slash dev slash null

stuff about puters

Agile and domain driven design (part 3): Microservices

In the last post we imaged we are a programmer on an agile digital service team who had gotten as far as writing some DDD code. It is a rich OO domain model that knows how to obey the business rules (aka enforce the invariants of the contract aggregate). The next question is where should this code run? What provides the surrounding workflow? Which screens, running where, drive this “thing”? Talking it through with the other developers in the team you decided to build and deploy a contracts microserviceRead the rest of this entry »

Agile and domain driven design (part 2): Event Storming

The last post set the scene for how an agile digital services team gets to the point where it is ready to cut some DDD code. Imagine that you just joined the team as a programmer as the programme is ramping up its private beta build out. To align ourselves to the demo code of the last blog series you are need to build out some stories about how customers and your internal users create and agree a contract to deliver products. You are an agile analyst programmer who wants to build a ubiquitous language with the users of the system. So you attend an event storming workshop with the users. Read the rest of this entry »

Agile and domain driven design (part 1): Digital Services

In the last mini-series of posts I sketched out how to use DDD to build an explicit rich domain library that models the business domain and enforces the invariants within a narrow scope of an aggregate of entities. Catching up with my friend we got into a discussion about how we get to the point were are ready to implement things. How big can the model be? How do we scale to many two pizza teams? How do user needs, business processes, and screens relate to the domain focused OO design? We ended up talking about microservices. So in this series of post I am going to sketch how a large scale agile digital transformation programme gets to the point of cutting DDD code. I will then get into how a large project comes to be a platform with a micro-services architectureRead the rest of this entry »

Domain Driven Design: Entities, Value Objects, Aggregates and Roots with JPA (Part 5)

This is the last article in the series which discusses a sample app that does DDD using JPA. I would hesitate to recommend using JPA for DDD unless you are very familiar with JPA. Why? Some of the issues you can hit using JPA are written up on the Scabl blog on Advanced Enterprise DDD. In my own code and this blog I explain how to dodge some of the bullets but you need to be quite aware of the pitfalls of JPA to dodge them all. So why did I write the code? Read the rest of this entry »

Domain Driven Design: Entities, Value Objects, Aggregates and Roots with JPA (Part 4)

Don’t abuse the `public` keyword in Java. The source code has very few public classes or methods. This is unusual for Java projects. Typically Java projects have package layouts that model the solution; “this package has all the entities, that package has all database related code, that package is all the services code”. That approach forces you to make almost everything public. In the long term on a big project brittle connections are made across business responsibility boundaries. There is no way the compiler can enforce boundaries that align to the business domain.  Read the rest of this entry »

Domain Driven Design: Entities, Value Objects, Aggregates and Roots with JPA (Part 3)

Where’s the application in the demo code? There isn’t one.

If you look at the sourcecode there is no front-end, no web servlets, no screens, and no Java main class, and so no way to run it as an application. All that you can do is run the test class. So it is a library project. It is a rich “back-end” that can talk to a database.  Read the rest of this entry »

Domain Driven Design: Entities, Value Objects, Aggregates and Roots with JPA (Part 2)

Detour: Why use  JPA in this demo?

For the purposes of this demo JPA is an officially supported part of the Java ecosystem and is a mature and well documented Java-to-relational mapping tool. Yes it has a number of quirks. If you fight it your probably going to loose (your mind). If you learn how to do the basics and don’t deviate from that it can be a used as a rapid application tool to support an agile TDD build on Java against a relational datbase. Read the rest of this entry »

Domain Driven Design: Entities, Value Objects, Aggregates and Roots with JPA (Part 1)

A friend with a relational database background was working on an OO domain modelling problem. I started talking about “aggregates” and “roots” and things like “make the contract entity an aggregate controlling the other entities” and that “external logic should speak to the object model via a few root entities”. So I wrote demo project is some Spring and JPA code in Java to demonstrate those concepts. This blog series will be some discussion around the design and implementation techniques.  Read the rest of this entry »

Why isn’t LinkedIn using SRP?

This morning I was dismayed to get an email from LinkedIn to say that emails and passwords stolen in 2012 were available online. So they had reset the passwords of all emails accounts that haven’t changed their passwords since 2012. Okay sounds like a solid precaution against dictionary attacks on the stolen encrypted password details, right? Wrong.

They then want on to say:

LinkedIn has taken significant steps to strengthen account security since 2012. For example, we now use salted hashes to store passwords and enable additional account security by offering our members the option to use two-step verification.

Wow so in 2012 they were not properly salting the passwords and so those passwords, which users may have used across different sites, were not properly encrypted. That’s shockingly bad.

Further more salting passwords isn’t state of the art security. LinkedIn are still having the password set over the network to then salt it and save it in the database. So they are safe again the database getting stolen again but not against any other form of compromises on their network infrastructure. They should have upgrade to the Secure Remote Password protocol.

For a professional social network site it would seem that Facebook is lacking knowledgeable engineers and don’t have security as something built into their software development lifecycle.

Click Trajectories: End-to-end analysis of the spam value chain

interesting analysis of the world of spam

the morning paper

Click Trajectories: End-to-end analysis of the spam value chain – Levchenko et al. IEEE Symposium on Security and Privacy, 2011

This week we’re going to be looking at some of the less desirable corners of the internet: spam, malvertisements, click-jacking, typosquatting, and friends. To kick things off, today’s paper gives an insight into the end-to-end spam value chain. If we really want to stop spam it turns out, talk to the banks…

As an advertising medium, spam ultimately shares the underlying business model of all advertising. So long as the revenue driven by spam campaigns exceeds their cost, spam remains a profitable enterprise. This glib description belies the complexity of the modern spam business…

How does spam work?

There’s much more to spam than just the email! There are three key stages – advertising, click support, and realization – supported by a whole value chain.

Advertising concerns how…

View original post 1,531 more words

Follow

Get every new post delivered to your Inbox.