: Understanding the capabilities of today’s web communication technologies
- WebSockets - A Conceptual Deep Dive
- How HTML5 Web Sockets Interact With Proxy Servers
- How Do Websockets Work?
- What are Long-Polling, Websockets, Server-Sent Events (SSE) and Comet?
- Building realtime apps with Go and WebSockets: client-side considerations
WebRTC
Load Balancing
- Load Balancing
- GLB: GitHub's open source load balancer
- What Is Load Balancing?
- Understanding Nginx HTTP Proxying, Load Balancing, Buffering, and Caching
- Introduction to modern network load balancing and proxying
NAT
Random
- The future of the open internet
- What happens when...
✨ ⚡ - How Wi-Fi Works
- How Does the Internet Work?
📃 - The Law of Leaky Abstractions
✨ - How to crawl a quarter billion webpages in 40 hours
- Setting up your server for IPv6 (nginx)
- The world in which IPv6 was a good design
- The Non-complexity of /etc/nsswitch.conf
✨ - What is Envoy
- High Performance Browser Networking
📚 - HAProxy
- Kerberos: The Network Authentication Protocol
- Network Protocols – Programmer's Compendium
- curl HTTP cheat sheet
- cURL security anti-patterns
- Staying out of TTL hell
- Stateful vs Stateless Authentication
- How to win at CORS
- The perils of the “real” client IP
Networking Books 📚
- The Architecture of Open Source Applications
- Understanding IP Addressing: Everything You Ever Wanted To Know
- Kurose and Ross - Top Down Networking
- TCP/IP Illustrated
Git
- Making Commit in past
- A Successul Git Branching Model
- Oh shit, git!
- What’s Wrong With Git? - Git Merge 2017
📺 - Git Aliases of the Gods!
📺 - High-level Problems with Git and How to Fix Them
- Git from the bottom up
📚 - Commit Often, Perfect Later, Publish Once: Git Best Practices
- Rebase with history -- implementation ideas
- How bad can it git? Characterizing secret leakage in public GitHub repositories
- git add --patch and --interactive
- Pro Git
📚 - How to Write a Git Commit Message
- Git Hooks
git rebase --ontogit push --force-with-lease- Commits are snapshots, not diffs
- http://whatthecommit.com/
- Think Like (a) Git
- The Thing About Git
Git Internals
- Git Internals - Git References
- Git Internals - Packfiles
- Git gc
- Git Compression of Blobs and Packfiles
- Git Submodules: Adding, Using, Removing, Updating
- Understanding git for real by exploring the .git directory
- The Git Parable
✨ ⚡ - Some of git internals
Linux
- Linux Insides
- chmod Tutorial
- Orphan vs Zombie vs Daemon Processes
- inetd Vs xinetd in linux
- rm -rf remains ✨
- What happens when you start a process on Linux?
- How does the system shutdown of a linux kernel work internally?
- The Definitive Guide to Linux System Calls ✨
- grep your way to freedom
- The real power of Linux executables
- x86 Assembly Guide
✨ - Linux file descriptors
- UNIX Syscalls
- How statically linked programs run on Linux ✨
- File Types in Linux
- Killing processes that don't want to die
- Threads and fork(): think twice before mixing them
- Loading and ptrace'ing a process on Linux
- Understanding glibc malloc
- Systemd as tragedy
- Rethinking PID 1
- What is Overcommit? And why is it bad?
- Your terminal is not a terminal: An Introduction to Streams
- How fast are Unix domain sockets?
- The 101 of ELF files on Linux: Understanding and Analysis
- Linux namespaces
- Why should text files end with a newline?
- What has to happen with Unix virtual memory when you have no swap space
- htop explained
- The Linux Scheduler: a Decade of Wasted Cores
- Linux Log Files that are Located under /var/log Directory
- Basic Linux Privilege Escalation
- “zero copy networking” vs “kernel bypass”?
- Understanding cgroups
- The brokenness of the sendfile() system call
- Understanding Daemons
- Myths Programmers Believe about CPU Caches
✨ - Systemd is not Magic Security Dust
🚧 - Pushing the Limits of Kernel Networking
- eBPF 🚧
- Process resource limits under the hood
- Queueing in the Linux Network Stack
SSH
- Secure Secure Shell
⚡ - Endlessh: an SSH Tarpit
- A visual guide to SSH tunnels
✨ - A Visual Guide to SSH Tunnels
Linux Security
- Linux Kernel Exploitation
- Dirty Cow
- Explaining Dirty COW local root exploit - CVE-2016-5195
📺 - Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals
- Security Tips for Linux Servers
- Three kinds of memory leaks
- Running Untrusted Programs in Linux
- Writing a simple rootkit for linux
- Do sudo and .profile/.bashrc enable trivial privilege escalation?
- How to break out of a chroot() jail
Bash
- Creating a bash completion script
- Explain Shell
- Writing a Unix Shell
- Bash Pitfalls
- Minimal safe Bash script template
⚡ - http://www.bashoneliners.com/
✨ ⚡ - Illustrated Redirection Tutorial ⚡ ⚡
BPF
OS dev
- Operating Systems Lecture Notes
- Kernel 101 – Let’s write a Kernel
- Kernel development
- Computer architecture for network engineers
- Building a simple Kernel
- How Does an Intel Processor Boot?
- implement your own Linux kernel
Books
C
- Lightweight HTTP Server
- Understanding C by learning assembly
✨ ✨ - Smashing The Stack For Fun And Profit
- GNU Make: A Program for Directing Recompilation
- ncurses Programming HOWTO
- Make your own build system
- Malloc tutorial
- Let's Build a Compiler, by Jack Crenshaw
- Back to Basics
- Tearing apart printf()
✨ ✨
Ruby
- Metaprogramming in Ruby
- Visualizing Your Ruby Heap
- 7 Deadly Sins of Ruby Metaprogramming
- Guide to Ruby
📖 - Ruby Under a Microscope
📖
Rails
- RoR Tutorial
📖 - Predicting Test Failures
- XSS and Rails
- RailsConf 2014 - All the Little Things by Sandi Metz
📺
Haskell
- Official Documentation
- How to learn Haskell
- Fighting spam with Haskell
✨ - Huge list of videos, talks, courses for Haskell programming language
- Happy Learn Haskell Tutorial
- Some Notes About How I Write Haskell
- Learn You a Haskell for Great Good!
Books
JS
Pilot Run
- Objects in javascript
- Two Pillars of Javascript
- How are the Event Loop, Callback Queue, and Javascript’s single thread connected?
✨ - Philip Roberts: What the heck is the event loop anyway? 📺
- Types in Javascript
- Modern JavaScript Cheatsheet
- Arrow function vs function declaration / expressions: Are they equivalent / exchangeable?
Advanced Concepts
- this in JS
- What is a Promise?
- Lazy, composable, and modular JavaScript
- Advanced JS
- The Dao of Immutability
- Composing Software
✨ ✨ - What is the Difference Between Class and Prototypal Inheritance?
- What is a Closure?
- Circular dependencies in JavaScript
- Hoisting in Javascript
- Async-Await
- Await and Async Explained with Diagrams and Examples
- JavaScript engine fundamentals: Shapes and Inline Caches ✨
- Javascript : The Curious Case of Null >= 0
- How to Fix the ES6
classkeyword - Elements of JavaScript Style
- Javascript Debugging
- Headless Chromium
- Rich JavaScript Applications – the Seven Frameworks
- Essential Image Optimization
✨ - Why does Google prepend while(1); to their JSON responses?
- In defense of Functional CSS
- Douglas Crockford: Really. JavaScript. 📺
- Defensive JavaScript
- What is
this? The Inner Workings of JavaScript Objects - Responsible JavaScript
- JavaScript Event Loop And Call Stack Explained
⚡ - Looking into assembly code of coercion
- A cartoon intro to WebAssembly
- The Lost Art of the Makefile
✨ ✨ - Streams—The definitive guide
React, Redux
- Under the hood ReactJS
- Thinking in React
- React Implementation Notes
- React Internals
- Scheduling in React
v8
- v8 Resource
- Understanding V8’s Bytecode
- Concurrent marking in V8
- V8 / Chrome Architecture Reading List - For Vulnerability Researchers
JS Books
- You Don't Know JS
- Javascript: The Good Parts
- Mostly Adequate Guide to Functional Programming
- Programming JavaScript Applications
- The JavaScript Way
Rust
- A Gentle Introduction To Rust
- Rust Docs
📖 - Rust Design Patterns
- Rethinking Systems Programming
✨ - The Rust Programming Language
- Learning systems programming with Rust
- Learn Rust With Entirely Too Many Linked Lists
- Fearless Concurrency with Rust
Database
- Secure PostgreSQL
🔒 - SQL vs NoSQL
- Build a simple database
- One Giant Leap For SQL: MySQL 8.0 Released ✨
- MongoDB is to NoSQL like MySQL to SQL — in the most harmful way
- How Postgres Makes Transactions Atomic
- Building Robust Systems with ACID and Constraints
✨ - Awesome Database Learning
- Database Internals 📖 🚧
- Things I Wished More Developers Knew About Databases
🚧 - PostgreSQL LISTEN/NOTIFY
- Maximizing MongoDB Performance on AWS
- Read Consistency with Database Replicas
- Zero downtime Postgres migration, done right
- Inconsistent thoughts on database consistency
- Herding elephants: Lessons learned from sharding Postgres at Notion
Sharding
- Understanding Database Sharding
- An Unorthodox Approach To Database Design : The Coming Of The Shard
✨ - Spanner's High Availability Writes
Papers
Tor
- Research problems: Ten ways to discover Tor bridges
- Selected Papers in Anonymity
📃 - Onion Router
- Anti-Censorship & Transparency - Roger Dingledine
📺 - How does Tor work?
- How Tor Works
Tor Papers
- Tor Design
- Tor Bridge Discovery
- A Model of Onion Routing with Provable Anonymity
- Locating Hidden Servers
Functional Programming
- What is Functional Programming ?
- Functional Programming Jargon
- What is a Functional Composition
- What is Pure function?
- Functional Programming
- So You Want to be a Functional Programmer
- Practical Functional Programming
- Mostly Adequate Guide to Functional Programming
✨ - Parse, don’t validate
- Functors, Applicatives, And Monads In Pictures ✨ ✨ ⚡ ⚡
- A Glossary of Functional Programming
- Scala Italy 2019 - John A De Goes - A Tour of Functional Design
📺
OAuth
Regex
Distributed Systems
- Introduction to Distributed System Design
- Raft: Understandable Distributed Consensus
✨ - HTTP is obsolete. It's time for the Distributed Web
- Rack Model
📃 - If you need a global lock in your distributed system, then you're already in trouble ✨
- Parent Thread: Is Redlock Safe? Reply to Redlock Analysis
- Towards Robust Distributed Systems
- CAP Theorem
- Designing Distributed Systems: Patterns and Paradigms for Scalable, Reliable Services
📖 🚧 - Distributed systems theory for the distributed systems engineer
✨ 📁 - Fallacies of distributed computing
- Consesus Protocols
- Keeping CALM: When Distributed Consistency Is Easy
- Brewer’s Conjecture and the Feasibility of Consistent, Available, Partition-Tolerant Web Services
📃 🚧 - Thinking about Availability in Large Service Infrastructures
- Questioning the Lambda Architecture
- Avoiding fallback in distributed systems
- Consistency Models
🚧 - A Distributed Systems Reading List 📁
- Please stop calling databases CP or AP
- The network is reliable
- Managing Critical State: Distributed Consensus for Reliability
Kafka
- "Apache Kafka and the Next 700 Stream Processing Systems" by Jay Kreps
📺 - Streaming 101: The world beyond batch
- Kafka and Zookeeper with Docker
- A Guide To The Kafka Protocol
- The Unofficial Kafka Rebalance How-To
- High Performance Kafka Producers
- __consumer_offsets topic in kafka
- Vertically scaling Kafka consumers
- Apache Kafka Rebalance Protocol, or the magic behind your streams applications
- Apache Kafka Supports 200K Partitions Per Cluster
- It’s Okay To Store Data In Apache Kafka
- Kafka: The Definitive Guide
📖 - Disaster Recovery for Multi-Region Kafka at Uber
- A Practical Introduction to Kafka Storage Internals
- KIP-500: Replace ZooKeeper with a Self-Managed Metadata Quorum
Spark
- Memory Management Overview
- Tricks of the Trade: Tuning JVM Memory for Large-scale Services
- Managing Spark Partitions with Coalesce and Repartition
- The hidden cost of Spark withColumn
Logging
- Spark Streaming Logging Configuration
- S3 Log4j Appender
- Log4j appender with S3 and search publishing
Monitoring
Prometheus
- When to use the Pushgateway
- Common pitfalls when using the Pushgateway
- On the naming of things ✨
- Prometheus Recording Rules
- Prometheus Counters and how to deal with them
- Thanos
- PromQL Queries for Exploring Your Metrics
- How to learn PromQL with Prometheus Playground
More
- Statsd: Measure Anything, Measure Everything
- JVM Profiler: An Open Source Tool for Tracing Distributed JVM Applications at Scale
- Telltale: Netflix Application Monitoring Simplified
- Understanding the Top 5 Redis Performance Metrics
System Design
Guides
- Metcalfe's law
- Learn how to design large-scale systems
✨ - A Brief History of High Availability
- Introduction to Microservices
- What is Kappa Architecture?
- Principles of chaos engineering
- Microservices — architecture nihilism in minimalism's clothes ✨
- Failing over without falling over ⚡
- Timeouts, retries, and backoff with jitter
- Why are services slow sometimes?
⚡ - Understanding Connections & Pools ⚡ ⚡
- The Big Little Guide to Message Queues
- MonolithFirst
- A List of Post-mortems!
- Exponential Backoff And Jitter
Systems
- Reddit: How We Built r/Place ✨
- Uber: Why Uber Engineering Switched from Postgres to MySQL
- Dropbox: How we migrated Dropbox from Nginx to Envoy
- Cloudflare: How Cloudflare’s Architecture Can Scale to Stop the Largest Attacks
- Making Instagram.com faster
- Billions of Messages a Day - Yelp's Real-time Data Pipeline
- The WhatsApp Architecture Facebook Bought For $19 Billion
- Airbnb: Avoiding Double Payments in a Distributed Payments System
- How We Developed DingTalk: Implementing the Message System Architecture
- Intelligent DNS based load balancing at Dropbox
- Redis Explained
Scalability
- Jeremy Edberg - Scalable Cloud Architectures | Tech Talk
📺 - CS75 (Summer 2012) Lecture 9 Scalability Harvard Web Development
📺 ⚡ - A Word on Scalability
- Scalability for Dummies
✨ - Scalable System Design Patterns
- Scalable Web Architecture and Distributed Systems
- The Tail at Scale
📃 - Automating chaos experiments in production
- Eventually Consistent - Revisited
Event driven Architecture
AWS
- Everything You Need To Know About Networking On AWS
- Deep Dive on Amazon ECS Cluster Auto Scaling
✨ 🚧 - Designing scalable API on AWS spot instances
- Workload isolation using shuffle-sharding
- The Hitchhiker's Guide to AWS ECS and Docker
- AWS IAM Policies in a Nutshell
- What You Need to Know About IOPS
- Why was a query to my Amazon RDS MySQL DB instance blocked when there is no other active session?
Netflix
- Mastering Chaos - A Netflix Guide to Microservices
📺 ✨ - How we scaled nginx and saved the world 54 years every day
- Building fast.com
- AWS re:Invent 2017: How Netflix Tunes Amazon EC2 Instances for Performance (CMP325) 📺
- AWS re:Invent 2015: A Day in the Life of a Netflix Engineer (DVO203)
📺 ⚡ - Edge Authentication and Token-Agnostic Identity Propagation
Cloudflare
Privacy
- Cutting Google out of your life
- The Fantasy of Opting Out
- The Hitchhiker's Guide to Online Anonymity
- You should turn off autofill in your password manager
Security
Attacks
- SSL Strip
- SQL Injection
- Binary Exploitation
- SQL Attack Constraint Based
- DNS Reconnaissance – DNSRecon
- What is a DDoS Attack?
- Server Side Request Forgery (SSRF)?
- All you need to know about SYN floods
- "kernel: Possible SYN flooding on port X. Sending cookies" is logged
- SSL Strip for Newbies
- Cold Boot Attack
- Heartbleed Bug
- Shellshock
- Mirai Botnet
- POODLE
- Format string attack
- Off-by-one error
- EFAIL
- HTTP Desync Attacks: Request Smuggling Reborn
- The SSL FREAK vulnerability explained
- Abusing HTTP hop-by-hop request headers
- Memcrashed - Major amplification attacks from UDP port 11211
- Analyzing the Attacks on my Website
- How does a TCP reset attack work
- Cracking the lens: targeting HTTP's hidden attack-surface
- Web Cache Entanglement: Novel Pathways to Poisoning
- Reading Data via CSS Injection
- Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing
- SAD DNS Explained ✨ ⚡
- Hidden OAuth attack vectors
- HTTP request smuggling
Tools
Guides
- CTF Field Guide
✨ - Buffer Overflow
- Sometimes HTTP > HTTPS
- Security list for fun and profit
- What “hacking” competitions/challenges exist?
- Reverse Shell Cheat Sheet
✨ - Beware of strncpy() and strncat()
- Lessons learned and misconceptions regarding encryption and cryptology
✨ - GOT and PLT for pwning
- A Look at The Draft for JWT Best Current Practices
- LiveOverflow Binary Hacking
📺 - Advanced web security topics
- Don't publicly expose .git ✨
- The State Of Software Security In 2019
🔒 - The definitive super list for "Google Hacking"
- A list of useful payloads and bypass for Web Application Security and Pentest/CTF
- Now you C me, now you don't: An introduction to the hidden attack surface of interpreted languages
- Simple Bugs With Complex Exploits
Games and CTF's
- Web for Pentesters
- Overthewire
- Crypto Challenges
- https://picoctf.com/
- https://pwnable.kr
- http://gracker.org/
- http://websec.fr/
- https://365.csaw.io/
- https://crackmes.one/
Crypto
- So, You Want To Learn To Break Ciphers
- Alice & Bob : A History of The World’s Most Famous Cryptographic Couple
- Implementing AES
- A Stick Figure Guide to the Advanced Encryption Standard (AES)
- An Intensive Introduction to Cryptography
📖 - First SHA1 Collision
- Myths about /dev/urandom
- The Joy of Cryptography
- Bcrypt Step by Step
- Bcrypt
- Why shouldn't we roll our own?
✨ - How to securely hash passwords?
- How To Safely Store A Password
⚡ - So you want to roll your own crypto?
Security Papers
- Untraceable electronic mail, return addresses, and digital pseudonyms
- Understanding the Mirai Botnet
- Exposing Private Information by Timing Web Applications
- Security, Authentication, and Public Key Systems
- A Future-Adaptable Password Scheme
- Too Much Crypto
x vs y 🔪
- Ruby vs Python
- Weapon of Mass Destruction
- Leaving Clojure for Ruby
- Why Rust and not Go
✨ - Why Go and Rust are Competitors
- A Response to Hello World
- Kafka vs. Pulsar vs. RabbitMQ: Performance, Architecture, and Features Compared
Useful Command Line Tools
- tldr
- Rofi: A window switcher, application launcher and dmenu replacement
- fd: A simple, fast and user-friendly alternative to find
- SCM breeze: Adds numbered shortcuts to the output git status, and much more
- Pass: Simple password manager using gpg and ordinary unix directories
- peerflix
- kaf: Modern CLI for Apache Kafka
- curl statistics made simple
- mkcert
- sshuttle - Transparent proxy server that works as a poor man's VPN.
- jq
Blogs
- http://arjunsreedharan.org/
- https://jvns.ca/
- https://githubengineering.com/
- http://nullprogram.com/index/
- https://zwischenzugs.com/
- https://mkdev.me/en/posts
- https://blog.cloudflare.com/
- http://prog21.dadgum.com/
- https://increment.com/programming-languages/
✨ - https://blog.filippo.io/
- http://highscalability.com
- https://notes.shichao.io/
- https://blog.acolyer.org/ - If you are into research papers
- https://lwn.net/
- https://queue.acm.org/
- https://www.the-paper-trail.org/
- https://overreacted.io/
- https://robertheaton.com/
- https://www.mnot.net/blog/
- https://systemoverlord.com/
- https://blog.rpis.ec/
- https://blog.jessfraz.com/
- https://www.hackinglinuxexposed.com/articles/
- https://rpis.ec/
- https://dave.cheney.net/ - Mostly Golang related
- http://www.brendangregg.com/
- https://www.scalescale.com/
- https://medium.com/@blanchon.vincent ✨
- https://sysadvent.blogspot.com/
- A handbook for making programming languages
- https://codewithoutrules.com/
- https://code.flickr.net/
- https://microservices.io/index.html
✨ - https://engineering.fb.com/
- Cryptography Services Archives
🔒 - https://timilearning.com/ 🚧
- https://aws.amazon.com/builders-library/ - How Amazon builds and operates software
- https://rhinosecuritylabs.com/blog/?category=aws
- https://how.complexsystems.fail/
- https://ops.tips
- https://blog.cleancoder.com/
More
- Password storage in source control
- Difference b/w Integration and Unit Tests
- The language of choice
- Programmer Competency Matrix
- Hacker's guide to Neural Networks
- Return to the Source
- A list of everything that could go in the <head> of your document
- Design Patterns
✨ - Ask HN: “Write your own” or “Build your own” software projects
- Software Testing Anti-patterns *
- Detecting the use of "curl | bash" server side
- Constructors Considered Mildly Confusing
- Clojure - the perfect language to expand your brain?
- International Journal of Proof-of-Concept or Get The Fuck Out
- Making a virtual machine in Google Sheets
- How Did Software Get So Reliable Without Proof?
📃 - The Forgotten History of OOP
- Meet the Flexbox Inspector
✨ - A better zip bomb
- Race Condition vs. Data Race
✨ - The Absolute Minimum Every Software Developer Absolutely, Positively Must Know About Unicode and Character Sets (No Excuses!)
✨ ⚡ - A byte’s not 8 bits.
✨ - Epigrams in programming
- The Danger of “Simplicity”
- Front End Checklist
📁 - See Python, See Python Go, Go Python Go
- Why stack grows down
- Programmer's critique of missing structure of operating systems
- JVM Profiler: An Open Source Tool for Tracing Distributed JVM Applications at Scale
- Queryparser, an Open Source Tool for Parsing and Analyzing SQL
- Enabling Machine Learning with Apache Flink - Sherin Thomas
📺 - High-Throughput, Thread-Safe, LRU Caching
- Sorting 1 million 8-decimal-digit numbers with 1 MB of RAM
- Null References: The Billion Dollar Mistake - Tony Hoare
📺 - Mathematical attack on RSA
- In defence of swap: common misconceptions
- The Twelve-Factor App
- Epigrams on Programming
- Choose Boring Technology
- Essays on programming I think about a lot
✨ - PHP The Wrong Way
- Laws of UX
- How to stop procrastinating by using the Fogg Behavior Model
- lzop vs compress vs gzip vs bzip2 vs lzma vs lzma2/xz benchmark, reloaded
- Andrei Pangin - Everything you wanted to know about Stack Traces and Heap Dumps
📺 - The Log: What every software engineer should know about real-time data's unifying abstraction
✨ ⚡ - The Life of a Data Byte
✨ ⚡ 🚧 - How To Design A Good API and Why it Matters
📺 - The 13 immutable reads on choosing what to work on
- The Duct Tape Programmer
- The Hitchhiker’s Guide to Compression
🚧 - Parsing Algorithms 🚧
- The Differences Between Interpreter and Compiler Explained
- The Mind behind Linux
📺 - Semantic Versioning 2.0.0
- Intentionally leaking AWS keys
- Dream Deploys: Atomic, Zero-Downtime Deployments
- Modern Software Over-Engineering Mistakes
- Intro to Threads and Processes in Python
- Unreliability At Scale
- Extreme HTTP Performance Tuning: 1.2M API req/s on a 4 vCPU EC2 Instance
- Reverse Proxy, HTTP Keep-Alive Timeout, and sporadic HTTP 502s
- A Solution to HTTP 502 Errors with AWS ALB
- DevOps, SRE, and Platform Engineering
- Gunicorn vs Python GIL
- Gunicorn Worker Types: How to choose the right one
- A brief description of the architecture of Gunicorn
- DESIGN PATTERNS
- “Don’t Mock What You Don’t Own” in 5 Minutes
- The History of Pets vs Cattle and How to Use the Analogy Properly
- Scalable WebSocket Architecture
- Unified Streaming And Batch Pipelines At LinkedIn
- Millions of active WebSockets with Node.js
Fun
- https://turnoff.us
- https://xkcd.com
- https://impurepics.com/
- https://www.commitstrip.com
- If Programming languages were harry potter characters
- Git Koans
- Vim Kōans
- The Dharma of Vi
- https://suricrasia.online/iceberg/
- https://goomics.net/
More Books
Software Development
- Coders at Work
- The Pragmatic Programmer
✨ - Hackers: Heroes of the Computer Revolution
- The Mythical Man-Month
- The Joy of Software Development
Random
- A handbook for making programming languages
- Ask HN: What language-agnostic programming books should I read ?
- The Phoenix Project: A Novel about IT, DevOps, and Helping Your Business Win
- An Illustrated Book of Bad Arguments
- An illustrated introduction to computational thinking
- Atomic Design by Brad Frost
- https://begriffs.com/posts/2017-04-13-longterm-computing-reading.html
- What is the single most influential book every programmer should read? [closed]
📚 - A Reading List For the Self-Taught Computer Scientist 📚
- SRE Books
- https://f0.holisticinfosecforwebdevelopers.com/toc.html