Subj : WordPress lawsuit ⚖️, Sam Altman’s Intelligence Age 💡, don’t use RSA 🔒 To : tldr@synchro.net From : TLDR Web Dev Date : Tue Sep 24 2024 11:16:10 --tsZ5qLmZ Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Automattic recently wrote an article and gave a speech publicly disparagi= ng WP Engine - WP Engine has responded with a public =E2=80=9Ccease and d= esist=E2=80=9D.=C2=A0=20 Sign Up [1] |Advertise [2]|View Online [3]=20 = =09=09TLDR =09=09TOGETHER WITH [Stytch] [4] =C2=A0TLDR WEB DEV= 2024-09-24 THIS AUTH KILLS BOTS (SPONSOR) [4]=20 Build auth your= future self will thank you for with Stytch [4]=F0=9F=91=87 =09* It's= a developer-focused platform [5] with unparalleled flexibility to handle= any use case, at any scale. Supports multi-tenant B2B apps, SSO, RBAC, S= CIM, and a pre-built front-end UI. =09* Built-in fraud prevention and de= vice fingerprinting [6] tells you if traffic is from a returning user, fr= audster, or bot. =09* Future proof, scalable infrastructure means you ha= ve secure guardrails for any spike in traffic [4]: 99.999%+ uptime SLA,= SMS/email provider failover, user + org data models, account deduplica= tion, and more. =E2=9C=85 Trusted by Zapier, Replit, Clearbit, Cisco, = Groq Discover the joys of Stytch =F0=9F=98=8D [4] =F0=9F=A7=91= =E2=80=8D=F0=9F=92=BB=20 ARTICLES & TUTORIALS WHEN POSTGRES INDEXI= NG WENT WRONG (7 MINUTE READ) [7]=20 When a concurrent Postgres index c= reation silently failed, the app that used the database faced performance= degradation, almost leading to a production outage. This failure was exa= cerbated by the use of partitioned tables, resulting in inconsistent inde= x usage across different partitions. To avoid such issues, monitor concur= rent index creation, validate indexes regularly, and create partition ind= exes consistently.=20 IMPLEMENTING FEATURE FLAGGING WITH THE NEXT.JS = APP ROUTER (6 MINUTE READ) [8]=20 Use environment variables to contro= l feature visibility, validate them, and then access them within server a= nd client components using custom functions and a feature provider. This = blog post explains how to implement basic feature flagging with the Next.= js App Router. It demonstrates a practical application of feature flaggin= g by controlling the visibility of sidebar routes based on feature flags.= =20 OPTIMIZING FOR HIGH LATENCY ENVIRONMENTS (22 MINUTE READ) [9]=20 = Chrome's User Experience Report provides Round-Trip-Time (RTT) data, = which reveals the network conditions of users. Many users have slower net= work connections, so web applications should be able to handle high-laten= cy environments well. Some strategies to handle these include reducing tr= ansfer size, using a CDN, upgrading to HTTP/2 and TLS 1.3, and adopting H= TTP/3 (QUIC) if possible.=20 =F0=9F=A7=A0=20 OPINIONS & ADVICE = THE INTELLIGENCE AGE (6 MINUTE READ) [10]=20 Sam Altman describes a new= =E2=80=9CIntelligence Age=E2=80=9D driven by new AI advancements. This n= ew era promises massive improvements in various aspects of life, includin= g healthcare, education, and even solving global problems like climate ch= ange. While AI's potential for prosperity is immense, there is still a ne= ed to navigate risks, like those related to labor markets.=20 SERIOUS= LY, STOP USING RSA (13 MINUTE READ) [11]=20 RSA is a widely used public= -key cryptosystem which is arguably fundamentally flawed and should be ab= andoned. Its security relies on carefully chosen parameters, which develo= pers often fail to select properly, leading to vulnerabilities. These vul= nerabilities stem from subtle mathematical properties that average develo= pers are unlikely to grasp, making RSA inherently fragile and prone to at= tacks.=20 MY LEARNINGS FROM 7 FAILED TECH INTERVIEWS (8 MINUTE READ) [1= 2]=20 Zach Wilson, an ex-Airbnb staff data engineer, goes through seven= tech interviews he failed over the last decade. He shares learnings fr= om his time. For example, job hopping early in your career is great for g= rowth, but not as great after you hit your mid-career.=20 =F0=9F=9A= =80=20 LAUNCHES & TOOLS [FREE APPSEC LESSON] GET TO KNOW THE SECUR= E SUPPLY CHAIN CONSUMPTION FRAMEWORK (SPONSOR) [13]=20 Learn how to s= ecurely ingest and manage open-source software into your projects by leve= raging the Secure Supply Chain Consumption Framework (S2C2F). This framew= ork is focused on governance, continuous improvement, and scalable practi= ces to ensure the integrity and security of your software supply chain. C= laim your free video lesson [13] or get a free taster on Youtube [14]=20 = TS-BLANK-SPACE (WEBSITE) [15]=20 ts-blank-space is a TypeScript-to-= JavaScript compiler that focuses on speed by removing type annotations an= d replacing them with whitespace. It utilizes the original TypeScript par= ser and is written in pure TypeScript.=20 SIDEKICK (GITHUB REPO) [16]= =20 Sidekick is a tool that simplifies the deployment applications on= VPS', making the process of hosting side projects faster and more affo= rdable by automating the setup and deployment process. It enables zero-do= wntime deployments and provides features like high availability, load bal= ancing, and automatic SSL certificates.=20 MICROJS (WEBSITE) [17]=20 = A library of JavaScript packages with small footprints.=20 = =F0=9F=8E=81=20 MISCELLANEOUS TUNE LLAMA3 405B ON AMD MI300X (10 M= INUTE READ) [18]=20 Felafax successfully fine-tuned the LLaMA 3.1 405B = model on 8 AMD MI300x GPUs using JAX, Google's Python library for high-pe= rformance numerical computing and machine learning. Its team used JAX for= efficient parameter sharding and a LoRA implementation, achieving near= -linear scaling and high memory efficiency.=20 NO DATA LASTS FOREVER (6= MINUTE READ) [19]=20 No data lasts forever. From ancient papyrus scrol= ls to modern hard drives and flash memory, every method of data storage h= as limitations and eventually fails. In modern times, the potential for d= ata loss comes from hardware failures, technological obsolescence, and = intentional or accidental deletion.=20 CLOUDFLARE'S NEW MARKETPLACE WIL= L LET WEBSITES CHARGE AI BOTS FOR SCRAPING (4 MINUTE READ) [20]=20 Cl= oudflare is launching a marketplace where website owners can sell access = to their content to AI model providers. This marketplace will allow websi= tes to charge AI bots for scraping their content. Cloudflare has also int= roduced AI Audit, a tool that allows website owners to monitor and block = AI bots.=20 =E2=9A=A1=20 QUICK LINKS WP ENGINE RESPONDS TO WORD= PRESS (1 MINUTE READ) [21]=20 Automattic recently wrote an article and = gave a speech publicly disparaging WP Engine - WP Engine has responded wi= th a public =E2=80=9Ccease and desist=E2=80=9D.=20 FROM NODE.JS TO DE= NO: HOW IT ALL BEGAN (9 MINUTE VIDEO) [22]=20 This special feature expl= ores Deno, a new JavaScript runtime created by the minds behind Node.js, = examining its origins, differences from Node.js, and the lessons learned = in its development.=20 USING TYPESCRIPT AND RAG TO ENHANCE USER QUERIES= FROM A TEXT DATASET (15 MINUTE READ) [23]=20 This article explains h= ow to implement Retrieval Augmented Generation (RAG) in TypeScript and Re= act to create a chatbot that can answer questions about content from a la= rge text dataset by retrieving relevant information from a vector databas= e and providing it to an LLM.=20 USING CALLBACKS TO ACHIEVE BETTER CO= MPONENT DECOUPLING IN REACT (3 MINUTE READ) [24]=20 Using callbacks i= n React to achieve better component decoupling involves shifting control = of state updates from child components to parent components.=20 NEXT-= SAAS-STRIPE-STARTER (GITHUB REPO) [25]=20 This is a full-featured, pre-= configured starter project for building SaaS applications using Next.js, = Prisma, Neon, Auth.js, Resend, React Email, Shadcn/ui, and Stripe.=20 = Love TLDR? Tell your friends and get rewards! Share your referral lin= k below with friends to get free TLDR swag!=20 https://refer.tldr.tech/= 363c65bf/3 [26]=20 =09=09Track your referrals here. [27] Want to ad= vertise in TLDR? =F0=9F=93=B0 If your company is interested in reachi= ng an audience of web developers and engineering decision makers, you may= want to ADVERTISE WITH US [28].=20 If you have any comments or feedb= ack, just respond to this email!=20 Thanks for reading,=20 Priyam Mohant= y, Jenny Xu & Ceora Ford=20 If you don't want to receive future editions= of TLDR Web Dev, please unsubscribe from TLDR Web Dev [29] or manage all= of your TLDR newsletter subscriptions [30].=20 =20 Links: ------= [1] https://tldr.tech/webdev?utm_source=3Dtldrwebdev [2] https://adver= tise.tldr.tech/?utm_source=3Dtldrwebdev&utm_medium=3Dnewsletter&utm_campaig= n=3Dadvertisetopnav [3] https://a.tldrnewsletter.com/web-version?ep=3D1&l= c=3Ddf5a9a84-734c-11ef-ae5c-1145880928d7&p=3D93028f14-7a51-11ef-bf6a-472931= d905a6&pt=3Dcampaign&t=3D1727176570&s=3Dc7f37314229c3bcc662679fe6dea13896fd= aaddc7ba703e2725b422848da11ac [4] https://stytch.com?utm_source=3Dtldrweb= dev&utm_medium=3Dpaid_sponsorship&utm_content=3Dtldr-webdev-09-24-2024&utm_= campaign=3Dtldr-webdev-q3-2024 [5] https://stytch.com/docs?utm_source=3Dt= ldrwebdev&utm_medium=3Dpaid_sponsorship&utm_content=3Dtldr-webdev-09-24-202= 4&utm_campaign=3Dtldr-webdev-q3-2024 [6] https://stytch.com/fraud?utm_sou= rce=3Dtldrwebdev&utm_medium=3Dpaid_sponsorship&utm_content=3Dtldr-webdev-09= -24-2024&utm_campaign=3Dtldr-webdev-q3-2024 [7] https://blog.bemi.io/inde= xing/?utm_source=3Dtldrwebdev [8] https://aurorascharff.no/posts/implemen= ting-feature-flagging-with-nextjs-app-router?utm_source=3Dtldrwebdev [9] = https://csswizardry.com/2024/09/optimising-for-high-latency-environments/?u= tm_source=3Dtldrwebdev [10] https://ia.samaltman.com/?utm_source=3Dtldrwe= bdev [11] https://blog.trailofbits.com/2019/07/08/fuck-rsa/?utm_source=3D= tldrwebdev [12] https://blog.dataengineer.io/p/my-learnings-from-7-failed= -tech-interviews?utm_source=3Dtldrwebdev [13] https://info.securityjourne= y.com/supply-chain-security-lesson?utm_campaign=3DSupply%20Chain%20Security= %20Lesson&utm_source=3DTLDR&utm_medium=3Dnewsletter [14] https://www.yout= ube.com/watch?v=3D11tfCFZNw5A&t=3D2s [15] https://bloomberg.github.io/ts-= blank-space/?utm_source=3Dtldrwebdev [16] https://github.com/MightyMoud/s= idekick?utm_source=3Dtldrwebdev [17] http://microjs.com/?utm_source=3Dtld= rwebdev [18] https://publish.obsidian.md/felafax/pages/Tune+Llama3+405B+o= n+AMD+MI300x+(our+journey)?utm_source=3Dtldrwebdev [19] https://lilysthin= gs.org/blog/no-data-lasts-forever/?utm_source=3Dtldrwebdev [20] https://t= echcrunch.com/2024/09/23/cloudflares-new-marketplace-will-let-websites-char= ge-ai-bots-for-scraping/?utm_source=3Dtldrwebdev [21] https://threadreade= rapp.com/thread/1838350670564377051.html?utm_source=3Dtldrwebdev [22] htt= ps://m.youtube.com/watch?v=3DzxitJn9MwYs&utm_source=3Dtldrwebdev [23] htt= ps://edspencer.net/2024/9/2/easy-rag-for-typescript-and-react-apps?utm_sour= ce=3Dtldrwebdev [24] https://darios.blog/posts/using-callbacks-in-react?u= tm_source=3Dtldrwebdev [25] https://github.com/mickasmt/next-saas-stripe-= starter?utm_source=3Dtldrwebdev [26] https://refer.tldr.tech/363c65bf/3= [27] https://hub.sparklp.co/sub_c9fe76197514/3 [28] https://advertise.= tldr.tech/?utm_source=3Dtldrwebdev&utm_medium=3Dnewsletter&utm_campaign=3Da= dvertisecta [29] https://a.tldrnewsletter.com/unsubscribe?ep=3D1&l=3De8d2= 01ca-3e93-11ed-9a32-0241b9615763&lc=3Ddf5a9a84-734c-11ef-ae5c-1145880928d7&= p=3D93028f14-7a51-11ef-bf6a-472931d905a6&pt=3Dcampaign&pv=3D4&spa=3D1727175= 659&t=3D1727176570&s=3D112b1bf762f053242e3990c55ff7af61828bdaaeff9306a75599= 8b5bc6d6a76e [30] https://tldr.tech/webdev/manage?email=3Dtldr%40synchro.= net --tsZ5qLmZ Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable TLDR WebDev
Automattic recently wrote an article and gave a speech publicly disparag= ing WP Engine - WP Engine has responded with a public =E2=80=9Ccease and de= sist=E2=80=9D. 

TLDR

Together With

 TLDR Web Dev 2024-09-24=

This auth kills bots (Spons= or)

Build auth your future self will thank = you for with Stytch=F0=9F=91=87

=E2=9C=85 Trusted by Zapier, Replit, Clearbit, Cisco, Groq

Discover the joys of Stytch =F0=9F=98=8D

=F0=9F= =A7=91=E2=80=8D=F0=9F=92=BB

Articles & Tutorials

When Postgres Indexing Went= Wrong (7 minute read)

When a concurrent Postgres index creati= on silently failed, the app that used the database faced performance degrad= ation, almost leading to a production outage. This failure was exacerbated = by the use of partitioned tables, resulting in inconsistent index usage acr= oss different partitions. To avoid such issues, monitor concurrent index cr= eation, validate indexes regularly, and create partition indexes consistent= ly.
Implementing Feature Flaggi= ng with the Next.js App Router (6 minute read)

Use environment variables to control fe= ature visibility, validate them, and then access them within server and cli= ent components using custom functions and a feature provider. This blog pos= t explains how to implement basic feature flagging with the Next.js App Rou= ter. It demonstrates a practical application of feature flagging by control= ling the visibility of sidebar routes based on feature flags.
Optimizing for High Latency= Environments (22 minute read)

Chrome's User Experience Report provide= s Round-Trip-Time (RTT) data, which reveals the network conditions of users= .. Many users have slower network connections, so web applications should be= able to handle high-latency environments well. Some strategies to handle t= hese include reducing transfer size, using a CDN, upgrading to HTTP/2 and T= LS 1.3, and adopting HTTP/3 (QUIC) if possible.
=F0=9F= =A7=A0

Opinions & Advice

The Intelligence Age (6 min= ute read)

Sam Altman describes a new =E2=80=9CInt= elligence Age=E2=80=9D driven by new AI advancements. This new era promises= massive improvements in various aspects of life, including healthcare, edu= cation, and even solving global problems like climate change. While AI's po= tential for prosperity is immense, there is still a need to navigate risks,= like those related to labor markets.
Seriously, stop using RSA (= 13 minute read)

RSA is a widely used public-key cryptos= ystem which is arguably fundamentally flawed and should be abandoned. Its s= ecurity relies on carefully chosen parameters, which developers often fail = to select properly, leading to vulnerabilities. These vulnerabilities stem = from subtle mathematical properties that average developers are unlikely to= grasp, making RSA inherently fragile and prone to attacks.
My learnings from 7 failed = tech interviews (8 minute read)

Zach Wilson, an ex-Airbnb staff data en= gineer, goes through seven tech interviews he failed over the last decade. = He shares learnings from his time. For example, job hopping early in your c= areer is great for growth, but not as great after you hit your mid-career.
=F0=9F= =9A=80

Launches & Tools

[Free AppSec Lesson] Get to= Know the Secure Supply Chain Consumption Framework (Sponsor)

Learn how to securely ingest and manage= open-source software into your projects by leveraging the Secure Supply Ch= ain Consumption Framework (S2C2F). This framework is focused on governance,= continuous improvement, and scalable practices to ensure the integrity and= security of your software supply chain. Claim your = free video lesson or get a free taster on Youtube
ts-blank-space (Website)

ts-blank-space is a TypeScript-to-JavaS= cript compiler that focuses on speed by removing type annotations and repla= cing them with whitespace. It utilizes the original TypeScript parser and i= s written in pure TypeScript.
Sidekick (GitHub Repo)

Sidekick is a tool that simplifies the = deployment applications on VPS', making the process of hosting side project= s faster and more affordable by automating the setup and deployment process= .. It enables zero-downtime deployments and provides features like high avai= lability, load balancing, and automatic SSL certificates.
MicroJS (Website)

A library of JavaScript packages with s= mall footprints.
=F0=9F= =8E=81

Miscellaneous

<= /div>
Tune Llama3 405B on AMD MI3= 00x (10 minute read)

Felafax successfully fine-tuned the LLa= MA 3.1 405B model on 8 AMD MI300x GPUs using JAX, Google's Python library f= or high-performance numerical computing and machine learning. Its team used= JAX for efficient parameter sharding and a LoRA implementation, achieving = near-linear scaling and high memory efficiency.
No Data Lasts Forever (6 mi= nute read)

No data lasts forever. From ancient pap= yrus scrolls to modern hard drives and flash memory, every method of data s= torage has limitations and eventually fails. In modern times, the potential= for data loss comes from hardware failures, technological obsolescence, an= d intentional or accidental deletion.
Cloudflare's new marketplac= e will let websites charge AI bots for scraping (4 minute read)

Cloudflare is launching a marketplace w= here website owners can sell access to their content to AI model providers.= This marketplace will allow websites to charge AI bots for scraping their = content. Cloudflare has also introduced AI Audit, a tool that allows websit= e owners to monitor and block AI bots.
=E2=9A= =A1

Quick Links

WP Engine responds to WordP= ress (1 minute read)

Automattic recently wrote an article an= d gave a speech publicly disparaging WP Engine - WP Engine has responded wi= th a public =E2=80=9Ccease and desist=E2=80=9D.
From Node.js to Deno: How I= t All Began (9 minute video)

This special feature explores Deno, a n= ew JavaScript runtime created by the minds behind Node.js, examining its or= igins, differences from Node.js, and the lessons learned in its development= ..
Using TypeScript and RAG to= Enhance User Queries from a Text Dataset (15 minute read)

This article explains how to implement = Retrieval Augmented Generation (RAG) in TypeScript and React to create a ch= atbot that can answer questions about content from a large text dataset by = retrieving relevant information from a vector database and providing it to = an LLM.
Using callbacks to achieve = better component decoupling in React (3 minute read)

Using callbacks in React to achieve bet= ter component decoupling involves shifting control of state updates from ch= ild components to parent components.
next-saas-stripe-starter (G= itHub Repo)

This is a full-featured, pre-configured= starter project for building SaaS applications using Next.js, Prisma, Neon= , Auth.js, Resend, React Email, Shadcn/ui, and Stripe.

Love TLDR? Tell your friends and get rewards!

Share your referral link below with friends to get free TLDR swag!
https://refer.tldr.tech/363c65bf/3
Trac= k your referrals here.

Want to advertise in TLDR? =F0=9F=93=B0

If your company is interested in reaching an audience of web developers and= engineering decision makers, you may want to advertise with us= .

If you have any comments or feedback, just respond to this email!

Thanks for reading,
Priyam Mohanty, Jenny Xu & Ceora Ford


If you don't want to receive fu= ture editions of TLDR Web Dev, please un= subscribe from TLDR Web Dev or manage all of your TLDR newsl= etter subscriptions.
3D"" --tsZ5qLmZ-- --- ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net .