Notes from OWASP Helsinki chapter meeting #31

What is DevSec, how to use Docker securely, why developers leak credentials? All those questions were answered at OWASP Helsinki chapter meeting #31 which was held 13.6.2017 at Solita premises. Here’s my short notes from the event. I’ll add links to presentations when they’re available.

DevSec – Developers are the key to security

DevSec is a emerging trend to move developers closer to security experts, akin to DevOps. Antti Virtanen from Solita talked about DevSec and how they do it (slides, pdf). As talk’s title tells us developers are the key but often buying one cybersolution is easier (giving out money) than peoples’ time. But if we look at the return of investment, passive defense is more effective.

Value for life?
Challenges in DevSec
Issues with DevSec
Recipe works!

Docker Security

Docker is currently experiencing very high adoption rate and people are deploying on Docker without considering the security landscape. Mika Vatanen from Digia told us about Docker Security (slides, pdf), possible attack vectors, how Docker handles security and what recommendations we should use when using it.

Possible attack vectors
How Docker handle security

Docker image tech recommendations
Docker image: tech recommendations
Docker image: policy recommandations
Docker runtime
Host and engine recommendations
AppArmor and seccomp
Seccomp
Seccomp

Leaking credentials – a security malpractice more common than expected

Bogdan Mihaila from Synopsys talked about Protecode and research of leaked credentials (slides, pdf).

Why credentials are leaked
Keys that got public
Mitigation
Conclusion: raise awareness

Upcoming: DevSecOps “mini-hackathon”

Last topic was introduction to upcoming “mini-hackathon” by Pekka Sillanpää from OWASP Helsinki. They are planning a hands-on event in August for familiarizing and investigating some nice open source tools, including: OWASP Dependency-Check, ZAP Proxy, OWASP DefectDojo, DevSec hardening framework and Clair. See more info from OWASP Helsinki page.

Monthly Notes 19

Summer is finally coming to Finland and it’s nice to spend more time biking in the forests than sitting in the office or reading news but nevertheless here’s this months notes. This time it’s about videos of Chome DevTools, something about Microservices and security and how switching to HTTPS isn’t so easy.

Issue 19, 29.5.2017

Tools of the trade

Chrome DevTools: State of the Union 2017
Filmed at Google I/O, Paul Irish runs through new Chrome DevTools features in 41 minutes. (from FrontEnd Focus #291)

Rethinking Microservices with Stateful Streams
Microservices are one of those polarising concepts that technologists either love or hate. Splitting applications into autonomous units clearly has advantages, but larger service-based systems tend to struggle as the interactions between the services grow. (from Microservice Weekly)

An Essential Guide to the Serverless Ecosystem
A roundup of the key serverless computing platforms, tools and frameworks available. (from DevOps Weekly #117)

Web Developer Security Checklist
Michael O’Brien shares a security checklist for web developers so that you don’t forget anything crucial in your next projects. (from WDRL #183)

Why OWASP Top 10 is no longer relevant
Good points why of OWASP Top 10 only 4 are nowadays somewhat relevant. Explains and points to new attack vectors.

War stories

HTTPS on Stack Overflow: The End of a Long Road
It’s taken years for all of Stack Overflow and its related sites to go full-HTTPS. This post goes into extreme depth on the challenges faced and problems solved along the way. (from DevOps Weekly #117)

Container isolation gone wrong
Thorough story of Microservices isolation and troubleshoot in kernel level. tl;dl; gather metrics and monitor, don’t trust kernel.

Something different

Norppalive
WWF brings you a live cam starring a freshwater seal that lives in Lake Saimaa, Finland. The Saimaa ringed seal, saimaannorppa in Finnish, is one of the rarest seals in the world.

Monthly notes 18

Summer is finally approaching although the weather is still chilly here in Finland especially if you’ve spent your winter holiday in lovely Italy. Have to say that for mountain bikers Finale Ligure is a nice destination to start your season after long winter. April has also been quite busy with upcoming project deadline but here’s some monthly notes to keep you learning.

Monthly notes, issue 25.4.2017

iOS Development

Developers can finally respond to App Store reviews
Tooks some time to Apple to get this feature to App Store. Developers can now respond to reviews and this article includes just about everything you need to know. (from iOS Dev Weekly 294)

The Details That Matter
Small design changes can make a huge difference in apps’ UX. Nick Babich does a really nice job making design more approachable and explaining the merits of his suggestions. (from iOS Dev Weekly 294)

Save Yourself Some Xcode Time By Mastering These Tips
Every developer has to look for shortcuts. Shortcuts leave you more time to develop, rather than taking the long route (such as the mouse!) for many Xcode tasks. Seasoned Xcoders will know most of these tips, but I bet even they will have forgotten one or two. Learn these now and save yourself more time than you could imagine over your career. (from Indie iOS Focus Weekly 117)

Software development is hard

Tout est Terrible
Loose transcription of a talk Fred Hébert gave at the Web a Quebec conference. Everything is terrible, a spooky scary story of how we can have a simple application that looks reasonable and show a bunch of issues and potential bugs that can hide in it and surprise us in nasty ways. And that it’s hard to really feel safe about any code out there.

Competitive Programmer’s Handbook
Good resource for brushing up programming skills and theory knowledge. Books purpose is to give the reader a thorough introduction to competitive programming. It’s especially intended for students who want to learn algorithms and possibly participate in the International Olympiad in Informatics (IOI) or in the International Collegiate Programming Contest (ICPC).

Frontend development

JavaScript Patterns for 2017 [Video]
A 50 minute roundup of common, JavaScript-specific techniques like using modules, webpack, ES6 syntax, classes, async/await and more. (from JavaScript Weekly 331)

Facebook scraps React as we know it, welcomes successor React Fiber
React.js is dead. Long live React Fiber. Completely rewritten, backward compatible with minor breaking changes.

Why It’s So Important To Focus On The Bottom Nav Bar
Making our app easy to use can be anything but easy. One way to make it easier on yourself is by focusing as much navigation as you can on the bottom half of the screen. This post shows just how important it is along with some great tips and visual examples. (from Indie iOS Focus Weekly 117)

Tools

Webhook
Webhook is a lightweight configurable tool written in Go, that allows you to easily create HTTP endpoints (hooks) on your server, which you can use to execute configured commands. Hacker News comments. (from Hacker Newsletter 348)

Tips for monitoring Redis
Ways to get more info from Redis, such as on latency and slow commands. (from DB Weekly 151)

Simple Icons
Dan Leech built a great set of very simple SVG icons of popular brands. It’s available under a Creative Commons Zero license. (from WDRL 179)

How to install and use Headless Chrome on OSX
Google Chrome can now be run in headless mode, replacing PhantomJS or SlimerJS. Jim Cummins explains how to set it up on Mac OS. For Windows and Linux it should be similar using bash and a few adaptions to the local commands. (from WDRL 179)

Something different

4 Late-Night Protein Treats To Pair With Milk
I don’t know why these are called late-night treats but they look delicious. And done with protein powder and more “healthy” choices than normally.

Spruijt’s Ultimate Dilberts IT Collection
Who doesn’t like the entertaining, funny and always accurate Dilbert cartoons? This Ultimate Dilberts collection curates a selection of strips to watch for fun on a Friday afternoon or use occasionally in meetings and presentation.

Monthly Notes 17

Successful Software development is about good practices, agile methods and also ethics, interpersonal and leadership skills as the Fowler’s story from Über shows us. You can’t achieve great things without well working team, also on personal level. And what comes to actual development it’s good to remember that you shouldn’t over-engineer. On the other news, Spring is finally coming to Finland and the cycling season has started.

Montly notes, issue 29.3.2017

Software development

10 Modern software engineering mistakes
“Many articles say don’t over-engineer but don’t say why or how. Here are 10 clear examples.”. tl;dr; Prefer isolating actions than combining., Duplication is better than the wrong abstraction. Always take a step back and look at the macro picture. Reuse. Fork. Contribute. Reconsider. Refactoring is part of each and every story. No code is untouchable.

Why Software Development Time Estimation Doesn’t Work and Alternative Approaches
Alex Castrounis shares why estimating software development tasks by time and time tracking don’t work and how you can still get pretty accurate estimations to calculate the progress and a deadline for a project.

Lean Inception
How to work out what should be in MVP and start Agile project as quickly as possible?

Reflecting On One Very, Very Strange Year At Uber
Depressing story of Uber’s toxic organization culture and how not to handle issues. Also corporation process of reviews/transfers is awful.

Software Developer Interview: Your part.
If you’re looking for new challenges in software development career and go to a job interview you should carefully and thoroughly find out if the company is the right for you. Good list of interesting and important questions will help you on your way.

What .NET Developers ought to know to start in 2017
Have to remember to read this when I start using dotNet.

Front-end has always new frameworks

Vue.js 2.0 has gained popularity among React and Angular and it looks good alternative for front-end development. Vue.js in less than 30 minutes for beginners and Vue.js 2.0 In 60 Minutes will show you what’s it about and get you started.

Tools

GraphQL Part 1 and Part 2
Loren Sands-Ramshaw wrote a two-step guide on GraphQL, a relatively new query language that has better performance and is easier to handle as REST. (from Web Development reading list 175

EICAR Standard Anti-Virus Test File
You can use EICAR standard anti-virus test file for testing what happens when virus is found. It’s just text.

Pipeline as code with a Spring Boot application
I just recently clicked through Jenkins UI to setup pipelines. Boring. Next time I’ll try to define it with ‘pipeline as code’ concept.

User interface

Toggle button
Sometimes a user interface requires a clear “On”/”Off” switch. It’s usually a great idea when you want to show optional settings but indicate more as a checkbox does by default and in a simpler way as two radio options could provide it. Heydon Pickering now shares the technical approach to building semantic, accessible and easy-to-use toggle buttons. (from Web Development reading list 175

Something different

How to ride long Poles. The bike.
Good tips of how to ride mountain bike. Stand tall and keep your head up; Turn your body towards the direction you want your bike to go; Counter steer before the corner; Push the bike with your legs in turns; Bend knees.

Nebula Tech Thursday – Beer & DevOps 2.3.2017

Agile software development to the cloud can be nowadays seen more as a rule than exception and that’s also what this year’s first Nebula Tech Thursday’s topics were about. The event was held 2.3.2017 at Woolshed Bar & Kitchen alongside good food and beer.

The event consisted of talks about “Building a Full Devops Pipeline with Open Source Tools” by Oleg Mironov from Eficode and “Cloud Analytics – Providing Insight on Application Health and Performance” by Markus Vuorinen & Jarkko Stråhle from Nebula. The presentations were a bit high level and directed more to the business level people than developers but there was some new information how different tools were used in practice.

Overall it was nice event to hear how things can be done and to talk with people. Here’s my short notes from the event.

Nebula Tech Day

Cloud Analytics – Providing Insight on Application Health and Performance

Markus Vuorinen & Jarkko Stråhle from Nebula talked about how to gather data to Elasticsearch, make it accessible and visualize it with Kibana and make actions based on that. The ELK-stack (Elasticsearch – Logstash – Kibana) is commonly used and the presentation showed nicely how to utilize it with cloud.

Technical setup
Technical setup
Data flow to Elastic
Data flow to Elastic
To visualization and alerts
To visualization and alerts
Kibana main view
Kibana main view
Kibana and response times
Kibana and response times

Building a Full Devops Pipeline with Open Source Tools

Oleg Mironov from Eficode showed the building blocks of how to build a Devops pipeline with Open Source Tools and demoed it. Nothing really special if you don’t count Rancher and Cattle. Just put your code to Git, use Ansible, run Jenkins jobs, build docker images, use RobotFramework for testing, push artifacts to Artifactory and deploy with Rancher.

Rancher overview
Rancher overview
DevOps Pipeline
DevOps Pipeline

Monthly notes 16

February in monthly notes looks into what you should think about when using Facebook, suggests you to read “Nineteen Eighty-Four (1984)” by George Orwell and tells you 13 things you should give up if you want to be successful. Also it’s worth checking out Vue.js, use Git standup for daily Scrums and enhance your application accessibility.

Issue 16, 13.2.2017

JavaScript

Introduction to Vue.js
Vue.js is gaining traction more and more each week. If you need an introduction this post by Sarah Dranser is tops. (css-tricks.com) (from https://web-design-weekly.com/)

A Guide to Webpack 2 and Module Bundling
This article is aimed at those who are new to webpack and will cover initial setup and configuration, modules, loaders, plugins, code splitting and hot module replacement. (from Web Design Weekly)

Tools

Git standup
What did I code yesterday? git standup looks crafty tool to remember what you’ve done and works with multiple repos.

Using tmux properly
You may know terminal multiplexers like Screen which was released 1987 but there’s also newer options like tmux (2007). It’s similar to Screen, but has some additional features and is easier to configure. The article tells you how to use tmux properly.

Introducing Docker Secrets Management
The latest Docker release offers a great solution to store your secrets securely in containers. The Docker Secrets Management is a solid approach to do so. (from WDRL #169)

Software development

Five Keys to Boost your Speed and Quality in Software Teams
“Software quality and the speed of the team is a commitment issue”. Focus, communication, conventions, confidence, isolation. Well said.

The Outrageous Cost of Skipping TDD & Code Reviews
Writing tests is one of the crucial parts of software development and the benefits of Test Driven Development has proven itself to be very useful to increase the quality of software. The article shows some numbers why you should do TDD and shares advice about how to implement a more productive quality process.

ARIA Examples
Some practical ARIA examples to enhance your application accessibility. And accessibility isn’t as easy as you thought like Soueidan explains with Accessible tooltips https://sarasoueidan.com/blog/accessible-tooltips/

GitLab’s postmortem of database outage of January 31
On January 31st 2017 GitLab experienced a major service outage for their online service GitLab.com. The outage was caused by an accidental removal of data from our primary database server. They also lost some production data that they were eventually unable to recover. The postmortem of the issue is good to read. GitLab also had live Google Doc while resolving the issue. Hacker News comments also has some good points.

Security

What should you think about when using Facebook?
Facebook collects data about you in hundreds of ways, across numerous channels. It’s very hard to opt out, but reading this article by Vicki Boykis on what they collect, you’ll learn to better understand the risks of the platform so you can choose to be more restrictive with your Facebook usage. (from WDRL #169)

Something different

13 Things You Should Give Up If You Want To Be Successful
Intuitively obvious things but harder to follow.

Sketchcase
Whiteboard Sticker simply turns any laptop lid into a portable whiteboard.

George Orwell: 1984, pdf and audio
If you haven’t read “Nineteen Eighty-Four (1984)” by George Orwell yet, here’s your chance: The entire book is available for free as PDF and Audio versions. I personally recommend it to everyone who is only slightly interested in just one of these topics: social change, politics, technology. (from WDRL #169)

Monthly notes 15

This time in monthly notes we cover design trends for interfaces, Apple steps up to iOS user interface templates game, learn Flexbox and Redux, something about microservices with Docker and see what GitHub has learned about CSP.

Issue 15, 28.1.2017

User Interfaces

Review of Popular Design Trends for Interfaces in 2016
What should apps look like in 2017? Let’s start with looking at what happened in 2016 with Marina Yalanska. (from iOS Dev Weekly Issue 284)

Apple iOS UI templates
Apple joined the party of iOS UI templates with their own comprehensive set. Would be nice if they would expand this to tvOS, watchOS and macOS. (from iOS Dev Weekly Issue 284)

Crash Course: UI Design
A pretty epic article by Jeff Wang that revisits the design process he took on a recent project from the UI angle. (from Web Design Weekly)

Microservices

Containers and microservices and Node.js! Oh, my!
Learn microservices, Node.js, and containers by example using the provided application. This post walks through an example application that is split out into Node.js microservices running in Docker containers. (from Microservice Weekly 64)

Building Efficient Dockerfiles – Node.js
Old but good to know. Many Dockerfiles are written inefficiently, especially if you’re using npm. You should use caching to improve the performance of your Docker container. tl;dr; add package.json to tmp before running npm install in there. (from WDRL 166)

Making microservices more resilient with circuit breaking
‘Circuit breaking’ is the idea of shutting off traffic to an instance if requests to it fail too frequently. Good article of how linkerd can help you with it. (from Web Operations Weekly 99)

On the front end

Understanding Flexbox: Everything you need to know
A very thorough attempt to cover all the fundamental concepts you need to get comfortable with the CSS Flexbox model. (from Front-end focus 273)

React or Vue: Which Javascript UI Library Should You Be Using?
If you’re not sure which to pick, start here. (from Weekend Reading)

Thinking in Redux (when all you’ve known is MVC)
Good explanation of Redux with React although the article uses it with React Native. Redux is quite simple in concept but you’ve to think differently how things work. Another option to Redux would be to use Mobx.

Accessibility testing with Intern
Covering unit tests and functional tests, The Intern is a nice testing tool for JavaScript. But you can also use it for accessibility testing. (from WDRL 163)

Security

GitHub’s post-CSP journey
Previously Github shared their learnings from using the Content Security Policy at github.com. Now they share more learnings in and the focus lies on i.a. img-src, form nonces, same-site cookies. (from WDRL 166)

Something different

Finnish mountain biking expertise was awarded a couple of Design and Innovation Awards this year: Pole Evolink 140 and Huck Norris. The super long and slack Pole Evolink 140 bike throws up questions about geometry standards. And although not a new innovation with protecting your rims and tyres, the Huck Norris anti-pinch-flat insert is a plastic foam ring effectively protects your rims from dents and reduces the risk of burping. You can ride tubeless with an even lower tire pressure or even a lighter carcass, plus glean more grip.

2016 Retrospective

A year has again come to its end and it’s time to look back what I’ve managed to write about and do some planning for the new year of 2017. In 2016 my writing schedule was as leisurely as usual and I managed to put together of 20 articles which nine of them are about weekly notes. On average I managed to keep my pace of at least one post per month. Yay but it should be better. Things have gone quite well, I’ve learned new things and got things done :)

Keeping up with Weekly/Monthly notes

Last year I started writing Weekly notes series about interesting articles I come across from several software development related newsletters and while reading Twitter, Reddit and Hacker News. I planned to write them weekly but as practice showed it turned out to be monthly.

Learning from others at meetups

One way of learning new things is to hear how others do things and get do ideas how to make things better. I’ve found that attending meetups and conferences are nice way to both freshen your thinking and get to know people working in the same field.

Some of the meetups I went was about container orchestration with CoreOS which provided introduction, nice lessons learned and Kontena, CoreOS war stories.

More interesting meetup in DevOps field was DevOps Finland Meetup goes Mobile where we heard how continuous delivery works for mobile applications at Zalando, learned mobile testing with Appium and what’s Qvik’s efficient mobile development cycle.

Software development as usual

At work I’m developing web applications mainly with React and Java but looking for better tools is always good. Modern Java is nice but using Kotlin is better although I didn’t get the opportunity to push it into production. Kotlin felt nice and somewhat similar to Swift.

Doing microservices has last year gained more momentum and one good way to keep your docker containers small is to build them with Alpine Linux. Using minimal base image for you container is efficient both on size and having smaller footprint thus making the attack surface smaller. Alpine doesn’t use glibc but musl libc which may limit it use cases but e.g. Java and Node.js applications are running fine on top of it.

In software field I deployed Piwik web analytics as we couldn’t use Google Analytics. Piwik seems to be nice and open source alternative for analytics and has this far worked nicely.

HTTPS has become more affordable and even free with Let’s Encrypt SSL certificates. Setting up Lets Encrypt is relatively easy but using them needs also some automation with simple scripts.

One thing I didn’t have time to write was about JavaScript development with React and TypeScript which certainly would be worth writing. Can’t say I like using TypeScript where plain ES6 would work better. Although TypeScript has become better with version 2.

Other things

As much as I love software development I like mountain biking and last year some interesting technology was presented to protect your tires and rims: Huck Norris and Procore. Whereas Huck Norris is lightweight solution to puncture prevention Procore provides better protection and they both have their use cases.

Schwalbe Procore parts

Huck Norris

I’ve used Irssi for communicating with friends in IRC but I also tried to switch to using Weechat. Didn’t quite make the cut and nowadays IRC has almost lost to Telegram and Slack.

New year, interesting things ahead

What the year 2017 brings can’t be predicted but at least my personal goals will be learning React Native and doing some development also for Android. Mountain biking will have a big part in the Summer when the Enduro racing season starts and there’s couple of trips already planned.

So, stay tuned by subscribing to the RSS feed or follow me on Twitter. Check also my other blog in Finnish.

Monthly notes 14

Before opening the Christmas presents it’s time to check what’s in the monthly notes in December. This year there’s not much extra holidays so use them wisely :) Merry Christmas!

Issue 14, 23.12.2016

JavaScript

Angular 2 is terrible
I haven’t used Angular 2 enough to have strong opinions about it but looks like the Internet has. “Shaky Foundation, Not Invented Here, Premature Abstraction, HTML Minus, Unnecessary Verbosity, Poor Performance and Bloat, Putting the Java back in JavaScript, Terrible Documentation.” “Please for goodness sake don’t use Angular. For less than one-tenth of its size, Vue.js delivers a much better development experience.” (from Reddit)

TypeScript: the missing introduction
Introduction to how we can think about TypeScript, and its role in “supercharging” our JavaScript development. (from Hacking UI #155)

Getting Started with Webpack 2 and Migrating to Webpack 2
Keeping your tools up to date is part of development. (from JavaScript Weekly Issue 315)

5 Tips To Improve Your JS with ES6 – Crater Conf Talk
Virtual conference about ES6 features such as Arrow Functions, Object Literal Shorthand, Spread, Destructuring Assignment and Modules which helps you improve your JavaScript and browser code. You’ll see what it takes to run ES6 code today, and the tools you need to support the features you want in browsers that aren’t yet up to date. Slides

Java

Feeding Spring Boot metrics to Elasticsearch
“After low level system data, the next family of metrics you want to start tracking and monitoring are JVM level metrics. Here’s a good way to go it with the ELK stack.” (from Java Web Weekly, Issue 154)

Making Spring Boot application run serverless with AWS
“Very interesting writeup showing how to transition a Boot application to run servlerless on AWS. I definitely need to give that a try to get a better understanding of what it can do.” (from Java Web Weekly, Issue 154)

Building Microservices application on AWS
Good article summarizing the common characteristics of Microservices, the main challenges of building Microservices, and how to leverage AWS to overcome those challenges.

Infrastructure as code: running microservices on AWS using Docker, Terraform, and ECS
Slides of a talk about managing your software and infrastructure-as-code that walks through a real-world example of deploying microservices on AWS using Docker, Terraform, and ECS. (from Microservices Weekly #61)

Security

SQL Injection Cheat Sheet
A detailed resource to find technical information about the many different variants of SQL injection vulnerabilities. A good reference for both seasoned penetration testers and those just getting started in web app security. (from DB Weekly 135)

Tools of the trade

Fabulous macOS Tips & Tricks
Some useful productivity tricks with macOS. Like move a file by pressing Cmd+C and then Cmd+Option+V in the destination directory. (from Weekend Reading)

Something different

99 good news stories that we probably didn’t hear about in 2016
“Don’t let you be fooled by the all negative news and instead embrace the good things that happened as well. Despite some bad news, 2016 was quite a good year. Enjoy its last days.” (from WDRL)

Low-background steel
Did you know that after the first atomic bombs in the 1940s and 1950s the background radiation levels increased across the world and thus modern steel is contaminated with radionuclides because its production used atmospheric air. Low background steel is so called because it does not suffer from such nuclear contamination. This steel is used in devices that require the highest sensitivity for detecting radionuclides.

Monthly notes 13

Looks like it’s again the end of another month and it’s time for weekly notes, now with the title of “Monthly notes” as it suits better for my writing activity :) This time it’s about resources of JavaOne 2016, stories from the field of outsourcing and SSL gone wrong, Type Systems for JavaScript, pushing React.js app to production, learning Docker antipatterns and how to track your time.

Monthly notes, issue 13, 28.11.2016

Java

JavaOne 2016 Observations by Proxy
Good collection of resources if you didn’t attend to JavaOne 2016 but like to stay on top what’s happening in the world of Java.

Securing JAX-RS Endpoints with JWT
JWT is becoming the de facto standard in web security yesterday. And JJWT is certainly a good way to go for an implementation as Baeldung shows. (from
from Java Web Weekly, Issue 146)

Frontend

Flow vs TypeScript: Type Systems for JavaScript
“Flowtype vs. TypeScript Type Systems for JavaScript – from the perspective of a practitioner” is good overview to what and why.

CSS classes don’t work the way you think they work
CSS classes apply in the order in which they are defined, not the order in which they are invoked. This is not intuitive. It hits you when common components have default styling, and you want to override it in a specific instance.

Generating Documentation for TypeScript Projects
“Documentation for JavaScript projects has traditionally been generated via annotations inserted as code comments. While this gets the job done, it seems far from ideal. The post explores how to use TypeScript to generate documentation from source code alone.”

How to push a ReactJS application in production and sleep better – React.js Day 2016
“‘Everything fails all the time’. In this session we are gonna explore testing and monitoring techniques to deliver and maintain a ReactJS + Redux application, and at the same time being able to go back to sleep without the fear that everything is gonna explode during the night.”

Stories from the field

Offshoring roulette
Troy Hunt tells lessons of outsourcing to India, China and the Philippines. “If you’re looking at hourly rate as metric for outsourcing success, you’re doing it very, very wrong!” The essence of software development.

Docker Container Anti Patterns
After reading about Docker in production being a failure, it’s good to revise how it should be used.

Be Afraid Of HTTP Public Key Pinning (HPKP) and
How To Issue A New SSL Certificate With An Old SSL Key
Good lessons learned of Smashing Magazine’s renewing of an expiring SSL certificate and problems with HTTP Public Key Pinning. (from WDRL 156)

Tools of the trade

Netfox
Netfox exposes details of all network requests so you can investigate problems without additional configuration. Somewhat similar but simpler than Charles for debugging network requests (from iOS Dev Weekly Issue 226)

Tracking your time with Toggl
I finally started using Toggl, to track my time at work. Best decision ever. If I just remember to track and switch tasks :)

Git: diffing binary files
Git ProTip: Adjust your .gitattributes to make `git diff` more useful for images and other binary formats! (from @DasSurma)

Learning

Google Interview University
A complete daily plan for studying to become a Google software engineer. (from @Autiomaa)

Something different

My strategy for increased privacy
You pay for many services with your data and although you would pay with money instead, you can’t. Honkonen wants to introduce a third option. To keep privacy, but to use the awesome services available, so he’s devised a strategy for increased privacy. Something to think about.

The Unsatisfying Challenge
“Everyday life can be annoying, but now you can share your pain in this challenge”