Weekly Roundup 31st May 2020

Dinakaran Sankaranarayanan


Weekly Roundup 31st May 2020

Starting this week, to make my habit of blogging more regularly, I have tried to come up with Weekly Round-Up posts that are a compilation of all interesting blogs or news that I have read in the last week. Most of these are already shared through my Twitter (@dinquistively), this is an attempt to document the same.

Hope you like it.

1.Security vulnerability with Apple Sign-In authentication flow

Link: https://bhavukjain.com/blog/2020/05/30/zeroday-signin-with-apple/

Security vulnerability with Apple Sign-In authentication flow was reported by Bhavuk Jain (@bhavukjain1). This pertains to the OAuth flow where the JWT token is issued by Apple for any email id provided the other security parameters are in-tact. This is a major security vulnerability and Apple has fixed the issue and paid the researcher around 100K dollars as part of the Bug Bounty program. The vulnerability is quite critical and serious but has been patched now by Apple.

2.Static First Using Serverless Front End

Link : https://www.serverlesschats.com/50

While Serverless has been gaining momentum in the last 5+ years, most of the discussion centred around the backend implementation. In this podcast run by Jeremy Daly ( @jeremy_daly) conversation with NextJS (https://nextjs.org/) co-founder Guillermo Rauch (@rauchg), who is also the founder of Vercel (https://vercel.com/) about the serverless implementation for front-end applications. While the use-case for server-side static websites is limited, the possibilities of what can be achieved in terms of latency, less computation and super-fast rendering on the browser is certainly an important trend to keep track of.

3.How to compete with AWS?

Link: https://www.lastweekinaws.com/blog/how-to-compete-with-aws/

Query Quin (@QuinnyPig), the popular and quirky Cloud Economist makes a case for how to compete with AWS. The post is like always, sarcastic and funny, but the observations are spot-on especially on the IAM and AWS billing.

4. Aarogya Setu, the contract tracing app is now open source

Aarogya Setu, https://www.mygov.in/aarogya-setu-app/ the contract tracing app launched by Government of India is now open source. Even since the launch of the app, privacy concerns were raised about the app and open source enthusiasts and activists insisted on making the source code of the app open source. Now the government has listened and open-sourced the app and now is available in GitHub https://github.com/nic-delhi/AarogyaSetu_Android. Only the Android app is now available. Server-side code and iOS app will be shared in the weeks to come. Many governments and private companies are joining hands on this as well. Apple and Google have joined hands to launch an open-source contact tracing API on top of which the government and other NGO’s can build meaningful solutions to understand and control the spread of Corona pandemic. One such attempt here https://www.zdnet.com/article/the-worlds-first-contact-tracing-app-using-google-and-apples-api-goes-live/

5. Honey Pot Originals , documentaries of open source projects like Vuejs, GraphQL

How often do we come across documentaries of open source projects, especially the developers who built it? HoneyPot (https://honeypot.io/), a developer job platform is venturing into producing documentaries of developers, dubbed HoneyPot Originals that tracks the origins of some open-source projects and interviewing the developers, core members and how it evolved over a period of time. It is very interesting.

VueJS Documentary : https://cult.honeypot.io/originals/vue-js-the-documentary

GraphyQL Documentary: https://cult.honeypot.io/originals/graphql-the-documentary

So that’s a wrap of the Weekly Round-Up. Hope you found these interesting.