January 4, 2019

Monorepos: Please don’t! / VFS for Git / Sourcegrpah

Monorepos: Please don’t! https://medium.com/@mattklein123/monorepos-please-dont-e9a279be011b The author says that do not use a monorepo to solve problems that a polyrepo (multiple-repository solution) has. Because, at scale, a monorepo does not solve these problems. At the same time, it rather causes other problems. A monorepo tends to encourage tight coupling and make open-sourcing difficult. There is no reason to struggle with VCS-scalability in vain to use a huge monorepo. VFS for Git https://vfsforgit. Read more

December 19, 2018

OAuth 2.0 Security Considerations / CSRF Protection in Rails

RFC6819: OAuth 2.0 Threat Model and Security Considerations https://tools.ietf.org/html/rfc6819 (2013) The RFC gives additional security considerations for OAuth 2.0 specification. It contains “Code Substitution” threat (a.k.a. OAuth Login). In short, we should not use OAuth protocol for authN because OAuth itself does not support audience restrictions on clients. For authentication purpose, we can use dedicated protocols such as OpenID Connect and SAML. A Deep Dive into CSRF Protection in Rails https://medium. Read more

December 5, 2018

Concurrency Is Not Parallelism / Quora User Data Compromised

Concurrency Is Not Parallelism https://www.youtube.com/watch?v=cN_DpYBzKso (2013) In this video, Rob Pike explains the differences between concurrency and parallelism. Concurrency is the composition of independent executing processes. Parallelism is the simultaneous execution of multiple things. In other words, concurrency is about dealing with a lot of things at once and parallelism is doing a lot of things at once. Concurrency is not parallelism but enables parallelism. Communicating Sequential Processes http://www.usingcsp.com/cspbook.pdf Read more

November 30, 2018

AWS Lambda: Layers, Runtime API

New for AWS Lambda – Use Any Programming Language and Share Common Components https://aws.amazon.com/blogs/aws/new-for-aws-lambda-use-any-programming-language-and-share-common-components/ https://aws.amazon.com/blogs/compute/announcing-ruby-support-for-aws-lambda/ AWS announced Lambda Layers and Lambda Runtime API. Lambda Layers provide a way to share files across Lambda functions. Thanks for Lambda Runtime API, you can specify a runtime for Lambda functions. Additionally, AWS also announced that they added Ruby 2.5 as a supported runtime in AWS Lambda.

November 27, 2018

DoH - DNS over HTTPS

A cartoon intro to DNS over HTTPS https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ (2018/05/31) Even though all pages you browse are HTTPS, there are still some threats. A DNS query envelope the User Agent sends includes most of your IP address and which domain name you are looking for. Since these DNS requests are not encrypted, the resolver your computer uses and routers on a path to a DNS server can read and abuse them. Read more

(c) Hibariya Lerche 2018

Powered by Hugo & Kiss.