October 31, 2021
I often see people and companies moving their workloads to the cloud.
Speaking with them, they explain that the cloud is cheaper, more flexible, and more reliable than their current infrastructure.
To further increase investment return, they often target a specific (single) cloud to reduce management costs and complexity.
By itself, this trend seems a very reasonable one.
The risk is that, sometimes, people do not consider the less immediate risks around this move.
There are many of those risks, and if there is an appetite for it, I’ll be talking further about the other dangers, but now I would like to focus on a specific one: the risk of a shutdown.
Read More 
July 28, 2021
A few years ago, I wrote a blog post on managing CORS headers with Negroni.
Lately, I’ve created a new API server that needed to be accessible from the browser, but this time I used a different technology, more precisely gRPC-Gateway.
Few months after I wrote that blog post, I stopped writing new REST services by hand.
I did not rewrite all the services that used the old paradigm just because they needed a fix or a new feature, but for all new services, I moved to gRPC with gRPC-Gateway.
Read More 
May 31, 2021
Three years passed from the moment the GDPR become binding law in the European Union.
On the one hand, I’m happy that it has already been three years, but on the other hand, I’m impatient to see GDPR fully applied.
Cookies
Cookies are always a hot theme when we talk about GDPR.
I still see websites handing out cookies (first and third parties ones) without a cookie banner or to users who have not pressed the “accept” button on the cookie banner.
Also, speaking about cookie banners, the majority are not compliant since they often make it hard to refuse cookies or pre-select cookie acceptance.
This situation is unfortunate, but we see some movement on this (like the noyb initiative).
If those initiatives continue, as I hope, next year, the cookie situation will be much better!
Read More 
September 13, 2020
On September 1st, 2020, the maximum lifetime of TLS certificates signed by Public Certificate Authority got reduced to 13 months.
How did we arrive here, and what’s to come?
Let’s start from understanding who decides the maximum lifetime of certificates and many other limitations around them.
Who decides the TLS certificate guidelines
Ultimately, the client (often a browser or an operating system) identifies the certificate as trustable or not (based on the CA that signed it as well as many other parameters), so the client can decide which parameters to look for and which values are acceptable and which are not.
This clients’ freedom makes the whole situation very messy since every client can decide their own set, and a subset of the options accepted by every client can be very small if not empty.
Read More 
May 25, 2020
As it is becoming a sort of tradition, here we are, after two years from the enactment of GDPR to see how it performs in the real world.
In our previous yearly check, we analyzed the situation from two points of view: the banners and the fines.
Let’s see how those two topics have evolved in the last year.
The Cookie Banners
On the 1st of October 2019, with the judgment in case C-673/17, the European Union Court of Justice clarified that pre-ticketed consent checkboxes are not sufficient since the consent has to be expressed actively by the user.
This requirement was clear to me since my initial approaches to the GDPR, since it was clear that this was the only way to respect the Regulation’s spirit.
Still, it is very nice to see it stated explicitly by the European Union Court of Justice.
Read More 
July 14, 2019
In the last few days, multiple fines related to privacy have been announced.
More specifically:
Even if I talk about them “collectively”, I would like to point out that the third one is very different in nature, in nature and in the jurisdiction, and therefore in the amount of the fine from the first two, which are fairly similar among them.
Read More 
June 20, 2019
A few days ago, Facebook presented Libra, a blockchain-based cryptocurrency project.
After the inception of Bitcoin around ten years ago, we got more and more used to new cryptocurrencies being presented every other day.
Often those projects are created by small teams of people, often anonymously.
Facebook’s announcement is very different since Facebook is a huge company and has partnered with many other huge companies for this launch.
I’m very skeptical of Libra, and I think it will not succeed in the long run.
In fact, it already starts with big challenges, including the fact that most people do not trust Facebook.
Differently from many companies, Facebook is used by many people, but it is not generally trusted, and the base requirement for the success of any kind of currency is the trust in the entity behind it.
Libra will be managed by the Libra Alliance and not Facebook directly.
Still, so far, we have seen a much more significant presence of Facebook than any other Libra Alliance member, so easily Libra will still be referred to as “the Facebook cryptocurrency” many years from now.
Read More 
May 25, 2019
One year has passed by the 25/05/2018, the day that the GDPR started to be enforced.
Today I’d like to see how this first year of GDPR went and what we could be expecting for the future given what we have seen so far.
The first consideration that I think is obvious but interesting is that the Internet did not close down on the 25/05/2018 as many were worried.
In fact, not much changed on that day.
A thing that did change a lot is the number of banners asking the authorization to give some cookies to your browser.
This increase of cookie banners is an interesting phenomenon since the differences between the EU cookie law and the GDPR on cookies are minor.
I think this phenomenon can be explained by the fact that now companies are more worried about violating those regulations than before, thanks to the massive fines that they can incur into with the GDPR.
Read More 
April 30, 2019
For a few years now, I’ve been using Hugo for my website as well as other websites as well.
My first Hugo website was my own since I wanted to learn more about the technology before suggesting it to anyone else.
Back then I was not able to find any minimalistic theme I liked, and for that reason, I started my own.
As you can imagine from the name, I based it on Bootstrap, version 3 since that was the current version when I started to work on it.
I’ve made some minor updates over the last few years, but it was still based on Bootstrap 3.
In the last couple of months I did some commits in a branch to bring it to Bootstrap 4, and today I merged them in master, so the template now is based on Bootstrap 4.
Read More 
March 21, 2019
After the article on the reasons to use vanity URLs in Go and the one about how to implement a lightweight vanity URLs provider, I’d like to share with you how you can leverage AWS Lambda to implement a vanity URLs provider.
The first thing we will need is to import the github.com/aws/aws-lambda-go package.
This package will provide us with the needed functions to easily integrate our Go code with AWS Lambda.
In our main we will just need to start the Lambda with a handler like this:
Read More 
(Fabio Alessandro Locati|Fale)'s blog