Gonçalo Valério @dethos@s.ovalerio.net

Admin

Full-stack developer, advocate of a free, secure and safe Internet. Nature lover and sports enthusiast. https://ovalerio.net

Toots Toots with replies Media

Gonçalo Valério boosted

Purism Librem Laptops Now Completely Disable Intel’s Management Engine

https://puri.sm/posts/purism-librem-laptops-completely-disable-intel-management-engine/ https://mastodon.social/media/uJkVJ40aW7RO7DvRQJk

Some nice tips to improve the Django "admin" of your project:

https://medium.com/@hakibenita/things-you-must-know-about-django-admin-as-your-app-gets-bigger-6be0b0ee9614

#python #django

Gonçalo Valério boosted

linux & Debian patches to hostapd & wpa_supplicant available since the morning #krackattacks https://www.debian.org/security/2017/dsa-3999 https://w1.fi/security/2017-1/

Using PostgreSQL's full-text search plus new Django ORM postgreSQL features to implement complex search functionality:

https://simonwillison.net/2017/Oct/5/django-postgresql-faceted-search/

#python #django #postgresql

If only half of this ... was considered for most of the software ... there would be a huge improvement in overall security:

https://www.oneupsecurity.com/research/five-minute-guide-to-software-security/

Could we use Hashicorp's Vault (only available inside the internal network) to achieve this "Crypto-anchor" thing? 🤔

https://diogomonica.com/2017/10/08/crypto-anchors-exfiltration-resistant-infrastructure/

Exporting CSVs with user input? please take this into account:

http://georgemauer.net/2017/10/07/csv-injection.html

#security #webapps

Nice overview about ActivityPub:

https://gitlab.com/dustyweb/talks/blob/master/activitypub/rwot/even_more_distributed_activitypub.org

Gonçalo Valério boosted

An Illustrated Guide to SSH Tunnels

https://solitum.net/an-illustrated-guide-to-ssh-tunnels/

Optimizing your Django web application? check out this series of 3 blog posts:

http://dizballanze.com/en/django-project-optimization-part-3/

Cool article about setting up a django project together with webpack

http://owaislone.org/blog/webpack-plus-reactjs-and-django/

Gonçalo Valério boosted

Adobe just dumped its PRIVATE PGP key on the internet

http://www.theregister.co.uk/2017/09/22/oh_dear_adobe_security_blog_leaks_private_key_info/

A nice explanation of Python's logging module:

https://opensource.com/article/17/9/python-logging

Yesterday was a sad day to the Web:

https://boingboing.net/2017/09/18/antifeatures-for-all.html

If you use Apache, you might want to look at this:

https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html

Makes total sense: Software developed using public funds should be available to the public under a Free and Open Source License.

https://publiccode.eu/

The same should also be applied to scientific research funded by public funds, the public should have open access to those papers.

Using facebook opensource libraries in a project requires some thought, since it might have some side effects due to the license. ASF and now Wordpress decided to avoid React on their projects.

https://ma.tt/2017/09/on-react-and-wordpress/

Applying some migrations to a large Postgres database. Maybe you should take this into account:

http://www.craigkerstiens.com/2017/09/10/better-postgres-migrations/

Some good advise:

https://www.nczonline.net/blog/2013/10/15/the-best-career-advice-ive-received/

Gonçalo Valério boosted

OAuth2 server with OpenID Connec in Go using Apache 2 license thttps://github.com/ory/hydra