Author Archives: Joseph Auger

Companies and API Security

I recently wrote about an article that discussed important security practices for implementing APIs. Security seems like something that could not be overlooked by major companies, but 65 percent of Forbes AI 50 companies have leaked verified secrets on GitHub. Supposedly, VS Code extensions keep making things such as API keys, tokens, and other digital credentials known when uploaded to GitHub. One of the researchers attributes this partially to “vibe coding”. Recently, it has been discovered that LLMs have been able to give up API keys with certain prompts. With the rise of the usage of LLMs, this can be incredibly dangerous for these companies. Wiz is a security company that sells secret scanning as a service. It was recently purchased by Google for $32 billion. Wiz found that the most common sources of these leaks were Jupyter Notebooks, Python files, and environment files. The keys and tokens found in these leaks are ones that could cause for severe issues for these companies. These keys could also expose training data that may include sensitive business data. Wiz says that multiple companies who were found to have these leaks were notified about the exposures, but half the security disclosures either couldn’t be delivered or received no response. The article ends by saying: “The first step toward solving your secret exposure problem is admitting that you have a problem.”

This was very surprising to me. As I have been learning about APIs, I have realized how important it is to ensure that everything is secure. When I had read the other day about API security practices, I thought that these were standard practices that companies would not omit. When I had seen this article, I figured that I had to read it. It was such a shock to me that high-level tech companies would omit such an important step in API implementation at such a high rate. To make matters worse, many of them did not attempt to clean this issue up. The last line of the article really stood out to me. I couldn’t imagine being a part of such an important company and ignoring such a large issue. As AI continues to grow, I believe the companies that make an effort to keep their systems secure will be the ones that flourish. Overall, this article opened my eyes to a lot. It seems to me that it is good that I am learning about APIs now, as large AI companies still have a lot to learn as well.

https://www.theregister.com/2025/11/10/ai_companies_private_api_keys_github/

From the blog CS@Worcester – Auger CS by Joseph Auger and used with permission of the author. All other rights reserved by the author.

API Security Practices

As we continue to study API implementation in my CS343 class, I find it important to continue to learn more about the subject. I came across this article that discusses 11 security practices for API implementation. A statistic I found interesting that is brought up at the beginning of the article is that APIs now account for more than 80% of internet traffic. The first practice listed is continuous API discovery. This means automating processes that catalog APIs across your infrastructure in real time. Doing this helps prevent the deployment of shadow APIs. The next practice is encrypting traffic in every direction. This one seems fairly obvious, but it is something that cannot be forgotten. The article also lists some key encryption requirements. Authentication and authorization are very important practices for API implementation as well. This allows for control over the usage of the APIs in the system, and it protects the user by keeping their primary credentials hidden to prevent theft and misuse. Using the Principle of Least Privilege is another good practice. Granting users the least amount of privilege necessary to use the system prevents damage from a malicious user. Documentation is also very important to help other developers maintain the system in a safe way. You must also validate your data to help protect against injection attacks. Make sure to limit data exposure as well. Data breaches are an issue that no one wants to deal with. The article lists a few more practices that are important for security in systems that use APIs.

This particular article stuck out to me because, as I said in the beginning, we are learning about API implementation in my CS343 class. Knowing the typical security practices for implementing APIs is imperative for creating a good system. It’s something that many may overlook, but cannot be omitted. I myself had failed to consider the potential security risks of implementing APIs. This article gave good insights on the security risks and how to prevent them. This was definitely worth the time it took to read and understand. It is always important that the data going through your system is protected to ensure that the users have a problem free experience. The problems that could possibly arise from a lack of security could result in huge losses for a company deploying these systems. As someone who has not had to deal with that kind of risk yet, I believe it is important I learn about these potential issues before it becomes too late.

https://www.wiz.io/academy/api-security-best-practices

From the blog CS@Worcester – Auger CS by Joseph Auger and used with permission of the author. All other rights reserved by the author.

OpenAPI and Cloud POS

I came across an article from Oracle that talks about the benefits of a cloud POS system that uses an OpenAPI backend. It starts by highlighting the importance of having a cloud POS system in a restaurant. The biggest benefits are its responsiveness, scalability, and security. It allows businesses to add and drop menu items with ease, and prioritize orders in the kitchen. It comes with built-in analytics to help them make decisions. Oracle tells about how Simphony, their cloud POS system, has local storage to allow the system to continue working through internet outages. Next, they compare OpenAPI to private API. The main difference is that OpenAPI allows for developers to connect the software more seamlessly with less restrictions. Private API, on the other hand, is only really available to internal developers, making it less user friendly. They then talk about how Simphony is built on OpenAPI architecture, making it easier for the customer to interact with, getting data and feedback quicker. This makes for a more trusting relationship between partner and client. They make a point that it provides both scalability and security. OpenAPI is flexible and responsive, giving businesses that choose to use a POS system with open API architecture an edge. In restaurants specifically, it allows for the front of the restaurant to connect with the kitchen more easily.

The reason this was important for me to read and write about is that we are spending a lot of time in my CS343 class discussing OpenAPI. It isn’t the easiest thing to grasp, but the more we learn about it, the more interested in it I am. This was especially interesting to me because Oracle is a very big tech company, and I was curious to see how they marketed their product that uses OpenAPI architecture. As we are learning about OpenAPI systems through real-world applications, it is always interesting to see how these things are applied in a real work environment. A POS system is a very appropriate use for OpenAPI. I enjoyed learning about the different types of products that Oracle offers using OpenAPI architecture. It was also cool to see how a company like Oracle uses OpenAPI and encourages their customers to use their products with it as well. It is reassuring to see how wide-spread the use of OpenAPI is. This encourages me to learn more about it in the future, and to make sure I am well versed in this subject matter.

https://www.oracle.com/apac/food-beverage/restaurant-pos-systems/simphony-pos/why-choose-cloud-pos-system-open-api/

From the blog CS@Worcester – Auger CS by Joseph Auger and used with permission of the author. All other rights reserved by the author.

Pros and Cons of Java

I found an article that discusses the pros and cons of Java in 2025. This caught my attention because Java is the language I have used in most of my classes. Object-oriented programming is also what we are discussing in CS-343. Java seems to be pretty versatile, and is fairly straight forward. I was interested to see in more depth what it has to offer and what it might not be so good with.

The article begins with an overview of Java as a whole. It discusses Java’s wide usage for a variety of different projects and its user friendly features that make it so widely liked. It quickly goes into the benefits of using Java. The author lists four main pros for the language: a straightforward learning process, object-oriented programming, heightened security, and platform independence. It is also mentioned how its simplicity makes it perfect for both beginners and more experienced programmers. For each main pro, the article goes into deeper detail to explain further what these benefits really mean for Java. Some interesting points in these explanations were the security features and the use of JVM (Java Virtual Machine). However, there are also the cons that come with it. The main cons listed here were performance constraints, licensing expenses, and GUI development complications. Similarly to the pros, these cons are then explained in more depth. The article’s last main section gives examples of ideal use cases for Java and some that are not so ideal. Web applications, mobile app, cloud computing and big data projects were listed as ideal use cases, where complex desktop GUI’s and alternative languages being more fitting for certain tasks were listed as times you may not want to use Java.

I found this article to be fairly interesting. Java is a language that I already knew a decent amount about, but it was interesting to learn more about it. As we learn more about Java and object-oriented programming, it is nice to know the benefits and what its strengths are. I also found it interesting that big data projects were listed as something Java works well with. Typically, R and Python are the languages most associated with data, but tools like Hadoop make it fitting for processing large amounts of data which may not be obvious to someone new to the language. Overall, it seems like Java has many benefits, and the cons seem to be minimal. I look forward to learning more about Java as I continue to use it!

https://www.netguru.com/blog/java-pros-and-cons

From the blog CS@Worcester – Auger CS by Joseph Auger and used with permission of the author. All other rights reserved by the author.

CS343 Intro

Hello!, My name is Joseph Auger, and I will be taking CS 343 at Worcester State this semester.

From the blog CS@Worcester – Auger CS by Joseph Auger and used with permission of the author. All other rights reserved by the author.

GitHub adds Copilot

Just this week, GitHub announced that they will be offering a free version of Microsoft’s Copilot. I came across an article that discusses this breakthrough. In this article, GitHub CEO Thomas Dohmke gives his direct input on the situation. He has always believed in offering free resources for developers and believed that Copilot should also be an available resource. He later goes on to explain that this is because He believes that people all across the world should have access to the same tools that allow them to become developers, as the $10 a month that you would have to pay for Copilot normally is relatively more expensive in other regions. While this is great news for developers around the world, it will be a fairly limited version of Copilot. In this free version, developers will be allowed 2,000 code completion suggestions per month. This includes suggestions that are not accepted by the user.

I found this article particularly interesting because we have been using GitHub and its many features in my CS 348 class this semester. We’ve mostly been using GitHub for creating repositories and creating pull requests for larger repos. It is incredibly convenient and makes version control much easier. However, this new feature adds a lot to the software. Not only can you store your work in a repo and add work to other repos, but you can also get AI assistance for what you are working on.

I believe this is an important breakthrough for developers globally. Dohmke’s idea of creating equal opportunity for developers worldwide is amazing to me. Not only is the future in technology, but we currently live in a world where technology is everything. There are great minds all over that may have never gotten the right opportunity. Perhaps this addition can help someone create a life changing software. Outside of speculation, though, this will help thousands of developers, as GitHub now has over 350 million users. While it is a limited version of the product, it is a big step taken by GitHub. It is nice to know that I am getting into a field that people are willing to offer help and services for the betterment of the industry. As someone who is still young and learning new things daily, I hope to be able to take advantage of this. I believe it will help me, along with many others, to write good code while still learning.

URL: https://techcrunch.com/2024/12/18/github-launches-a-free-version-of-its-copilot/

From the blog CS@Worcester – Auger CS by Joseph Auger and used with permission of the author. All other rights reserved by the author.

Docker Servers Under Attack

This week, I came across an article discussing how attackers were targeting Docker remote API servers recently. Docker is something we have discussed in my CS 348 class, so this was immediately intriguing. I know that Docker is used on many projects so that teams can all work with the same software. Obviously, attacks on these servers is something of great concern. The article begins by stating the issue and giving an example of a recent attack. It quickly jumps into explaining the process of how these attackers are pulling this off. The attack starts with a ping to the remote API server. Once they are able to get the information from the server, they create a container with the same name and allow themselves access to privileged mode. From there, the attackers have the reigns to complete the attack. The article then goes on to show how exactly the attackers do it with shell scripts and examples. It concludes with a list of recommendations on how to prevent these attacks for your own Docker remote API servers.

I found this article quite interesting for a couple of reasons. First being that, as I am still new to Docker and its features, I was unaware that it was susceptible to attacks such as this. Now, I am aware that it is not a normal occurrence, it was still surprising to me. However, I am now aware that whoever is running the server must make sure to configure the settings properly and pay attention to the server. Another reason I found this interesting is that I also have an interest in cybersecurity and networking. Not only was I able to learn more about what we had talked about in class, but also what I am learning outside of class.

There was a good amount of knowledge to take away from this article. I learned that even in software created by and for computer scientists, you can’t trust it blindly. This is not to knock Docker, but more of a reminder to myself, as it is something I am responsible for, not the software. It also shows how much more there is to being a computer scientist than just writing code, and if that is the only responsibility you prioritize, it will prove to be problematic for you and those you are working with. It was also pretty cool for me to see the actual scripting used for these attacks as I am learning more about cybersecurity.

URL: https://www.trendmicro.com/en_us/research/24/j/attackers-target-exposed-docker-remote-api-servers-with-perfctl-.html

From the blog CS@Worcester – Auger CS by Joseph Auger and used with permission of the author. All other rights reserved by the author.

Microsoft’s Git Problem

This week, I came across an article that talks about Microsoft encountering an issue with Git and version control. Microsoft software engineers use Git as their version control system, and they recently discovered a problem with the amount of memory being used in their repository. Their first commit was only 2 GB, then grew to 4. However, it soon was taking up 178 GB of memory. Obviously, this is a bit of an issue. It would be very difficult for a team to make commits with that much storage space in that amount of time. But how does this happen? Well, the article states that the issue stems from name-hash collisions. Basically, Git was finding a bunch of differences with each commit despite there not being many at all. Obviously, this is a huge issue, so steps are already being made to resolve it.

This is an issue that was particularly interesting to me because we are currently learning about Git and how to properly use it in my CS 348 class. Git is an incredibly useful and necessary tool in the computer science world. To see an issue this scale at a company this important grabbed my attention immediately. I was also curious to see how Git was used on large projects at a company like Microsoft.

Seeing that problems like this can occur was for sure interesting. However, what was more interesting to me was that by the time anyone could report on this, changes were already being made. The article does state that this issue would not affect smaller repos, which would be what I am dealing with at the moment. However, it is fascinating to see how on top of everything these developers are in order to assure a smooth running product. It makes me feel better knowing that these issues will be resolved by the time I could ever encounter them. It also motivates me knowing that some day, I will have to be this vigilant in my work to truly be successful. Also, the fact that over 90% of developers use Git for version control was intriguing. I knew it was popular, but I also was aware of other version control systems. This just goes to show how reliable Git is, despite some occasional issues such as this one. I am glad to be learning how to use this system, and I am excited to learn more about it going forward.

https://www.techzine.eu/news/devops/125694/flaw-in-git-bloated-microsoft-repository-by-a-factor-of-35/

From the blog CS@Worcester – Auger CS by Joseph Auger and used with permission of the author. All other rights reserved by the author.

Is Agile Still Effective?

I came across an article titled “‘It’s time to question agile’s cult following’: Doubts cast on method’s future, with 65% of projects more likely to fail” that discusses the effectiveness of agile. Agile is a popular software development methodology, but this article suggests that it may be time to try other methods. It talks about how projects using agile are more often unsuccessful. For example, it states that research shows “agile software projects are 268% more likely to go wrong than those employing other methods.” It also cites other research that suggests projects using agile fail more often, decrease productivity, and adds unneeded stress to those working on the project. On top of that, the article suggests agile is inefficient. According to more cited research, major companies are starting to get rid of the use of agile in their software development.

This article is incredibly relevant to the subjects discussed in my Software Process Management class this past week. We went over software development methodologies, specifically agile. I wanted to read up on something relevant and educating. When I had come across this article, it caught my eye. when we had discussed agile in class, it had seem like the best option of the methods presented. However, this article suggested that, perhaps, agile isn’t the best method out there. In fact, it suggested that it shouldn’t be used. I was intrigued as to why it would be considered ineffective.

This article opened a door of questions about agile and software development methodologies. However, I did not feel as if they were all answered. I was shocked to see the amount of research and data that suggests agile is ineffective. I only recently learned about agile, and it seemed as though it would create a well-designed product through constant communication and reflection on the project. While reading the article, I became curious what other methods would be better to use than agile, but the article did not answer that question. I believe if you are going to critique something, you should offer a solution as well. One thing I personally liked about the article was all of the research data cited. I am a big numbers guy, so being able to see numbers to communicate the purpose of the content was nice to see. I am curious to learn more about other methodologies. I think this article was a good mind opener for me, and it reminded me that everything has room for improvement.

Article URL: https://www.itpro.com/software/development/its-time-to-question-agiles-cult-following-experts-cast-doubt-on-methods-future-with-65-of-projects-more-likely-to-fail

From the blog CS@Worcester – Auger CS by Joseph Auger and used with permission of the author. All other rights reserved by the author.

First Blog Post

My name is Joseph Auger. This is my first blog post for CS 348.

From the blog CS@Worcester – Auger CS by Joseph Auger and used with permission of the author. All other rights reserved by the author.