Latest News
Over the past few years, there have been a number of data breaches of companies using AWS but not securing the data correctly. Leaving Personally Identifiable Information (PII) in publicly accessible buckets on S3 seems to be a common problem. While AWS is a very secure environment, AWS’s shared responsibility clearly shows that their job with security ends at “Security of the Cloud” which leaves “Security in the Cloud” up to the customer. One strategy for data encryption is called Envelope Encryption which can be used to encrypt data in transit or at rest.
While code review is a useful process, it sometimes is difficult to pinpoint code which may lead to vulnerabilities. Unless you have memorized all of the various attack vectors, you are probably going to miss something along the way. The idea that we might be able to automatically analyze the code for vulnerabilities to run along side our test frameworks as part of our CI/CD process seemed very intriguing.
Python virtual environments will allow you to run any version of Python and install any packages you like. When you are done or if you screw the environment up, you can delete the environment and create a new one. You can have multiple environments installed at the same time, each with its own version of Python and different sets of modules.
One of the keys to good architecture is understanding the problem before rushing to solutions. Don’t let the latest technology or concepts guide your decisions until you have defined the problem you are trying to solve and fully understand, at least at a high level, what the benefits and costs of various technologies will be.
A Yubikey is a small hardware device that you install in USB port on your system. Its main use is to provide multifactor authentication (MFA) when connecting to various websites that support it. So instead of having the site text/email you a six digit code and then typing that code into a form on the site, you can just touch the sensor on the yubikey to send a MFA code - much simpler. As MFA is implemented by more and more sites, this can be a very handy device. One nice side benefit is that the key can be removed from your laptop, so in theory, even if someone has access to your laptop and your passwords, without the key they will not be able to get into sites that you have configured . Yubikey is supported on many major sites. The main ones I used it on are GitHub and AWS
AWS and GitHub are great services for managing and deploying cloud applications but sometimes getting the code from GitHub to AWS is not as straight forward as we would like it to be. Sure, there are some tools out there that bridge the gap (CircleCi, Jenkins, many others) but that means learning another framework, and hoping that everything is tightly integrated and that you remember how it all works when something breaks half a year after you set it all up. GitHub Actions can help simplify this though. Actions are easily configured workflows that are triggered when you do something with git. For example, you can set up an action that automatically test your code every time you push it to github. You can then extend that workflow so that it builds your code in a test environment when you create a pull request. This allows another member of the team to easily access the running code while reviewing the source code, simplifying the code review process as you get that warm, cozy feeling knowing that the code you are reviewing does what you expect it to do.
Most people are following the news about the COVID-19 virus as it makes it’s impact all over the world. While it’s fairly easy to find the latest counts of confirmed cases and deaths for most countries and in the US the totals for individual states, it’s still hard to get an idea of how the virus is spreading across a particular region and how at risk individuals in those areas might have. This article is about tracking the spread of the disease in the state of Kentucky which, as of right now, has one of the lowest rates on infection in the US based on the rate of infection by capita.
Keeping up with AWS these days is like drinking from a firehose and while a lot of their newer products are designed to make existing products more accessible, every once in a while you get something that helps solve a nagging issue, or opens up a whole new world of possibilities on one of their core services.