- Welcome to my blog!
- I write about tech, coding and web development.
- Mostly notes about things I learn, and occasionally my experiences, opinions and thoughts.
Da Vinci Resolve - Learn by using
Learnt following, while editing a video in Da Vinci Resolve 18 General Reference: https://www.youtube.com/watch?v=x5mi55JPIQU Increase volume of a video https://www.youtube.com/watch?v=J3KQV4yW4kM How to make reverb echo effect https://youtu.be/EppFghHilFg Zoom (dynamic Zoom) https://youtu.be/o6rnuaJlB9M Use Ctrl + \ for blade tool (‘slice’)
Cloudfare July 2019 Incident: Regex's exponential runtime
A Cloudflare outage from 2019 has roots in regex change done in WAF (Web Application Firewall). Exponential runtime regex match caused outages. The incident is described in the excellet “Post Mortem” blog post by Cloudflare : https://blog.cloudflare.com/details-of-the-cloudflare-outage-on-july-2-2019/ References: Explained in this excellent video by Kevin Fang: https://www.youtube.com/watch?v=DDe-S3uef2w
gRPC - what is it
gPRC became possible with HTTP/2. HTTP/2 added a new layer called “binary framing”. References: https://www.freecodecamp.org/news/what-is-grpc-protocol-buffers-stream-architecture/
How SSL works
A digital certificate provides a convenient way of distributing trusted public encryption keys. Example Usage To illustrate we will look at a typical web browser and web server connection using SSL. (https). This connection is used on the Internet to send email in Gmail etc and when doing online banking,shopping etc. Browser connects to server Using SSL (https) Server Responds with Server Certificate containing the public key of the web server....
Access Token in GET Request
Why is it fine to send access token to resource server in a GET request In a header - Authorization header as Bearer Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 “the header is not logged anywhere”? - to verify. Maybe wrong. Find the correct. Following were a little helpful (must read): https://security.stackexchange.com/questions/229892/sending-token-through-get-vs-post https://security.stackexchange.com/questions/188975/is-a-redirect-showing-the-password-in-plain-text-a-security-vulnerability/188995#188995 In query param A contrasting answer saying why it can be ok: From: https://security.stackexchange.com/questions/158541/sending-access-token-through-get-request As explained here, sensitive data in the URL query part (such as a secret API token) is primarily an issue if the URL is accessed directly in the browser and therefore visible in the URL bar as well as stored in the browser history....