nurdsoft

We're #hiring a new Senior Frontend Developer in Colombia. Apply today or share this post with your network.

We're #hiring a new Senior Software Engineer- Mobile in Colombia. Apply today or share this post with your network.

Collating some interesting news pieces from the past week, from app development to security! ?? React Native Survey Reveals Struggles with New Architecture The 2025 State of React Native survey shows ongoing issues with the new architecture, which was declared stable last year but is still plagued by instability, regressions, and library compatibility problems. Despite this, adoption has reached almost 50%. Debugging remains a major pain point, with console logging still the top method due to broken debuggers, though the new React Native Dev Tools received mixed reviews. While 88% of developers believe React Native is moving in the right direction, the survey highlights a strong preference for Expo as the primary framework and Android/iOS as target platforms, with minimal interest in web or desktop apps. With React’s web popularity, React Native’s future looks promising — if it can overcome its architectural hurdles. ??♂? Malicious PyPI Package 'set-utils' Stole Ethereum Private Keys Cybersecurity researchers uncovered a malicious PyPI package called set-utils — downloaded 1,077 times — designed to steal Ethereum private keys by mimicking popular libraries like python-utils. Targeting Python-based blockchain developers, it hooks into wallet creation functions to intercept keys. The stolen keys were cleverly exfiltrated via blockchain transactions using the Polygon RPC endpoint, avoiding detection by bypassing traditional HTTP monitoring. The package is now removed from PyPI, but the attack highlights ongoing risks in software supply chains. ?? Undocumented Commands Found in ESP32 Bluetooth Chip, Risking Billions of Devices Researchers discovered 29 undocumented commands in the ESP32 Bluetooth chip — used in over 1 billion devices — allowing device impersonation, memory manipulation, and Bluetooth attacks. These hidden commands, tracked under CVE-2025-27840, can be exploited to gain persistence in IoT devices, posing risks for supply chain attacks and malware propagation. The findings at RootedCON 2025 show that attackers could use these commands to spoof MAC addresses, inject packets, and access RAM and Flash memory. Espressif, the chip's maker, has yet to publicly address the issue. ?? Meta’s Strobelight Uses eBPF to Cut CPU Cycles by 20% Meta's Strobelight — an eBPF-powered profiling framework — has reduced CPU cycles by 20% and cut the need for servers by 10–20% for its top services. Strobelight helps identify performance bottlenecks across Meta's massive server fleet, including one case where a single-character code fix saved the equivalent of 15,000 servers’ capacity annually. Meta plans to open-source Strobelight’s profilers and libraries to expand its use for AI/ML workloads. The results highlight eBPF’s potential in boosting efficiency, with further details expected as Meta continues its open-source rollout. #reactnative #appdevelopment #python #ebpf

Collating some interesting news pieces from the past week, from app development to security! ?? React Native Survey Reveals Struggles with New Architecture The 2025 State of React Native survey shows ongoing issues with the new architecture, which was declared stable last year but is still plagued by instability, regressions, and library compatibility problems. Despite this, adoption has reached almost 50%. Debugging remains a major pain point, with console logging still the top method due to broken debuggers, though the new React Native Dev Tools received mixed reviews. While 88% of developers believe React Native is moving in the right direction, the survey highlights a strong preference for Expo as the primary framework and Android/iOS as target platforms, with minimal interest in web or desktop apps. With React’s web popularity, React Native’s future looks promising — if it can overcome its architectural hurdles. ??♂? Malicious PyPI Package 'set-utils' Stole Ethereum Private Keys Cybersecurity researchers uncovered a malicious PyPI package called set-utils — downloaded 1,077 times — designed to steal Ethereum private keys by mimicking popular libraries like python-utils. Targeting Python-based blockchain developers, it hooks into wallet creation functions to intercept keys. The stolen keys were cleverly exfiltrated via blockchain transactions using the Polygon RPC endpoint, avoiding detection by bypassing traditional HTTP monitoring. The package is now removed from PyPI, but the attack highlights ongoing risks in software supply chains. ?? Undocumented Commands Found in ESP32 Bluetooth Chip, Risking Billions of Devices Researchers discovered 29 undocumented commands in the ESP32 Bluetooth chip — used in over 1 billion devices — allowing device impersonation, memory manipulation, and Bluetooth attacks. These hidden commands, tracked under CVE-2025-27840, can be exploited to gain persistence in IoT devices, posing risks for supply chain attacks and malware propagation. The findings at RootedCON 2025 show that attackers could use these commands to spoof MAC addresses, inject packets, and access RAM and Flash memory. Espressif, the chip's maker, has yet to publicly address the issue. ?? Meta’s Strobelight Uses eBPF to Cut CPU Cycles by 20% Meta's Strobelight — an eBPF-powered profiling framework — has reduced CPU cycles by 20% and cut the need for servers by 10–20% for its top services. Strobelight helps identify performance bottlenecks across Meta's massive server fleet, including one case where a single-character code fix saved the equivalent of 15,000 servers’ capacity annually. Meta plans to open-source Strobelight’s profilers and libraries to expand its use for AI/ML workloads. The results highlight eBPF’s potential in boosting efficiency, with further details expected as Meta continues its open-source rollout. #reactnative #appdevelopment #python #ebpf

We're #hiring a new Senior Golang Developer in Colombia. Apply today or share this post with your network.

We’re at SXSW. Leave a comment to meet up.

We're #hiring a new DevOps Engineer- Terraform & Akamai Automation (US Remote) in United States. Apply today or share this post with your network.

We're #hiring a new DevOps Engineer (Terraform & Akamai Automation) in Colombia. Apply today or share this post with your network.

We're #hiring a new Senior Software Engineer- Mobile in Colombia. Apply today or share this post with your network.

We're #hiring a new Automation Cloud Engineer - Cloud Infrastructure and DevOps Automation in Colombia. Apply today or share this post with your network.