Resources

Authentication and Authorisation

Discussion on limitation of scopes for authorisation as part of the OAuth2 spec. Suggests scopes are a subset of permissions for a user, and actual user privileges need to be calculated to make full access control decisions.

OAuth2 Scopes are NOT Permissions

Explores downsides of using scopes entirely for authorisation and proposes using authorisation component/service within subnet/sidecar of the application to make access decisions.

RBAC with API Gateway and Open Policy Agent(OPA)

Presents implementation of Role-based Access Control (RBAC) using Open Policy Agent (OPA) as the authorisation service.

Fine Grained Authorisation using Okta FGA

Overview of functionality of Okta FGA and example implementation for a sample use case. Also looks at performance of Okta FGA to understand limitations of the service.

Cryptography - Hands on Tutorials

Interactive cryptography lessons covering the encoding, hashing, and modular arithmetic used as a basis. It also specifically covers symmetric cryptography, public-key cryptography, and elliptic curves.

Building Blocks

Mastering System I/O: 5 Core Models Every Software Engineer Should Know

Deep dive into 5 core I/O system models to understand the fundamental models used by systems at scale.

Career Growth and Progress

How to Actually Grow in Your Organization

First hand insight on how to grow within an organisation and pitfalls along the way. Highlights some things to look for, and learning that can be taken away

Machine Learning & AI

Building Thinking Machines

Covers introduction of AI and machine learning algorithms, including the statistical mathematics behind it.

Optimisations

Extreme HTTP Performance Tuning

Covers extreme tuning of an HTTP server, looking at software, kernel and hardware optimisations through the eyes of a flame graph to achieve 1.2M API req/s on a 4 vCPU EC2 instance. Good for understanding the anatomy of an HTTP server and a common multi-threading use-case. It also highlights the need for balance between the diminishing returns of optimisations and other functional benefits.

How Discord Reduced Websocket Traffic by 40%

Review of optimisation for event processing with focus on message compression. Compares zlib and zstandard compression libraries for data compression for the Discord use case.

Going faster than memcpy

Deep dive into creating a version of memcpy library which is faster than the standard C library.

Testing and Deployment

How Uber Tests Payments in Production

Discusses the benefits of testing something in production. In particular, it touches on legacy software and maintenance point of view given payments has been around for a long time. Denotes staging environment downsides of never reflecting reality, so illustrates how this quickly hits a limitation and doesn't provide certainty which testing should give.