Hi there 👋

This is the third article in a series on Cryptography for the Everyday Developer. Follow along to learn the basics of modern cryptography and encryption. Without randomness, cryptography would be impossible because all operations would become predictable and therefore insecure. — Jean-Philippe Aumasson, Serious Cryptography The cryptographic strength of most systems lies in their ability to generate random numbers that cannot be easily guessed or reproduced, making it difficult for adversaries to crack the encryption or predict the output. Unfortunately for us, computers and the software that they run are very predictable. As long as they are given the same inputs each time, they’ll always come up with the same outputs. This is very good for reliability, but not so good for cryptography where randomness and unpredictability are required for secure operation. ...

This is the second article in a series on Cryptography for the Everyday Developer. Follow along to learn the basics of modern cryptography and encryption. A cipher is only useful if it is secure. What makes a cipher secure? Let’s remember the use case for classical ciphers — keeping messages confidential. Caesar’s cipher and Vigenère’s cipher both suffer from a similar flaw, which makes them insecure and unusable for secure communication. For both ciphers, the flaw is obvious — these ciphers allow an attacker to learn how the cipher works by inspecting the ciphertext itself. This allows an eavesdropper can decrypt the message given only the ciphertext. A secure cipher, on the other hand, is one where it is not possible to learn anything about the plaintext or the cipher’s behaviour even by inspecting numerous plaintext or ciphertext messages. ...

This is the first article in a series on Cryptography for the Everyday Developer. Follow along to learn the basics of modern cryptography and encryption. The best way to begin learning about encryption is by example. And thankfully, there exist many examples of encryption throughout history that we can draw from. One of the earliest well-known examples of encryption is the Caesar Cipher, and we will begin there. The Caesar cipher is one of the oldest and simplest forms of encryption. It works by shifting each letter in your message a fixed number of positions down the alphabet. For example, with a shift of 3: ...

In this blog post, we will explore how to use simulated annealing to cluster a Design Structure Matrix (DSM). We will also discuss how this approach differs from the implementation developed by Ronnie Thebeau as part of his master’s thesis. What is a Design Structure Matrix (DSM)? A Design Structure Matrix (DSM) is a compact, matrix representation of a system or project. It is used to model the relationships between elements in a system, such as tasks in a project or components in a product. Each row and column in the matrix represents an element, and the cells indicate the presence and strength of relationships between elements. ...

At AWS re:Invent 2023, Amazon CTO Werner Vogels delivered a talk on the laws of frugal architecture. While I initially filed away those insights to review later, a year of cloud architecture experience crystallized a fundamental truth: in cloud computing, cost isn’t just a financial consideration — it is a first-class architectural concern through which we should design and optimize our systems. Cloud providers charge for every conceivable resource: servers, API calls, data transfer, and computational milliseconds. But cost is more than just a line item on a monthly bill, it is a powerful forcing function that drives better architectural decisions. ...

If you work with US government entities or corporations in regulated markets the subject of FIPS compliance may come up, especially in the context of FedRAMP authorization. FIPS 140-2 and FIPS 140-3 are a set of cryptographic standards that your application may need to adhere to dictating the appropriate ciphers or cryptographic functions that are in use. It can take a lot of effort to run a completely FIPS compliant architecture, but for application developers, the bottom line is that any code that uses cryptographic operations to secure customer data must use FIPS certified cryptographic libraries. ...

Most new applications are built as a single codebase and deployed as a monolith until product-market fit or the need for additional scale is required. Such monolithic applications are easy to write and maintain, and allow you to iterate quickly when there are a smaller number of users and the traffic is low. However, as traffic increases you will need to scale the application to handle the increase in load. One framework for scaling is the “Scale Cube” describe by AKF partners. ...

eBPF is a technology allowing you to dynamically program the kernel using a virtual machine approach. Several development frameworks exist, with the top choice for Rust developers being Aya. Because of the deep integration between eBPF and the Linux kernel, it can be challenging to create a local development environment that works across different development machines. To date, I’ve taken to developing eBPF programs on EC2 instances using the AWS Cloud9 development environment. This works, but comes with its own issues and won’t be for everyone. ...

One of the larger hurdles to climb when becoming FedRamp moderate is encrypting all data in transit using FIPS validated encryption modules. This article describes one approach to satisfying this requirement for anyone running a Kubernetes cluster on AWS. For those lucky souls who are unfamiliar with FIPS, it stands for Federal Information Processing Standard (FIPS), which is a joint US and Canadian government standard that specifies the security requirements for cryptographic modules that protect sensitive information. FedRamp specifically requires you to satisfy two related controls: SC-8 and SC-13. ...

This article provides guide to the different developer tools available for writing eBPF programs, covering the core tools BCC, bpftrace, ebpf-go, and libbpf. These tools satisfy a different use case depending on whether you are trying to use eBPF for running analysis scripts, or full-fledged programs, in what programming language you wish to use, and the maturity and feature parity with the most recent eBPF features in the Linux kernel. Unfortunately, there is no single definitive guide to BPF and there is still a lot of unwritten knowledge, though some of the resources provided in this article may help you get started on your own journey. ...