Speed of development, execution time, (de)serialization, and maintainability all play a role in making your code shine

Timeline of alternatives to classes
Timeline of alternatives to classes
Photo by the author.

As developers, we throw a lot of data around. The representation of data matters a lot and we need to be able to keep track of which variables represent which attributes. Configuration is a prime example of complex data.

In the following article, I will use location as an example. It must have a longitude, latitude, and can have an address. In C, you would use a struct for this. In Java, you would simply create a class. In Python, there are six alternatives. Let’s explore each of their advantages and disadvantages!

Plain Classes

Plain classes are the default way provided by…

Let’s do it in an agile way

Image for post
Image for post
Image by Martin Thoma

The quicker you spot mistakes, the easier it is to fix them. This is the whole idea of “shift left”. When you are getting a call from your boss or the support team that “it doesn’t work”, you know that this will take a while to even identify where the problem is. Most non-developers have a hard time communicating issues to developers. And we should make sure that they don’t have to bother to learn this skill.

In this article, you’ll learn strategies to catch errors in different development phases. At the very end, I’ll also point out what others…

A technical cornerstone of Bitcoin

Image for post
Image for post
Visualization of a transaction. Image by Satoshi Nakamoto (Bitcoin: A Peer-to-Peer Electronic Cash System)

Bitcoin is based on the UTXO (unspent transaction output) model to ensure that nobody is able to spend money they don’t have and prevent money from being spent twice — so-called double-spending. In this article, you will learn how that works. Let’s go!

The Context

Bitcoin transactions are stored in blocks. Verifying the transactions is a crucial part of the security of Bitcoin. Another element of security is to make it computationally hard to add new blocks by adding a mathematical puzzle. In this article, you will learn how the transactions are actually validated.

If you want a longer introduction to Bitcoin…

Cybersecurity for non-developers

Image for post
Image for post
Photo by Paweł Czerwiński on Unsplash

Passwords are the keys to the locks that secure our accounts: Your email, bank and investment account, social media, company portals, and many more use password-based authentication. They all ask you to create a secure password and sometimes give you rules like this:

  • Minimum of 8 characters
  • At least one digit, lower case letter, upper case letter, special character
  • No consecutive 3 digits

However, I have seen some non-developers struggle to find a good password. After reading this article, you should be able to come up with secure strong passwords that you can memorize.

What CSRF is, how it’s done, and how you can prevent it

Image for post
Image for post
Photo by Michael Geiger on Unsplash

Cross-Site Request Forgery (short: CSRF or XSRF) is an attack that makes the victim's browser execute a request to a website where the victim has interesting privileges. It’s sometimes pronounced “sea surf” or called “session riding”. A CSRF attack could make your browser transfer money from your bank to the attacker, buy something for the attacker in an online store, connect in a social network, like a product/Tweet/post, and many other things.

Let’s learn what CSRF is done and how it’s prevented!

Why you should care

Similar to SQL Injections, you can defend perfectly against CSRFs if you know that it is an issue…

A hands-on guide to security for Docker

Image for post
Image for post
Photo by Andrey Sharpilo on Unsplash

Most companies I have seen deploy Docker images in at least one project or service. Docker is great because it makes stuff reproducible by specifying the environment to a big degree. However, you still have to think about security. Let’s have a closer look!

Host Security

All Docker containers run on a host system. The host needs to be secure AND the container needs to be secure.

There are various vulnerability scanning, auditing, and hardening tools for Linux systems:

  • Lynis: Executesudo apt-get install lynis && sudo lynis audit system and wait for a couple of minutes and you get a pretty nice…

They might appear in the same context, but they are vastly different

Encryption is about keeping a secret and being able to restore it. Hashing is about fingerprinting — you don’t need to restore the original, but you need to make sure it is identical. Encoding is about data representation to enable information exchange. Encoding does not involve keeping secrets.

This was my Twitter-length explanation. Let’s dive into details!


Image for post
Image for post
Photo by Quino Al on Unsplash

Encoding is about data representation. For example, for icons on the web, we prefer not to store image files but have them directly on the web page. This prevents the client from creating many HTTP requests for little data.

But then the binary…

Image for post
Image for post
Photo by Stephen Radford on Unsplash

Serialization is the act of transforming objects from an internal representation to a stream of characters or bytes. The representation of the serialized object should be platform- and language-independent. Data is serialized and deserialized in applications to store or transport it. In web applications, JSON or XML is often used for data exchange by many APIs and protocols. File formats like PNG/GIF/JPEG/MPEG use XML to store metadata. YAML became extremely popular for configuration files, e.g. in Cloudformation templates or GitlabCI configuration files.

Some file formats allow you to do more than just (de)serializing basic data types. For example, imagine that…

The concept and applications - plain and simple!

Image for post
Image for post
A Merkle Tree is a binary tree with the data at the leaf nodes. All inner nodes are hashes. Image by Martin Thoma.

A Merkle Tree is a data structure that is used in Peer-to-Peer Networks. It is a binary tree in which the value of an inner node is the hash of its leaf nodes. The root node of that tree is called “Merkle root” or “root hash”.

So much about the definition. To me, it’s always helpful to know the problem technology solves to really understand it.


How do you send big amounts of data over a network which randomly introduces errors? When you just send a stream of data, you cannot guarantee the integrity.

The first improvement is to add…

What they are, what the options are, and why they matter

Image for post
Image for post
Image by Martin Thoma

Hash functions take arbitrary many bytes as input and produce a fixed-length string as output. The string typically looks completely random, but the same input always generates the same output. They also typically produce different outputs for different inputs, but more about that later.

After reading this article you will know three different applications of hash functions. All of them are crucial for modern software development. Let’s go!

A trivial hash function

Let’s say we want a hash function that takes arbitrary length input and generates a 128-bit output.

The trivial way to compute a hash would be to look at 128-bit blocks of…

Martin Thoma

I’m a Software Engineer with focus on Security, Data Science, and ML. I have over 10 years of experience with Python. https://www.linkedin.com/in/martin-thoma/

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store