The Weekly Dev - 202201
We the Devs
If you are willing to have your code customer-facing in some way and maybe also open on the internet, you will definitely have to deal with authentication, security schemes and - in some measure - be aware of the proper ways to use cryptography for your own good and for GDPR compliance, whether your are in the EU or not.
4 easy steps to make your server less dangerously insecure
An interesting checklist of steps to secure applications you want to expose out on the internet.
Source: nbailey.ca
A Child’s Garden of Inter-Service Authentication Schemes
An instructive write-up about all the available schemas for Server-to-Server application security. Going the long distace to explain the whys (and why nots) of X509, bearer tokens, JWT, HMAC and more.
Credits to Dmitry Medvedev for the tip.
Source: latacora.micro.blog
3 Command line tool to test bandwidth between 2 servers
How many times have you loaded that very page loaded with advertisments just to have a check on you internet speed ? Did you ever remind that - if you want to measure the network speed between two points in space, there are actually proper tools?
Source: linuxaria.com
Link shorteners: the long and short of why you should not use them
A word of warning about a (not-so-much)fancy feature that many sites encourage.
Source: gcs.civilservice.gov.uk
Introduction to Embedded Linux Security
Interesting writeup on linux security that covers aspects slightly unobvious for developers typically used to server and desktop computing.
Source: embeddedbits.org
[cryptography] [security] [linux] [x509] [gdpr]