programming coding rust kotlin

The pitfall of implicit returns

Implicit returns are a feature in some languages. They have recently bitten me, so here’s my opinion. Statements, expressions, and returns Before diving into implicit returns, we must explain two programming concepts influencing them. A lot of literature is available on the subject, so I’ll paraphrase one of the existing definitions: An expression usually refers to a piece of code that can be evaluated to a value. In most programming languages, there are typically three differ

Raspberry Pi GitHub Action self-hosted runner

Using my new Raspberry Pi to run an existing GitHub Action

Recently, I mentioned how I refactored the script that kept my GitHub profile up-to-date. Since Geecon Prague, I’m also a happy owner of a Raspberry Pi: Guess what I won @GeeCON Prague? 😎 pic.twitter.com/b9dARUhfMd— Nicolas Frankel 🇺🇦 (@nicolas_frankel) October 20, 2023 Though the current setup works flawlessly - and is free, I wanted to experiment with self-hosted runners. Here are my findings. Context GitHub offers a large free usage of GitHub Actions: GitHub Actions us

Kotlin Python migration

From Kotlin Scripting to Python

GitHub offers a way to customize one’s profile by allowing one to create a README in a specific repository, named as your profile, e.g., nfrankel/nfrankel. A couple of years ago, I automated the update of my GitHub profile with up-to-date info: my latest blog posts, my upcoming talks, and the last recorded YouTube talk. I took the time to document how to do it on this blog. At the time, I chose Kotlin scripting because I was proficient enough in Kotlin, but I wanted to learn the scripting

Apache APISIX API Security

Secure your API with these 16 Practices with Apache APISIX - part 2

Last week, we listed 16 practices to help secure one’s APIs and described how to implement them with Apache APISIX. Authentication 🕵️️ - Verifies the identity of users accessing APIs.Authorization 🚦 - Determines permissions of authenticated users.Data Redaction 🖍️ - Obscures sensitive data for protection.Encryption 🔒 - Encodes data so only authorized parties can decode it.Error Handling ❌ - Manages responses when things go wrong, avoiding revealing sensitive info.Input Validation & D

Apache APISIX API Security

Secure your API with these 16 Practices with Apache APISIX - part 1

A couple of months ago, I stumbled upon this list of 16 practices to secure your API: Authentication 🕵️️ - Verifies the identity of users accessing APIs.Authorization 🚦 - Determines permissions of authenticated users.Data Redaction 🖍️ - Obscures sensitive data for protection.Encryption 🔒 - Encodes data so only authorized parties can decode it.Error Handling ❌ - Manages responses when things go wrong, avoiding revealing sensitive info.Input Validation & Data Sanitization 🧹 - Checks input da

Rust error management

Error management in Rust, and libs that support it

As part of learning the Rust ecosystem, I dedicated the last few days to error management. Here are my findings. Error management 101 The Rust book describes the basics of error management. The language separates between recoverable errors and unrecoverable ones. Unrecoverable errors benefit from the panic!() macro. When Rust panics, it stops the program. Recoverable errors are much more enjoyable. Rust uses the Either monad, which stems from Functional Programming. Opposite to exceptions

Apache APISIX OWASP coraza

Hardening Apache APISIX with the OWASP's Coraza and Core Ruleset

The OWASP stands for Open Worldwide Application Security Project: The Open Worldwide Application Security Project is an online community that produces freely available articles, methodologies, documentation, tools, and technologies in the fields of IoT, system software and web application security. The OWASP provides free and open resources. It is led by a non-profit called The OWASP Foundation. The OWASP Top 10 - 2021 is the published result of recent research based on comprehensive data com

OpenTelemetry DevOps

Improving upon my OpenTelemetry Tracing demo

Last year, I wrote a post on Open Telemetry Tracing to understand more about the subject. I also created a demo around it, which featured the following components: The Apache APISIX API GatewayA Kotlin/Spring Boot serviceA Python/Flask serviceAnd a Rust/Axum service I’ve recently improved the demo to deepen my understanding and want to share my learning. Using a regular database In the initial demo, I didn’t bother with a regular database. Instead: The Kotlin service used the e

html svg fonts fix

Keeping your fonts in embedded SVG

Last year, I started to use Excalidraw as a diagram tool. However, the SVG images didn’t display the font correctly. In this post, I’d like to explain the problem and offer a solution. Let’s create a sample drawing with Excalidraw. If you open the link, it should look something like this: However, in a browser, it looks like this: The code is straightforward: <img src='/path/to/sample.svg'> The font doesn’t display correctly. The problem is that the