EU General Data Protection Regulation (GDPR)

Here are a few things to get you started with European Union General Data Protection Regulation (GDPR).  First is a little introduction:

After four years of preparation and debate the GDPR was finally approved by the EU Parliament on 14 April 2016. It will enter in force 20 days after its publication in the EU Official Journal and will be directly application in all members states two years after this date. Enforcement date: 25 May 2018 – at which time those organizations in non-compliance will face heavy fines.

The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.

And now a few key points from the Frequently Asked Questions page:

Who does the GDPR affect?
The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.

What are the penalties for non-compliance?
Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors — meaning ‘clouds’ will not be exempt from GDPR enforcement.

What constitutes personal data?
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

Interesting, right? Have a nice day now.

How to defend your website with ZIP bombs

How to defend your website with ZIP bombs” has been making rounds on the Internet for the last few weeks.  It’s both sad, that we have to resolve to such measures, and funny as to how tongue-in-cheek this approach is.

Whether you are going to implement it for your web host or not, it’s well worth reading, for a better understanding of what’s going on online, in places, that you are probably not looking at.

The AWS spend of a SaaS side-business

As someone who went through a whole pile of trying and error with Amazon AWS, I strongly recommend reading anything you can on the subject before you start moving your business to the cloud (not even necessarily Amazon, but any vendor), and while you have it running there.  “The AWS spend of a SaaS side-business” is a good one in that category.

Domain names and web hosting research

Web Hosting Geeks published a very extensive research into domain names and web hosting provider options.  It includes the analysis of domain name trends by TLD, as well as over 24,000 hosting companies and how they are doing.

Complete with reviews, and detailed stats about each and every company, I think, this is one of the most complete and in-depth data I’ve seen for a long time.

5 Fancy Reasons and 7 Funky Uses for the AWS CLI

5 Fancy Reasons and 7 Funky Uses for the AWS CLI has a few good examples of AWS CLI usage:

  1. AWS CLI Multiple Profiles
  2. AWS CLI Autocomplete
  3. Formatting AWS CLI Output
  4. Filtering AWS CLI Output
  5. Using Waiters in the AWS CLI
  6. Using Input Files to Commands
  7. Using Roles to Access Resources

There also a few useful links in the article, so make sure you at least scroll through it.

AWS X-Ray – Analyze and debug production, distributed applications

 

I think I’m giving up on even knowing the list and purpose of all the Amazon AWS services, let alone how to use them.  Here’s one I haven’t heard about until this very morning: AWS X-Ray.

AWS X-Ray helps developers analyze and debug production, distributed applications, such as those built using a microservices architecture. With X-Ray, you can understand how your application and its underlying services are performing to identify and troubleshoot the root cause of performance issues and errors. X-Ray provides an end-to-end view of requests as they travel through your application, and shows a map of your application’s underlying components. You can use X-Ray to analyze both applications in development and in production, from simple three-tier applications to complex microservices applications consisting of thousands of services.

16 Linux Books and Videos for System Administrator

Having knowledge of Linux is essential for any system administration, middleware, web engineer job.

Linux is used almost everywhere in production or a non-production environment. There are thousands of article, book, video training to explore and learn but that would be time-consuming.

Instead, you can follow one or two related books or online training.

The following learning materials cover a large number of Linux Administration tasks from beginning to expert level. So pick the one suits you.

Source: 16 Linux Books and Videos for System Administrator

Spellbook of Modern Web Dev

Spellbook of Modern Web Dev is a collection of 2,000+ carefully selected links to resources on anything web development related.  It covers subjects from Internet history and basics of HTML, CSS, and Javascript, all the way to tools, libraries and advanced usage of web technologies, and more; from network protocols and browser compatibility to development environments, containers, and ChatOps.

  • This document originated from a bunch of most commonly used links and learning resources I sent to every new web developer on our full-stack web development team.
  • For each problem domain and each technology, I try my best to pick only one or a few links that are most important, typical, common or popular and not outdated, base on the clear trendspublic data and empirical observation.
  • Prefer fine-grained classifications and deep hierarchies over featureless descriptions and distractive comments.
  • Ideally, each line is a unique category. The ” / “ symbol between the links means they are replaceable. The “, “symbol between the links means they are complementary.
  • I wish this document could be closer to a kind of knowledge graph or skill tree than a list or a collection.
  • It currently contains 2000+ links (projects, tools, plugins, services, articles, books, sites, etc.)

On one hand, this is one of the best single resources on the topic of web development that I’ve seen in a very long time.  On the other hand, it re-confirms my belief in “there is no such thing as a full-stack web developer”.  There’s just too many levels, and there’s too much depth to each level for a single individual to be an expert at.  But you get bonus points for trying.

Rate Limiting with NGINX and NGINX Plus

Nginx blog (which, if you work with Nginx in any capacity, you should subscribe to) has an excellent guide to rate limiting.  The article explains rate limiting from the basics, through bursts, all the way to more advanced examples, with multiple rate limits for the same location.

Web Developer Security Checklist

Web Developer Security Checklist is a good collection of security issues to keep in mind when building web applications.  Not much new in there, but it’s nice to have all of these conveniently gathered in one place.  All items are grouped into a few sections – database, development, authentication, denial of services protection, web traffic, APIs, validation, cloud configuration, infrastructure, operation, etc.