Remember last week, when I said it was refreshing to have some theory-focus lessons? I just had to open my big fucking mouth, didn't I? Boy, did we get a lot of theory this week…
This week's topics were security, authentication, and user-validation. Nobody likes hackers, you know? Problem is: hackers are pretty damn good at what they do. So it takes a bit of work to keep them out. Keeping everything secure is difficult as hell, yo!
Now, cybersecurity is pretty much a university major all on its own. There are countless niches and sub-niches in the field, far too many for us to cover in a single week.
For the most part, we stuck to the basics and best practices. The do's and don'ts of user authentication, database security, creating secure API endpoints, and much more. Don't store your passwords in plain-text, kids!
Somehow, Lambda compressed it all down into 5 days of non-stop info and I'm here to tell you all about it.
If you happen to have lived under a rock over the past couple of months, let me quickly introduce you to Lambda School. Lambda School offers online programs in software development, UX design, data science, iOS and Android mobile development. The best part? It has no up-front costs!
The curriculum is 9 months long with full-time enrollment. This used to be 30 weeks, but has recently been extended. Instead of paying tuition and having to take out a second mortgage just to pay tuition, Lambda School uses Income-Share Agreements (ISAs). With it, students pay a percentage of their monthly income after they’re employed. If you don't get a job, you don't pay anything. Second, you only start paying if you're making more than a certain amount per year. Depending on where you're based, different percentages and pay-off plans exist. Americans pay 17% for 2 years after graduation, while Europeans pay 10% for 4 years.
In the US, If you make less than $50k after graduation, you don't have to pay ‘em anything. Also, you will never, under any circumstance, pay back more than $30k. (Note: you'd have to be making more than $88,000 per year to achieve that) If you happen to make less than that, you simply pay less. After two years, you're off the hook What's more, if you don't find a job and spend all that time making less than $50k, the ISA lapses after a couple of years.
Recently, Lambda has introduced a living stipend program. It'll pay students $2000 per month to cover monthly bills while they focus fully on their studies. In return, Lambda asks for 10% of their income over 5 years. The payoff is capped at $50,000.
I can neither confirm nor deny that I have uttered this sentence more than once this week…
Last week, I just had to open my big fat mouth and wish for more theory during our classes. Well, whatever God is out there sure has a shitty sense of humor. Because that's exactly what we got. In copious amounts, I might add.
Cybersecurity isn't something you briefly glance over and immediately get it. It's complicated business, no matter your skill level. It's an ongoing battle between those trying to prevent malicious behavior and those perpetrating it. With every new advance in the arms race, new technologies and paradigms get introduced. And the hapless web developer somehow has to keep up.
It's all done for a good reason, though. Getting hacked can cause some uncomfortable situations? Remember the Sony hack? Or the one from Equifax? What about Ashley Madison, Marriott or First American? I think you get my point.
Also, storing passwords in plain text is never a good idea! Especially when you're called Facebook and you're caught having hundreds of millions of passwords stored in plain text! (link)
Enter hashing algorithms, encryption, web tokens, and dozens of other terms that'll make your head spin. It really is a lot to take in. Luckily, our instructor took it slow. Plenty of examples were shared and the ever-present drawings helped a ton!
Ironically enough, we hardly ever touched our code editor during the lectures. So much for ‘Learning How To Code’, huh? Normally, we'd have our VSCode open during the lecture, coding along. Now, there wasn't all that much for us to do but sit back, take notes, and pay attention.
I was suddenly reminded of why I didn't always do as well in traditional education. Turns out I get distracted when you sit me down in front of a screen and force me to listen for two-plus hours. I get distracted. And I start wishing for YouTube's 2x speed functionality. Luckily, I was familiar with most of the theory from previous courses I'd done on cybersecurity. (There's a couple of top-notch ones on Udemy)
I actually learned a fair amount of stuff during the lectures. Since it served as an intro for people who'd never considered security before, the examples were simple and straightforward. It was a good refresher for some of the concepts that I understood in a practical sense but never had any analogies to tie onto.
The exercises were a breeze luckily. Once you understand what you're doing (and you're using the right library for the job), actually implementing basic authentication and data-security isn't all that difficult. Kinda reminds me of: “You pay me $1 to tighten the screw, $9,999 for knowing which screw to turn”. Just make sure to cover all your bases and be careful with what user-input you allow through.
Let's just hope I can pay someone much smarter than me to take care of security in the future! This shit is hard, yo!
This week, we covered the following:
In addition, I tried to read up on some stuff this week and try to broaden my horizons a little bit. I also reviewed some of the material we've covered in previous week. All told, I:
This week was definitely tricky at times. A lot of concepts were coming at you all at once. We only saw the top of the iceberg. The students quickly found out that authentication is a huge topic, with numerous sub-disciplines. Entire careers can be built in one tiny niche - and it shows.
All told, Lambda did an amazing job making the topic both accessible and graspable. We all deal with data-security and authentication on a daily basis, so it's easy to empathize.
The theory was a bit overwhelming at times but the practical applications more than made up for it. As it stands, this week was also about further solidifying skills like building databases from scratch. That's juuust fine by me.
It just hit me that we've only got two more weeks to go on the web-aspect of the curriculum.
Until next week!