new resources on deployment, security and shell scripting

mattmakai · mattmakai · commit cde94bdb33a2 · 2018-09-14T15:12:46.000-04:00
diff --git a/content/pages/01-introduction/08-best-python-resources.markdown b/content/pages/01-introduction/08-best-python-resources.markdown
@@ -187,6 +187,10 @@ the [best Python videos](/best-python-videos.html) page.
   awesome-python although instead of just a Git repository this site is
   in the Read the Docs format.
 
+* [Hacker News Tools of the Trade](https://github.com/cjbarber/ToolsOfTheTrade)
+  is not specific to Python but almost all of the tools and services are
+  useful to building software projects.
+
 
 ## Podcasts
 Take a look at the [best Python podcasts](/best-python-podcasts.html)
diff --git a/content/pages/02-development-environments/06-jupyter-notebook.markdown b/content/pages/02-development-environments/06-jupyter-notebook.markdown
@@ -171,3 +171,12 @@ like advanced interactive visualizations.
 * [Ansible-jupyter-kernel](https://github.com/ansible/ansible-jupyter-kernel)
   is a kernel that allows you to run [Ansible](/ansible.html) tasks and 
   playbooks from within your Jupyter environment.
+
+* [The Notebook Wars](https://yihui.name/en/2018/09/notebook-war/) is not a
+  tutorial but instead points to the weaknesses that become apparent when
+  using Jupyter and the current generation of notebook projects. The
+  article raises many good points about barriers to entry although you
+  could also argue some of these issues have been mitigated by Jupyter, just
+  not as much as some people would like to see. Overall there is a lot to
+  enjoy reading here and reflect on so that the community can continue making
+  Jupyter a fantastic environment for development.
diff --git a/content/pages/02-development-environments/08-bash-shell.markdown b/content/pages/02-development-environments/08-bash-shell.markdown
@@ -73,3 +73,8 @@ during Python software development as part of a programmer's
   is a guide on using using Python for administrative scripting, including
   what to do about replacing invaluable command line tools such as `awk`, 
   `sed` and `grep`.
+
+* [Using Aliases to Speed Up Your Git Workflow](https://dev.to/robertcoopercode/using-aliases-to-speed-up-your-git-workflow-2f5a)
+  has a bunch of shell aliases that make it easier for you to execute
+  complicated or uncommon [Git](/git.html) commands.
+
diff --git a/content/pages/02-development-environments/10-powershell.markdown b/content/pages/02-development-environments/10-powershell.markdown
@@ -45,3 +45,7 @@ of a Python programmer's
   Functions. The language is only in experimental mode on Azure Functions 
   but could be useful if you have a bunch of existing scripts that you want
   to use on the [serverless](/serverless.html) platform.
+
+* [PowerShell Core support in AWS Lambda](https://aws.amazon.com/blogs/developer/announcing-lambda-support-for-powershell-core/)
+  is an announcement post that PowerShell can be used in AWS Lambda Functions
+  along with how to get started.
diff --git a/content/pages/03-data/06-sqlalchemy.markdown b/content/pages/03-data/06-sqlalchemy.markdown
@@ -119,6 +119,10 @@ your application's code with the SQLAlchemy library.
   [morepath-sqlalchemy demo](https://pypi.org/project/morepath-sqlalchemy/)
   that serves as a working example.
 
+* [Merging Django ORM with SQLAlchemy for Easier Data Analysis](https://djangostars.com/blog/merging-django-orm-with-sqlalchemy-for-easier-data-analysis/)
+  has details on why, how and when you may want to use SQLAlchemy to
+  augment the [Django ORM](/django-orm.html).
+
 
 ### SQLAlchemy resources
 The best way to get comfortable with SQLAlchemy is to dig in and write
diff --git a/content/pages/03-data/08-django-orm.markdown b/content/pages/03-data/08-django-orm.markdown
@@ -90,6 +90,10 @@ that have been added throughout the project's history.
   avoid with `ForeignKey` field relationships, handling IDs and many other 
   edge cases that come up when frequently working with Django's ORM.
 
+* [Merging Django ORM with SQLAlchemy for Easier Data Analysis](https://djangostars.com/blog/merging-django-orm-with-sqlalchemy-for-easier-data-analysis/)
+  provides rationale for using the [SQLAlchemy](/sqlalchemy.html) ORM
+  instead of Django's default ORM in some situations.
+
 * [Working with huge data sets in Django](https://blog.labdigital.nl/working-with-huge-data-sets-in-django-169453bca049)
   explains how to slice the data you retrieve by query into pages and then
   use `prefetch_related` on a subset of the data rather than your whole
diff --git a/content/pages/03-data/12-mongodb.markdown b/content/pages/03-data/12-mongodb.markdown
@@ -62,6 +62,11 @@ security controls so make sure to lock down your instances.
   installing and using MongoDB on your own instance. The post covers 
   authentication, SSL and firewalls.
 
+* [Securing MongoDB using Let's Encrypt certificate](https://zohaib.me/securing-mongodb-using-lets-encrypt/)
+  gives a configuration that encrypts that traffic coming from and
+  going to your MongoDB instances using free 
+  [Let's Encrypt certificates](https://letsencrypt.org/).
+
 
 ### Python with MongoDB resources
 MongoDB is straightforward to use in a Python application when a driver
@@ -88,3 +93,9 @@ configure and start using MongoDB with Python.
 * [Python and MongoDB](https://talkpython.fm/episodes/show/2/python-and-mongodb)
   on the Talk Python to Me podcast has a great interview with the 
   MongoDB Python driver maintainer.
+
+* [PyMongo Monday: Setting Up Your PyMongo Environment](https://www.mongodb.com/blog/post/pymongo-monday-setting-up-your-pymongo-environment)
+  is an introduction to using MongoDB with Python code. This first
+  part of the series shows how to set up the 
+  [development environment](/development-environment.html) required
+  for working with Mongo.
diff --git a/content/pages/03-data/16-pandas.markdown b/content/pages/03-data/16-pandas.markdown
@@ -34,3 +34,8 @@ is a data structures and analysis library.
   is a good tutorial on removing sensitive data from your unfiltered 
   data sets.
 
+* [Analyzing a photographer's flickr stream using pandas](https://www.turbowhale.com/posts/analyze_flickr_stream_pandas/)
+  explains how the author grabbed a bunch of Flickr data using the 
+  [flickr-api](https://github.com/alexis-mignon/python-flickr-api) library
+  then analyzed the EXIF data in the photos using pandas.
+  
diff --git a/content/pages/04-web-development/43-webrtc.markdown b/content/pages/04-web-development/43-webrtc.markdown
@@ -45,6 +45,14 @@ browser) and server (usually a [web server](/web-servers.html)).
   great overview of WebRTC and the new security concerns it can bring as it
   is integrated into more web applications.
 
+* [How Discord Handles Two and Half Million Concurrent Voice Users using WebRTC](https://blog.discordapp.com/how-discord-handles-two-and-half-million-concurrent-voice-users-using-webrtc-ce01c3187429)
+  provides detailed insight into the what and why of the highly scalable
+  [Discord](https://discordapp.com/) technical architecture that relies
+  upon WebRTC for communication. There are a bunch of great examples here
+  for why some of the service must be centralized (to prevent client IP 
+  addresses from leaking to other clients) while others are decentralized
+  to assist with scaling the number of possible connections.
+
 * [Architectures for a kickass WebRTC application](https://www.youtube.com/watch?v=m9QxBc0OeoI)
   is a video of a technical talk that covers some of the tools and protocols 
   that can be used to create your WebRTC projects and why you would choose 
diff --git a/content/pages/04-web-development/55-web-app-security.markdown b/content/pages/04-web-development/55-web-app-security.markdown
@@ -14,18 +14,42 @@ treatment, such as cross-site scripting (XSS), SQL injection, cross-site
 request forgery and usage of public-private keypairs.
 
 
-## Security open source projects
+### Security tools
 * [Bro](http://www.bro.org/) is a network security and traffic monitor.
 
-* [quick NIX secure script](https://github.com/marshyski/quick-secure) for
-securing Linux distributions.
-
-* [lynis](https://github.com/CISOfy/lynis) is a really cool security audit
-  tool that can be run as a shell script on a Linux system to find out
+* [lynis](https://cisofy.com/lynis/) 
+  ([source code](https://github.com/CISOfy/lynis)) is a security 
+  audit tool that can run as a shell script on a Linux system to find out
   its vulnerabilities so that you can fix them instead of allowing them
   to be exploited by malicious actors.
 
-## HTTPS resources
+* [Charles](https://www.charlesproxy.com/) is an HTTP proxy for inspecting
+  headers, requests and responses for all traffic that flows through it.
+
+* [quick NIX secure script](https://github.com/marshyski/quick-secure) for
+  securing Linux distributions.
+
+* [TLS Observatory](https://github.com/mozilla/tls-observatory) provides
+  a suite of security tools for analyzing and inspecting Transport Layer
+  Security (TLS) services.
+
+* [WIG](https://github.com/6e726d/WIG) contains tools for gathering wireless
+  data via Wifi protocols.
+
+
+### Specific vulnerabilities
+* [httpoxy](https://httpoxy.org/) is a set of vulnerabilities that can affect
+  Python web application servers via HTTP requests.
+
+* [Heartbleed](http://heartbleed.com/) is a vulnerability in OpenSSL 
+  implementations that must be patched for any systems you run otherwise
+  you are at serious risk for data leakage.
+
+* [Meltdown and Spectre](https://meltdownattack.com/) are x86 architecture
+  problems caused by exploiting CPU branch-prediction implementations.
+
+
+### HTTPS resources
 * [How does HTTPS actually work?](http://robertheaton.com/2014/03/27/how-does-https-actually-work/)
   is a well-written overview of the protocol including certificates, 
   signatures, signing and related topics.
@@ -75,6 +99,11 @@ securing Linux distributions.
   [cheat sheets for security](https://www.owasp.org/index.php/Cheat_Sheets) 
   topics.
 
+* [The SaaS CTO Security Checklist](https://cto-security-checklist.sqreen.io/)
+  is an awesome list of steps for securing your infrastructure and employees
+  as well as what stage and size company it is recommended that you put those
+  procedures in place.
+
 * This page contains a
   [fantastic curated list of security reading material](http://dfir.org/?q=node/8/)
   from beginning to advanced topics.
@@ -135,6 +164,9 @@ securing Linux distributions.
   how those attacks work is important in keeping your users' connections
   secure.
 
+* [Let's Encrypt at Scale](https://engineering.autotrader.co.uk/2018/09/04/letsencrypt-at-scale.html)
+  shows an implementation for securing thousands of sites with SSL 
+  certificates to support HTTPS everywhere.
 
 ## Web security learning checklist
 1. Read and understand the major web application security flaws that are
diff --git a/content/pages/05-deployment/00-deployment.markdown b/content/pages/05-deployment/00-deployment.markdown
@@ -67,6 +67,11 @@ guide as they are considered advanced deployment techniques.
 * [Deploying Software](https://zachholman.com/posts/deploying-software)
   is a long must-read for understanding how to deploy software properly.
 
+* [Hands-off deployment with Canary](https://developers.soundcloud.com/blog/hands-off-deployment-with-canary)
+  explains how SoundCloud automates their deployment process and uses
+  canary builds to identify and roll back issues to mitigate reliability
+  issues that can occur with shipping software at scale.
+
 * [Practical continuous deployment](http://blogs.atlassian.com/2014/04/practical-continuous-deployment/)
   defines delivery versus deployment and walks through a continuous deployment
   workflow.
diff --git a/static/img/180914-flask-okta/header.jpg b/static/img/180914-flask-okta/header.jpg
