The Weekly Dev - 202236

Coping with Distributed Complexity

As developers, the last couple of years have been forcing on us a strong focus on Security.

This is not by choice, but because the raising reliance on distributed applications has also brought an incentives for cyberthreats/cybercriminals in breaking existing systems.

Most of the systems are not perfect. The fact being that the distance from perfection moves asymptotically with costs: you have to draw the line somewhere.

As of old this "somewhere" was pretty much the same as the shipping line: implement it, put it on a CD, ship it to the customer: Done.

We can no longer afford this in most of the cases, and that means that there are costs that we used not to factor in an application implementation, together with the risks.

Microservices and fancy frontends, beside their upsides, present a huge attack surface, and while I believe the industry has mature solutions for securing the backends such as API and data, the frontend is still living a dangerous time where there is still a lot of experimentation and a dangerous variety of creative approaches.

Complexity is still an enemy of Security, and when we're at solving complex problems, that's something we need to deal with.

But sometimes we bring in complexity for the sake of it: long term this might cost you much more than you think, if you're not careful.

Strangers in Goland

ActiveMQ with Golang

Source: github.com/thomasmodeneis

Distributed Computing

How to architect OAuth 2.0 authorization using Keycloak

Source: redhat.com

Boring Security

Have I been pwned? – DIY style

Source: blog.mro.name

Where should you store access tokens?

Source: medium.com/developer-rants

New Languages and Old Fads

JDK 19: The new features in Java 19

Source: infoworld.com



[backend] [security] [java] [git] [golang] [api]