Software Engineering Stories

Well, to be honest, a few of years ago I created this blog with one primary intention: web logging software engineering stories that were taking place on the field.   Being an active software engineer/programmer/developer or code monkey, I was always spending time to trivial things that would be executed, forgotten and at some point needed to be rediscovered (or even reinvented) again and again. Or sometimes to inefficient approaches that myself or fellow programmers were following for which, at some point, I found a faster, easier or simpler way of executing them. Ultimately this blog was supposed to start with documenting trivial day-to-day operational task optimizations, or hacks, and proceed to more abstract software design or architecture discussions. And then it was abandoned due to a number of reasons. But now I'm back and excited to add useful, up-to-date content of software engineering stories, tricks and even unconventional  ways to accomplish this. As technologies a

Sooner or later, it is almost inevitable that a software engineer comes across the challenge of creating a user registry to store users, user attributes, user credentials and authentication / authorization activities. It is a very common need since most applications, especially  Web and mobile  ones,  require such functionality, however there are quite a few pi tfalls in building a secure registry that will resist external and internal attacks. And it will attract attackers since it is one of the most critical component  of an application / platform  were sensitive data are stored. Nowadays, there are offerings by cloud providers to create your user registry on their platforms or use OAuth to accept users from other applications, instead of storing their credentials in your premises. Also, there are of course, COTS solutions to run on-premises. Such solutions are definitely a valid way to avoid a significant number of concerns that you have when you build and maintain your own user reg

So, your manager sent you a URL and told you to go fix that little C# library that causes all that trouble, which, by the way, is hosted on a git server somewhere online. You have to send him back the new dll ASAP so that his promotion is not at stake. The bad news is that you have no clue how you do that -after all you are a Java developer and use SVN. The good news is that you found this blog. Worry no more, this 6-post-long quick guide is here for you to walk you through using the Visual Studio 2015 Git plugin to effortlessly accompish the following things: 1. clone a repository (presented in this post) 2. create a branch 3. commit changes 4. merge branches 5. pull changes from the repository 6. push your commited changes to the repository The idea here is to help beginners use the VS2015 Git plugin to quickly set up their environment so that their managers get their promotions and they skip studying the command-line git dissertation help pages or wandering thro

If you are a Web developer you will have to handle JSON strings, for developing, debugging and testing applications and APIs. During theses processes you will also have to use JSON strings that are copied for a HTTP sniffing/dumping tool (e.g. the developer tools of your browser) to analyse them, present them or share them. In that case, you will need to beautify them so that they become human friendly and readable. How do you do that fast and efficiently? OK, there may be a trillion different ways, and almost all IDEs that have some respect for themselves provide such JSON formatting functionality. But IDEs are heavy, and you typically will not create a new file to copy and paste the JSON string to beautify it and then discard it. I've seen many people resorting to "online" formatting tools (i.e. javascript-based formatters), but do you really need to do that (plus, you may be "sharing" you data without realizing it)? Notepad++ to the rescue again! 

A common issue when integrating components accross the boundaries of an organization (or sometimes even within) is the utilization of certificates for improving the security of the machine-to-machine communication. More specifically, certificates and cryptography can be used to mitigate man-in-the-middle risks as well as provide a framework for authentication (client-side certificates). In this post, I will use OpenSSL, which is an open source tool, to demonstrate how: to create a private key to create and sign a CSR (Certificate Signing Request) to bundle certificates and private key in PFX/PKCS12 files The above steps are typically applied when client authentication is performed with a client-side certificate. In a nutshell, the service consumer needs to provide a CSR signed with her private key (either independently created (1), or created along the CSR creation (3)). Then the consumer sends the CSR to the provider who typically serves as a CA and creates a certificate fo

The proliferation of REST and statelessness in Web Application and Web API design, state management often becomes a matter of misunderstandings and conflict in development teams. Programmers of back-end systems may be used to assume that session-related state is preserved server side and may be referred to as needed by the application code. However, stateful implementations may suffer from performance and scalability limitations, making thus the stateless approach a viable alternative, especially when high-load Web-based systems are considered. How to pass data between requests in state-less / session-less Web applications The problem here is that there are cases in state-less Web applications where data from an interaction may be required in subsequent interactions to be processed by the server, even though they are not stored in the server in some form. In this case, you will have to let the Web client provide these data as context (or state) of subsequent interactions.