TL;DR style notes from articles I read today.
- Draft a good data loss prevention (DLP) policy. Build a solution against breaches as well as unauthorized extraction & deletion.
- Implement encryption in transit as well as at rest: TLS/SSL connections are a must, as are IPsec VPN tunnels.
- Deploy your own advanced network monitoring tools. Use intruder detection tools to watch your entire ecosystem of applications.
- Beware of a too-complicated ecosystem. Its layers can create blind spots.
- Consider using API-based cloud access security brokers (CASBs).
- Use micro-segmentation to restrict access privileges to those who need them, for only the timeframe they need them and only to the level of access they need.
Full post here, 4 mins read
- Static analysis tools like gosec, go-vet, and staticcheck can help catch low hanging fruits not included in compiler errors & warnings.
- Dynamic analysis techniques like fuzzing, property testing & fault injection should be used for deeper results.
- Dynamic testing tools like dvyukov/go-fuzz let you quickly & effectively implement mutational fuzzing.
- google/gofuzz can help by initializing structures with random value.
- For property testing, the leanovate/gopter framework addresses the shortcomings of other testers.
- The build directives of the compiler can be used to perform name linking, and avoid renaming while getting testable access to desired functions.
Full post here, 15 mins read
- Two main challenges of scaling distributed systems: centralization and synchronization.
- When one node has too much control, the main source’s capacity/capability limits the entire system in terms of resources it can handle or users it can serve.
- When scaling up, the system can run into computational limitations, storage limitations, and network limitations.
- Synchronous communication over a WAN is not only slower, but also less reliable compared to a LAN.
- Synchronous communication across larger geographies can be an obstacle to scaling.
Full post here, 8 mins read