I taught a bucket to speak git

Announcing TypeScript 7.0 RC

TypeScript 7.0 RC đã được phát hành với trình biên dịch (compiler) được viết lại bằng Go …

Exploring Programming Languages

Một nhà phát triển hài hước kể lại hành trình khám phá các ngôn ngữ lập trình — từ LISP, COBOL, Perl, Python, Ruby, Java, JavaScript, Go đến Rust — ghi lại những đặc điểm kỳ quặc và khó chịu của từng ngôn ngữ trước khi tìm thấy sự hài lòng với Elixir và hệ sinh thái BEAM.

Làm việc với nhiều ngôn ngữ lập trình khác nhau giúp bạn hiểu rõ hơn về cách mỗi ngôn ngữ xử lý vấn đề, từ đó có thể chọn lựa và áp dụng hiệu quả hơn trong công việc thực tế.

slog Constants

Bài viết giới thiệu bốn hằng số tích hợp sẵn trong package slog của Go: TimeKey, LevelKey, MessageKey và SourceKey, là các khóa định nghĩa thuộc tính tự động thêm vào log bởi các handler có sẵn. Nó giải thích vai trò của từng khóa, điều kiện xuất hiện trong log (bao gồm SourceKey tùy chọn qua AddSource) và cách tương tác như viết handler tùy chỉnh hoặc dùng ReplaceAttr trong HandlerOptions.

Để hiểu cách tối ưu hóa và kiểm soát dữ liệu log trong ứng dụng Go, từ đó giảm thiểu lỗi và cải thiện khả năng debug hiệu quả.

From Code to Coverage (Part 6): What netlogon.log Sees That Event 1644 Never Will

A deep technical investigation into ldapnomnom, a tool that claims to generate no Windows audit logs while brute-forcing Active Directory usernames via LDAP Ping (cLDAP). Source code analysis reveals the tool actually uses TCP (not UDP), making it detectable via Event 5156 from the Windows Filtering Platform. The post explains why Event 1644 structurally cannot log LDAP Ping traffic (it bypasses the LDAP engine entirely, routing to netlogon.dll instead), while netlogon.log with debug logging captures every queried username. A key defender advantage: netlogon.log distinguishes disabled accounts from nonexistent ones, while attackers see identical responses for both. True UDP cLDAP (demonstrated with a custom cldap_ping.py) does evade Event 5156 but still appears in netlogon.log without source IP attribution. Microsoft Defender for Identity (MDI external ID 2437) can detect both TCP and UDP variants via packet capture but is threshold-based and bypassable with throttling. The recommended detection approach correlates netlogon.log usernames with Event 5156 source IPs using a 5-second timestamp window.

TypeScript 7.0 RC: The Go Rewrite Migration Guide

TypeScript 7.0 RC introduces a complete compiler rewrite in Go (codenamed 'Corsa'), delivering 5-9x faster build times and ~60-70% lower memory usage. The new compiler ships as a native binary (tsgo) installable via npm. Migration steps include installing @typescript/native, deleting stale .tsbuildinfo files, running tsgo --noEmit alongside tsc to compare diagnostics, updating tsconfig.json (removing preserveConstEnums), and adjusting build pipelines. Key limitations in the RC: no programmatic Compiler API (breaking ts-morph, custom transformers), incomplete --declarationMap support, and gaps in --build mode for complex multi-project setups. Teams with large codebases (500+ files) gain the most, but the RC should not gate production releases without a parallel tsc safety net.

I need a CVE tool, it took me much less effort to build correctly

A developer builds a container vulnerability scanner with a web console on top of ConfigHub, a platform that treats configuration as queryable data. By reusing most of the scaffolding from a previously built RBAC Manager app, the CVE tool required only swapping domain-specific logic: a custom Go scanner that pulls image layers, reads OS package databases, and matches against a unified CVE database (GitHub Advisory, CVE List V5, OSV.dev). Scan verdicts are written back onto Kubernetes Deployment Units as annotations, and a Trigger gates any workload with critical CVEs — no admission webhook needed. The React web console reused ~80% of the RBAC Manager codebase, with only the model (~250 lines), snapshot query clauses, and page components replaced. The post generalizes a 5-step pattern for building internal tools on ConfigHub: define your object, load a fleet snapshot, render views, act through the API, and let policy live in ConfigHub gates.

From Langflow to Monero: Inside CVE-2026-33017 Cryptominer

A detailed threat analysis of a cryptocurrency-mining campaign exploiting CVE-2026-33017, an unauthenticated RCE vulnerability in Langflow, an AI workflow framework. Attackers send a single Python eval via an unauthenticated API endpoint to download and execute a dropper (isp.sh), which deploys a UPX-packed Go binary (lambsys.elf). The binary kills rival miners, disables AppArmor, SELinux, UFW, iptables, and Alibaba Cloud's security agent, plants dual cron/bash watchdog persistence, and launches a customized XMRig miner (procq) mining Monero. The malware also spreads laterally via SSH key reuse. The toolchain traces lineage to the 2019 KORKERDS/MALXMR family but has been actively maintained with OPSEC improvements. Organizations should update Langflow to 1.9.0+, restrict public access, and treat any compromise as a potential SSH-key-exposure incident.