by Paul Hendry | Jan 7, 2022 |
Spot the Vulnerability: Loops and Terminating Conditions
In memory-unsafe languages like C, special care must be taken when copying untrusted data, particularly when copying it to another buffer. In this post, we’ll spot and mitigate a past vulnerability in Linux’s NTP daemon.
(more…)
by Paul Hendry | Aug 27, 2021 |
When I’m not coding the "impossible" at Art+Logic, I take a lot of interest in new programming technologies and paradigms; even if they’re not yet viable for use in production, there can often be takeaways for improving your everyday code.
My current fascination is the Idris programming language, a research language built around making dependent types practical. This is a quick primer on what dependent types are, how they work in Idris, and how they can change the way you think about types in other languages; we’ll assume no prior knowledge of Idris or of purely functional languages in general, but a basic familiarity with functional programming will make things easier to follow.
(more…)
by Paul Hendry | Aug 6, 2021 |
In 1997, a flaw was discovered in how Linux and Windows handled IP fragmentation, a Denial-of-Service vulnerability which allowed systems to be crashed remotely.
(more…)
by Paul Hendry | Jul 1, 2021 |
Vue 3 introduces some compelling new features, but also many breaking changes. The question is, how do you get there? Fortunately, the Vue.js team has recently released the Migration Build, which makes it possible (and easy) to make a smooth transition from v2 to v3.
(more…)
by Paul Hendry | Oct 1, 2019 |
The RESTful API has a funny place in the software development world: it’s widely regarded as the best general-purpose pattern for building web application APIs, and yet it’s also nebulous enough of a concept to cause endless disagreements within teams over exactly how to implement one.
Do I make my endpoint /company/123/
or /companies/123/
? How about /companies/123/locations/
vs /locations/?company=123
? How do I handle versioning the API? Why shouldn’t I send a POST request to trigger an action on the server? If a backend task can take many seconds to process, how do I represent that in the API?
(more…)