Cassandra data model (as opposed to relational database)

Bad data model design with Cassandra causes chronic pains as application scales. I had to re-read about data model design in “Cassandra – the Definitive Guide” and keep my notes and thoughts in this post. The data modelling in the relational world is indoctrinated to every students out of university. It embraces several things: Entity-Relation: … Read moreCassandra data model (as opposed to relational database)

Common local Git operations

This is a summary of concepts in common Git operations. We will discuss brach, merge, rebase, cherrypick, stash and reset. We will not discuss pull, fetch, or push. Commit, Branch and HEAD When you run “git commit”, the following happens: Git checksums each subdirectory, and stores them as a tree object (file path and name) … Read moreCommon local Git operations

Pitfalls in deployment automation

There is no doubt that organizations with lots of manual tasks should automate at least some of the IT tasks. As the automation tools such as Ansible, Puppet become mature, the skillset becomes prevalent as well. If automation is not carried out properly, they can cost the organization an arm and a leg. The ultimate … Read morePitfalls in deployment automation

NTLM and Kerberos protocols

This article explains how two most common authentication mechanisms (NTLM and Kerberos) work. Both authentication protocols are based on symmetric key cryptography. The protocols themselves are platform independent. NTLM Authentication NTLM is the default authentication protocol prior to Windows 2000 and still prevalent today as backup to Kerberos. It is based on challenge/response mechanism. User … Read moreNTLM and Kerberos protocols

Introduction to Authentication Frameworks (PAM and SSPI)

This article gives a very brief high-level introduction to PAM (Pluggable Authentication Module) and SSPI (Security Support Provider Interface) as authentication frameworks in Linux and Windows respectively. PAM The Pluggable Authentication Module (PAM) architecture provides a powerful abstraction for user IAM using pluggable authentication model Unix platforms. It defines a generic API for authentication and … Read moreIntroduction to Authentication Frameworks (PAM and SSPI)

SASL Authentication Mechanisms

Introduction Authentication is used in many protocols (such as LDAP binding) and it usually involves sending password. Given the nature of authentication protocol, its traffic encryption is usually mandatory. Simple Authentication and Security Layer (SASL) is introduced to ensure the security during authentication. It is not a single protocol, but rather a framework for authentication … Read moreSASL Authentication Mechanisms

OAuth and OpenID Connect

OAuth 2.0 and OpenID Connect 1.0 are different types of protocols and they are often confused. When we talk about IAM (identity and access management), we should distinguish between AuthZ and AuthN: AutheNtication (AuthN, aka Identity Management) is about validating user’s identity by verifying that the user trying to connect is actually who it claims … Read moreOAuth and OpenID Connect