Arquitectura?

"The following post will serve as a brief introduction to the declarative programming paradigm through a closer examination of the logic programming language Datalog."

"At SoundCloud, we structure our product as an API with many clients. That is, our main website, mobile client, and mobile apps are all first-order clients of a single main API. Behind that API is a universe of services: SoundCloud operates basically as a Service-Oriented-Architecture. We're also a polyglot organization, which means we use lots of languages."

"The easiest way to get a production grade Kubernetes cluster up and running."

"Prisma replaces traditional ORMs"

"Per Thorsheim, Microsoft's Dr. Cormac Herley, the UK's NCSC, the Chief Technologist at FTC, I and many others are working hard to kill password expiration. Password expiration is when an organization requires their staff to change their passwords every 60, 90 or XX number of days. Password expiration is also a great example of how security professionals fail by simply repeating old myths or focusing on just mitigating risk, forgetting about the cost or impact of those mitigating controls. Here's is why password expiration must die."

"NIST recently published its four-volume SP800-63b Digital Identity Guidelines. Among other things, it makes three important suggestions when it comes to passwords: Stop it with the annoying password complexity rules. They make passwords harder to remember. They increase errors because artificially complex passwords are harder to type in. And they don't help that much. It's better to allow people to use pass phrases. Stop it with password expiration. That was an old idea for an old way we used computers. Today, don't make people change their passwords unless there's indication of compromise. Let people use password managers. This is how we deal with all the passwords we need."

"Users aren't the problem with security. It's that we've designed our computer systems' security so badly that we demand the user do all of these counterintuitive things."

"CFSSL is CloudFlare's PKI/TLS swiss army knife. It is both a command line tool and an HTTP API server for signing, verifying, and bundling TLS certificates. It requires Go 1.10+ to build."

"Easy Public Key Infrastructure intends to provide most of the components needed to manage a PKI, so you can either use the API in your automation, or use the CLI."

"The F5 BIG-IP Controller for Kubernetes lets you manage your F5 BIG-IP device from Kubernetes or OpenShift using either environment's native CLI/API."

"go-github-selfupdate is a Go library to provide self-update mechanism to command line tools."

"Gnorm converts your database's schema into in-memory data structures which you can then feed into your own templates to produce code or documentation or whatever. Gnorm is written in Go but can be used to generate any kind of textual output - ruby, python, protobufs, html, javascript, etc."

"Knative provides a set of middleware components that are essential to build modern, source-centric, and container-based applications that can run anywhere: on premises, in the cloud, or even in a third-party data center. Knative components are built on Kubernetes and codify the best practices shared by successful real-world Kubernetes-based frameworks. It enables developers to focus just on writing interesting code, without worrying about the "boring but difficult" parts of building, deploying, and managing an application."

"Package any app into deb or rpm packages, using heroku buildpacks"

"FreeIPA allows Linux administrators to centrally manage identity, authentication and access control aspects of Linux and UNIX systems by providing simple to install and use command line and web based management tools. FreeIPA is built on top of well known Open Source components and standard protocols with a very strong focus on ease of management and automation of installation and configuration tasks. FreeIPA can seamlessly integrate into an Active Directory environment via cross-realm Kerberos trust or user synchronization. Benefits FreeIPA: Allows all your users to access all the machines with the same credentials and security settings Allows users to access personal files transparently from any machine in an authenticated and secure way Uses an advanced grouping mechanism to restrict network access to services and files only to specific users Allows central management of security mechanisms like passwords, SSH Public Keys, SUDO rules, Keytabs, Access Control Rules Enables delegation of selected administrative tasks to other power users Integrates into Active Directory environments"

"FreeIPA is an integrated security information management solution combining Linux (Fedora), 389 Directory Server, MIT Kerberos, NTP, DNS, Dogtag (Certificate System). It consists of a web interface and command-line administration tools. FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments. A FreeIPA server provides centralized authentication, authorization and account information by storing data about user, groups, hosts and other objects necessary to manage the security aspects of a network of computers. FreeIPA is built on top of well known Open Source components and standard protocols with a very strong focus on ease of management and automation of installation and configuration tasks. Multiple FreeIPA servers can easily be configured in a FreeIPA Domain in order to provide redundancy and scalability. The 389 Directory Server is the main data store and provides a full multi-master LDAPv3 directory infrastructure. Single-Sign-on authentication is provided via the MIT Kerberos KDC. Authentication capabilities are augmented by an integrated Certificate Authority based on the Dogtag project. Optionally Domain Names can be managed using the integrated ISC Bind server. Security aspects related to access control, delegation of administration tasks and other network administration tasks can be fully centralized and managed via the Web UI or the ipa Command Line tool."