The Weekly Dev - 202236
Coping with Distributed Complexity
As developers, the last couple of years have been forcing on us a strong focus on Security.
This is not by choice, but because the raising reliance on distributed applications has also brought an incentives for cyberthreats/cybercriminals in breaking existing systems.
Most of the systems are not perfect. The fact being that the distance from perfection moves asymptotically with costs: you have to draw the line somewhere.
As of old this "somewhere" was pretty much the same as the shipping line: implement it, put it on a CD, ship it to the customer: Done.
We can no longer afford this in most of the cases, and that means that there are costs that we used not to factor in an application implementation, together with the risks.
Microservices and fancy frontends, beside their upsides, present a huge attack surface, and while I believe the industry has mature solutions for securing the backends such as API and data, the frontend is still living a dangerous time where there is still a lot of experimentation and a dangerous variety of creative approaches.
Complexity is still an enemy of Security, and when we're at solving complex problems, that's something we need to deal with.
But sometimes we bring in complexity for the sake of it: long term this might cost you much more than you think, if you're not careful.
Strangers in Goland
Source: github.com/thomasmodeneis
Distributed Computing
How to architect OAuth 2.0 authorization using Keycloak
Source: redhat.com
Boring Security
Have I been pwned? – DIY style
Source: blog.mro.name
Where should you store access tokens?
Source: medium.com/developer-rants
New Languages and Old Fads
JDK 19: The new features in Java 19
Source: infoworld.com
[backend] [security] [java] [git] [golang] [api]