Stelle Dir folgende Situation vor:
Dein Kollege kommt mal wieder zu spät zum Meeting mit dem Kunden. Zudem ist er - wie üblich - mittelmäßig vorbereitet. Zum Glück warst Du überpünktlich und hast gestern noch die Präsentation perfektioniert, so dass der Kunde auf jeden Fall zufrieden sein wird. Nach dem Termin stellst Du Deinen Kollegen zur Rede, er hört sich Dein Lamento genervt an, was Dich verärgert, aber was kannst Du denn noch tun? Aus Deiner Sicht wird es beim nächsten Mal genauso laufen, weil Du eben die Ordentliche bist und er halt der Chaot ist und immer bleiben wird.
Stelle Dir folgende Situation vor:
In the first blogpost of this series, I’ve shown you how easy it is for an attacker to eavesdrop the SSL/TLS connection between you and your client. This is not a theoretical issue and happens to customers every day. Even strong ciphers and encryption settings don’t help. Why? The problem is trust: If your client trusts any server, it doesn’t matter which cyphers your server is using.
This post is the second in the “Your HTTPS Setup is Broken”-series. Previously, I’ve described how easy it is for an attacker to eavesdrop on your “secure” communication. In this post I’ll show you how to enforce encrypted communication, so an attacker cannot downgrade the connection to unencrypted HTTP.
Here’s a short post with linked slides and the recording of our third Reactive Systems Hamburg Meetup. We were very pleased to have Dr. Roland Kuhn as guest, presenting some highlights from his new book Reactive Design Patterns that’s currently in MEAP and should be finished in 3 to 4 months (I can highly recommend it!).
So, you use HTTPS to encrypt communication with your customers. Maybe you use the latest encryption ciphers and algorithms. But you may still have a very big issue in your setup. In this first blog post about HTTPS security, I’ll show that trust is at least important as encryption while securing communication. Furthermore, I’ll show how untrustworthy the current Certificate Authority infrastructure is.
The last episode of this series covered the motivation behind Monad Transformers and gave some examples of their usage. Now it is time to show a small real world application. By chance I stumpled accross this section of code in an open source project:
Let’s say you are a typical scala programmer, making plenty of use of
Futures in your code. Sooner or later you end up having APIs like the following:
This post is about Cassandra’s batch statements and which kind of batch statements are ok and which not. Often, when batch statements are discussed, it’s not clear if a particular statement refers to single- or multi-partition batches or to both - which is the most important question IMO (you should know why after you’ve read this post).
In this post I’m going to describe an issue we experienced with nginx and its handling of Server Side Includes (SSIs). We saw that nginx at first decodes the SSI URI path and afterwards encodes it when loading the resource. And in some cases, the URI path encoded by nginx was different than the original one. The solution is easy (use query parameters if in doubt), but I thought I’d share this so that others maybe don’t run into this issue and/or see how to debug such things.
Here’s a short post with linked slides and the recording of our first Reactive Systems Hamburg Meetup, where Martin Krasser compared the Event-Sourcing/CQRS tools Akka Persistence (which he also authored, as successor of his Eventsourced lib) and Eventuate (which he’s now building for Red Bull Media House to support a globally distributed system).