OWASP TOP 10
Each year, OWASP (the Open Web Application Security Project) publishes the top ten security vulnerabilities. It represents a broad consensus about the most critical security risks to web applications. Click through on the lessons below to learn more about how to protect against each security risk.
Your Product Owner Is Not Your Product Manager
Your Product Owner Is Not Your Product Manager. Product management has evolved to encompass numerous roles and responsibilities. Leaders looking to hire a product professional must consider what skills and knowledge their business needs demand.
While the market has evolved and will continue to evolve, there remains a need for both a product owner’s and a product manager’s skills and expertise. By considering the nature and scale of a project and understanding the skills and responsibilities associated with each of these distinct roles, leaders can ensure they hire the right person to help them develop and launch products successfully.
Insert-Only Tables and Autovacuum Issues Prior to PostgreSQL 13
If you have write-only tables (or heavy, heavy writes), you may need to check this post. Autovacuum has some issues before PostgreSQL 13, and you might have some great workarounds to use until upgrading your database version.
Enterprise CI/CD best practices
Free book with 23 best practices to apply to your CI/CD pipeline. Those best practices aim to help you design (or use as a checklist) a solid pipeline for your software.
A war story about COVID, cloud, and cost. And why serverless wins.
Nice story about serverless outcomes and potential. Based on COVID-19 pushing of infrastructure and computing services, billing is an important subject. The article has an excellent example of how both scale environment and low bill costs work together on a serverless tech stack.
Use Open Source. Stay Secure.
A developer-first solution that automates finding & fixing vulnerabilities in your dependencies
Reading List - by Mathias Verraes
Code Reviews and Blame Culture
A common belief is that gated reviews lead to blaming individuals. The opposite can be true.
How to Write a Git Commit Message
Why good commit messages matter
Better Commits with Static Review
Good Engineering Practices while Working Solo
How Much maintenance_work_mem Do I Need?
While I generally like PostgreSQL's documentation quite a bit, there are some areas where it is not nearly specific enough for users to understand what they need to do. The documentation for maintenance_work_mem is one of those places. It says, and I quote, "Larger settings might improve performance for vacuuming and for restoring database dumps," but that isn't really very much help, because if it might improve performance, it also might not improve performance, and you might like to know which is the case before deciding to raise the value, so that you don't waste memory. TL;DR: Try maintenance_work_mem = 1GB. Read on for more specific advice.
Fake Online REST API for Testing and Prototyping
A Beginner’s Guide to the True Order of SQL Operations
The SQL language is very intuitive. Until it isn’t. A guide to understanding the order of a SELECT operation.
The state of open source security - 2019
Snyk is an incredible tool for package security. And they released a state of open source security, talking about open source adoption and package, images and code vulnerabilites. We are talking about maven, npm, pypi, docker, etc.
Cloud Computing without Containers
Cloudflare has a cloud computing platform called Workers. Unlike essentially every other cloud computing platform I know of, it doesn’t use containers or virtual machines. We believe that is the future of Serverless and cloud computing in general, and I’ll try to convince you why.
HTTP-over-QUIC will officially become HTTP/3
The protocol that's been called HTTP-over-QUIC for quite some time has now changed name and will officially become HTTP/3. This was triggered by this original suggestion by Mark Nottingham.
The QUIC Working Group in the IETF works on creating the QUIC transport protocol. QUIC is a TCP replacement done over UDP. Originally, QUIC was started as an effort by Google and then more of a "HTTP/2-encrypted-over-UDP" protocol.
Announcing SSH Access through Cloudflare
A way to replace the old (clunky) VPN by SSH access. Leverage access without losing security.
The Memory Resource Triad
Some more information about the three resources that affect query performance: cpu, memory, and storage.
psql: A New Edit
Have you ever found yourself in the middle of a long statement in psql and wanted to pull up your favorite editor? Now, you can, using the same shortcut of control-x control-e that you would in bash!
The Web Application Security Consortium / The Web Security Glossary
The Web Security Glossary is an alphabetical index of terms and terminology relating to web application security. The purpose of the Glossary is to clarify the language used within the community.
Texas Stadium Fail « FAIL Blog: Pictures and Videos of Owned, Pwnd and Fail Moments
E o windows...
The Novel 100: The 100 Greatest Novels of All Time
Os 100 livros que moldaram a história mundial
Playing For Change | Peace Through Music
Paz através da música. "Taí uma iniciativa não-racial com muitos negros".
Blog do Márcio d’Ávila » Portal da Vivo comprometido prolifera fraude
Ontem, foi descoberto um incidente de segurança que comprometeu o portal da operadora de telefonia Vivo e pode ter afetado milhares de usuários.