Book review: Why We Sleep

PSA: book of the year candidate right here.

I never started any of my book reviews with a “book of the year” disclaimer, but this deserves as much of your attention attention as I can grab: a book that’s so simple, yet so revolutionary, tackling one of the most boring aspects of our life.

I used to think sleep was quite of a useless phase in our lives, there so that we can simply recharge our batteries and go on the following day — and this book managed to radically change my view on the importance of sleep: it’s a scientific take on the process of sleeping, how it impacts and shapes us, giving you a 360 degree overview on the consequences of a chronic lack of sleep.

Read on →

Book review: The personal MBA

One of my latest habits is to look for recommendations from high-profile tech influencers, and this came after reading an intriguing post by Seth Godin. Even though the post is from 2006, I thought “why not giving it a shot?” and, boy, I was really pleased with my choice.

The Personal MBA is a condensed business lesson you will not regret: I particularly enjoyed the chapter around accounting and financials, as it helped me understand a few more technical terms and get a high-level overview of the matter. As you might have guessed, the book is not about software, and rightly so; at the same time I would encourage anyone passionate about building products and amazing audiences to give it a shot, as the books sums up a lot of interesting concepts for people who intend to run a business or launch a product.

Read on →

WASEC: understanding the browser

    This post is part of the ”WASEC: Web Application SECurity” series, which is a portion of the content of WASEC, an e-book on web application security I’m currently writing.

    Here is a list of all the articles in this series:

  1. Web security demistified: WASEC
  2. Introduction
  3. Understanding the browser

I want to open this series with an article aimed at understanding what browsers do, and a brief explanation on how they do so. It is important since most of your customers will interact with your web application through a browser, so it’s imperative to understand the basics behind these wonderful programs.

Read on →

Introduction to Web Application SECurity

    This post is part of the ”WASEC: Web Application SECurity” series, which is a portion of the content of WASEC, an e-book on web application security I’m currently writing.

    Here is a list of all the articles in this series:

  1. Web security demistified: WASEC
  2. Introduction
  3. Understanding the browser

WASEC is a series about Web Application SECurity, written in the attempt to summarize security best practices when building web applications.

Today’s web platform allows developers to build magnificent products, with technologies that were unthinkable of just a few years ago, such as web push notifications, geolocation or even “simpler” features such as localStorage.

These additional technologies, though, come at a cost: the spectrum of vulnerabilities is amplified, and there’s more we must know when developing for the web. When iFrames were introduced, everyone was quick to point out how great of an invention they were (at least back in the day), as they allowed to embed content from different webpages very easily; few, though, would have thought that the very same technology would serve as the basis of clickjacking, a type of vulnerability only possible thanks to additional features to the HTML standard.

As Wikipedia puts it:

Clickjacking is possible because [of] seemingly harmless features of HTML web pages

Let me twist the tale and ask you if you were aware that CSRF attacks are about to disappear. How? Thanks to browsers supporting SameSite cookies (discussed further on in the series).

See, the landscape surrounding the web is changing quickly, and having a good understanding of the platform, with a keen eye on security, is the goal of this series: to make sure we’ve raised our security awareness.

WASEC is a series written to demistify web security, and make it easier for the everyday developer to understand important, security-related aspects of this universal platform.

Read on →

Web security demistified: WASEC

    This post is part of the ”WASEC: Web Application SECurity” series, which is a portion of the content of WASEC, an e-book on web application security I’m currently writing.

    Here is a list of all the articles in this series:

  1. Web security demistified: WASEC
  2. Introduction
  3. Understanding the browser

I’ve been thinking of writing a long article around everything a web developer should know about application security for quite some time, and it’s clear to me that this mastodontic exercise is never going to take place all at once.

In order to get things rolling, I’ve decided that, instead of writing one long, exhaustive article, I’ll be splitting my efforts over a longer period of time, and come up with a series around Web Application SECurity (WASEC, since I like to shorten things).

In this article I’d like to introduce the contents I’m going to write about, and how I’m planning to publish them.

Interested in learning how a compromised CDN wouldn’t affect your users? Want to know why CSRF is going to die? Read on.

Read on →

Finding where that IP address is from with iploc

Today I spent some time building iploc, a small CLI utility that lets you retrieve geographical information of an IP address.

Read on →

Advertising on Twitter: give us your personal data or we’re going to bomb your timeline with NSFW, sexual ads

A few months back I started writing on freeCodeCamp, with the spirit of “giving back” to the community whatever I used to share on my personal blog as well.

FCC is a very interesting publication, and one of the personalities I got to “discover” was Quincy Larson; it was by following Quincy that I discovered I could opt-out of Twitter’s ad tracking, something that turned out to be quite of a journey.

Read on →

How did that bug happen? Git bisect to the rescue!

git bisect is a very handy command that lets you isolate which commit introduced a bug: you tell it which version of your repository was bug-free and it runs a binary search between your current commit and the one that seems to have bug, asking you to confirm on whether the bug seems to be there at each step of the search.

Curious? Let’s see it in action!

Read on →

Book review: Debugging Teams: Better Productivity through Collaboration

Even though I have a physical copy of this book, I never got around finishing it until I bought it on Kindle — power of digital convenience :)

Read on →

Book review: Node.js Design Patterns (1st edition)

This is a book that was recommended to me by one of my former colleagues, but turned out to be pretty disappointing.

Read on →
Archives