DEV Community

Sam Ferree
Sam Ferree

Posted on • Edited on

This Week I Learned

Would love to see what cool things you guys learned. These can be ideas, tips and tricks, or anything really.

I'll start:

At a conference this morning, A talk on security mentioned monitoring the package dependencies people were adding to your project.

It's a great habit that I'd never even considered. We tend to give packages that our projects depend on a pass on security.

Top comments (8)

Collapse
 
ben profile image
Ben Halpern

I recently learned a lot about how opaque requests can affect the navigator.storage API in the browser, as described here: stackoverflow.com/questions/391097...

Among the complications are that the browser can't read the contents of certain responses and automatically books way more storage than needed which can eat into your storage quotas.

I can't seem to find another really helpful Github issue, but I noticed it's always Jeff Posnick answering all of this and I was grateful to read through some of his answers as I sought to learn more about this issue.

I'll have time in the near future to close the loop on this whole issue and write about it more thoroughly.

Collapse
 
dmfay profile image
Dian Fay

I've been digging into monorepo management with Lerna.

Collapse
 
kspeakman profile image
Kasey Speakman • Edited

Tripped up on some interop with F# last night.

stackoverflow.com/questions/489413...

Collapse
 
gauravchaddha1996 profile image
Gaurav Chaddha • Edited

I learned many things last week but the highlight was learning how to generate random IV to actually secure my cryptography operations. In 2013 Bitcoin theft occurred owing to generation of non-random IV’s. Reading up on many resources, I found out that there was a bug in generation of random numbers in JCA (Java cryptography architecture) until Android API version 4.1 which lead to bitcoins being stolen from android wallets. The bug has since been patched. Above API 21 SecureRandom is used to generate IV. It uses a NativePRNG technique with true random seed from /dev/random and uses /dev/urandom to generate cryptographically strong random number for IV.
Resources:

  1. Some securerandom thoughts
  2. Android secure random not even nonce
  3. Helpful stack overflow question
  4. Myths about urandom
  5. SecureRandom reference
  6. Right way to use secure random

Shameless promotion:
For anyone interested, I wrote a weekly update encapsulating things I did last week. Check it out. Link

Collapse
 
arnaudmorisset profile image
Arnaud Morisset • Edited

This week, I learned how GenStage work with Elixir/OTP. You can found a basic example here: elixirschool.com/en/lessons/advanc...

In our current project, we have an umbrella application containing an application which handles Providers and Consumers connected to a RabbitMQ. It provides a high-level API in order to send and receive messages (managing exchanges and queues) easily in all applications of the umbrella.

It's such a nice way to handle those problematics. I love it. (づ ̄ ³ ̄)づ

Collapse
 
johnpaulada profile image
John Paul Ada

Ooohhhh I like this concept :D

This week I learned that the latest NPM screws Linux systems up LOL

On a more serious note, I learned about React's new Context API and tried it with react-broadcast@0.7.0-rc.4 and react-contextual.

Collapse
 
andy profile image
Andy Zhao (he/him)

Really enjoyed this podcast, hosted by Wes Bos and Scott Tolinski:

They talk about CDNs, image + video and web development, and there was a lot of great information that was explained well. Most of the tech that we use at dev.to really flew over my head for a while, and while I still don't quite get it, this episode helped me see how CDNs worked.

Collapse
 
emma_c137 profile image
Emma

That's really interesting- can you add a bit more information about what sort of security and tools?