Tropeçando 102


Each year, OWASP (the Open Web Application Security Project) publishes the top ten security vulnerabilities. It represents a broad consensus about the most critical security risks to web applications. Click through on the lessons below to learn more about how to protect against each security risk.

Your Product Owner Is Not Your Product Manager

Your Product Owner Is Not Your Product Manager. Product management has evolved to encompass numerous roles and responsibilities. Leaders looking to hire a product professional must consider what skills and knowledge their business needs demand.

While the market has evolved and will continue to evolve, there remains a need for both a product owner’s and a product manager’s skills and expertise. By considering the nature and scale of a project and understanding the skills and responsibilities associated with each of these distinct roles, leaders can ensure they hire the right person to help them develop and launch products successfully.

Insert-Only Tables and Autovacuum Issues Prior to PostgreSQL 13

If you have write-only tables (or heavy, heavy writes), you may need to check this post. Autovacuum has some issues before PostgreSQL 13, and you might have some great workarounds to use until upgrading your database version.

Enterprise CI/CD best practices

Free book with 23 best practices to apply to your CI/CD pipeline. Those best practices aim to help you design (or use as a checklist) a solid pipeline for your software.

A war story about COVID, cloud, and cost. And why serverless wins.

Nice story about serverless outcomes and potential. Based on COVID-19 pushing of infrastructure and computing services, billing is an important subject. The article has an excellent example of how both scale environment and low bill costs work together on a serverless tech stack.

Tropeçando 86


Use Open Source. Stay Secure.

A developer-first solution that automates finding & fixing vulnerabilities in your dependencies

Reading List - by Mathias Verraes

Code Reviews and Blame Culture

A common belief is that gated reviews lead to blaming individuals. The opposite can be true.


How to Write a Git Commit Message

Why good commit messages matter

Better Commits with Static Review

Tropeçando 85

Good Engineering Practices while Working Solo

How Much maintenance_work_mem Do I Need?

While I generally like PostgreSQL's documentation quite a bit, there are some areas where it is not nearly specific enough for users to understand what they need to do. The documentation for maintenance_work_mem is one of those places. It says, and I quote, "Larger settings might improve performance for vacuuming and for restoring database dumps," but that isn't really very much help, because if it might improve performance, it also might not improve performance, and you might like to know which is the case before deciding to raise the value, so that you don't waste memory. TL;DR: Try maintenance_work_mem = 1GB. Read on for more specific advice.


Fake Online REST API for Testing and Prototyping

A Beginner’s Guide to the True Order of SQL Operations

The SQL language is very intuitive. Until it isn’t. A guide to understanding the order of a SELECT operation.

The state of open source security - 2019

Snyk is an incredible tool for package security. And they released a state of open source security, talking about open source adoption and package, images and code vulnerabilites. We are talking about maven, npm, pypi, docker, etc.

Tropeçando 84

Cloud Computing without Containers

Cloudflare has a cloud computing platform called Workers. Unlike essentially every other cloud computing platform I know of, it doesn’t use containers or virtual machines. We believe that is the future of Serverless and cloud computing in general, and I’ll try to convince you why.

HTTP-over-QUIC will officially become HTTP/3

The protocol that's been called HTTP-over-QUIC for quite some time has now changed name and will officially become HTTP/3. This was triggered by this original suggestion by Mark Nottingham.

The QUIC Working Group in the IETF works on creating the QUIC transport protocol. QUIC is a TCP replacement done over UDP. Originally, QUIC was started as an effort by Google and then more of a "HTTP/2-encrypted-over-UDP" protocol.

Announcing SSH Access through Cloudflare

A way to replace the old (clunky) VPN by SSH access. Leverage access without losing security.

The Memory Resource Triad

Some more information about the three resources that affect query performance: cpu, memory, and storage.

psql: A New Edit

Have you ever found yourself in the middle of a long statement in psql and wanted to pull up your favorite editor? Now, you can, using the same shortcut of control-x control-e that you would in bash!

Tropeçando 41

Computador, a Máquina de Fazer Burro « Meio Bit

Greatest hits de dicas do Dropbox - Como se faz - INFO Online

[Dicas-L] Salvando a pele do Programador php - SQL injection

16 perguntas sobre Sistemas Operacionais - Geek List

Descubra o Ubuntu – novo comercial – Ubuntu Dicas

Salvar site como PDF no iPhone, iPod e iPad | Blog do Aurélio

G1 - Google oferece US$ 20 mil para quem 'hackear' o Chrome - notícias em Tecnologia e Games

Índices hipotéticos no PostgreSQL | Comunidade Brasileira de PostgreSQL

Produtividade extrema: 13 dicas para você virar um demônio da Tasmânia com suas tarefas | Papo de Homem – Lifestyle Magazine

Criando Relatórios com PHP - Novatec Editora

Dicas-L: - Broffice - Edição de duas ou mais seções de um documento

Por desconhecimento, muitas pessoas deixam de usar um recurso importante e muito útil da suíte de escritórios Broffice.ORG: a edição de um documento, planilha, apresentação, etc. utilizando duas janelas.

Tropeçando 10

The Web Application Security Consortium / The Web Security Glossary

The Web Security Glossary is an alphabetical index of terms and terminology relating to web application security. The purpose of the Glossary is to clarify the language used within the community.

Texas Stadium Fail « FAIL Blog: Pictures and Videos of Owned, Pwnd and Fail Moments

E o windows...

The Novel 100: The 100 Greatest Novels of All Time

Os 100 livros que moldaram a história mundial

Playing For Change | Peace Through Music

Paz através da música. "Taí uma iniciativa não-racial com muitos negros".

Blog do Márcio d’Ávila » Portal da Vivo comprometido prolifera fraude

Ontem, foi descoberto um incidente de segurança que comprometeu o portal da operadora de telefonia Vivo e pode ter afetado milhares de usuários.