Copy
View this email in your browser

Software Weekly - 08/12/2019

Sales ML, Android profiling, HTTP request smuggling, hacked iPhone, Grande SQL injection, verification vs validation & more
 

Listen


Last week’s most popular episode: People.ai: Machine Learning for Sales with Andrey Akselrod. Andrey discusses the potential applications of machine learning in the domain of sales, and the engineering work that his company has done in helping a sales organization avoid manual data entry, understand areas of potential improvement, and decide on who the highest value sales lead to pursue might be.

Old favorite: Energy Market Machine Learning with Minh Dang and Corey Noone. Minh and Corey discuss how Advanced Microgrid Solutions builds and deploys machine learning models for market prediction, data infrastructure, machine learning model deployments, and the dynamics of the energy markets.


 Tired of maintaining your old internal admin interface? HumongouS.io is a no-code online GUI for MongoDB. Create, browse, and edit your MongoDB documents from the convenience of your browser. Try it now!

Interesting Picks in Software Engineering and Architecture


Introducing Nanoscope: An Extremely Accurate Method Tracing Tool for Android. Uber built a profiler to overcome Android Studio CPU profiler's limitations, mainly the performance overhead to using it. Nanoscope is very powerful when debugging animations and transitions. Uber includes documents on the architecture of the tool which is fascinating. Nanoscope runs on a forked version of Android. 

HTTP Desync Attacks: Request Smuggling Reborn. Great security write-up this week (it's DefCon week) on how to do HTTP request smuggling to control and send harmful responses to web traffic. 

Re-Architecting the Video Gatekeeper. Netflix built a time-machine for datasets. The system uses a pub-sub model to publish notifications when the data changes. Built on top of Kafka, Netflix is able to propagate changes in 30 seconds. 

The Fully Remote Attack Surface of the iPhone. Researchers investigated remote attack surface of the iPhone, and reviewed SMS, MMS, VVM, Email, and iMessage and found 10 vulnerabilities. 

[From Android dev] Flutter looks good but is painful. Here are my frustrations with it. "From the community to the 3rd party libraries, it looks like Flutter is a lot closer to JavaScript than Android. JavaScript, however, isn’t shy of moving faster while Flutter is still deciding what they want to be."

Verification vs Validation. Verification is finding congruence between what you expect from a system and the actual output. Validation is finding congruence between an explicit model of how something works and how it actually works.

Why our team canceled our move to microservices. This article was trending this week on social media. This is a company of 12 developers and 2 teams. Of course, you don't build microservices. A lot of the stuff in this article is just lack of understanding for how to build a microservices architecture. Maybe time for someone to write a good guide on microservices. Really the book should be called: "Don't Build Microservices with a 12-Person Team."

Patterns on goods designed to trigger Automated License Plate Readers. The patterns on the goods in this shop are designed to trigger Automated License Plate Readers, injecting junk data into the systems used by the State and its contractors to monitor and track civilians and their locations. There is also a link on how to do your own.

The Rule Of 2. Pick no more than 2: untrustworthy inputs, unsafe implementation language, or high privilege. Why? Check out the article to learn how this reduces security vulnerabilities.

We had issues with Monzo on 29th July. Here's what happened, and what we did to fix it. While scaling a Cassandra cluster, something the team thought was impossible happened: new clusters took over control of some data but didn't stream it over. Some great things from an outage: Monzo has a fallback deployment mechanism strategy and had a way to update customers about the outage that wasn't impacted by the actual outage. A single flag caused the outage. Managing databases is hard and scaling while live is hard. I would suggest Monzo take a look at using a managed NoSQL database rather than managing their own Cassandra clusters.  

Responding to Firefox 0-days in the wild. An attack targeting Coinbase employees relied on 2 Firefox exploits. Quite the security engineering team at Coinbase.

Await a minute, why bother? Interesting read on why to use await in Rust. If you use JavaScript, C#, Scala, or Python, this will be a refreshing read into why and will give you insights about the Rust programming language. 

GitLab Commit, GitLab's inaugural community event, brings together the GitLab community to connect, learn, and inspire. See you September 17 in Brooklyn, NY. Learn how to innovate the future of software development by registering today! Register by August 15, 11:59 pm PT at softwareengineeringdaily.com/commit with code: commit99 to save $99 on conference passes.

What's New in Tech


Apple Confirms $1 Million Reward For Anyone Who Can Hack An iPhone. Or a Mac. There’s also a 50% bonus for hackers who can find weaknesses in software before it's released. Time to level up your hacking skills.

SQL Injection Vulnerability Exposed Starbucks Financial Records. Fixed within 2 days.

 Monday.com is a team management platform that brings all your work, external tools and communication into one place, making cross-team collaboration easy. You can try Monday.com and get a 14 day trial by going to monday.com/sedaily. And if you decide to become a customer, you will get 10% off by using coupon code SEDAILY.

Announcements


New SEDaily app for iOS and for Android. It includes all 1000 of our old episodes, as well as related links, greatest hits, and topics. You can comment on episodes and have discussions with other members of the community.

Podsheets is an open source podcast hosting platform that we recently launched. We are building Podsheets with the learnings from Software Engineering Daily, and our goal is to be the best place to host and monetize your podcast. If you have been thinking about starting a podcast, check out podsheets.com.
  
FindCollabs is a place to find collaborators and build projects. We recently launched GitHub integrations. It’s easier than ever to find collaborators for your open source projects. And if you are looking for some people to start a project with, FindCollabs we have topic rooms that allow you to find other people who are interested in a particular technology.


Hi there, I'm Abdallah. I am a software developer myself and love talking news, insights, analysis of software engineering, and bringing you interesting content from across the web.
 
Your support for the show and the newsletter is greatly appreciated.

Thank you,
Abdallah Abu-Ghazaleh (@TheGhazStation)
 
Join the Slack community and discuss your thoughts with fellow listeners.

Newsletter Feedback

Got feedback? Reply to this email and let us know your thoughts.

If you enjoyed reading this newsletter, I hope you will forward it to your friends and coworkers and ask them to subscribe.
 
Copyright © 2019 Software Daily, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

Email Marketing Powered by Mailchimp