Phouvanh KCSV

you can create a sticky navbar that morphs when you scroll with pure CSS, no JS or animation libraries required 𝚑𝚎𝚊𝚍𝚎𝚛 { 𝚌𝚘𝚗𝚝𝚊𝚒𝚗𝚎𝚛-𝚝𝚢𝚙𝚎: 𝚜𝚌𝚛𝚘𝚕𝚕-𝚜𝚝𝚊𝚝𝚎; 𝚙𝚘𝚜𝚒𝚝𝚒𝚘𝚗: 𝚜𝚝𝚒𝚌𝚔𝚢; 𝚝𝚘𝚙: 𝟶; } @𝚌𝚘𝚗𝚝𝚊𝚒𝚗𝚎𝚛 𝚜𝚌𝚛𝚘𝚕𝚕-𝚜𝚝𝚊𝚝𝚎(𝚜𝚝𝚞𝚌𝚔: 𝚝𝚘𝚙) { .𝚗𝚊𝚟-𝚋𝚊𝚛 { 𝚖𝚊𝚡-𝚠𝚒𝚍𝚝𝚑: 𝟻𝟼𝚛𝚎𝚖; 𝚋𝚘𝚛𝚍𝚎𝚛-𝚛𝚊𝚍𝚒𝚞𝚜: 𝟶.𝟽𝟻𝚛𝚎𝚖; 𝚋𝚊𝚌𝚔𝚐𝚛𝚘𝚞𝚗𝚍: 𝚛𝚐𝚋(𝟸𝟻𝟻 𝟸𝟻𝟻 𝟸𝟻𝟻 / 𝟶.𝟿𝟸); } } the browser now knows when a sticky element is stuck, all triggered by one container query available only in chromium browsers only, no firefox or safari which is a shame

A startup builds their image upload system like this: One endpoint handles everything: 1. Receive image upload 2. Resize to 3 different sizes synchronously 3. Save all 3 to local disk 4. Return response Works fine for 10 uploads/day. At 100,000 uploads/day → Image processing blocks the event loop → API times out for all other requests → Local disk fills up within weeks → No CDN images served from app server → Single server = single point of failure → Server restart wipes all uploaded images What are the architectural mistakes here and how would you redesign this to handle millions of uploads reliably and at scale?

Your team is building a job queue system. Requirements: → Process 50,000 jobs per day → Each job must run exactly once → Failed jobs must retry 3 times → Team of 4 developers → Already using PostgreSQL and Redis You have 3 options: A) BullMQ with Redis — battle tested, great UI dashboard — adds Redis dependency you already have B) PostgreSQL-based queue (pg-boss) — no new infrastructure — uses DB you already have — slightly slower C) AWS SQS — fully managed, no maintenance — costs money, adds cloud dependency Which do you pick and what's the one requirement that makes your choice obvious?

🚨Must Have🚨 - disable auto-updates for extensions in VS Code/Cursor + other forks (MacOS: Cmd + Shift + P -> "Disable Auto Updating Extensions") - use static analysis (https://t.co/0re0oLjgCO) for GHA to catch security issues - use https://t.co/64cwF4XjxI to update GHA to latest versions with SHA pinning - add Socket Free Firewall (https://t.co/qldhK1yhDt) or safe-chain (https://t.co/IFB7976pwr) when installing npm packages

A startup builds their URL shortener like this: One function handles everything: 1. Generate random short code 2. Insert into database 3. On redirect - query database 4. Update click count 5. Redirect user Works perfectly at 1,000 URLs. At 100 million URLs and 500,000 redirects per second → Random short codes start colliding → Every redirect hits the database → Click counter updates block redirects → Single database is the bottleneck → p99 latency goes from 10ms to 8 seconds What are the architectural mistakes here and how would you redesign this to handle billions of URLs and millions of redirects per second?

The vulnerability is an Algorithm Confusion / Key Confusion attack. The server verifies JWTs like this: jwt.verify(token, KEY) But it never restricts allowed algorithms. That means an attacker can: - Change alg from RS256 → HS256 - Use the PUBLIC key as the HMAC secret - Forge arbitrary tokens like: { "role": "admin" } Impact: - Full auth bypass - Privilege escalation - Account takeover - Admin access without private key compromise Fix: jwt.verify(token, KEY, { algorithms: ["RS256"] })