Anthony J. Campbell

Lambda School - Week 13: Is It Really You?

Anthony J. Campbell
Lambda School - Week 13: Is It Really You?

Algorithm (noun.)
Word used by programmers when they do not want to explain what they did.


Remember last week, when I said it was refreshing to have some theory-focus lessons? I just had to open my big f*cking mouth, didn't I?

This week was all about security and authentication. Nobody likes hackers, you know? Well, it turns out they must be really good at their jobs. Keeping everything secure is difficult as hell, yo!

Data security and authentication is pretty much a university major all on its own. There are countless niches and sub-niches in the field, far too many for us to cover in a single week.

Nevertheless, Lambda compressed it all down into 5 days of non-stop info and I'm here to tell you all about it.

If you happen to have lived under a rock over the past couple of months, let me quickly introduce you to Lambda School. Lambda School offers online programs in software development, UX design, data science, iOS and Android mobile development. The best part? It has no up-front costs!

The curriculum is 9 months long with full-time enrolment. This used to be 30 weeks, but has recently been extended. Instead of paying tuition and having to take out a second mortgage just to take some classes, Lambda School uses Income-Share Agreements (ISAs). With it, students pay a percentage of their monthly income after they’re employed. If you don't get a job, you don't pay anything. Depending on where you're based, different percentages and pay-off plans exist. Americans pay 17% for 2 years after graduation, while Europeans pay 10% for 4 years.

If you make less than $50k after graduation, you don't have to pay ‘em anything. Also, you will never, under any circumstance, pay back more than $30k. (Note: you'd have to be making more than $88,000 per year to achieve that) If you happen to make less than that, you simply pay less. What's more, if you don't find a job, the ISA lapses after a couple of years.

Recently, Lambda has introduced a living stipend program. It'll pay students $2000 per month to cover monthly bills while they focus fully on their studies. In return, Lambda asks for 10% of their income over 5 years. It is capped at $50,000.

Finally, if you’re interested in signing up for Lambda School yourself, please consider using —> this link <— With it, you’ll receive $250 after you attend your first day and Lambda will give me $250 for sending you there! Win-win!

“I swear to god, if I see ‘Incorrect password’ one more time…”

I can neither confirm nor deny that I have uttered this sentence more than once this week…

TLDR; Keeping passwords secure is hard a f*uck.

Slightly-longer TLDR; Making sure nobody know your password is ‘hunter2’ is hard as f*ck!

Accurate representation of what we're trying to prevent

Accurate representation of what we're trying to prevent

Last week, I just had to open my big fat mouth and wish for more theory during our classes. Well Odin, Zeus, or some other incestuous bearded man was definitely listening. Cause we sure got a bit of theory this week.

Frankly, I'd never really considered how much time and effort goes into data-security and keeping your users' passwords safe. Sure, I'd heard of companies getting hacked. The Sony hack springs to mind. I'd also learnt that storing passwords in plain text is never really a good idea. Especially when you're called Facebook and you're caught having hundreds of millions of passwords stored in plain text! (link)

So, plain text = no bueno. So what did we have to do?

Enter hashing algorithms, encryption, web tokens, and dozens of other terms that'll make your head spin. It really is a lot to take in. Luckily, our instructor took it slow. Plenty of examples were shared and the ever-present drawings helped a ton!

Ironically enough, we hardly ever touched our code editor during the lectures. So much for ‘Learning How To Code’, huh? (I'm joking) Normally, we'd have our VSCode open during the lecture, coding along. Now, there wasn't all that much for us to do but sit and pay attention.

I was suddenly reminded of why I didn't always do as well in traditional education. Turns out I get distracted when you sit me down in front of a screen and force me to listen for two-plus hours. Not to worry though, I understood most everything conceptually and managed to take away quite a bit from the lectures. Idle hands be damned.

The exercises were a breeze! Once you understand what you're doing (and you're using the right library for the job), actually implementing basic authentication and data-security isn't all that difficult. Kinda reminds me of: “You pay me $1 to tighten the screw, $9,999 for knowing which screw to turn”.

Let's just hope I can pay someone much smarter than me to take care of security in the future!

THE TOOLS OF THE TRADE

This week, we covered the following:

  • The general principles behind authentication. Obviously, we couldn't go into too much detail. It's a huge concept, after all.

  • Hashing and encryption. The differences between the two, how and when to use them, and the mathematical underpinnings of both.

  • Some of the most common encryption and hashing methods, including MD5, SHA-3, and Bcrypt;

  • How hackers might attempt to bypass your authentication processes, how hashing algorithms can be cracked, and the importance of secrets;

  • Using sessions and cookies to add data persistence to websites and store user data for future use.

  • Understanding the technical underpinnings of JSON Web Tokens (JWT), as well as building and using them.

  • Client-side authentication.

In addition, I tried to read up on some stuff this week and try to broaden my horizons a little bit. I also reviewed some of the material we've covered in previous week. All told, I:

  • Watched this great refresher course on Express.js. It's intended as a crash-course/introduction to the framework, but it served equally well as a way to test and revise my previous knowledge. Highly recommended, even if you're usually not that interested in back-end development.

  • Started reading through the documentation of Electron.js, a framework for creating native applications (those that live on the desktop) with simple HTML, CSS and JS. Huge companies like Slack and Whatsapp use Electron for their desktop versions. Hence why I decided to take a look. From what I can tell, it's easy to use and very powerful. In about 10 minutes, I had a ‘Hello World!’-message on my desktop. I'm definitely going to be looking into this!

  • Started playing around with Gravit Designer, a free online alternative to Photoshop and Illustrator. Historically, I've been pretty sh*t at design. I figured it was about time I started putting in some work to rectify that. I'm currently following a couple of online tutorials, trying to build some icons and logos. It might go a long way in making me self-sufficient in building my own projects.

STATE OF THE LAMBDA UNION

This week was difficult at times. A lot of concepts were coming at you all at once. We only saw the top of the iceberg. We quickly found out that authentication is a huge topic, with numerous sub-disciplines. Entire careers can be built in one tiny niche - and it shows.

All told, Lambda did an amazing job making the topic both accessible and graspable. We all deal with data-security and authentication on a daily basis, so it's easy to empathise.

The theory was a bit overwhelming at times but the practical applications more than made up for it. As it stands, this week was also about further solidifying skills like building databases from scratch. That's juuust fine by me.

It just hit me that we've only got two more weeks to go. Nearly halfway to graduation!

Until next week!