January 18, 2019
Golang forces its users to use the repository URL of the dependency in the import statement.
For instance, if we want to import the “test” package that is hosted at github.com/fale/test, we will need to use github.com/fale/test.
On the one hand, this is very nice since it allows anyone reading the code to immediately understand where the code is hosted and therefore find it very quickly.
Also, this URL-based import path guarantees that no two different packages can have the same import path, preventing this kind of confusion for both programmers and the compiler itself.
On the other hand, this is a limitation since it makes the code very reliant on the repository location.
Read More 
December 3, 2018
Today the IT world is very focused on high performance, high throughput interfaces.
In this situation, it is common to find REST and gRPC API, given their performances compared to the other solutions.
Sometimes, though, we still encounter old API written with older techniques or new API that for some reasons have been developed with outdated technologies.
One of those cases that I’ve encountered a few times over the last few months is SOAP.
Read More 
November 18, 2018
There are some pieces that you need to put in every microservice you write.
Those are for instance logging, error handling, authentication.
Over the last year, I found myself writing over and over CORS headers.
This requirement brought me to think that I should have used a Negroni middleware since we are already using Negroni for other middlewares.
I started looking online for an already written one, and I found a bunch, but I was not happy with what I found, so I decided to write my own.
Read More 
September 23, 2018
Golang uses URLs for the dependencies packages resolution.
To unbundle the code repository hosting the package and the import path, Golang supports the idea of Vanity Import Paths.
The way this has been implemented is that, as long as the import path points to a page where Go can find the real package URL, it will follow through.
So, we will need to create a web server that can serve pages in a way that the Go toolchains can understand.
To do so, I use the following code:
Read More 
August 31, 2018
Lately, I found myself to work on an application that was communicating via SOAP with a server.
My goal was to understand how this application worked with the SOAP server to emulate its behavior.
Even if I had access to the source code of the application, I thought it would have been easier, faster and more fun to do the work without actually reading the code.
It’s important to note that actually, the application is fairly small and self-contained. Otherwise, I would have probably taken a different approach.
Read More 
April 13, 2016
Yesterday, Let’s Encrypt moved from beta to GA.
During the beta phase, which started last September, more than 1.7 million certificates were issued.
I think this is a crucial step for the project and overall for the Internet as well.
Until now, the only way to obtain a valid TLS certificate was to pay a CA.
This artificial constraint made no sense since the CAs were forcing users to buy an insurance policy that made no sense (and often, it was completely worthless).
Read More 
May 20, 2015
Today it was published a new kind of downgrade attack against TLS: logjam.
The attack relies on the fact that for Diffie-Hellman key exchanges, a prime is necessary.
Many applications use a pre-generated prime to speed up the Diffie-Hellman process.
Using a pre-generated prime is not a security issue by itself, but it can become one if coupled with a server that accepts very short Diffie-Hellman keys such as the 512 bits ones (the maximum allowed for DHE_EXPORT).
Read More 
October 26, 2013 - Vignate, IT
Read More 
May 28, 2013
The API are now becoming more used every day.
Today every major website provides it’s own set of API and often the company websites and services are chosen (or not chosen) based on the availability of API and their design.
In this huge world that is getting bigger every day, RESTful API plays a huge role, in fact a lot of companies are moving their API to RESTful API since it’s easier to use, therefore more attractive for potential clients.
Read More 
May 7, 2013
The anonymity on the web is probably one of the most debated topics on the web.
Is possible to be completely anonymous? The short answer is no.
This book tries to help the read to improve its anonymity, staying is the “real world”, as the “Practical” world in the title suggests.
In this book you will not find anything that is too complex for an average user.
Whether this is good or bad, depends on you expectations. I’ve took this book the first time with really high expectations and I was really disappointed. When I took it for the second time, with different expectations, I did found the book pretty good.
Read More 
(Fabio Alessandro Locati|Fale)'s blog