How to create secure software? Don’t blink! [talk]
Last week Acronis (famous for their TrueImage) organized a conference in Sofia about cybersecurity for developers and I was invited to give a talk. It’s always hard to pick aContinue reading
Avoid Lists in Cassandra
Apache Cassandra is fast and scalable database which over the years became almost as easy to use as a traditional SQL database. At least on the surface. You an useContinue reading
Certificate Transparency Verification in Java
So I had this naive idea that it would be easy to do certificate transparency verification as part of each request in addition to certificate validity checks (in Java). WithContinue reading
Integrating Applications As Heroku Add-Ons
Heroku is a popular Platform-as-a-Service provider and it offers vendors the option to be provided as add-ons. Add-ons can be used by Heroku customers in different ways, but a typicalContinue reading
Types of Data Breaches and How To Prevent Them
Data breaches happen practically every day. Personal, including financial and medical data leak to cyber criminals as well as intelligence agencies. Some notable breaches include the Equifax breach, where dozensContinue reading
Resources on Distributed Hash Tables
Distributed p2p technologies have always been fascinating to me. Bittorrent is cool not because you can download pirated content for free, but because it’s an amazing piece of technology. AtContinue reading
Automate Access Control for User-Specific Entities
Practically every web application is supposed to have multiple users and each user has some data – posts, documents, messages, whatever. And the most obvious thing to do is toContinue reading
Scaling Horizontally on AWS [talk]
On a recent conference (HackConf) I gave a talk where I tried to summarize how to do deployment and horizontal scaling on AWS. It is an overview of AWS resourcesContinue reading
Typical Workarounds For Compliant Logs
You may think you have logs. Chances are, you can rely on them only for tracing exceptions and debugging. But you can’t rely on them for compliance, forensics, or anyContinue reading
A Caveat With AWS Shared Resources
Recently I’ve been releasing a new build, as usual utilizing a blue-green deployment by switching the DNS record to point to the load balancer of the previously “spare” group. ButContinue reading