As developers, we throw a lot of data around. The representation of data matters a lot and we need to be able to keep track of which variables represent which attributes. Configuration is a prime example of complex data.
In the following article, I will use location as an example. It must have a longitude, latitude, and can have an address. In C, you would use a struct
for this. In Java, you would simply create a class. In Python, there are six alternatives. Let’s explore each of their advantages and disadvantages!
The quicker you spot mistakes, the easier it is to fix them. This is the whole idea of “shift left”. When you are getting a call from your boss or the support team that “it doesn’t work”, you know that this will take a while to even identify where the problem is. Most non-developers have a hard time communicating issues to developers. And we should make sure that they don’t have to bother to learn this skill.
In this article, you’ll learn strategies to catch errors in different development phases. At the very end, I’ll also point out what others…
Bitcoin is based on the UTXO (unspent transaction output) model to ensure that nobody is able to spend money they don’t have and prevent money from being spent twice — so-called double-spending. In this article, you will learn how that works. Let’s go!
Bitcoin transactions are stored in blocks. Verifying the transactions is a crucial part of the security of Bitcoin. Another element of security is to make it computationally hard to add new blocks by adding a mathematical puzzle. In this article, you will learn how the transactions are actually validated.
If you want a longer introduction to Bitcoin…
Passwords are the keys to the locks that secure our accounts: Your email, bank and investment account, social media, company portals, and many more use password-based authentication. They all ask you to create a secure password and sometimes give you rules like this:
However, I have seen some non-developers struggle to find a good password. After reading this article, you should be able to come up with secure strong passwords that you can memorize.
Cross-Site Request Forgery (short: CSRF or XSRF) is an attack that makes the victim's browser execute a request to a website where the victim has interesting privileges. It’s sometimes pronounced “sea surf” or called “session riding”. A CSRF attack could make your browser transfer money from your bank to the attacker, buy something for the attacker in an online store, connect in a social network, like a product/Tweet/post, and many other things.
Let’s learn what CSRF is done and how it’s prevented!
Similar to SQL Injections, you can defend perfectly against CSRFs if you know that it is an issue…
Most companies I have seen deploy Docker images in at least one project or service. Docker is great because it makes stuff reproducible by specifying the environment to a big degree. However, you still have to think about security. Let’s have a closer look!
All Docker containers run on a host system. The host needs to be secure AND the container needs to be secure.
There are various vulnerability scanning, auditing, and hardening tools for Linux systems:
sudo apt-get install lynis && sudo lynis audit system
and wait for a couple of minutes and you get a pretty nice…Encryption is about keeping a secret and being able to restore it. Hashing is about fingerprinting — you don’t need to restore the original, but you need to make sure it is identical. Encoding is about data representation to enable information exchange. Encoding does not involve keeping secrets.
This was my Twitter-length explanation. Let’s dive into details!
Encoding is about data representation. For example, for icons on the web, we prefer not to store image files but have them directly on the web page. This prevents the client from creating many HTTP requests for little data.
Serialization is the act of transforming objects from an internal representation to a stream of characters or bytes. The representation of the serialized object should be platform- and language-independent. Data is serialized and deserialized in applications to store or transport it. In web applications, JSON or XML is often used for data exchange by many APIs and protocols. File formats like PNG/GIF/JPEG/MPEG use XML to store metadata. YAML became extremely popular for configuration files, e.g. in Cloudformation templates or GitlabCI configuration files.
Some file formats allow you to do more than just (de)serializing basic data types. For example, imagine that…
A Merkle Tree is a data structure that is used in Peer-to-Peer Networks. It is a binary tree in which the value of an inner node is the hash of its leaf nodes. The root node of that tree is called “Merkle root” or “root hash”.
So much about the definition. To me, it’s always helpful to know the problem technology solves to really understand it.
How do you send big amounts of data over a network which randomly introduces errors? When you just send a stream of data, you cannot guarantee the integrity.
The first improvement is to add…
Hash functions take arbitrary many bytes as input and produce a fixed-length string as output. The string typically looks completely random, but the same input always generates the same output. They also typically produce different outputs for different inputs, but more about that later.
After reading this article you will know three different applications of hash functions. All of them are crucial for modern software development. Let’s go!
Let’s say we want a hash function that takes arbitrary length input and generates a 128-bit output.
The trivial way to compute a hash would be to look at 128-bit blocks of…
I’m a Software Engineer with focus on Security, Data Science, and ML. I have over 10 years of experience with Python. https://www.linkedin.com/in/martin-thoma/