Lambda School - Week 13: Is It Really You?

Remember last week, when I said it was refreshing to have some theory-focus lessons? I just had to open my big fucking mouth, didn't I? Boy, did we get a lot of theory this week…

This week's topics were security, authentication, and user-validation. Nobody likes hackers, you know? Problem is: hackers are pretty damn good at what they do. So it takes a bit of work to keep them out. Keeping everything secure is difficult as hell, yo!

Now, cybersecurity is pretty much a university major all on its own. There are countless niches and sub-niches in the field, far too many for us to cover in a single week.

For the most part, we stuck to the basics and best practices. The do's and don'ts of user authentication, database security, creating secure API endpoints, and much more. Don't store your passwords in plain-text, kids!

Somehow, Lambda compressed it all down into 5 days of non-stop info and I'm here to tell you all about it.

If you happen to have lived under a rock over the past couple of months, let me quickly introduce you to Lambda School. Lambda School offers online programs in software development, UX design, data science, iOS and Android mobile development. The best part? It has no up-front costs!

The curriculum is 9 months long with full-time enrollment. This used to be 30 weeks, but has recently been extended. Instead of paying tuition and having to take out a second mortgage just to pay tuition, Lambda School uses Income-Share Agreements (ISAs). With it, students pay a percentage of their monthly income after they’re employed. If you don't get a job, you don't pay anything. Second, you only start paying if you're making more than a certain amount per year. Depending on where you're based, different percentages and pay-off plans exist. Americans pay 17% for 2 years after graduation, while Europeans pay 10% for 4 years.

In the US, If you make less than $50k after graduation, you don't have to pay ‘em anything. Also, you will never, under any circumstance, pay back more than $30k. (Note: you'd have to be making more than $88,000 per year to achieve that) If you happen to make less than that, you simply pay less. After two years, you're off the hook What's more, if you don't find a job and spend all that time making less than $50k, the ISA lapses after a couple of years.

Recently, Lambda has introduced a living stipend program. It'll pay students $2000 per month to cover monthly bills while they focus fully on their studies. In return, Lambda asks for 10% of their income over 5 years. The payoff is capped at $50,000.

Just Let Me In

I can neither confirm nor deny that I have uttered this sentence more than once this week…

Last week, I just had to open my big fat mouth and wish for more theory during our classes. Well, whatever God is out there sure has a shitty sense of humor. Because that's exactly what we got. In copious amounts, I might add.

Cybersecurity isn't something you briefly glance over and immediately get it. It's complicated business, no matter your skill level. It's an ongoing battle between those trying to prevent malicious behavior and those perpetrating it. With every new advance in the arms race, new technologies and paradigms get introduced. And the hapless web developer somehow has to keep up.

It's all done for a good reason, though. Getting hacked can cause some uncomfortable situations? Remember the Sony hack? Or the one from Equifax? What about Ashley Madison, Marriott or First American? I think you get my point.

Also, storing passwords in plain text is never a good idea! Especially when you're called Facebook and you're caught having hundreds of millions of passwords stored in plain text! (link)

Enter hashing algorithms, encryption, web tokens, and dozens of other terms that'll make your head spin. It really is a lot to take in. Luckily, our instructor took it slow. Plenty of examples were shared and the ever-present drawings helped a ton!

Ironically enough, we hardly ever touched our code editor during the lectures. So much for ‘Learning How To Code’, huh? Normally, we'd have our VSCode open during the lecture, coding along. Now, there wasn't all that much for us to do but sit back, take notes, and pay attention.

I was suddenly reminded of why I didn't always do as well in traditional education. Turns out I get distracted when you sit me down in front of a screen and force me to listen for two-plus hours. I get distracted. And I start wishing for YouTube's 2x speed functionality. Luckily, I was familiar with most of the theory from previous courses I'd done on cybersecurity. (There's a couple of top-notch ones on Udemy)

I actually learned a fair amount of stuff during the lectures. Since it served as an intro for people who'd never considered security before, the examples were simple and straightforward. It was a good refresher for some of the concepts that I understood in a practical sense but never had any analogies to tie onto.

The exercises were a breeze luckily. Once you understand what you're doing (and you're using the right library for the job), actually implementing basic authentication and data-security isn't all that difficult. Kinda reminds me of: “You pay me $1 to tighten the screw, $9,999 for knowing which screw to turn”. Just make sure to cover all your bases and be careful with what user-input you allow through.

Let's just hope I can pay someone much smarter than me to take care of security in the future! This shit is hard, yo!

Tools of the Trade

This week, we covered the following:

  • The general principles behind authentication and the problems that are inherent to it.
  • Understanding the difference between encoding, encrypting, and hashing. And, more importantly, how and when to use them. Also, understanding the mathematical wizardry that's taking place under the hood.
  • Some of the most common encryption and hashing methods, including MD5, SHA-3, and Bcrypt's Blowfish cypher;
  • How hackers might attempt to bypass your authentication processes, how hashing algorithms can be cracked, and the importance of secrets;
  • Quick primer on social engineering and other analogue methods used to gain access to secure systems;
  • Using sessions and cookies to add data persistence to websites and store user data for future use;
  • Understanding the principles behind tokens and implementing them with JSON Web Tokens (JWT)
  • Preventing the most common and classic cybersecurity risks. SQL injection, XSS attacks, CSRF attacks, and much more.
  • Client-side authentication.
Accurate representation of what we're trying to prevent
Accurate representation of what we're trying to prevent

In addition, I tried to read up on some stuff this week and try to broaden my horizons a little bit. I also reviewed some of the material we've covered in previous week. All told, I:

  • Watched this great refresher course on Express.js. It's intended as a crash-course/introduction to the framework, but it served to give me a quick overview of the recommended server architecture that's most common in Node.
  • Started playing around with Figma, a free online alternative to Photoshop and Illustrator. Historically, I've been pretty sh*t at design. I figured it was about time I started putting in some work to rectify that. I'm currently following a couple of online tutorials, trying to build some icons and logos. It might go a long way in making me self-sufficient in building my own projects.

State of the Lambda Union

This week was definitely tricky at times. A lot of concepts were coming at you all at once. We only saw the top of the iceberg. The students quickly found out that authentication is a huge topic, with numerous sub-disciplines. Entire careers can be built in one tiny niche - and it shows.

All told, Lambda did an amazing job making the topic both accessible and graspable. We all deal with data-security and authentication on a daily basis, so it's easy to empathize.

The theory was a bit overwhelming at times but the practical applications more than made up for it. As it stands, this week was also about further solidifying skills like building databases from scratch. That's juuust fine by me.

It just hit me that we've only got two more weeks to go on the web-aspect of the curriculum.

Until next week!

Sign Up For Friday Favorites!

Join the 500+ people who receive my Friday Favorites newsletter in their inbox every week. It's a mash-up of the most interesting links, books, and ideas I came across that week, as well as my latest articles and book notes. If you're curious and looking for high-quality information, you should definitely join.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.