A reverse-engineered system design of Netflix's web application, built entirely from live network traffic analysis of the authenticated browse experience. 177 requests captured, every API contract inspected, every subsystem named.
┌─────────────────────────────────────────────────────────────────────────────┐
│ BROWSER (Akira SPA) │
│ │
hi, i'm daniel. i'm a 16-year-old high school senior. in my free time, i hack billion dollar companies and build cool stuff.
about a month ago, a couple of friends and I found serious critical vulnerabilities on Mintlify, an AI documentation platform used by some of the top companies in the world.
i found a critical cross-site scripting vulnerability that, if abused, would let an attacker to inject malicious scripts into the documentation of numerous companies and steal credentials from users with a single link open.
(go read my friends' writeups (after this one))
how to hack discord, vercel, and more with one easy trick (eva)
Redacted by Counsel: A supply chain postmortem (MDL)
| import asyncio | |
| import os | |
| import pathlib | |
| import random | |
| import re | |
| import sys | |
| from collections.abc import AsyncIterator | |
| from contextlib import asynccontextmanager | |
| from datetime import UTC, datetime, timedelta | |
| from enum import Enum |
| I'm told that there are people claiming to "tokenize" my git repositories with my approval. | |
| I just want to clarify that that is not the case. I do not believe in monetizing my repositories. | |
| If you believe crypto-currencies are anything but a scam, I have a bridge to sell you. | |
| But I'm not selling source code. |
Here is a short list of problems to solve in "any" Fintech
| /* eslint-disable react-hooks/rules-of-hooks */ | |
| // 24:33 error React Hook "useNextRouter" is called conditionally. React Hooks must be called in the exact same order in every component render react-hooks/rules-of-hooks | |
| // 25:43 error React Hook "useReactRouterNavigate" is called conditionally. React Hooks must be called in the exact same order in every component render react-hooks/rules-of-hooks | |
| // 43:35 error React Hook "useNextPathname" is called conditionally. React Hooks must be called in the exact same order in every component render react-hooks/rules-of-hooks | |
| // 44:37 error React Hook "useReactRouterLocation" is called conditionally. React Hooks must be called in the exact same order in every component render react-hooks/rules-of-hooks | |
| 'use client'; | |
| import { usePathname as useNextPathname, useRouter as useNextRouter } from 'next/navigation'; | |
| import { |
Adding inner margins and padding to one component should be avoided. In one screen it may make sense to do this, but as soon as other screen doesn't require that margin, the component becomes incorrect. Do not create new components with inner margins. There are a few ways to undo this. Let's first create an incorrect example:
❌ Wrong
type ProfileCardItemProps = {
label: string
value: string
}
| {-# LANGUAGE GHC2021, NoScopedTypeVariables, RequiredTypeArguments, AllowAmbiguousTypes #-} | |
| import Data.Proxy | |
| hasScopedTypeVariables :: Bool | |
| hasScopedTypeVariables = f Char | |
| f :: forall a -> C a => Bool | |
| f a = g @Int | |
| where |
While I was working on one of my projects using Laravel Sanctum using SPA Authentication. This project has multiple sub-domains for different environments, like DEV, STG, UAT and is hosted in the same domain, like dev.domain.tld, stg.domain.tld. In the .env file, the SESSION_DOMAIN variable should include a leading dot (.) before the subdomain. This ensures that the session cookie is available to all subdomains. For example:
SESSION_DOMAIN=.domain.tldsanctum/csrf-cookie to initialize CSRF protection; it will set the session for the request and XSRF-TOKEN as a cookie in the browser. With this session, it will persist.