Gonçalo Valério

Blog

blog.ovalerio.net/

Profile

blog.ovalerio.net/archives/aut

Homepage

ovalerio.net

  • Playing with maps

    I’ve always been astonished about how well mapping apps work. Sure, when Google Maps was first released the sense of wonder was much greater than it is nowadays, nevertheless it is still impressive. The number of situations when/where this kind of software becomes handy is huge, from the well-known GPS guides to even games (remember…

  • What to use for “TOTP” in 2023?

    At the start of last week, we received great news regarding new improvements to a very popular security app, “Google Authenticator”. A feature it was lacking for a long time was finally implemented, “cloud backups”. However, after a few days, the security community realized the new feature wasn’t as good as everybody was assuming. It…

  • New release of “inlinehashes”

    Last year, I built a small tool to detect inline styles and scripts in a given webpage/document and then calculate their hashes. It can be useful for someone trying to write a strict “Content-Security-Policy” (CSP) for pre-built websites. I described the reasoning at the time in this blog post. Today, I’m writing to announce that…

  • Cleaning my follow list using “jacanaoesta”

    Last year we saw the rise of the Fediverse. Mostly because of a series of external events, that ended up pushing many people to try other alternatives to their centralized platform of choice. Mastodon was clearly the software component that got most attention and has been under the spotlight in the last few months. It…

  • Secure PostgreSQL connections on your Django project

    Last week, an article was published with some interesting numbers about the security of PostgreSQL servers publicly exposed to the internet (You can find it here). But more than the numbers, what really caught my attention was the fact that most clients and libraries used to access and interact with the databases have insecure defaults:…

  • Preparing for Hacktoberfest

    It already starts tomorrow… the next edition of “Hacktoberfest”. For those who don’t know, it basically is an initiative that incentivizes participants to contribute to open-source software. During the month of October, those who do 4 contributions or more, can either receive a t-shirt or opt for a tree to be planted in their name.…

  • Shutting Down Webhook-logger

    A few years ago I built a small application to test Django’s websocket support through django-channels. It basically displayed on a web page in real time all the requests made to a given endpoint (you could generate multiple of them) without storing anything. It was fun and it was very useful to quickly debug stuff…

  • Controlling the access to the clipboard contents

    In a previous blog post published earlier this year I explored some security considerations of the well known “clipboard” functionality that most operating systems provide. Long story short, in my opinion there is a lot more that could be done to protect the users (and their sensitive data) from many attacks that use of clipboard…

  • Django Friday Tips: Less known builtin commands

    Django management commands can be very helpful while developing your application or website, we are very used to runserver, makemigrations, migrate, shell and others. Third party packages often provide extra commands and you can easily add new commands to your own apps. Today lets take a look at some less known and yet very useful…

  • Inlineshashes: a new tool to help you build your CSP

    Content-Security-Policy (CSP) is an important mechanism in today’s web security arsenal. Is a way of defending against Cross-Site Scripting and other attacks. It isn’t hard to get started with or to put in place in order to secure your website or web application (I did that exercise in a previous post). However when the systems…

  • Django Friday Tips: Admin Docs

    While the admin is a well known and very useful app for your projects, Django also includes another admin package that isn’t as popular (at least I never seen it being heavily used) but that can also be quite handy. I’m talking about the admindocs app. What it does is to provide documentation for the…

  • Who keeps an eye on clipboard access?

    If there is any feature that “universally” describes the usage of computers, it is the copy/paste pattern. We are used to it, practically all the common graphical user interfaces have support for it, and it magically works. We copy some information from one application and paste into another, and another… How does these applications have…

  • Django Friday Tips: Deal with login brute-force attacks

    In the final tips post of the year, lets address a solution to a problem that most websites face once they have been online for a while. If you have a back-office or the concept of user accounts, soon you will face the security problem of attackers trying to hack into these private zones of…

  • worker-planet was awarded a swag box

    If you remember, back in June/July I worked on a small project to make it easy to build small community pages that aggregate content produced from many sources. As I shared in the post, worker-planet was built to run on “Cloudflare Workers” without the need to manage a server yourself. A short time afterwards I…

  • Tools I’m thankful for

    In the spirit of thanksgiving, even though it isn’t a tradition here where live, and following the same path as some posts I’ve read today, here’s 5 software tools I’m thankful for. (Of course this is not a comprehensive list, but today these are the ones that come to my mind) Syncthing This tool basically…