Those of you who have been following along will know that Scala on Linux is my preferred ecosystem. This past few weeks in the office I have been tinkering with the opensource C# ASP.NET ecosystem. What I came across shocked me to the dotnet core. I have posted some evidence of my findings up on GitHub. Read the rest of this entry »
A good friend of mine is working on a project which hosts media libraries in his cloud service. At the end of 2015, I integrated Cassandra into a big financial services platform. Cassandra is a great fit for my friend’s service. In this post, I will outline an appropriate Cassandra data model and along the way outline some of the killer features of Cassandra. Read the rest of this entry »
Today’s Morning Paper post is a must read for software engineers: “Designing software for ease of extension and contraction Parnas, IEEE Transactions on Software Engineering, 1979″
This is the last article in the series which discusses a sample app that does DDD using JPA. I would hesitate to recommend using JPA for DDD unless you are very familiar with JPA. Why? Some of the issues you can hit using JPA are written up on the Scabl blog on Advanced Enterprise DDD. In my own code and this blog I explain how to dodge some of the bullets but you need to be quite aware of the pitfalls of JPA to dodge them all. So why did I write the code? Read the rest of this entry »
Don’t abuse the `public` keyword in Java. The source code has very few public classes or methods. This is unusual for Java projects. Typically Java projects have package layouts that model the solution; “this package has all the entities, that package has all database related code, that package is all the services code”. That approach forces you to make almost everything public. In the long term on a big project brittle connections are made across business responsibility boundaries. There is no way the compiler can enforce boundaries that align to the business domain. Read the rest of this entry »
Where’s the application in the demo code? There isn’t one.
If you look at the sourcecode there is no front-end, no web servlets, no screens, and no Java main class, and so no way to run it as an application. All that you can do is run the test class. So it is a library project. It is a rich “back-end” that can talk to a database. Read the rest of this entry »
Detour: Why use JPA in this demo?
For the purposes of this demo JPA is an officially supported part of the Java ecosystem and is a mature and well documented Java-to-relational mapping tool. Yes it has a number of quirks. If you fight it your probably going to loose (your mind). If you learn how to do the basics and don’t deviate from that it can be a used as a rapid application tool to support an agile TDD build on Java against a relational datbase. Read the rest of this entry »
This morning I was dismayed to get an email from LinkedIn to say that emails and passwords stolen in 2012 were available online. So they had reset the passwords of all emails accounts that haven’t changed their passwords since 2012. Okay sounds like a solid precaution against dictionary attacks on the stolen encrypted password details, right? Wrong.
They then want on to say:
LinkedIn has taken significant steps to strengthen account security since 2012. For example, we now use salted hashes to store passwords and enable additional account security by offering our members the option to use two-step verification.
Wow so in 2012 they were not properly salting the passwords and so those passwords, which users may have used across different sites, were not properly encrypted. That’s shockingly bad.
Further more salting passwords isn’t state of the art security. LinkedIn are still having the password set over the network to then salt it and save it in the database. So they are safe again the database getting stolen again but not against any other form of compromises on their network infrastructure. They should have upgrade to the Secure Remote Password protocol.
For a professional social network site it would seem that Facebook is lacking knowledgeable engineers and don’t have security as something built into their software development lifecycle.
interesting analysis of the world of spam
Click Trajectories: End-to-end analysis of the spam value chain – Levchenko et al. IEEE Symposium on Security and Privacy, 2011
This week we’re going to be looking at some of the less desirable corners of the internet: spam, malvertisements, click-jacking, typosquatting, and friends. To kick things off, today’s paper gives an insight into the end-to-end spam value chain. If we really want to stop spam it turns out, talk to the banks…
As an advertising medium, spam ultimately shares the underlying business model of all advertising. So long as the revenue driven by spam campaigns exceeds their cost, spam remains a profitable enterprise. This glib description belies the complexity of the modern spam business…
There’s much more to spam than just the email! There are three key stages – advertising, click support, and realization – supported by a whole value chain.
Advertising concerns how…
View original post 1,531 more words