security

GitHub : Security Alerts and Team Discussions

GitHub blog recently announced a couple of interesting new features.

Firstly, Security Alerts. For now it only supports Ruby and JavaScript, but hopefully other languages are coming soon (PHP/Composer please!). Security Alerts will notify repository owners if there are any known security issues in any of the packages that the repository is using. Similar, I guess, to who SensioLabs Security Check works, but integrated with your GitHub.

Secondly, Team Discussions. This is yet another way place for the team to communicate. There are Issues and Pull Requests already. But those are more specific and more focused. For anything that doesn’t have a single issue, or doesn’t have a PR yet, a Team Discussion might be a better place.

SSH via bastion host

A while back I wrote this blog post on the subject of using SSH via bastion hosts. If you are into this sort of thing, have a look at this blog post by my brother. He is providing a few more explanations and clarifications, as well as covers a tricky to troubleshoot case with non-default location of your SSH configuration files and keys.

Firewalld configuration and usage

If you are a Linux old-timer, who is used to iptables (or even ipchains, or even … anyway), you might find “Firewalld configuration and usage” guide very handy. It covers firewalld concepts and provides a number of examples for zones, ports, services, interfaces and other bits and pieces that you might be scratching your head about, when configuring the modern Linux firewall.

Front-End Checklist

This Front-End Checklist is pretty awesome and quite extensive:

The Front-End Checklist is an exhaustive list of all elements you need to have / to test before launching your site / page HTML to production.

It is based on Front-End developers’ years of experience, with the addition from some other open-source checklists.

It goes over generic HTML bits, meta information, web fonts, CSS, images, JavaScript, security, accessibility, performance and more.

The best part is that large parts of this list are pretty easy to automate and integrate with your deployment / continuous delivery tool chain.

Single Sign On – You’re Probably Doing It Wrong

Arnes Blanert wrote an extensive article for the architect magazine on the subject of Single Sign On (SSO). It covers both authentication and authorization via a variety of widely and not so widely used methods, including oAuth, SAML, JSON Web Token and more.

As someone who was involved in a variety of Single Sign On implementations (see some of the posts on the subject in my blog), I wish I had an article like this in my RSS feeds much much earlier.