ssl

After listening to this show, you should have a better understanding of:

• How the internet works like a dodgy local delivery service. It takes a lot of steps for information to bounce all over the web and to our doorstep. But once it gets there, it should look like one nicely wrapped package. 
• Internet Protocol (IP) addresses: The location of a computer on the web, formatted as a series of numbers and periods. Essentially the mailing address for any device on the internet.
• Secure transport: This ensures that information sent over the web cannot be viewed by others. If a padlock icon appears in the web browser, the information should be secure.
• Hypertext transfer protocol (HTTP): The web browser standard that computers (clients) and servers use to talk to each other. 
• Server: A reliable computer that spends all day responding to information requests.
• Hypertext Markup Language (HTML): The coding language that formats the information on a web page. Coders also use languages like CSS and Javascript to embed styling and function within an HTML coding document.
• CSS: A coding language that dictates the visual styling of a web page.
• Javascript: A coding language that makes web content interactive, or clickable.

Links

• techoversimplified.com
• Connect with Kevin on LinkedIn

Transcript
Kevin: Hi, I'm Kevin, and you're listening to Tech Oversimplified, the show where we pump out strategic understanding of technology faster than the Fed prints money.

Today, we're going to follow what happens when you click a button on a website to load the next page. Now, I know this seems a little bit boring or dry, but most of us spend hours using these technologies every day. Email? Ding. Video calls? Ding. Downloading this very episode? Ding.

So, given that we're using these most days, understanding these technologies at a high level is kind of a superpower in the business world. So many of the things that go wrong with technology are easier to understand when you get what all the pieces are at a high level and how they fit together.

I'm going to tackle this in a format that will become really familiar to you throughout the show. I'm going to take a story that's a bit of a contrived example, I’m then going to go through all the pieces involved in that story, break them down one at a time into the high-level technical pieces, and I'm going to explain to you why it all matters, at the end. If you want to research any of these pieces more deeply, we can make that a topic in a future episode, so feel free to reach out to me at techoversimplified.com and we'll get into those details in the future. Now, I should note that there are a lot of acronyms in the tech world. And the first time I'm going to actually say what all the letters mean. But after that, the definitions will always be in the show notes, so feel free to look those up after the show. So, let's get into it.

What actually happens when you try to load that next page by clicking that button? So, let's say that you want to ask for the latest Tech Oversimplified episode, but I'm a hipster and I'm on a no tech holiday, so you can't just email me, or text me or, you know, send me a ‘contact us’ inquiry on my website. So, you decide to send a postcard that says, “Hey, can we talk now?” You and I have already agreed, independently of this, that we're going to speak in English, so you know that I can understand you when you say, “Hey, can we talk?”

Now as you know, I am, in fact, quite famous. So, you just need to write ‘Kevin Brown’ on the postcard. There's no address required, and everybody will just know where that goes because, of course, I'm Kevin Brown. Where else would it go? So, you go to a dodgy transport company and you give them your postcard. Now they're full service, so they figure out the address for you using a directory book in their office and based on where that address is, they know who to hand it off to next to finally get it to its destination.

So, your dodgy local delivery company forward this on, now knowing where it goes, to the post office so it can come to me. Internally, the post office bounces around a bunch, however they want to route it. They can take it from any office to any other office using whatever method of transport they feel is best, as long as it comes out the other side. So, eventually, it gets to my local delivery company, and they put it in my mailbox.

Now my assistant checks this mailbox and writes back, “Sure.” on their own postcard. This then bounces all the way back through all the pipes; however it got to me is likely how it will come back, but it's not guaranteed; it doesn't have to go that way. So, let's recap for a moment. You want to talk, you've sent a postcard, my assistant has gotten that postcard and has written back, “Sure, we can talk.”

You receive that postcard, so you're now in a place where you know it's okay to talk, I understand English, and that I am in fact willing to have this conversation. Now that you've gotten this postcard back that says, “Sure.” You say, “Okay, great. Can I have the latest Tech Oversimplified episode?” Now, when my assistant receives this request, they give the episode back to you. They give you the script of the show, and they split it across multiple postcards.

You're going to find out in a minute why they're so obsessed with these tiny little postcards and why they split all of their content across them instead of just giving you a letter, like a normal person. So, you get all the pieces, and you put it back together on your side. Now you have to arrange them in the right order, you have to understand overall what you've asked for and what you're getting back, but you do, so you put it all back together into this document.

As you read through this document, you see that my assistant is referencing images and sounds and all other things that make up this episode. It's kind of strange, they didn't just put them in to begin with, but okay. So, you send more requests to ask for those, and since you know all the ones you need, you can send them largely together in one chunk. You don't have to now wait, do one at a time like you did to start off with.

So, what the heck? Why not just send it with the original thing? Well, we'll get to that, too. So, my assistant gives all the pieces back to you, again spread over multiple postcards because that is apparently their super-weird thing that they have to do. So, you assemble all of this on your side, you now have the original request, the original document, you've got all the things that the assistant referenced, and you now have all the pieces of those and you now have the full picture of what you wanted. This is largely how getting web pages work.

Okay, so that's it. That's the story. You're sending postcards and the assistant is sending you back responses. You read through those responses and you have to put together the whole picture through multiple requests.

So, it's time for concept one, IP addresses. This is Internet Protocol addresses. These are numbers, and currently, they're se...

As Japan gets ready to reopen to tourism, sustainable travel consultant JJ Walsh thinks we should rethink harmful modes of travel like *koff koff* cruises even though, historically speaking, big old boats have proven their worth when it comes to opening Japan.

Ollie apologizes for falling for the PR spin of a river boat company who has, quite literally burned bridges.

Bobby tracks down a group of riverboat dwellers, which they are very grateful for, because they were drifting away.

Topics discussed on this episode range from:

• Celebrating the glorious milestone that is our 54th episode
• JJ's show, Seeking Sustainability Live which has recently celebrated it's 100th episode
• As a category, what exactly does the "Sustainability" net cover?
• A cross show comparison of favorite and least favorite guests
• What country cares the most about sustainability?
• What Ollie should do about having accidentally concealed his Japanese ability from his Japanese roommate
• What problems will Japan face post-covid, pre-olympics if they try to reopen for tourism with Business as Usual
• JJ's OFFICIAL position on the the GoTo! Campaigns
• JJ's unreserved and perhaps ill-advised opinion on what the worst form of travel is
• What simple steps and restrictions might serve Japan well in terms of tourism
• How much energy Japan has put into creating infrastructure for international vs domestic tourism
• Why Japanese business have traditionally preferred domestic travelers
• What spurred the international tourism boom in recent years, and how Japan has been catching up
• Why Japan's tourism policies have been focused on superficial factors, and what they SHOULD be focusing on
• The three pillars of sustainability, and why it isn't just about the environment
• What is Japan's current plan for reopening
• How, yes the government/major corporations tracking everyone's movements 24/7 is terrifying, but also might help us find less crowded shrines
• What possible solutions for over-tourism in Japan might be
• The chicken-egg nature of the preferred travel style of major tour travelers
• Should countries be able to choose their ideal tourists and place restrictions on who gets to come in and why?
• Which nationality does JJ think are currently the BEST tourists?
• How the future of travel can be made to mesh with the changing Japanese population demographics
• How the government can incentivize population and TOURISM migration
• Is the Olympics gonna happen?

Topics discussed on the extras range from:

Get access to the extras by supporting the podcast for less than $1 an episode. Become a member at http://buymeacoffee.com. 

Have something you'd like to say? Send us a fax at japanbyrivercruise.com

or Tweet to us at @jbrcpod

DONATE TO:
Black Lives Matter
Official George Floyd Memorial Fund
NAACP Legal Defense Fund
Runnymede Trust
Stephen Lawrence Charitable Trust

Social Media Links:

JJ Walsh: Twitter | YouTube

Ollie Horn: Twitter | Instagram

Bobby Judo: Twitter | Instagram | YouTube

Other things to click on

Some are affiliate links because we're sell-outs

• We record remotely using Squadcast and the podcast is hosted on Transistor. 
• Bobby uses the Samson Go Mic and Ollie uses the AT2005USB mic

What do we need to know about digital security as website owners and SaaS founders? Our guest today is Michael Buckbee, the founder of Expedited Security. We talk about different aspects of security online: top risks, TLS/SSL, encryption, VPNs, bug bounties, and much more.

Podcast feed: subscribe to https://feeds.simplecast.com/4MvgQ73R in your favorite podcast app, and follow us on iTunes, Stitcher, or Google Play Music.

Show Notes

• Expedited Security, Expedited WAF — Michael's products
• Transport Layer Security — a Wikipedia article on TLS/SSL
• Penetration test — a method for evaluating security
• California Consumer Privacy Act — the new privacy bill alongside GPDR
• OWASP Top Ten — a globally recognized list of top web application security risks
• Let's Encrypt — free SSL/TLS certificates
• Public-key cryptography — a cryptographic system that uses public keys and private keys
• Encrypt.me — a VPN service
• Algo VPN — a free tool by Trail of Bits for setting up your own VPN
• Responsible disclosure — a model for disclosing vulnerabilities
• Follow Michael on Twitter: @mbuckbee

Today's Sponsor

This episode is brought to you by Lightmatter. Have you ever wondered how top companies ship new features so quickly? Or have you ever struggled to get that awesome UX and UI you were going for? That’s where Lightmatter comes in. They act as a direct extension of design and development teams at some of the world’s top companies. Whether your company needs a new brand, website, or app, they can help. Check them out at lightmatter.com/uibreakfast to learn more.

Interested in sponsoring an episode? Learn more here.

Leave a Review

Reviews are hugely important because they help new people discover this podcast. If you enjoyed listening to this episode, please leave a review on iTunes. Here's how.

בפרק זה נדבר על גניבת זהות שקרתה לחברת Equifax. חברת Equifax הינה אחת משלושת סוכנויות הדיווח האשראי הצרכניות הגדולות ביותר שמנהלת 800 מיליון לקוחות ו 88 מיליון עסקים. בגניבת הזהות נגנבו פרטים של כ 150 מיליון תושבים, גניבה שהוגדרה על ידי VentureBeat אחת מהפרות הנתונים הגדולות בהיסטוריה, נזק שהוערך במאות מיליוני דולרים. המקרה נגרם על ידי פירצה שהייתה ידועה (CVE) בספריית קוד פתוח לפיתוח ממשקי ניהול ווב, Apache Struts, הפירצה איפשרה להריץ קוד זדוני מרחוק, ובעזרתה שאבו מידע במשך 76 ימים ממגוון רחב של בסיסי נתונים. בנוסף, מוצר לזיהוי התנהגות וניתוח של הרשת שהיה אמור לזהות את גניבת המידע, לא זיהה מכיוון שתעודת ה SSL שלו פגה. נדבר על החשיבות במעקב אחרי תיקוני CVE של ספריות וקומפוננטות, וגם על תעודות SSL.

I answer a question about using TLS/SSL certificates in local development with Docker for microservices and then how to use those certs in production Docker. I talk about Let's Encrypt, Traefik, and more.

 ★Show Links ★

• Using TLS for Localhost
• Traefik with Swarm
• Traefik Proxy

You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!

Grab the best coupons for my Docker and Kubernetes courses.
Join my cloud native DevOps community on Discord.
Grab some merch at Bret's Loot Box
Homepage bretfisher.com