Rohit Aggarwal wrote “While working on the excellent CryptoPals challenges, I came across the Padding Oracle Attack. The particular version of the attack I was working through, was on CBC mode Decryption when used with AES symmetric key cryptography. The attack has nothing to do with AES and everything to do with this block cipher mode of operation. Various forms of…”
![By Image has "Wilse" lettered on it (part of the largely illegible text at lower left). That would be Anders Beer Wilse. Seattle Municipal Archives (Flickr: Construction of Cedar River Pipeline, 1900) [CC BY 2.0 (https://creativecommons.org/licenses/by/2.0)], via Wikimedia Commons](https://tech.labs.oliverwyman.com/wp-content/uploads/2018/05/pipe-block.jpg)
Patrick Tschorn wrote “Drone.io for go I was recently asked to set up a CI server for one of our go projects and decided to try out drone.io 0.8. From my point of view, the two most attractive features of drone.io are that: the build is defined through a single .drone.yml file in the root directory of the…”
![By Rept0n1x (Own work) [GFDL (http://www.gnu.org/copyleft/fdl.html) or CC BY-SA 3.0 (https://creativecommons.org/licenses/by-sa/3.0)], via Wikimedia Commons](https://tech.labs.oliverwyman.com/wp-content/uploads/2018/02/repair-block.jpg)
Ian Rogers wrote “Adverse events happen – a website breaks down, a project doesn’t get delivered on time – and a proposed technique to find ‘the root cause’ is to ask the “5 Whys”. Attributed to Sakichi Toyoda in the 1930’s and adopted by Toyota and other formal techniques it’s basically the technique of listing a fault and then asking…”
Ian Rogers wrote “On the one hand it’s become a bit of a cliché to say that Waterfall doesn’t work (in fact ‘waterfall’ may never have existed), but we know that rigid projects don’t deliver—when the level of resources is the only contingency in a project then budget overrun and missed deadlines (or lowered quality) become almost inevitable.…”
Patrick Tschorn wrote “In this post, we’ll first try out Erlang’s SSL application interactively and then put together a simple Elixir SSL server OTP application using the Supervisor and GenServer behaviours. Preparation First of all, we’ll create a self-signed certificate: mkdir foo cd foo openssl genrsa -out key.pem 1024 openssl req -new -key key.pem -out request.pem # (using…”
Tom Parker wrote “Last month, I said we’d be talking more about open source work that we’re doing. This month, I’ve been building Panegyric, a WordPress plugin (which is what this site is written in). This plugin (which isn’t live on the site yet, but will be soon) lists all the Github pull requests we’ve recently done. However…”
Ceri Storey wrote “One thing I’ve come to realise as I’ve matured as a developer, is that it turns out I’m merely human. That is somewhat obvious, but you often hear people opine on various discussion boards that their particular tools (that other people feel are error prone) are actually just fine; as long as you remember to…”
![© Nevit Dilmen [CC BY-SA 3.0 (https://creativecommons.org/licenses/by-sa/3.0) or GFDL (http://www.gnu.org/copyleft/fdl.html)], via Wikimedia Commons](https://tech.labs.oliverwyman.com/wp-content/uploads/2017/12/branches-6x4.jpg)
Ian Rogers wrote “Let’s have a look at GraphQL. It came out of Facebook as a replacement for REST style requests for querying data. It was initially developed from 2012 and made open source in 2015. As Facebook’s main database is the “social graph” it was naturally named GraphQL but, as we’ll see, that’s not a completely accurate…”
Ceri Storey wrote “Over the past few weeks I’ve been focusing mostly on build and deployment tooling around docker and Kubernetes. One particular downside of the current system, is our applications have a fair number of service dependencies. Up until now, we’ve taken to running everything inside docker using docker-compose, but this feels to me more like a way…”
Ceri Storey wrote “It’s quite common to want to test a network service from the outside, as if it was being accessed from a client. Quite often, people will pick a “well-known” port to use, eg: port 8080 or 8888 for a HTTP service. But that means that if you leave a stray service process lying around, you’ll need to hunt it…”