nginx as ingress for Docker composeg  

By Stephan Wissel | 11/16/23 1:57 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

nginx as ingress for Docker compose - In June I wrote about how to use Docker & nginx to deliver statically rendered brotli files for your web (frontend) application. It improves delivery quite a bid, but left me wonder: isn't there too much static WebServer involved? Double hop to deliver static files.

Deploy private npm packages into private containers using github actions  

By Stephan Wissel | 7/17/23 2:33 AM | Development - Notes / Domino | Added by Roberto Boccadoro

GitHub Actions are rapidly becoming my favorite CI environment. Their marketplace has an action for everything. Sometimes it takes a little trial and error before things work smoothly. This is one of that stories. Authentication is everything Imagine the following scenario: you have developed a set of private TypeScript (or JavaScript) packages and have successfully deployed them to the private GitHub npm registry under the name @myfamousorg/coolpackage - where myfamousorg must match the repository owner (org or individual). Now you want to use them in your application. That application shall be packed in a Container and made available in GitHub's private registry. All that automated using GitHub Actions.

TOTP and vert.x  

By Stephan Wissel | 2/7/23 9:13 AM | Development - Notes / Domino | Added by Roberto Boccadoro

TOTP and vert.x - Time-based one-time passwords (TOTP) are a common security feature in Identity Providers (IdP). There are use cases beyond IdP, mine was 'Understanding what it takes'). TOTP interaction You have two phases: enrollment and use. During enrollment a secret is generated and (typically) presented as QR Code. A user points one of the many Authenticator apps to it and gets a numeric code that changes once a minute. When you use it, you pick the current number and paste it into the provided field. The backend validates the correctness with some time leeway. What it is not Typically when enrolling you also get recovery codes, sometimes called scratch codes. They are NOT part of TOTP and implementation is site specific and not standardized. An implementer might choose to check your recovery codes when your TOTP fails or provide a separate interaction using those. The initial confirmation, is actually the first instance of "use" and one could have a successful enrollment without it. This is depending on the implementation. It isn't foolproof. An attacker could trick you into typing your TOTP code into a spoofed form or just hijack your session (cookie). That's why responsible web apps run a tight security with CSP and TLS (and once browser support is better Permission Policy)

Please wait until that HTTP service is ready  

By Stephan Wissel | 1/3/23 10:17 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Our brave new world of containers and microservices runs on a combination of YAML and shell scripts. Getting them to run in the desired sequence can be a challenge. When ready isn't ready All container environments have a 'depends' clause, so the container runtime can determine the correct startup startup sequence for the zoo of containers comprising the application to be launched. Each container will usually signal when it is ready. However ready can mean different things to different applications. In the container world it should be: the service is available. However it could be: service was successfully started, but might be busy with house keeping. In the later case the start scripts of the dependent services need to do their own waiting

Test-Driven Development Is a Paradox  

By Stephan Wissel | 10/21/22 7:37 AM | Development - Notes / Domino | Added by Roberto Boccadoro

TDD is favored by very succesfull engineers as a means of accellerating software development by preserving quality. Objections are plenty. The talk by Burt Hufnagel tries to address those. The TDD Paradox: TDD requires you to write more code, so you can be done sooner. It's like learning to drive a car. Your first mile takes, give or take, 40-50h to complete: Driving lessons, driving tests, get the license issued before you drive. You can walk a lot more in 50 hours, you get the drift...

Case insensitive deserialization  

By Stephan Wissel | 6/8/22 3:58 AM | Development - Notes / Domino | Added by Roberto Boccadoro

Case insensitive deserialization - Growing up in Windows with BASIC you learn case doesn't matter, so Color is the same as COLOR or cOLOR when it comes to variable names. Same applies to @Formula or item names in Notes documents. On the other side, Linux, Java, JavaScript and JSON are very much case sensitive. This poses a challenge when deserializing (handcrafted) JSON files.

The Quest for a software documentation system  

By Stephan Wissel | 3/10/22 1:54 AM | Development - Notes / Domino | Added by Roberto Boccadoro

The Quest for a software documentation system - Software documentation is a thankless business and never complete. Picking the right system can make or break your documentation success Contenders We have a number of options commonly used, each with strengh and weaknesses.

Factory based dependency injection  

By Stephan Wissel | 12/10/21 1:39 AM | Development - Notes / Domino | Added by Roberto Boccadoro

No man is an island and no code you write lives without dependencies (even your low-level assembly code depends on the processor's microcode). Testing (with) dependencies can be [insert expletive] The general approach to make dependent code testable is Dependency injection. Instead of calling out and create an instance of the dependency, the dependency is hand over as parameter. This could be in a constructor, a property setter or as method parameter.