API Gateway deployments and the need for stages

When I started with API Gateways I thought stages were a convenient feature that allowed us to deploy multiple environments on shared resources. But when I got to using Terraform on architectures leveraging other techniques of isolation, I got puzzled at this need for binding a stage to an API. Why use them if I only needed “one stage”? Well, turns out they’re as essential a component as routes or methods. There’s no way around it.

On the other hand, custom domain name mapping can envelop the stage which means that it doesn’t have to be exposed to the users. Which is a relief, as it’s an improvement on UX (why have a /alpha or /prod subpath be an integral part of my URL if it’ll never change?)

There’s no trees without mushrooms

Certain types of fungi form mutualistic symbioses with trees and other plants with roots systems and play a major role in their survival and development. According to my textbook, about 90% of trees wouldn’t exist without these relationships called mycorrhizae (it’s only the twelfth time I’m writing this word and I’m barely getting it right).

Fungi, or mushrooms, have a lot of interesting properties.

First, they can form these massive and dense network of root-like filaments (called mycelia) that spread in the ground. Just like in cybersecurity, the wider the surface, the bigger the chance to capture data (or in this case, water and essential nutrients). Fungi can fetch these nutrients from everywhere in that mycelia area and bring them to a centralized location – ideally one that’s in direct contact with the roots of the tree, so that they are directly pumped from the mycelia to wherever they are needed in the tree.

Additionally, fungi can act as decomposers: they can feed off decaying matter and corpses. They play an instrumental role into redistributing minerals that are essential to most life on Earth and that are yet found in rather small quantities in the environment. Without fungi to break down dead matter into smaller molecules, there wouldn’t be enough nutrients such as nitrogen or phosphorus for plants and animals to meet their nutritional requirements.

(And the way they break down corpses is also quite funky: these fungi are said to digest before they ingest. You know how acids and other liquids called enzymes are needed for our stomach to process the food we ingest? Well, these fungi project those liquids outside their bodies and onto the food that’s just laying nearby. The enzymes metabolise the matter in the external environment and when the molecules are small enough to be transported back into the fungal cells, they are allowed passage via these gated doors (protein channels) and with the help of the moisture from the ground (water as a universal solvant). So basically, fungi barf on the ground, everything affected decomposes, and then they reabsorb their vomit that’s now rich in nutrients. Then they share it with their friends which feed off it. Poetic, no?)

And as if that wasn’t enough, fungi protect trees from various pathogens. Remember penicillin, the chad substance that Louis Pasteur discovered to destroy disease-causing bacteria? It’s produced by a mould. And moulds are what? Fungi. They feed on a multitude of bacteria strains that are potentially life-threatening to the trees and as a result build some sort of shield around them.

In exchange trees provide mushrooms with energy (they are heterotrophs which means that contrarily to trees which can just see some sunlight and pretty much produce all the energy they need, fungi must fetch their nutrients from the outside world). Still via these connections between the roots and the mycelia, trees share the produce of photosynthesis i.e. glucose and other cool carbon-based molecules the fungi feed on.

Apparently mycorrhizae could also be the way trees communicate with each other but I haven’t learned enough about to feel confident talking about it.

OWASP’s crash course in hacking

I was extremely lucky to be able to attend a training in the basics of web security during the last OWASP event from my area. Aside from being presented with a detailed explanation and pertinent examples for all of the most common attacks on the web, I was taught about the project WebGoat. The folx at OWASP developed a deliberately insecure web server so that you can train and try to reproduce various attacks, ranging from SQL injection to replay attacks.

Definitely give WebGoat a try, it’s a very useful tool to learn about pentesting in a meaningful way (especially since it’s not like you could try on actual websites 👀) (seriously, don’t)