This week, our weekly curated list of blog posts and news contains news about the VueJS project, which has released a new version 3.2. Then we dig into a bug that was discovered in many HTTP/2 implementation causing servers to return the wrong response to the client. Finally, I’d like to share a very nice implementation of the University of San Francisco regarding data structure visualization.
Vue 3.2 Released!
Yes, VueJS 3.2 was released. The initial 3.0 release was close to a year ago. And promised a lot of new interesting stuff, while internally being a complete rewrite. There were a lot of concerns as – obviously – a new major will break a lot of stuff. I think, however, with providing a Vue 2.x-compatible 3.x-build that will smoothing the transition from 2 to 3, the VueJS-Team did a lot of good. Now with the 3.2 release they promise a lot of performance improvements, which larger applications will profit from.
The release post is found on the official blog of VueJs.
HTTP/2: The sequel is always worse
James Kettle does a pretty in-depth and interesting write-up of a bug he discovered in many HTTP/2 implementations, including the ones of AWS, Netflix, Verizon and more. The TLDR is: most attacks were caused by the load-balancer downgrading HTTP/2 to HTTP/1.1 and then not properly parsing the input (headers, content length). This allowed an attacker to either smuggle requests to the back-end or then let the load balancer return an out-of-order response, which was smuggled in by the attacker. I really like his style of writing, as it is very technical while steing being understandable when not having that much HTTP knowledge.
You can take a look at the blog post at PortSwigger.
Data structure visualizations
This site is actually a bit older and was created in 2011. Nonetheless, the content is not invalid or outdated at all. David Galles of the USFCA created a very nice visualization of various data structures, beginning with stack, queues, lists, and also bubble sort, bucket sort, various graph algorithms, binary trees and so on.
In difference to many visualization, he does not work with static images or animated pictures (like a gif). The whole website is interactive and lets you click through the single steps of the lifecycle of the data structure. This is not just a perfect tool for teaching, but also for learning and refreshing your knowledge about data structures.
You’ll find the visualization hosted at the website of the USFCA.