My name is Ilya and I’m a Core Developer at Bright Security. In Bright we work on a DAST (Dynamic Application Security Testing) solution that helps development teams find and fix vulnerabilities early, straight from CI/CD. My own path began in full-stack engineering, but almost a decade of shipping production code drew me ever deeper into application security. In this article I’m explaining key approaches on what SAML actually is and how we detect it in Bright using DAST.
"Electricity is not just a form of energy, but the invisible current that connects all aspects of our lives, from technology to nature itself."
How Does a Developer Realize They Need a Browser Auto CAPTCHA Extension?
Imagine a developer automating routine tasks — for example, testing a web application or writing a data scraping script. Everything runs smoothly until a CAPTCHA appears on the path. In the browser, a familiar window pops up: "I am not a robot," or a grid of images where you need to find traffic lights or pedestrian crossings. The automatic script halts, tests fail, and an inexperienced developer might not even realize the problem for a long time — after all, they set everything up and started it, but didn’t account for the presence of CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart), designed precisely to stop bots. But what if the bot is ours and performs, say, useful work?
Would you like to know which indexes are used frequently or rarely? Which ones aren't used at all? Which tables and indexes are the largest? It's very easy to create visualizations for this. They're both visually appealing and practically useful.
If you work with PostgreSQL, you've likely run into performance issues at some point — especially as your database grows. Things may have been running smoothly at first, but as your client database expanded, queries started slowing down. Sound familiar? Here's a guide to help you identify and fix problematic queries, so you can get your PostgreSQL database running at peak performance again.
I’ve recently been playing with Agent Mode in VS Code, which looks promising. If you’re using VS Code and want to give your development a turbo boost, you’ll want to hear about this.
We continue our journey through the world of CAPTCHAs (Fantastic CAPTCHAs and Where to Find Them, as well as Methods to Combat Them), and today we encounter yet another “tough nut” in the CAPTCHA universe – FunCaptcha (Arkose Labs).
FunCaptcha is a type of CAPTCHA developed by Arkose Labs that offers users small puzzles instead of the usual tasks like recognizing distorted text or selecting images containing buses. In traditional CAPTCHAs (e.g., reCAPTCHA), verification often relies on recognizing distorted characters or simple images. Arkose Labs took a different route: their “entertaining” CAPTCHAs feature interactive challenges with 3D objects, logic puzzles, and audio questions. This approach is intended to be user-friendly for humans while complicating life for bots.
Typical FunCaptcha challenges include:
This article is based on the experience of developing the memsafe library, which, using the Clang plugin, adds safe memory management and invalidation control of reference data types to C++ during source code compilation.
When creating an app or any other software product for children, one of the hardest parts of the process is conducting user research correctly. Although working with kids might seem fun and entertaining, it takes certain skills to get them engaged in testing your product and voicing their opinion so you could gather all the necessary information. It’s important to understand that mentally kids function differently than adults, so working with a young target audience requires a different approach. Treating children like adults in the UX research process can lead to serious mistakes: they might not get a proper understanding of your product and you might end up getting wrong results, only wasting your time and budget. In order to avoid that, we’ve collected a few tips below that might help you communicate with kids more effectively for a productive and fruitful research session.
Imagine a familiar situation: it’s Monday morning, tasks are piling up, and you need to quickly spin up a new service using Postgres Pro. Or maybe you’ve just upgraded your database server over the weekend — added more CPUs, more RAM.
Here’s how to get your database tuned and ready to make the most of the new hardware and workload, without wasting time.
DBAs often struggle to identify the most resource-hungry processes that degrade system performance. Back in 2017, DBA — and now Postgres Professional engineer — Andrey Zubkov faced the same challenge. This led him to develop pg_profile for PostgreSQL, which has since evolved into pgpro_pwr.
In this article, we’ll dive into strategic database monitoring and show you how to pinpoint bottlenecks in your databases using our tools.
We at Verilog Meetup constructed an exam/interview problem that has an interesting property: if a student tries to figure out a solution by thinking by himself, he usually succeeds; however if he dumps the problem on ChatGPT, the solution fails (does not pass the automated test), and the student goes into a death spiral of futility, kicking ChatGPT to get the solution right.
There is nothing weird about the problem, we do this in the industry all the time:
In this tutorial, I’ll explain in simple terms what AI, AI agents, and workflows are, and then I’ll walk you through building your very first AI agent in Python using Google’s Agent Development Kit (ADK). By the end, you’ll understand the differences between these concepts and have a working content-assistant agent you can run from your terminal or a web interface.
According to Gartner, natural language queries will replace SQL as early as 2026.
While Gartner's prediction may be optimistic, the shift toward natural language interfaces for databases is inevitable. The timeline may vary, but the transition itself is a certainty.
For people familiar with the term DPI (Deep Packet Inspection), it often carries an unpleasant association: blocking, regulators, censorship, tightening controls. In reality, DPI is simply the name of a technology whose essence lies in the deep analysis of network traffic. Deep traffic analysis involves identifying protocols, extracting the most significant fields and metadata, classifying internet services, and analyzing the nature of network flows. I will explain how such solutions work in this article.
We all strive to build better software, and to do it faster. I believe Test-driven Development offers us a path towards this goal. Still struggling to efficiently utilize this approach? Then I invite you to discuss my tips and tricks to unlock the benefits of TDD!
One could write, “Experienced developers working on parsing and automation often face the need to bypass modern CAPTCHAs.” But that’s too boring… I’d rather start like this—continuing to explore the amusing world of CAPTCHAs, I finally stumbled upon the Chinese variant of protection: the GeeTest CAPTCHA. Let’s break down what this beast is, where it dwells, and why you should (or shouldn’t) fear it… You’ll understand as we go!
GeeTest is one of the advanced anti-bot systems combining user puzzles with behavioral analysis. I decided to take a close look at recognizing the GeeTest CAPTCHA under real-world conditions and figure out how to bypass GeeTest with various methods. But first—a classic introduction (which, by the way, may be more interesting than the practical part of the article, since bypassing the GeeTest CAPTCHA is already a non-trivial task for many readers).
Hi to everyone!
I'm new here. Someone told me that Habr is like russian reddit for developers (and maybe not). And I'm here today to share my story and get opinions from you, part of this community.
In August 2024 I visited Moscow, and got Russian starter pack, even if foregneir :-)
Will be useful later because I'm moving here, Русский язык coming soon, извините!
So let's start with getting a new bank account, make a new mobile number and start to register to some essential service platforms like Metro, Gorod, ВВ, Perekrostak and Yandex for delivery and taxis. And in every service I found something strange. A certain "Ivan" (I've changed the name for privacy) is present in all my accounts where I try to register.
That's it! The phone number that my bank gave me was just.... recyled! So I could start to get personal data through all these existing account on this new phone number of mine but the most shocking thing occured today!
Alarm on 9:00, I woke up and I got a message by Yandex:
Admit it, how many times have you wanted to quickly create an image for a post or presentation, but instead got stuck in an editor or endless searches for a suitable image on Google? Wouldn't it be great if the picture in your head could just appear instantly? Time is money, inspiration is on pause, and that's where AI comes to the rescue. Neural networks can generate anything you want, including the craziest ideas. No need to spend hours searching when, with a few clicks, you can see what was in your thoughts just a second ago.
By the way, notice the cover with the dinosaur? Let's call him Rex. Rex is himself a product of neural network creation. Today he'll be the main star of our experiments. But what will we do? Remember I mentioned crazy ideas? Well, to understand all the possibilities of generation, let's give AI a difficult task. We'll send Rex somewhere in space, for example to the Moon, let him put on a spacesuit and and have him grill some barbecue with Earth in the background. Interested? Then buckle up, we're heading into the world of image generation.
