Avatar (Fabio Alessandro Locati|Fale)'s blog

EU EDPB vs. Irish DPC vs. Meta Platforms

May 24, 2023

The Irish Data Protection Commission (DPC) has evaluated the legality of Facebook’s (now Meta Platforms) data transfer for over 10 years. In those 10 years, we have seen the Irish DPC trying to avoid ruling on the matter multiple times and the European Data Protection Board (EDPB) forcing them to do it. We now have a final ruling on the matter, which is unfavorable to Meta. In fact, in addition to having to stop the data transfer within 5 months and having to move back all data within 6 months, Meta has to pay a € 1.

Read More

Product vs. Technology

October 10, 2022

Every so often, I have a conversation with someone, and we end up in a sub-conversation around the differences between products and technologies. This phenomenon frequently happens to me because I consider a product and a technology two completely different things. At the same time, many people use them interchangeably when discussing IT products and technologies. I think this distinction’s value is clearly distinguishing the solutions that are resilient to a single entity failure and those that are not.

Read More

Google Analytics and EU rules

September 26, 2022

In the last few months, we have witnessed multiple European Data Protection offices weigh on the legitimacy of Google Analytics. Back in January, I’ve published a post that touched on the topic but was not really about Google Analytics. So, let’s start looking at what happened, why Google Analytics seems to be so interesting for the European Privacy authorities, and finish with some guessing on what could happen in the next few months.

Read More

Can you trust a cloud provider for HA?

May 23, 2022

We have seen a massive increase in the “real world” dependency on digital services in the last few years. This process will probably continue in the future, and we are not ready for it. In the same few years, we have seen a lot of cases where digital services went offline or got hacked. In a society that relies more and more on digital services, we can not afford such services not to be available or secure.

Read More

Inject DB connections in Golang gRPC API

March 21, 2022

One of the first issues that I had to solve when I started to use gRPC was how to inject a DB connection pool to the function handling the request. The DB connection injection is needed because creating a new SQL connection every time there is a new gRPC request (and tearing it down at the end) is a massive waste of resources. Also, this approach could limit the scalability of the API since the database probably has a limited number of connections it will accept.

Read More

Web3: the risk of naming

November 26, 2021

In the last few weeks, I’ve heard from many - mainly not technical - people the expression “Web3”. In a way, it is excellent that people that are not tech-savvy start to learn about the Web, how it works, and where it might go, since they are using it consciously or not to perform the majority of tasks in their lives. The issue I have with this, though, is that no one of them could explain how it would work or why they are so confident that the future is going in that direction.

Read More

The risk of a Cloud shutdown

October 31, 2021

I often see people and companies moving their workloads to the cloud. Speaking with them, they explain that the cloud is cheaper, more flexible, and more reliable than their current infrastructure. To further increase investment return, they often target a specific (single) cloud to reduce management costs and complexity. By itself, this trend seems a very reasonable one. The risk is that, sometimes, people do not consider the less immediate risks around this move.

Read More

CORS headers with gRPC-Gateway

July 28, 2021

A few years ago, I wrote a blog post on managing CORS headers with Negroni. Lately, I’ve created a new API server that needed to be accessible from the browser, but this time I used a different technology, more precisely gRPC-Gateway. Few months after I wrote that blog post, I stopped writing new REST services by hand. I did not rewrite all the services that used the old paradigm just because they needed a fix or a new feature, but for all new services, I moved to gRPC with gRPC-Gateway.

Read More

GDPR - 3 years later

May 31, 2021

Three years passed from the moment the GDPR become binding law in the European Union. On the one hand, I’m happy that it has already been three years, but on the other hand, I’m impatient to see GDPR fully applied. Cookies Cookies are always a hot theme when we talk about GDPR. I still see websites handing out cookies (first and third parties ones) without a cookie banner or to users who have not pressed the “accept” button on the cookie banner.

Read More

On public TLS certificates lifetime

September 13, 2020

On September 1st, 2020, the maximum lifetime of TLS certificates signed by Public Certificate Authority got reduced to 13 months. How did we arrive here, and what’s to come? Let’s start from understanding who decides the maximum lifetime of certificates and many other limitations around them. Who decides the TLS certificate guidelines Ultimately, the client (often a browser or an operating system) identifies the certificate as trustable or not (based on the CA that signed it as well as many other parameters), so the client can decide which parameters to look for and which values are acceptable and which are not.

Read More
Older