lingo.lol is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for linguists, philologists, and other lovers of languages.

Server stats:

66
active users

#SecureCoding

0 posts0 participants0 posts today

Is Node.js the future of backend development, or just a beautifully wrapped grenade?

Lately, I see more and more backend systems, yes, even monoliths, built entirely in Node.js, sometimes with server-side rendering layered on top. These are not toy projects. These are services touching sensitive PII data, sometimes in regulated industries.

When I first used Node.js years ago, I remember:
• Security concepts were… let’s say aspirational.
• Licensing hell due to questionable npm dependencies.
• Tests were flaky, with mocking turning into dark rituals.
• Behavior of libraries changed weekly like socks, but more dangerous.
• Internet required to run a “local” build. How comforting.

Even with TypeScript, it all melts back into JavaScript at runtime, a language so flexible it can hang itself.

Sure, SSR and monoliths can simplify architecture. But they also widen the attack surface, especially when:
• The backend is non-compiled.
• Every endpoint is a potential open door.
• The system needs Node + a fleet of dependencies + a container + prayer just to run.

Compare that to a compiled, stateless binary that:
• Runs in a scratch container.
• Requires zero runtime dependencies.
• Has encryption at rest, in transit, and ideally per-user.
• Can be observed, scaled, audited, stateless and destroyed with precision.

I’ve shipped frontends that are static, CDN-delivered, secure by design, and light enough to fit on a floppy disk. By running them with Node, I’m loading gigabytes of unknown tooling to render “Hello, user”.

So I wonder:
Is this the future? Or am I just… old?

Are we replacing mature, scalable architectures with serverless spaghetti and 12-factor mayhem because “it works on Vercel”?

Tell me how you build secure, observable, compliant systems in Node.js.
Genuinely curious.
Mildly terrified and maybe old.

🎙️ Going Live in 15 Minutes — Come Join Us!

I’m about to tune in for a live ITSPmagazine webinar that dives into a topic I truly care about:

Secure Coding = Developer Empowerment

It’s not just about reducing risk — it’s about investing in developers, boosting velocity, and building better software from the start.

🗓️ Today – April 18

🎙️ Hosted by ITSPmagazine

💡 In partnership with Manicode Security

Jim Manico

Jimmy Mesta 🤙

Sean Martin, CISSP

Will be talking about:

✅ Why most developers never get proper secure coding training

✅ How to get leadership buy-in for better dev security

✅ Why this isn’t just security—it’s a career boost

If you’ve got time, join us live. If not, watch it on demand. Either way, it’s a conversation worth having.

👉 Join here:

crowdcast.io/c/secure-coding-e

#ApplicationSecurity, #DeveloperEmpowerment, #SecureCoding, #DevSecOps, #softwaresecurity, #cybersecurity, #infosec, #ITSPmagazine

crowdcastSecure Coding = Developer Power: How to Convince Your Boss to Invest in You — An ITSPmagazine Webinar with Manicode SecurityRegister now for Secure Coding = Developer Power: How to Convince Your Boss to Invest in You — An ITSPmagazine Webinar with Manicode Security on crowdcast, scheduled to go live on April 16, 2025, 12:30 PM EDT.

Yes, it is true! 😏 🎙️💻 It’s Webinar Time! Secure coding isn’t just about writing safer software—it’s a career game-changer.

But most companies don’t invest in secure coding training, leaving developers without the skills they need to protect their apps.

Join us live on April 16, 2025, for an ITSPmagazine Webinar where we’ll explore how to change that.

💡 Secure Coding = Developer Power: How To Convince Your Boss To Invest In You

With:
🎙️ Jim Manico, Manicode Security
🎙️ Jimmy Mesta 🤙, RAD Security
🎙️ Moderated by yours truly — Sean Martin, CISSP

👉 Register here: crowdcast.io/c/secure-coding-e

Why You Should Attend
Secure coding isn’t just about preventing security failures—it’s a career accelerator. Developers who understand security are more valuable to their companies, build better products, and stand out in the job market. This session will equip you with the knowledge and tools to make the case for secure coding training at your company, giving you an edge as both a developer and an advocate for better software security.

We’ll cover:
🔐 Live code reviews & secure fixes
🔧 Automation tips for secure defaults
📚 What effective training really looks like

If you care about building secure software and stronger engineering teams, don’t miss this one.

👉 Register here: crowdcast.io/c/secure-coding-e

crowdcastSecure Coding = Developer Power: How to Convince Your Boss to Invest in You — An ITSPmagazine Webinar with Manicode SecurityRegister now for Secure Coding = Developer Power: How to Convince Your Boss to Invest in You — An ITSPmagazine Webinar with Manicode Security on crowdcast, scheduled to go live on April 16, 2025, 12:30 PM EDT.

Yes, it is true! 😏
🎙️💻 It's Webinar Time!

... and we’re back with another ITSPmagazine Thought Leadership Webinar — because impactful conversations and meaningful perspective exchanges are what we’re all about.

🚀 After the success of our debut session “AI In Healthcare: Who Benefits, Who Pays, And Who’s At Risk?” (missed it? Watch it on demand 👉 crowdcast.io/c/ai-in-healthcar) —we’re diving back in with a brand-new conversation focused on the heart of what drives our work: cybersecurity, technology, and society.

💡 Secure Coding = Developer Power: How To Convince Your Boss To Invest In You An ITSPmagazine Webinar With Manicode Security 🗓️ April 16, 2025

We’re honored to welcome two brilliant minds joining Sean Martin, CISSP — yes, of course, he’s pretty sharp too 😬 — for this one:

🎙️💥 Jim Manico, Founder and Secure Coding Educator at Manicode Security
🎙️💥 Jimmy Mesta 🤙, Course Instructor for Manicode and CTO at RAD Security

Why does #securecoding still feel like an afterthought? This session tackles that question head-on—covering why most companies don’t invest in secure coding training, how developers can advocate for themselves, and how this skillset can seriously boost your career. We’ll even get into some live code reviews and automation demos you won’t want to miss.

🔐💥 Secure Coding = Developer Power: How To Convince Your Boss To Invest In You
🗓️💥 LIVE: April 16, 2025
📍💥 REGISTER HERE: crowdcast.io/c/secure-coding-e

Be sure to share this with your fellow #developers, coworkers, and anyone who cares about building safer software and smarter teams. This is your chance to invest in yourself—and help your company do the same.

LET'S go, we can do this!!! 🤘😬✨

#webinar, #securecoding, #developerlife, #cybersecurity, #infosec, #softwaresecurity, #devsecops, #itspmagazine #infosecurity #tech #technology #software #programmers

"(In)Secure C++" live public online training Aug 8th - 11th (CET)

In this 4-day training I teach how C and C++ applications can be exploited, and how you can find vulnerabilities that can be exploited. Frequently referred to as the "best training I have ever attended" by students.

Sign up, seats are limited. 20% discount on bookings of 2 or more seats, example: 2000€ for one seat, 3200€ for two.

#cpp #securecoding #hacking
turtlesec.no/blog/insecure-cpp

TurtleSec(In)Secure C++Understanding Exploitation to Find and Fix Vulnerabilities
We at the NSA would like to express our sincere frustration with the rising popularity of Rust. As a government agency that thrives on finding vulnerabilities and exploits in software, we can't help but feel discouraged by the language's memory safety and concurrency features.

Gone are the days where we could easily exploit null pointer errors and race conditions in C++ code. Rust has made it nearly impossible for us to find these types of vulnerabilities, leaving us with less and less to work with.

We understand that this may be good news for the software industry and its users, but it's a real blow to our mission here at the NSA. We can only hope that the next programming language trend will be less security-focused, so we can get back to our old tricks.

In all seriousness, we do recognize the importance of secure software and applaud the efforts of the Rust community in promoting safe coding practices. We may have to find new ways to approach our work, but ultimately, a more secure digital world benefits everyone.

#RustLang #SecureCoding #SoftwareSecurity #NSA #ProgrammingLanguages #MemorySafety #Concurrency #Exploits #Vulnerabilities #DigitalSecurity #CyberSecurity