Avatar (Fabio Alessandro Locati|Fale)'s blog

On public TLS certificates lifetime

September 13, 2020

On September 1st, 2020, the maximum lifetime of TLS certificates signed by Public Certificate Authority got reduced to 13 months. How did we arrive here, and what’s to come? Let’s start from understanding who decides the maximum lifetime of certificates and many other limitations around them. Who decides the TLS certificate guidelines Ultimately, the client (often a browser or an operating system) identifies the certificate as trustable or not (based on the CA that signed it as well as many other parameters), so the client can decide which parameters to look for and which values are acceptable and which are not.

Read More

GDPR - 2 years later

May 25, 2020

As it is becoming a sort of tradition, here we are, after two years from the enactment of GDPR to see how it performs in the real world. In our previous yearly check, we analyzed the situation from two points of view: the banners and the fines. Let’s see how those two topics have evolved in the last year. The Cookie Banners On the 1st of October 2019, with the judgment in case C-673/17, the European Union Court of Justice clarified that pre-ticketed consent checkboxes are not sufficient since the consent has to be expressed actively by the user.

Read More

Huge privacy fines are good, now we need more of them

July 14, 2019

In the last few days, multiple fines related to privacy have been announced. More specifically: British Airways €203M/£183M/$230M (CNN, The Verge) Marriott €109M/£99M/$124M (CNN, The Guardian) Facebook ca€4.5B/ca£4B/ca$5B (The Telegraph, NYT) Even if I talk about them “collectively”, I would like to point out that the third one is very different in nature, in nature and in the jurisdiction, and therefore in the amount of the fine from the first two, which are fairly similar among them.

Read More

GDPR - 1 year later

May 25, 2019

One year has passed by the 25/05/2018, the day that the GDPR started to be enforced. Today I’d like to see how this first year of GDPR went and what we could be expecting for the future given what we have seen so far. The first consideration that I think is obvious but interesting is that the Internet did not close down on the 25/05/2018 as many were worried. In fact, not much changed on that day.

Read More

Bootstrap2hugo upgraded to Bootstrap 4

April 30, 2019

For a few years now, I’ve been using Hugo for my website as well as other websites as well. My first Hugo website was my own since I wanted to learn more about the technology before suggesting it to anyone else. Back then I was not able to find any minimalistic theme I liked, and for that reason, I started my own. As you can imagine from the name, I based it on Bootstrap, version 3 since that was the current version when I started to work on it.

Read More

Calling a SOAP service in Go

December 3, 2018

Today the IT world is very focused on high performance, high throughput interfaces. In this situation, it is common to find REST and gRPC API, given their performances compared to the other solutions. Sometimes, though, we still encounter old API written with older techniques or new API that for some reasons have been developed with outdated technologies. One of those cases that I’ve encountered a few times over the last few months is SOAP.

Read More

CORS with Go and Negroni

November 18, 2018

There are some pieces that you need to put in every microservice you write. Those are for instance logging, error handling, authentication. Over the last year, I found myself writing over and over CORS headers. This requirement brought me to think that I should have used a Negroni middleware since we are already using Negroni for other middlewares. I started looking online for an already written one, and I found a bunch, but I was not happy with what I found, so I decided to write my own.

Read More

A lightweight approach to Go vanity import paths

September 23, 2018

Golang forces its users to use the repository URL of the dependency in the import statement. For instance, if we want to import the “test” package that is hosted at github.com/fale/test, we will need to use github.com/fale/test. In one hand this is very nice since it allows anyone reading the code to immediately understand where the code is hosted and therefore finding it very quickly. Also, this URL-based import path guarantees that no two different packages can have the same import path, preventing this kind of confusion for both programmers and the compiler itself.

Read More

A small HTTP debug server in Go

August 31, 2018

Lately, I found myself to work on an application that was communicating via SOAP with a server. My goal was to understand how this application worked with the SOAP server to emulate its behavior. Even if I had access to the source code of the application, I thought it would have been easier, faster and more fun to do the work without actually reading the code. It’s important to note that actually, the application is fairly small and self-contained.

Read More

RESTful Web APIs by Leonard Richardson, Mike Amundsen, Sam Ruby (O'Reilly Media)

May 28, 2013

The API are now becoming more used every day. Today every major website provides it’s own set of API and often the company websites and services are chosen (or not chosen) based on the availability of API and their design. In this huge world that is getting bigger every day, RESTful API plays a huge role, in fact a lot of companies are moving their API to RESTful API since it’s easier to use, therefore more attractive for potential clients.

Read More

Practical Anonymity, by Peter Loshin (Elsevier/Syngress)

May 7, 2013

The anonymity on the web is probably one of the most debated topics on the web. Is possible to be completely anonymous? The short answer is no. This book tries to help the read to improve its anonymity, staying is the “real world”, as the “Practical” world in the title suggests. In this book you will not find anything that is too complex for an average user. Whether this is good or bad, depends on you expectations.

Read More

Hacking Web Apps by Mike Shema (Elsevier/Syngress)

April 16, 2013

Have you ever thought that the website you are developing or using is secure? Well, this book will make you change your opinion. This book will change your idea of security and therefor you’ll start to see anything as “probably having some security glitch”. Mike Shema speaks about a lot of different kind of attacks in his book in a real deep way, at the point that sometimes I wondered if he was planning to instruct people how to hack websites or only how to secure own websites.

Read More

HTML5 Canvas for Developers by David Geary (O'Reilly Media)

April 2, 2013

As the name suggests, this set of videos is for developers. HTML 4 and Javascript are often used without much explaination about the JS code it self but only about the HTML5 Canvas part. I felt to point this out immediately since I’ve not found it on the O’Reilly page, but I believe that is really important to specify. Another thing that I’d like to point out is that (as it is easy to imagine, but not obvious) these videos only speak about 2D graphics in HTML (therefore there will no WebGL topics).

Read More

An idea to fight spam

February 28, 2013

Today I would like to give you an idea on how to implement a spam system that can reduce some kind of spam. The problem Sometimes a company or a politician, that does not respect the usual privacy policy, continues to send e-mails even if the user already tried to unsubscribe. My postulates The people who usually send this kind of e-mail are not very familiar with how e-mail work or how the privacy policy works.

Read More

The Art of SEO by Eric Enge, Stephan Spencer, Jessie Stricchiolla and Rank Fishkin, O'Reilly

April 4, 2012

Since the four authors are very popular in the SEO field, I was expecting the best book on SEO ever. All my expectation have been met. I think that the book authors have done a great job describing these difficult concept in an easy and ordered way. The book, also, is very complete. The touched topics include: user-focussed data, key analytical tools, effective website creation, result tracking, search engine theory and behaviour, the impact of social media, SEO best practices and much more.

Read More

jQuery Mobile: Up and Running by Maximiliano Firtman, O'Reilly

April 1, 2012

jQuery Mobile is a library that allows you to develop mobile apps using jQuery. Is even possible to use a jQuery Mobile program as a native app, thanks to programs like PhoneGap. This book assumes that you already know jQuery and I think that this is good since the author can focus only on the main topic in this way. I think you should know or study jQuery before even starting this book.

Read More

Mining the Social Web by Matthew Russell, O'Reilly

February 28, 2012

Mining the Social Web is a good start for anyone is going to create scripts to analyze patterns in Social Networks. I’ve to say that this book consider that the reader already masters Python. I think that should be written directly on the title (ie: “Mining the Social Web with Python”). I liked the really fast approach to the Social Networks, even if a lot of times I wanted more; for this reason I consider it only a start, not a complete book.

Read More
Older