Working Code | RedCircle
show-image

Working Code

Water-cooler conversation about web-development. We want to entertain, inspire, and motivate you -- or to put it another way, make your coding career more enjoyable.

Episodes

094: Disagree And Commit
Show Details52min 18s
093: Sounds Easy! Sure Isn't
Show Details50min 58s
092: The Power of No
Show Details52min 24s
091: Side Project Therapy
Show Details51min 41s
090: Passion Projects and Beer Money - Side Hustles
Show Details1hr 4min
089: What Makes a Good Roadmap?
Show Details1hr 2min
088: //todo: documentation
Show Details58min 45s
087: Note To Self v0.2.0
Show Details53min 1s
086: The Working Code Test
Show Details1hr 21min
085: Shipping Complexity
Show Details1hr 1min
084: The Architectural Support Team with Jason Henriksen
Show Details48min 56s
083: Alternate Timelines
Show Details39min 46s
082: GitHub Copilot - Is It Worth It?
Show Details54min 37s
081: Total Randos
Show Details47min 8s
080: Other Duties As Assigned
Show Details48min 20s
079: Potluck #5
Show Details59min 47s
078: UX - Pushing Users Into The Pit of Success
Show Details59min 29s
077: Mid-Manager Blues
Show Details44min 6s
076: Ben Needs A Minute
Show Details57min 39s
075: What Problem Does This Solve?
Show Details49min 27s
074: What's On Your Workbench?
Show Details58min 19s
073: Our Golden Parachute
Show Details37min 2s
072: Too Many Hats
Show Details57min 31s
071: Potluck #4
Show Details1hr
070: Self Reflections
Show Details44min
069: Now I'm Catching Events
Show Details38min 27s
068: Hire Women, Inspire Women
Show Details1hr
067: We Have Feelings On Logging
Show Details38min 41s
066: Make Meetings Suck Less
Show Details46min 58s
065: TDD In the Trenches with Scott Stroz
Show Details41min 47s
064: Should I Stay Or Should I Go?
Show Details40min 9s
063: Nobody Makes It Out Alive!
Show Details33min 20s
062: Note To Self
Show Details1hr 8min
061: Software Is For People
Show Details51min 11s
060: Technical Debt
Show Details1hr
059: Everything Old Is New Again
Show Details54min 45s
058: Do 10x Developers Exist?
Show Details53min 27s
057: Goals for 2022
Show Details54min 40s
056: Best of 2021
Show Details1hr 8min
055: Sales Fails
Show Details50min 25s
054: We're So Quacked
Show Details41min 41s
053: Product Management with Adam Lehman
Show Details39min 18s
052: Starting Your Own Business, with Steve Rittler
Show Details1hr 15min
051: You Are Replaceable
Show Details36min 31s
050: Where Do You See Yourself in 5 Years?
Show Details52min 49s
049: Revisiting Replatforming - There Is No Correct Answer
Show Details49min 31s
048: // TODO: Microwave ToDo List
Show Details56min 17s
047: Email Ruins Everything
Show Details56min 2s
046: Secrets Management vs. Premature Optimization
Show Details44min 15s
045B: The Aftershow
Show Details24min 43s
045: Join Our Discord
Show Details10min 57s
044: Facebook's No Good Very Bad Week
Show Details55min 5s
043: Relay Race Programming
Show Details50min 8s
042: Potluck #3
Show Details51min 53s
041: The Third Age of JavaScript, with Shawn @Swyx Wang
Show Details1hr 9min
040: Automaticity Is a Weird Word
Show Details41min 59s
039: Ben's Future at InVision
Show Details51min 54s
038: Holding Developers Accountable
Show Details57min 54s
037: Brian Klaas Talks Cloud
Show Details1hr 17min
036: Blogs and Digital Gardens
Show Details58min 32s
035: Being a Swamp Guide
Show Details47min 39s
034: Some of My Best Friends Are React Developers!
Show Details44min 18s
033: Software Patents
Show Details42min 35s
032: What Comes After Senior Developer?
Show Details49min 52s
031: To The Cloud! But Why?
Show Details1hr 1min
030: Carol's Consult Catch-Up Conversation
Show Details48min 34s
029: Potluck #2
Show Details46min 8s
028: Buy vs. DIY
Show Details47min 30s
027: Giving Technical Presentations
Show Details34min 15s
026: Passwords
Hide Details59min 6s

This week, the crew talks about passwords. Web applications store a great deal of sensitive information. But, there is something categorically different about storing passwords. Because—if compromised—a password from one application may grant a malicious actor access to another application. As such, it is essential that we store our customers' passwords using modern, one-way hashing algorithms that protect the underlying payload against increasingly powerful compute resources. And, that we have a way to evolve our password hashing strategies in order to stay a step ahead of potential attackers.

Of course, sometimes the best password hashing strategies is to not store a password at all. Using a "passwordless login" allows you to defer the responsibility of password storage off to another, trusted vendor.

Also, we've been doing this podcast for half-a-year! How awesome is that! Yay for us!

Triumphs & Failures

  • Adam's Failure - While Adam has been quite keen on Testing code, he recently ran into a testing scenario that he found very challenging. And, he ended up taking half-a-day to refactor already working code just so that he could add the tests. In the long run, it wasn't a waste of time; but, it was a very humbling experience in the moment.
  • Ben's Triumph - After weeks of struggling to debug an authentication issue within a Sketch plug-in, Ben and his team finally figured out what was going wrong! As fate would often have it, Ben was the engineer that originally wrote the problematic code - so, that was unfortunate. But, at least they figured out how to fix the user experience!
  • Carol's Failure - Carol has been having trouble walking away from problems even when she feels stuck. So, instead of stepping back and clearing her head, she continues to beat it against the wall (often to no avail). She knows this is counterproductive; but, sometimes she gets lost in the details.
  • Tim's Triumph / Failure - Tim finds himself coasting this week. Nothing has been all that note-worthy; either in triumph or in failure.

Notes & Links

  • OWASP Password Cheat Sheet - industry standard best practices for storing passwords - covers Argon2, BCrypt, SCrypt, and PBKDF2.
  • Have I Been Pwned - a service that tells you if your password has been exposed in a data breach.
  • 1Password - the world's most-loved password manager.
  • Authy - a user-friendly two-factor authentication app.
  • Shibboleth - an identity provider solution.
  • OAuth - a standard for granting access to a website or application without having to provide it with your password.
  • SAML - a standard for exchanging authentication between parties.
  • Diceware - a method for generation secure, random passwords using playing dice.
  • NIST Password Guidelines - Auth0 explains new passwords guidelines from NIST.
  • Single Sign-On (SSO) - an authentication scheme in which one login grantes access to several, unrelated applications.
  • Netlify Identity Management - a solution for user management in a Netlify app.
  • Firebase Identity Management - a solution for user management in a Firebase app.
  • XKCD: Password Strength - A web comic about how we make passwords hard for people but easy for computers.

Follow the show! Our website is workingcode.dev and we're @WorkingCodePod on Twitter and Instagram. Or, leave us a message at (512) 253-2633‬ (that's 512-253-CODE). New episodes drop weekly on Wednesday.

And, if you're feeling the love, support us on Patreon.

59min 6s
Published Jun 9, 2021 at 11:00am
025: Breaking Up With Your Stack
Show Details1hr 1min
024: The Archetype of an Effective Developer
Show Details1hr 25min
023: Book Club #1 Clean Code by "Uncle Bob" Martin (pt2)
Show Details1hr 6min
022: Book Club #1 Clean Code by "Uncle Bob" Martin (pt1)
Show Details1hr 11min
021: Listener Questions #2
Show Details1hr 21min
020: Carol Needs a Consult
Show Details58min 15s
019: Makefiles
Show Details1hr 15min
018: Feature Flags (Finally!)
Show Details1hr 25min
017: Premature Optimization
Show Details53min 47s
016: Interviewing
Show Details1hr 16min
015: Potluck #1
Show Details1hr 22min
014: Zen and the Art of Pull Requests
Show Details1hr 12min
013: Do What You Love And You'll Never Work A Day In Your Life
Show Details46min 51s
012: Idiomatic Code
Show Details42min 3s
011: Listener Questions #1
Show Details1hr 10min
010: Scaling
Show Details1hr 9min
009: Testing
Show Details58min 13s
008: Origin Stories Pt 2
Show Details1hr 11min
007: Origin Stories Pt 1
Show Details58min 5s
006: Hopes for 2021
Show Details57min 13s
005: Monolith vs. Microservices
Show Details42min 44s
004: Impostor Syndrome
Show Details1hr 18min
003: Burnout, Mental Exhaustion, and Productivity
Show Details1hr 4min
002: Working from home
Show Details54min 24s
001: Adam's Secret Shame
Show Details1hr 8min
000: Hello, World!
Show Details8min 4s