When costs are nonlinear, keep it small.
Batching work is more efficient … until cost rises nonlinearly with batch size. Then smaller batches are the most efficient. So don’t delay maintenance!
secure code
Reaction to the Tool
“Teams use CheckMarx to make their code more secure.” CheckMarx is a tool that analyzes code, looking for vulnerabilities. It produces a report of likely problems, with specific locations in the source code. “We will mandate that our teams use CheckMarx.” Will this make the code more secure? That depends how the team reacts to …
Spring and JPA: use custom value types inside entities with a custom converter
If you want secure code, or code with fewer bugs, you want to track the kind of data you’re passing around. In your code, do not pass around strings or any other built-in built-in primitive type. Those are for the edges: we have to accept strings as input, we have to write VARCHAR to the …
Read moreSpring and JPA: use custom value types inside entities with a custom converter
I turned on Spring Security and my POSTs don’t work anymore
^ that’s what I googled, so that’s the title of the blog post that solves it. When I added spring-boot-starter-security to my dependencies, I expected my whole app to suddenly be behind a login screen. But I expected it to work after logging in. Instead, it failed at the first form submission. And it failed …
Read moreI turned on Spring Security and my POSTs don’t work anymore
Spring Security for h2-console
In Spring Boot example apps, H2 is the easiest database to get started with. Its data is in memory or in a local file. When the app is running in development mode, you can access the database at /h2-console. It gives you a lovely little SQL admin app. That is, after you turn it on …
What functional programming and secure code have in common
As a programmer, especially a strong-typing functional programmer, I love abstraction. Defining what the program does and expressing that cleanly in code. The code should express little else. Now I’m studying secure code, and it is the opposite. It’s all about what can happen, not what should. So many nitty-gritty details of network protocols, memory …
Read moreWhat functional programming and secure code have in common
Honeycomb in Rails with separate dev and production events
Honeycomb made it suuuuuper easy to see traces of HTTP requests hitting my app. Right from my computer! We installed one gem, did one rails generate from a cut-and-paste their dataset creation page gave me. Start up rails server, hit http://localhost:3000, and boom! A thing on a graph in Honeycomb! That was cool. Except, um, …
Read moreHoneycomb in Rails with separate dev and production events
Honeycomb in Rails without hard-coding the API key
Today we hooked up Honeycomb to an app for the first time! It was easy and fun! Then we configured it so that we don’t have to commit our apikey. It’s a public repo. Anyone could grab our API key and send spurious events to our Honeycomb datasets, screwing up our information and costing us …