And what you should do with your apps’ sensitive data instead

Key on table
Key on table
Photo by Zan on Unsplash.

Today, I was in a conversation with some developers and we started talking about proper storage for the secrets that an application needs. These are things like database passwords, API keys, authorization tokens, encryption keys, certificates, etc. Collectively, we can refer to them as secrets.

As the name suggests, a lot of care should be put into protecting them, as if they were to end up in the wrong hands, they could cause your app’s security to be severely compromised — or worse.

When you’re building and deploying an app, how should you be managing secrets? …

Using Visual Studio Code remotes to develop on a different CPU architecture

Image credits: James Harrison

With Apple transitioning all Macs to Apple Silicon in these months, there’s certainly a lot of momentum for bringing ARM-based computing to consumers… and also developers. The list of devices that are now running on CPUs based on the ARM architecture, as opposed to the x86 of Intel and AMD chips, is getting longer by the day. It includes things like:

  • Small single-boards computers like Raspberry Pi’s (have you seen the new “PC-in-a-keyboard” Raspberry Pi 400?)
  • A number of Chromebook laptops
  • Devices running Windows 10 on ARM, like the Surface Pro X

ARM-based CPUs have gone a long way in…

Why I have stopped with IPFS and the distributed web

Cover photo by Sander Weeteling (Unsplash)

I spent a large part of 2019 working with the distributed and decentralized web, especially IPFS, also known as the “Inter-Planetary File System”. I’ve written a few articles on the topic, on how you can host a web app on IPFS, one of which even ended up on the front page of HackerNews.

For about a year, I hosted my blog and other apps through an IPFS cluster. I wrote a utility for making pinning files easier on Pinata, a third-party cloud service for IPFS. I made some small contributions to the IPFS core projects. I built some projects with…

A guide to interacting with JavaScript from Go/Wasm

field of wheat blowing in the wind
field of wheat blowing in the wind
Photo by Saira on Unsplash

WebAssembly, or Wasm, is an open standard that allows developers to build apps that run inside a web browser using compiled programming languages. With WebAssembly, it’s possible to write components of web apps in languages such as C/C++, Rust, C#, and Go, among others, which run within the same sandbox as JavaScript. This allows things like porting existing libraries, leveraging capabilities not available in JavaScript, and running code faster because WebAssembly is compiled into a binary format.

Recently I’ve been experimenting with WebAssembly to be able to run some Go code in the browser. Specifically, I’ve been trying to port…

A personal story about creating new products and their unintended consequences

In the fall of 2007, my parents gave me an unforgettable gift for my sixteenth birthday: a first-generation iPhone.

I still clearly remember watching the keynote in which Steve Jobs announced the first Apple-branded phone a few months earlier. As a teenager attending high school in my hometown of Vicenza, Italy, I tuned into the livestream just before dinner, carefully listening to every word he said. That evening, Jobs started announcing a “widescreen iPod with touch controls”, a “revolutionary mobile phone” and a “breakthrough Internet communications device”–theatrically pausing before confessing that he was actually talking about one single device: the…

Will they succeed in alienating developers?

I’m a software developer and I’ve been using a Mac for 15 years, when I got my first Mac running OSX Tiger 10.4. Throughout this time, professionally or not, I’ve been building full-stack apps with a variety of technologies, including JavaScript, Go, and PHP; for a while, I also worked on iOS and macOS apps, written in Objective-C (that was before Swift came to be). …

Where to put npm modules in your package.json. It’s not as simple as it seems.

Photo by Bonnie Kittle on Unsplash

A few days back, someone opened a pull request for svelte-spa-router — an open-source project I maintain as a client-side router for single-page apps built with the Svelte framework — asking whether they should install the module as a dependency or a devDependency in the package.json file.

Aside from the specificity of this case, I thought this was a great question in general — and worth discussing. When should we put a module dependency in package.json as a devDependency?

What the Docs Say

There’s actually official guidance on where to put a package, which is clearly written in the npm documentation. To quote exactly:

And why you should do it

Even if you don’t know about signed Git commits, you might have seen the screen above on GitHub.

Let’s leave everything else aside from a moment — isn’t it oddly satisfying to have a large, green “Verified” badge on your work?

Making a commit verified, or to be more precise, signed, is not as hard as you might think. Just as it sounds, signed commits are well, signed, cryptographically using a GPG key.

Why Sign Git Commits?

Before we get into the how let’s talk for a moment about why you should sign your Git commits. …

It’s time to adopt safer solutions and save time and money

Photo by Kyle Glenn on Unsplash

Most apps require some sort of authentication. You might be a developer working for a large company on their line-of-business apps, which require limiting access to authorized employees and checking their permissions. Or you might be building a new SaaS app, and you want users to create and maintain their profiles.

In both those cases and more, your first step when building the app will likely be creating the authentication and user management workflows. That is, creating a sign-up form and a login page, at the very least. …

Last Sunday, America was watching the Super Bowl LIV, with hundreds of millions of people gathered around TV screens, drinking beer, and eating junk food.

For those who work in the business of food delivery, that’s the equivalent of Christmas day. And you better bring up your A+ marketing game for that.

Even though, frankly, I had no interest in football, that morning I woke up to an email from Postmates, the app that delivers food from local restaurants, with a deal that recovering-from-Saturday-night me found too good to pass: one year of their Unlimited service at 54% off, or…

Alessandro Segala

Cooker of great risotto. Sometimes tech nerd. Driving dev tools, @code & open source @Microsoft @Azure ☁️ Opinions are mine 🇮🇹🇨🇦🇺🇸

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store