Certificates for localhost https://letsencrypt.org/docs/certificates-for-localhost/ (2017) Let’s Encrypt can’t create a certification for localhost because nobody uniquely owns it and it is not rooted in any top level domain. For a development environment, a self-signed certificate could be used for localhost+HTTPS. Have the system trust the certificate would make developer experience better. Minica is a good tool to generate local root certificates. Most web apps use HTTPS today, and some apps make requests to web services running on the user’s local machine (e. Read more

Monorepos: Please don’t! https://medium.com/@mattklein123/monorepos-please-dont-e9a279be011b The author says that do not use a monorepo to solve problems that a polyrepo (multiple-repository solution) has. Because, at scale, a monorepo does not solve these problems. At the same time, it rather causes other problems. A monorepo tends to encourage tight coupling and make open-sourcing difficult. There is no reason to struggle with VCS-scalability in vain to use a huge monorepo. VFS for Git https://vfsforgit. Read more

RFC6819: OAuth 2.0 Threat Model and Security Considerations https://tools.ietf.org/html/rfc6819 (2013) The RFC gives additional security considerations for OAuth 2.0 specification. It contains “Code Substitution” threat (a.k.a. OAuth Login). In short, we should not use OAuth protocol for authN because OAuth itself does not support audience restrictions on clients. For authentication purpose, we can use dedicated protocols such as OpenID Connect and SAML. A Deep Dive into CSRF Protection in Rails https://medium. Read more

Concurrency Is Not Parallelism https://www.youtube.com/watch?v=cN_DpYBzKso (2013) In this video, Rob Pike explains the differences between concurrency and parallelism. Concurrency is the composition of independent executing processes. Parallelism is the simultaneous execution of multiple things. In other words, concurrency is about dealing with a lot of things at once and parallelism is doing a lot of things at once. Concurrency is not parallelism but enables parallelism. Communicating Sequential Processes http://www.usingcsp.com/cspbook.pdf Read more

New for AWS Lambda – Use Any Programming Language and Share Common Components https://aws.amazon.com/blogs/aws/new-for-aws-lambda-use-any-programming-language-and-share-common-components/ https://aws.amazon.com/blogs/compute/announcing-ruby-support-for-aws-lambda/ AWS announced Lambda Layers and Lambda Runtime API. Lambda Layers provide a way to share files across Lambda functions. Thanks for Lambda Runtime API, you can specify a runtime for Lambda functions. Additionally, AWS also announced that they added Ruby 2.5 as a supported runtime in AWS Lambda.