AWS Elastic Kubernetes Service (EKS) Review "If you are considering going with EKS, understand you are going to need to spend a lot of time reading before you touch anything. You need to make hard-to-undo architectural decisions early in the setup process." tl;dr; "If I were a very small company new to AWS I wouldn't touch this with a ten foot pole."
Component Driven User Interfaces "The development and design practice of building user interfaces with modular components. UIs are built from the “bottom up” starting with basic components then progressively combined to assemble screens."
Careen ladders For a quick look what the career ladder could look like it's worth to check Rent the Runway (spreadsheet) which takes a fun D&D inspired Dex/Str/Wis/Cha stats based evaluation, corresponding to technical skill, productivity, impact, and communication/leadership. Management track is also included, with more focus on architecture, hiring, organizational skills, and leadership/salesmanship.
Microsoft Azure cloud computing service has grown steadily to challenge Amazon Web Services and Google Cloud Platform but until now I hadn't had a change to try it and see how it compares to other platforms I've used. So when I came across the Microsoft Ignite: Cloud Skills Challenge November 2021 I was sold and took the opportunity to go through one of the available challenges: Azure Developer Challenge. Here are my short notes about learning minor part of Azure.
The Azure Developer Challenge was for developers interested in designing, building, testing, and maintaining cloud applications and services on Microsoft Azure. Each challenge was based on a collection of Microsoft Learn modules. If you completed your challenge before it ended, you got one free Microsoft Certification exam like "AZ-204: Developing Solutions for Microsoft Azure".
Microsoft Ignite: Azure Developer Challenge
"This challenge is for developers interested in designing, building, testing, and maintaining cloud applications and services on Microsoft Azure."
The Azure Developer Challenge consisted of following products in Azure:
Azure App Service
Azure Cosmos DB
Azure Blob storage
Virtual machines in Azure
Azure Resource Manager templates
Azure Container Registry
Azure Service Bus
Azure Queue storage
Azure Event Hubs
Learning to use those different products were done by different exercises which showed you how to do things and checked that you had done it correctly. The exercises used Azure portal where the Learn module gave you free learning environment to use. Towards the end I got my free development environment credits used for the day and had to skip some of the practicalities.
After going through the introduction to different parts of Azure the Learn module practically teached you to use Azure Functions. And not much more. With Azure Functions the exercises teached to create serverless logic, execute functions with triggers, chain functions and have durable functions. You also learned to develop functions on your local machine. Azure Functions were used i.a. with Cosmos DB, webhooks and for creating an (serverless) API. The last module was about building serverless apps with Go.
In overall the learning experience was nice and the practical exercises forced you to click through the Azure Portal and get the hang of how things work. I was in a bit of a hurry to go through all of the 33 modules which was calculated to take around 21 hours. I think it took me about 10-12 hours.
Now the last step is to actually take the Certification exam. Also as the learning modules for different topics are still available I will maybe go through some more. At least the "Azure Admin Challenge" looked interesting for my purposes.
React Aria: A headless UI component library A library of React Hooks that provides accessible UI primitives for your design system. "You structure your DOM and css however you want, and react-aria provides hooks that return props to spread onto your elements to make them come alive."
No, we don’t use Kubernetes Ably runs a large scale production infrastructure with Docker but uses "just" AWS EC2 instances and writes about should they use Kubernetes as their primary deployment platform at some point.
The Insane Innovation of TI Calculator Hobbyists "In the mid-to-late 2000s there was in fact a thriving scene of hackers who had bent graphic calculators to their will, writing games, math software, and more generally hacking on the platform just for the sake of it."
Give me /events, not webhooks "This post clearly explains the benefits of using an /events endpoint + long polling. Simpler and more reliable than webhooks. On the web we don't have much of a choice, most platforms support webhooks and few support event streams. For internal applications don't go with webhooks as the first choice just because they're prevalent on the web." (from Weekend reading)
Docker is Updating and Extending Product Subscriptions "Docker Subscription Service Agreement includes a change to the terms for Docker Desktop: Docker Desktop remains free for small businesses (fewer than 250 employees AND less than $10 million in annual revenue), personal use, education, and non-commercial open source projects. It requires a paid subscription (Pro, Team or Business), starting at $5 per user per month, for professional use in larger businesses."
Automating App Store Screenshots "Whenever I mention using fastlane's snapshot tool for App Store screenshots, I justify it by saying it'll save you time if you have "ten screenshots for every device type in different localisations". In reality, even if you have just two screenshots in one language for your app, you'll still save so much time by doing this. Let Daisy Ramos show you how to make the best of this fantastic tool." (from iOS Dev Weekly)
Software development contains many aspects which the developer has to take care and think about. One of them is information security and secure code which affects the product and its users. There are different ways to learn information security and how to create secure and quality code and this time I'll shortly go through what Secure Code Warrior Secure Code Bootcamp has to offer.
Secure Code Warrior provides a learning platform for developers to increase their software security skills and guide each coder along their own preferred learning pathway. They have products, solutions and resources to help organization's development teams to ship quality code and also provide a free mobile app for early-career coder: Secure Code Bootcamp.
Application presents common vulnerabilities from the OWASP Top 10 and you get badges as you progress through each new challenge, unlocking new missions as your progress. It teaches you to identify vulnerable code with first short introductions and explanations for each vulnerability of how they happen and where. Each topic is presented as a mission with briefing and code inspection tasks.
The Secure Code Bootcamp covers 8 of the Top 10 list as the last two are more or less difficult to present in this gamified context, I think.
Mission briefing contains couple of minute theory lesson of the given vulnerability and teaches you what, where and how to prevent it.
After briefing you're challenged with code examples in the language you've chosen (Node.JS, Python:Django, Java:Spring, C# .NET: MVC). You practically swipe your way through code reviews by accepting or rejecting them. Reading code on mobile device screen isn't optimal but suffices for the given task. Works better for Node.js than for Java Spring.
Code inspection isn't always as easy as you would think even if you know what to look for. After succesfully inspected couple of codes you're awarded with a badge. The briefing tells you what to look for in the code but sometimes it's a guess what is asked for. The code inspection requires sometimes knowledge of the used framework and inspection is done without context for the usage. Almost every inspection I got 1 wrong which gave me 75% accuracy.
The approach to teaching security topics this way works ok if you're code oriented. You'll learn the OWASP Top 10 in practice by short theory lessons with pointers to how to prevent them and test your code inspection skills for noticing vulnerable aspects of code fragments. Having swiped through the bootcamp the code inspection parts were not always so useful.
The marketing text says "progress along multiple missions and build secure coding skills." and "Graduate with fundamental secure coding skills for your next step as a coder." and that is in my opionion a bit much to say. The bootcamp teaches the basic concepts of vulnerabilities and how they look on code but doesn't teach you to code securily.
In overall the Secure Code Bootcamp for OWASP Top 10 vulnerabilities is a good start for learning what, where, how and why vulnerabilities exists and learn to identify them. You can do the bootcamp with different languages available so replayability value is good.