Vulnerability Management: Navigating the Deep Dark Pit of Version Numbers

One of the first things any security practitioner will tell you to do is keep your software up to date. It’s the number one way to protect against exploits targeting known vulnerabilities. In fact, most attacks these days don’t use new or novel attack methods, or even recently discovered vulnerabilities to succeed. They often use vulnerabilities that are years old!

Now while it’s simple to say that everyone should just run the most recent versions of operating systems and packages, actually implementing this quickly becomes painful for a number of reasons.

Read more “Vulnerability Management: Navigating the Deep Dark Pit of Version Numbers”

C++ in the Linux kernel

I’ve seen some crazy things. I’ve also done some crazy things. I’m going to tell you about one of them.

conversation-1.pngA developer walks into a bar. He then gets completely and totally plastered before talking to his boss. That conversation then results in him accepting the task of writing a Linux kernel module in C++. I was that developer, minus the walking into a bar and getting plastered part. While I did put up a token effort to advocate doing the development in C, I got overruled. I then threw myself to the task with gusto.

Read more “C++ in the Linux kernel”

Five Lessons We Learned on Our Way to Centralized Authentication

In many startups, centralized authentication is a “future us” problem. Setting up centralized auth is useful for managing your network, but requires time, domain knowledge, and patience to get many of the technical solutions working. Compare this with the ease of user management via configuration management (CM) tools that your DevOps teams are already using — they work well enough (and, did we mention, are already in place?) — so it makes total sense that many organizations “punt” on this issue.

Read more “Five Lessons We Learned on Our Way to Centralized Authentication”

My Journey in Scala, Part 3: None is Better Than Undefined

Here’s the situation: At Threat Stack we consume a torrent of security event data every day, and as many new customers come on board, the amount of data we need to ingest, transform, store, and retrieve just keeps growing. About a year ago, we implemented a caching layer to allow us to display more aggregated information to customers on our Dashboard, which was powered by ElasticSearch Aggregates.

Read more “My Journey in Scala, Part 3: None is Better Than Undefined”

Scala @ Scale, Part 2: Compose Yourself!

Function composition is an extremely useful tool for creating modular, testable programs. One of the most natural applications of functional composition that I’ve found is creating a lightweight, composable HTTP request builder, and with that objective in focus, this post will equip you with the tools you need to simplify your HTTP clients.

Read more “Scala @ Scale, Part 2: Compose Yourself!”

Practical ReactJS and Redux (Optimistic Updates), Part 3

Tips for Optimistic Updates

Optimistic_Updates.png

This is the third in a series of blog posts about real-world ReactJS usage and what we’ve learned scaling our app at Threat Stack. Specifically, this is a quick followup that provides tips on how to achieve optimistic updates and rollbacks with what we’ve worked on in Parts 1 and 2 of this series.

Still making sure to answer these questions:

  • What is the ease of development?
  • How fast can new team members understand what’s going on?
  • How fast can you figure out if something is broken?

Read more “Practical ReactJS and Redux (Optimistic Updates), Part 3”

Useful Scala Compiler Options Part 2: Advanced Language Features

Scala offers a number of advanced language features that are disabled by default. If you try to use any of them, the compiler will generate a warning informing you of their usage. There are a number of reasons that you might want to enable features (or keep them disabled). In this post, we will explore what each language feature is and under which circumstances you might want to enable them. (For a discussion of basic Scala Compiler options that we find useful at Threat Stack, see Part 1 of this series.)

Read more “Useful Scala Compiler Options Part 2: Advanced Language Features”

SELECT This! Scala Data Access Library Review, Part 1

At Threat Stack we love databases, and as we started to expand our Scala code base, we quickly realized we wanted to standardize on a way to talk to the RDMS within our Scala projects. As we explored the realm, we came across four projects that seemed to have the most potential: ScalikeJDBC, Quill, Jooq, and Doobie. We had already been playing with ScalikeJDBC for awhile, but these other libraries offered interesting features, so we began to investigate.

In this post, we’ll take a look at some of the pros and cons of ScalikeJDBC and Quill. In a followup, we’ll discuss Jooq and Doobie.

Read more “SELECT This! Scala Data Access Library Review, Part 1”

Real-World ReactJS and Redux, Part 2

When this happens do that… or side effects!

This is the second in a series of blog posts about real-world ReactJS usage and what we’ve learned scaling our app at Threat Stack.

In this post, we’ll be displaying actions based on an api middleware shown in Part 1.

Still making sure to answer these questions:

  • What is the ease of development?
  • How fast can new team members understand what’s going on?
  • How fast can you figure out where something is broken?

Read more “Real-World ReactJS and Redux, Part 2”