Plurrrr

a tumblelog
Tue 03 Nov 2020

HSTS your curl

HTTP Strict Transport Security (HSTS) is a standard HTTP response header for sites to tell the client that for a specified period of time into the future, that host is not to be accessed with plain HTTP but only using HTTPS. Documented in RFC 6797 from 2012.

The idea is of course to reduce the risk for man-in-the-middle attacks when the server resources might be accessible via both HTTP and HTTPS, perhaps due to legacy or just as an upgrade path. Every access to the HTTP version is then a risk that you get back tampered content.

Source: HSTS your curl, an article by Daniel Stenberg.

A Primer on Matrix Calculus, Part 1: Basic review

Consider whether this story applies to you. You went through college and made it past linear algebra and multivariable calculus, and then began your training for deep learning. To your surprise, much of what they taught you in the previous courses is not very useful to the current subject matter.

And this is fine. Mathematics is useful in its own right. You can expect a lot of stuff isn't going to show up on the deep learning final, but it's also quite useful for understanding higher mathematics.

However, what isn't fine is that a lot of important stuff that you do need to know was omitted. In particular, the deep learning course requires you to know matrix calculus, a specialized form of writing multivariable calculus (mostly differential calculus). So now you slog through the notation, getting confused, and only learning as much as you need to know in order to do the backpropagation on the final exam.

This is not how things should work!

Source: A Primer on Matrix Calculus, Part 1: Basic review, an article by Matthew Barnett.

A Practical Introduction to Container Security

Securing containers is a complex task. The problem space is broad, vendors are on fire, there are tons of checklists and best practices and it’s hard to prioritize solutions. So if you had to implement a container security strategy where would you start?

I suggest to start from the basics: understanding what container security is about and build a model to navigate risks.

Source: A Practical Introduction to Container Security, an article by Gianluca Brindisi.