March 21, 2019
After the article on the reasons to use vanity URLs in Go and the one about how to implement a lightweight vanity URLs provider, I’d like to share with you how you can leverage AWS Lambda to implement a vanity URLs provider.
The first thing we will need is to import the github.com/aws/aws-lambda-go package.
This package will provide us with the needed functions to easily integrate our Go code with AWS Lambda.
In our main we will just need to start the Lambda with a handler like this:
Read More 
January 18, 2019
Golang forces its users to use the repository URL of the dependency in the import statement.
For instance, if we want to import the “test” package that is hosted at github.com/fale/test, we will need to use github.com/fale/test.
On the one hand, this is very nice since it allows anyone reading the code to immediately understand where the code is hosted and therefore find it very quickly.
Also, this URL-based import path guarantees that no two different packages can have the same import path, preventing this kind of confusion for both programmers and the compiler itself.
On the other hand, this is a limitation since it makes the code very reliant on the repository location.
Read More 
December 3, 2018
Today the IT world is very focused on high performance, high throughput interfaces.
In this situation, it is common to find REST and gRPC API, given their performances compared to the other solutions.
Sometimes, though, we still encounter old API written with older techniques or new API that for some reasons have been developed with outdated technologies.
One of those cases that I’ve encountered a few times over the last few months is SOAP.
Read More 
November 18, 2018
There are some pieces that you need to put in every microservice you write.
Those are for instance logging, error handling, authentication.
Over the last year, I found myself writing over and over CORS headers.
This requirement brought me to think that I should have used a Negroni middleware since we are already using Negroni for other middlewares.
I started looking online for an already written one, and I found a bunch, but I was not happy with what I found, so I decided to write my own.
Read More 
September 23, 2018
Golang uses URLs for the dependencies packages resolution.
To unbundle the code repository hosting the package and the import path, Golang supports the idea of Vanity Import Paths.
The way this has been implemented is that, as long as the import path points to a page where Go can find the real package URL, it will follow through.
So, we will need to create a web server that can serve pages in a way that the Go toolchains can understand.
To do so, I use the following code:
Read More 
August 31, 2018
Lately, I found myself to work on an application that was communicating via SOAP with a server.
My goal was to understand how this application worked with the SOAP server to emulate its behavior.
Even if I had access to the source code of the application, I thought it would have been easier, faster and more fun to do the work without actually reading the code.
It’s important to note that actually, the application is fairly small and self-contained. Otherwise, I would have probably taken a different approach.
Read More 
November 3, 2017
Authentication factors
One of the common way to create more secure authentication in systems is adding more “factors”, creating in this way a Multi-Factor Authentication (MFA).
The idea behind MFA is that there are many different ways to authenticate a user, and those can be split in different “categories” based on the kind of challenge we require.
Generally speaking, it’s common to divide the authentication methods in mainly three categories:
Read More 
April 13, 2016
Yesterday, Let’s Encrypt moved from beta to GA.
During the beta phase, which started last September, more than 1.7 million certificates were issued.
I think this is a crucial step for the project and overall for the Internet as well.
Until now, the only way to obtain a valid TLS certificate was to pay a CA.
This artificial constraint made no sense since the CAs were forcing users to buy an insurance policy that made no sense (and often, it was completely worthless).
Read More 
May 20, 2015
Today it was published a new kind of downgrade attack against TLS: logjam.
The attack relies on the fact that for Diffie-Hellman key exchanges, a prime is necessary.
Many applications use a pre-generated prime to speed up the Diffie-Hellman process.
Using a pre-generated prime is not a security issue by itself, but it can become one if coupled with a server that accepts very short Diffie-Hellman keys such as the 512 bits ones (the maximum allowed for DHE_EXPORT).
Read More 
October 26, 2013 - Vignate, IT
Read More 
(Fabio Alessandro Locati|Fale)'s blog