Forem: Julian Cantillo

W3c Activitypub Protocol

Julian Cantillo — Thu, 10 Nov 2022 00:52:56 +0000

ActivityPub protocol

The protocol describes a decentralized "social network"; it relies heavily on JSON+LD schemes to describe activities performed by actors. The protocol comprises a set of interfaces for server-to-server and client-to-server connections. You can find more information in the W3C ActivityPub page

How does it works?

In the following diagram, you can see Alice and Bob interacting with the AcitityPub protocol. Alice wants to post something that could be a Tweet-like message, a video, or a note; Bob should be able to read it.

A service discovery protocol is the base of ActivityPub. The representation of all actors, Alice and Bob, and the messages have URLs in the attributes pointing to the counterpart server. The service discovery definition uses JSON+LD as the default format.

Those URLs tell where a server or a client must fulfill an activity such as Publish or Like. In the previous example, Alice wants to publish a post. She already knows the Outbox URL to create a Post; in this case, the action is "Create."

My take on this proposal

I used to be a PropTech entrepreneur. I implemented the Real Estate Transaction Standards (RETS) for the web application. The Multiple Listing Services (MLS) uses RETS to describe properties and actions performed over it. Those standards or, better, a new version may benefit from this kind of protocol.

Go Vuln the Golang Vulnerability Database

Julian Cantillo — Wed, 09 Nov 2022 13:33:04 +0000

What is govuln?

govuln is a new vulnerability database for looking your code for vulnerable packages and prevent supply chain attacks

How to install the `govulncheck` cli

govulncheck is the command line inferface for interacting with the database and checking your code against it, install it with the following command:

go install golang.org/x/vuln/cmd/govulncheck@latest

Then run it in your project as follows:

govulncheck .

It will search in your dependencies for vulnerable packages. Here is an example of the output:

govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.

Scanning for dependencies with known vulnerabilities...
No vulnerabilities found.

=== Informational ===

The vulnerabilities below are in packages that you import, but your code
doesn't appear to call any vulnerable functions. You may not need to take any
action. See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck
for details.

Vulnerability #1: GO-2022-1095
  Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows.

  In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" sets the variables "A=B" and "C=D".
  Found in: syscall@go1.19.1
  Fixed in: syscall@go1.19.3
  More info: https://pkg.go.dev/vuln/GO-2022-1095

For more details check the official doc: https://go.dev/security/vuln/ and the talk given during the 2022 go day titled
Writing your Applications Faster and More Securely with Go
which also covers Fuzzy Testing but that is for another TIL

Kubernetes setup Dockerhub secret

Julian Cantillo — Sun, 13 Mar 2022 23:23:40 +0000

When a Kubernete's pod or deployment pull the container image, the easiest way is to host the image in Dockerhub. However, sometimes you need to host the image in a private registry, therefore, you need to create a secret in Kubernetes to store the credentials and enable the pod to pull the image from the private registry.

Step 1: Create a secret

Using the kubectl command, create a secret as follows:

kubectl create secret generic dockerhub \
    --from-file=.dockerconfigjson=~/.docker/config.json \
    --type=kubernetes.io/dockerconfigjson

The create secret command creates a secret with the name dockerhub and the type kubernetes.io/dockerconfigjson. The --from-file flag specifies that the secret should be created from the file .dockerconfigjson in the home directory of the user, and, the kubernetes.io/dockerconfigjson type is used to specify that the secret is in the format of a Docker configuration file.

Step 2: Specify the secret in the Pod definition

In the spec section of the Pod definition, add the following lines:

imagePullSecrets:
  - name: dockerhub

The imagePullSecrets field specifies that the pod should use the secret to pull the image from the private registry. The name field specifies the name of the secret. A complete example of the Pod definition is shown below:

---
apiVersion: v1
kind: Pod
metadata:
  name: my-app
spec:
  containers:
  - name: my-app-container
    image: my-docker-hub-user/my-app-image
  imagePullSecrets:
  - name: dockerhub

Step 3: Deploy the Pod

The Pod is now ready to be deployed in the Kubernetes cluster using the private image.

kubectl apply -f my-app.yaml

My 2021 Reading List

Julian Cantillo — Sat, 29 May 2021 22:05:41 +0000

Last year I did read several books, mostly because the COVID-19 pandemic, tired of watching netflix I decided to read a book instead.
Started with some from the backlog. And this year the tradition continues -the pandemic haven't finished yet- but also I learnt a lot last year.
However this year I want to make more public my reading list, and also write more. For that reason I want to start writing little essays from the
latest books.

This is my reading list:

Ask Your Developer: How to Harness the Power of Software Developers and Win in the 21st Century by Jeff Lawson | Amazon
Working Backwards: Insights, Stories, and Secrets from Inside Amazon by Colin Bryar and Bill Carr | Amazon
An Ugly Truth: Inside Facebook's Battle for Domination by Sheera Frenkel and Cecilia Kang | Amazon
Staff Engineer, Leadership beyond the management track by Will Larson Amazon