Short post for the day to address an hopefully even shorter-lived situation we’re all in.

Read on →

This decade’s about to wrap up, so I decided to spend some time describing my development workflow as the year nears its end.

What I find interesting in my setup is that it entertains working on a local k8s cluster — mainly to keep in touch with the systems that run in production.

Running k8s locally isn’t what you’d want to do to begin with, but rather a natural path once you start wanting to replicate the environment that runs your live applications. Again, you don’t need a local k8s cluster just ‘cause, so make sure you have a good reason before going through the rest of this article.

Read on →

I’m pleased to announce (even though you might have already heard about this on my Twitter stream) that the ebook on web application security I’ve been working on over the past year is now officially available for sale, at the hopefully-reasonable price of $6.99 $9.99.

You can now buy the book at leanpub.com/wasec, while Kindle enthusiasts will have to wait a few more days for it to become available there: it is currently available for pre-order and should be generally available in the next few days.

WASEC is the culmination of over a year of thoughts regarding my experience with web application security from the point of view of a software engineer, rather than the one of a security researcher. I believe software engineers might find it extremely interesting as it approaches defensive security from the point of view of someone who has to build an app and needs to keep security into consideration among other things.

Read on →

    This post is part of the ”WASEC: Web Application SECurity” series, which is a portion of the content of WASEC, an e-book on web application security I’ve written.

    Here is a list of all the articles in this series:

  1. Web security demystified: WASEC
  2. Introduction
  3. Understanding the browser
  4. Security at the HTTP level
  5. HTTP headers to secure your application
  6. Hardening HTTP cookies
  7. Situationals

  8. If you’ve enjoyed the content of this article, consider buying the complete ebook on either the Kindle store or Leanpub.

Often times, we’re challenged with decisions that have a direct impact on the security of our applications, and the consequences of those decisions could potentially be disastrous. This article aims to present a few scenarios you might be faced with, and offer advice on how to handle each and every single of them.

This is by no means an exhaustive list of security considerations you will have to make in your day to day as a software engineer, but rather an inspiration to keep security at the centre of your attention by offering a few examples.

Read on →

In the latest release of ABS, we introduced a package manager that fetches an archive from GitHub and installs it locally: like in many other command-line interfaces, we decided to add a “loader” to accompany the process, something that looks like this:

I want to take a moment to reflect on how we implemented the simple spinner you see in the video, a process that derives from typewriters and movies — let’s get to it!

Read on →

Today, I wave goodbye to the company I supported for the past 7 and a half years, Namshi.

Read on →

Remember the last time you thought “ough, JavaScript”?

Well, that’s me every other day: I love JS for its flexibility and dynamism, but I also sometimes find it painful to deal with, especially in some specific programming contexts.

If you, like me, hoped to be able to write something other than JavaScript in order to get stuff done on the web, chances are you bumbed into WebAssembly (abbr. WASM), and considered it your holy grail. WASM is a portable binary format that’s been implemented by all major browsers and allows other languages to be compiled for the web.

Why is that important? Well, that’s the key of how I managed to run an ABS playground (a code runner) on the browser.

Read on →