WebDevPro #39: RAG, Derivations in Reactivity, OSS Friends on Next.js, Lamport's Bakery Algorithm, E-mail spoofing, VMware bug.
Advertise with Us | Sign Up to the Newsletter
Advance Your Knowledge in Tech
Dive into a world of endless knowledge with our 7-day FREE trial! Discover over 7,500 tech books and videos with your Packt subscription and stay ahead in your field.
Plus, check out our NEW feature: the AI Assistant (beta), available across eBook, print, and subscription formats. Don't miss your chance to explore and innovate – start your free trial today and unlock your tech potential!
Kickstart Your Upskilling Here!
WebDevPro #39: RAG, Derivations in Reactivity, OSS Friends on Next.js, Lamport's Bakery Algorithm, E-mail spoofing, VMware bug.
January 25, 2024
Hi,
Welcome to the _webdevpro! Your one stop for all things Web Dev!
We start today’s issue with community discussions on:
Don't miss repository of manually curated collection of ChatGPT resources for web developers. Wanting to learn about Ruby? Our tutorial covers Running a simple code file from the book ‘From PHP to Ruby’.
Our relatively new section captures internet jibber-jabber about topics in the web ecosystem:
British inventor seeks to take $18bn bite out of Apple in bitter patent war
Chinese hackers exploit VMware bug as zero-day for two years
If you're in the EU, you can now decide how much data to share with Google
Today's news covers Django, Laravel, Ruby on Rails and Spring.
P.S.: If you have any suggestions or feedback, or would like us to feature your project on a particular subject, please write to us. Just respond to this email!
If you liked this installment, fill in our survey below and win a free Packt PDF.
Thanks,
Apurva Kadam
Editor-in-Chief, Packt
WebDev Community Speak
What is the WebDev industry talking about? Latest Developments? Cool tricks? Tutorials? Cheatsheets? How are Web Developers upskilling? Read about it all here.
Top 5 Beginner-Friendly Open-Source Libraries for RAG - Everyone has by now heard of using Retrieval Augmented Generation (RAG) to find information with AI. Being able to access and use the ever-growing volumes of data is a key skill that every company needs. Even if you know that RAG is basically a short-hand way of describing the workflow of linking documents or knowledge to LLMs, many developers have not tried or experimented with this themselves(yet). Here is a short list of the best libraries to help you start with RAG.
The Ultimate Developer's Toolkit - Here is a list of developer resources to help you continue learning. It is followed with a list of 36courses/certifications you can take as a web developer.
10 Websites to Learn Anything For Free On The Internet - The internet has many treasures inside it. But many of you don’t know them. Here are 10 resourceful websites to learn anything for FREE on the internet.
Derivations in Reactivity - Whether you are trying to forget React, explore runes with Svelte or are angling for Angular; whether you build Solid apps, construct views in Vue, or live in QwikCity this topic is relevant. It transcends the Virtual DOM or Signals. Before you decide that useEffect was created to be the bane of everyone's existence let's take a look at the most important part of reactivity: Derivations.
Top Trending Open Source Projects to Watch for in 2024 - I've put together a small list of what I've seen trending or expect them to in this new year. Let's take a look at some of the most surprising and impressive projects I've come across lately.
How to add the OSS Friends page to your Next.js website - In the open-source community, collaboration and connections are key. An OSS (Open Source Software)Friends page on your website can showcase the community that contributes to and supports your projects. In this article, we'll guide you through creating an OSS Friends page using an API to fetch and display the latest OSS projects.
On a scale of 1-10, how would you rate the relevance and usefulness of the community discussions in today’s issue?
lowest 1 2 3 4 5 6 7 8 9 10 highest
Sorry, voting is closed.
WebDev Repos
We at WebDevPro highlight Web resources in a week-on-week series. This week we bring you manually curated collection of hosted ChatGPT resources for web developers:
ChatGPT for Google - Display ChatGPT response alongside search engine results.
ChatGPT Prompt Genius - Discover, share, import, and use the best prompts for ChatGPT.
ChatGPT Box - Deep ChatGPT integrations in your browser.
ChatGPT Export and Share - Download your ChatGPT history to PNG, PDF or a link.
Superpower ChatGPT - Enhance the ChatGPT web UI with search history, create folders, export all chats, pin messages, and access thousands of prompts.
chatgpt-google-summary-extension - Display ChatGPT summaries alongside Google search results, YouTube videos, etc.
FancyGPT - Save and share beautiful ChatGPT snippets as images, PDFs, and text files.
WritingMate.ai - Writing assistant.
Summarize - Summarize websites.
WebChatGPT - Enable web access in ChatGPT.
On a scale of 1-10, how would you rate the relevance and usefulness of the repositories in today’s issue?
lowest 1 2 3 4 5 6 7 8 9 10 highest
Sorry, voting is closed.
Have a GitHub project you want to show off? Write to us and we will feature it!
Internet Web Dev Jibber-Jabber
Random curious musings and interesting words about Web Dev on the Internet.
British inventor seeks to take $18bn bite out of Apple in bitter patent war - Patrick Racz is in a long-running patent fight with the tech company over claims it stole his filesharing and payment system for iTunes. Patrick Racz was awarded $533m in damages from Apple by a US court in 2015 but the decision was overturned. He claims the US corporation stole his system. What gave him a “new lease of life” was patents for the tech that were first lodged in 1999 and granted nearly a decade later, teeing up a huge court battle that is still playing out as he targets $18bn in damages.
Lamport's Bakery Algorithm, Demonstrated in Python - The Bakery Algorithm was invented by Leslie Lamport in 1974. It's a locking mechanism used in concurrent programming to prevent multiple processes from entering their critical sections simultaneously, which could cause data corruption or inconsistencies. It's named after the numbering system used in bakeries, where each customer gets a number and waits for their turn to be served.
Introducing a novel technique for e-mail spoofing - SMTP, the Simple Mail Transfer Protocol, allows e-mailing since 1982. This easily makes it one of the oldest technologies amongst the Internet. However, even though it seems to have stood the test of time, there was still a trivial but novel exploitation technique just waiting to be discovered – SMTP smuggling! In this talk, we’ll explore how SMTP smuggling breaks the interpretation of the SMTP protocol in vulnerable server constellations worldwide, allowing some more than unwanted behavior.
Chinese hackers exploit VMware bug as zero-day for two years - A Chinese hacking group has been exploiting a critical vCenter Server vulnerability (CVE-2023-34048) as a zero-day since at least late 2021. The flaw was patched in October, with VMware confirming this Wednesday that it's aware of CVE-2023-34048 in-the-wild exploitation, although it didn't share any other details on the attacks.
If you're in the EU, you can now decide how much data to share with Google - If you are in the EU, you can take back more agency over your digital privacy even when using notorious data-hungry platforms. Google now allows users to decide the amount of information they want to share (or not) with the provider as they can opt for "unlinking" certain services from each other. The move comes as the big tech giant gets ready to comply with new data-sharing rules introduced by the Digital Market Act (DMA).
On a scale of 1-10, how would you rate the relevance and usefulness of the Internet Jibber-Jabber section in today’s issue?
lowest 1 2 3 4 5 6 7 8 9 10 highest
Sorry, voting is closed.
Web Dev Tutorial
Running a simple code file
As I mentioned in the introduction, running scripts in Ruby is simple and easy. Similar to running scripts in PHP, we can create a file, add Ruby code to it, and execute it with Ruby. Running or executing code simply means that we will have Ruby read (also referred to as parse) through our source code, and then translate it into a language that the computer can understand and process.
Let’s start with a simple example by creating a folder called ruby_syntax on our desktop. In that folder, create our source code file, which is called running_ruby.rb, with your IDE of choice.
Now, let’s add some code to our file:
# running_ruby.rb
print('I am running a Ruby script');
Now, let’s open a shell and go to the same folder we just created:
cd path-to-our-desktop/ruby_syntax
Once we are in this folder in our shell, we can run the script we just created with Ruby:
ruby running_ruby.rb
This should output the following:
I am running a Ruby script
As I mentioned in Chapter 1, this syntax is strangely familiar to the PHP one. If we compared the two, we would have the following PHP equivalent:
<?php # running_php.php
print('I am running a PHP script');
We would then run the example in the same way as the Ruby one, but with the PHP executable instead, like so…read more.
Read the “From PHP to Ruby Basics” book now!
On a scale of 1-10, how would you rate the relevance and usefulness of the tutorial section in today’s issue?
lowest 1 2 3 4 5 6 7 8 9 10 highest
Sorry, voting is closed.
What's Happening in Web Dev?
Your dose of the latest releases, news and happenings in the Web Development industry!
Laravel
A look at what's coming to Laravel 11 - Laravel 11 is not scheduled to be released until Q1 of the 2024, but some new features have been shared out, but here are some big new improvements in this Laracon keynote.
Laravel Live UK - Laravel Live UK has announced the details for this year's conference. Join over 300 Laravel and PHP enthusiasts for inspirational talks, engaging networking and amazing learning opportunities at Laravel Live UK.
Laravel Scout Adds Typesense - A recent Laravel Scout release added Typesense, a lightening-fast open-source search alternative to Algolia + Pinecone.
Ruby on Rails
Define a class method to introspect valid delegatable types - This PR introduces a <role>_types class method within ActiveRecord::DelegatedType to enable introspection of delegated types.
Makeschema_dump, query_cache, replica & database_tasks configurable viaDATABASE_URL - Enable configurability for schema_dump, query_cache, replica,and database_tasks via DATABASE_URL. Previously,this functionality faced limitations due example, DATABASE_URL=postgres://localhost/foo?schema_dump=false nowproperly disables dumping the schema cache.
Fix IPAddr prefix information missing when writing to the cache - This PR incorporates the IPAddr#prefix into the serialization process of an IPAddr when utilizing the ActiveSupport::MessagePack serializer. This modification ensures both backward and forward compatibility; existing payloads remain readable, and newer payloads are compatible with earlier versions of Rails.
Ensure only directories exist in Rails default load paths - Safeguard Rails default load paths by enforcing the presence of only directories. In the past, certain files within the app directory caused contamination in the load paths. This commit rectifies the issue by eliminating files from the default loadpaths established by the Rails framework.
Spring
CVE-2024-22233: Spring Framework server Web DoS Vulnerability - The Spring Framework 6.0.16and 6.1.3 releases shipped on January 11th includes a fix for CVE-2024-22233.The Spring Boot 3.1.8 and 3.2.2 releases shipped last week upgrade to the relevant Spring Framework versions. Users are encouraged to update as soon as possible.
Spring Boot 3.2.2 available now - Spring Boot 3.2.2 has been released and is now available from Maven Central.
On a scale of 1-10, how would you rate today’s issue of WebDevPro in terms of being informative, engaging, and useful?
lowest 1 2 3 4 5 6 7 8 9 10 highest
Sorry, voting is closed.
And that’s a wrap.
P.S.: If you have any suggestions or feedback, or would like us to feature your project on a particular subject, please write to us. Just respond to this email!
Someone forwarded this email? Sign Up here!
Copyright (C) 2024 Packt Publishing. All rights reserved.
As a GDPR-compliant company, we want you to know why you’re getting this email. The _webdevpro team, as a part of Packt Publishing, believes that you have a legitimate interest in our newsletter and the products associated with it. Our research shows that you, <<Email Address>> , opted-in for communication with Packt Publishing in the past and we think that your previous interest warrants our appropriate communication. If you do not feel that you should have received this or are no longer interested in _webdevpro, you can opt out of our emails by unsubscribing here.
Our mailing address is:
Want to change how you receive these emails?
You can update your preferences or unsubscribe
Excellent roundup this week. The SMTP smuggling piece from 37c3 is particularly striking because it demonstrates how protocol ambiguity that has existed since 1982 can still yield novel exploitation vectors. What makes this attack so effective is that it exploits the gap between how different mail servers parse message boundaries, not any single implementation flaw. It's a good reminder that even wel-tested protocols can harbor subtle interpretation differences that become security issues when servers in a chain disagree on parsing behavior.
Fascinating. Lamport's Bakery Algorithm is a classic. Does the Python demo bridge this to modern web scalability, or is it mostly queuing for actual pastrys?