Hungry Minds
Posts
🍔🧠 How Grab Built An Authentication System for 180+ Million Users

🍔🧠 How Grab Built An Authentication System for 180+ Million Users

PLUS: How Browsers Work 🕵️ 15-Year-Old Queue Problem ⏳ Python Debugging Tricks 🐍

Alex Zajac
September 15th, 2025 • Time-to-digest: 11 minutes

Today’s issue of Hungry Minds is brought to you by:

Happy Monday! ☀️

Welcome to the 132 new hungry minds who have joined us since last Monday!

If you aren't subscribed yet, join smart, curious, and hungry folks by subscribing here.

This week I also include a special recommendation newsletter if you want to learn system design with visuals 👇️

📚 Software Engineering Articles

CLI agents that finally work
Discover the differences between forward and reverse proxies
Learn 9 battle-tested practices to secure your APIs
See how Rails team cut CI time in half
Master modern browser architecture for better web development
Explore why deleting tests can improve your codebase

🗞️ Tech and AI Trends

Mistral secures €1.7B funding to challenge OpenAI
EU declares nuclear power as clean energy
Samsung leaks trifold phone design in animation

👨🏻‍💻 Coding Tip

Use Go's errgroup for concurrent error handling and graceful shutdowns

Time-to-digest: 5 minutes

Big thanks to our partners for keeping this newsletter free.

If you have a second, clicking the ad below helps us a ton—and who knows, you might find something you love. 💚

Meet Auggie CLI

Auggie CLI brings the power of Augment Code's AI coding agent right to your terminal.

From standalone terminal sessions to every piece of your dev stack, with Auggie CLI, you can:

Build features and debug issues.
Get instant feedback suggestions for your PRs and builds.
Triage customer issues and alerts from your observability stack.

How Grab built an authentication system for 180+ million users 🔒

Grab, Southeast Asia's super app serving 800+ cities, needed to unify authentication across its vast ecosystem of services. Their journey from fragmented auth systems to a scalable, standardized solution shows how to tackle identity management at massive scale.

The challenge: Build a unified authentication system that works seamlessly across internal apps and third-party services while maintaining security and scalability for 180M+ users.

Implementation highlights:

Adopted OpenID Connect (OIDC) as the standard protocol over SAML and basic OAuth2.0
Leveraged Dex as a federated OIDC provider to bridge multiple identity systems
Implemented token exchange for secure service-to-service communication without service accounts
Built multi-IdP failover to ensure high availability during provider outages
Integrated with existing R2PM (Role-to-Permission Matrix) for granular access control

Results and learnings:

Unified experience: Single sign-on across all internal and external applications
Enhanced security: Standardized tokens and reduced attack surface through scoped access
Improved scalability: Cloud-native architecture supporting millions of authentication requests

This case study demonstrates how standardizing on modern protocols and leveraging open-source solutions can solve complex authentication challenges. Remember: good auth is like a bouncer at a club - strict enough to keep trouble out, but smooth enough that legitimate guests don't notice it's there!

Forward Proxy vs Reverse Proxy

(4 Minutes) | Core Ideas, Benefits, Trade-offs, Where and When to Use Each

9 Best Practices for API Security ⚔️

#87: Break Into API Security (7 Minutes)

How DNS Actually Works

When you type a website address into your browser, something almost magical happens.

Career Longevity Beats Constant Job Hopping

Frequent job switches can be great for short-term financial gains. I believed that early in my career as well, but here's what I've learnt over the years.

The Secret Sauce of Amazon's Execution

It’s not a tool or a process. It’s a specific mindset about agency that changes everything.

How modern browsers work

A web developers guide to browser internals

LLM Evaluation: Practical Tips at Booking.com

Lessons learned from 1 year of Judge-LLM Development

ARTICLE (queue-taming wizardry)
How I solved a distributed queue problem after 15 years

ARTICLE (vectors vs. wallets)
Will amazon S3 vectors kill vector databases—or save them?

ARTICLE (tree-hugging data nerds)
Fenwick layout for interval trees

ESSENTIAL (Linus vs. trash code)
How to Write "Garbage Code"

ARTICLE (debug like a detective)
Python Debugging Tricks Every Developer Must Know

ARTICLE (test deletion therapy)
You Should Delete Tests

GITHUB REPO (sorting sorcery)
The Unreasonable Effectiveness Of Modern Sort Algorithms

ARTICLE (Rails goes zoom)
The Whop chop: how we cut a Rails test suite and CI time in half

ARTICLE (PNGs go bye-bye)
Stop Shipping PNGs In Your Games

ARTICLE (CSS rainbow magic)
Color Shifting in CSS

ARTICLE (database glow-up)
An Interactive Guide to TanStack DB

ARTICLE (React on steroids)
React Fast Refresh: Next-Gen Hot Reloading Explained

Want to reach 190,000+ engineers?

Let’s work together! Whether it’s your product, service, or event, we’d love to help you connect with this awesome community.

👁️ Elon Musk Claims Neuralink Could Restore Partial Vision to the Blind by 2026 (2 min)

Brief: Neuralink's "Blindsight" BCI could enable partial vision restoration for the blind by 2026, targeting the visual cortex to bypass damaged eyes, per Elon Musk's latest X update.

🤖 Google AI Mode Set to Become Default Search Experience "Soon" (3 min)

Brief: Google’s AI Mode, offering multimodal searches and AI-powered answers, may soon replace the traditional search interface, signaling a major shift for SEO strategies.

📱 Samsung's Galaxy Trifold Leaked Animation Sparks Speculation (2 min)

Brief: A leaked animation of Samsung's rumored Galaxy Trifold device fuels speculation about its foldable screen design and potential multitasking features.

🤯 'Near Telepathic' Wearable Converts Silent Speech Into Commands (3 min)

Brief: Boston startup AlterEgo unveils a non-invasive wearable that interprets neuromuscular signals from jaw and throat movements, enabling silent communication with devices via AI-powered subvocal speech recognition.

⚡ EU Court Officially Declares Nuclear Energy "Clean," Green Groups Divided (3 min)

Brief: The EU Court of Justice dismisses Austria’s lawsuit, cementing nuclear power’s role in the EU green finance taxonomy, as critics like Greenpeace vow to continue opposing the science-backed ruling.

This week’s coding challenge:

Build Your Own Interpreter

Real-world proficiency projects designed for experienced engineers. Develop software craftsmanship by recreating popular devtools from scratch.

This week’s tip:

Use Go's errgroup package to manage concurrent error handling and graceful shutdowns in distributed systems. This pattern combines goroutine lifecycle management with clean error propagation and context cancellation.

Wen?

Batch processing: Managing multiple concurrent API calls or data transformations while handling errors uniformly.
Service shutdown: Coordinating graceful shutdown of multiple subsystems with proper cleanup.
Fan-out operations: Distributing work across multiple goroutines while maintaining error control and cancellation propagation.

"If you look at what you have in life, you'll always have more. If you look at what you don't have in life, you'll never have enough."
Oprah Winfrey

That’s it for today! ☀️

Enjoyed this issue? Send it to your friends here to sign up, or share it on Twitter!

If you want to submit a section to the newsletter or tell us what you think about today’s issue, reply to this email or DM me on Twitter! 🐦

Thanks for spending part of your Monday morning with Hungry Minds.
See you in a week — Alex.

Icons by Icons8.

*I may earn a commission if you get a subscription through the links marked with “aff.” (at no extra cost to you).