LIST

GCP App Engine

Features auto load balancing & auto scaling managed platform updates application health monitoring application versioning traffic splitting Compute Engine vs App Engine compute E = IAAS app E = Paas, serverless Environments standard - language specific sandbox v1 - java python php go (old versions) python & php -> restricted network access + restricted libs v2 - java, python, php, node, ruby, go (newer versions) flexible - docker containers uses compute engine VMs access to background processes attach local disks Component Hierarchy !...

March 28, 2023

AWS & Typescript Masterclass - 15. other courses

Unit Testing for Typescript & NodeJs Developers with Jest https://www.udemy.com/course/unit-testing-typescript-nodejs Advanced Typescript programming with NodeJs and Webpack https://www.udemy.com/course/typescript-full-stack-programming Typescript with React classes - quick start - Jest testing https://www.udemy.com/course/typescript-with-react-jest-testing Mastering Visual Studio Code https://www.udemy.com/course/mastering-visual-studio-code Advanced Java programming with JavaFx: Write an email client https://www.udemy.com/course/advanced-programming-with-javafx-build-an-email-client Ubuntu Linux on VirtualBox quick setup https://www.udemy.com/course/ubuntu-linux-on-virtualbox-quick-setup Git with Visual Studio Code https://www.udemy.com/course/git-with-visual-studio-code

September 17, 2022

AWS & Typescript Masterclass - 11. Application Development

(Section 11 of Course_ AWS & Typescript Masterclass - CDK, Serverless, React) 94-97 (95) Deployment to S3 and Cloudfront // create bucket this.deploymentBucket = new Bucket( this.stack, 'space-app-web-id', { bucketName: bucketName, publicReadAccess: true, websiteIndexDocument: 'index.html' } ); new CfnOutput(this.stack, 'spaceFinderWebAppS3Url', { value: this.deploymentBucket.bucketWebsiteUrl }); // upload build folder to the bucket new BucketDeployment( this.stack, 'space-app-web-id-deployment', { destinationBucket: this.deploymentBucket, sources: [ Source.asset( join(__dirname, '..', '..', 'space-finder-frontend', 'build') ) ] } ); // cloudfront const cloudFront = new CloudFrontWebDistribution( this....

September 16, 2022

Article: Why your daily stand-ups don't work and how to fix them

(Why your daily stand-ups don’t work and how to fix them) Model: 5 heuristics you’re doing stand-ups wrong symptoms which indicate you’re doing your stand-ups in the wrong way, for the wrong reasons: Heuristic: Stand-ups take more than 15-minutes Heuristic: People talk about their work instead of talking about goals Heuristic: People stop showing up regularly Heuristic: People talk to their manager (or “scrum master”) instead of talking to their peers Heuristic: If the manager or “scrum master” can’t show up, the stand-up doesn’t happen Quote: the purpose of daily stand-ups the purpose of the Daily Scrum is to inspect progress toward the Sprint Goal and adapt the Sprint Backlog as necessary, adjusting the upcoming planned work....

September 11, 2022

Model: OWASP top 10

OWASP top 10 Open Web Application Security Project https://owasp.org/ OWASP top 10 - 2013 (Book_ release it!) Injection Broken Authentication and Session Management Cross Site Scripting (XSS) Broken Access Control Security Misconfiguration Sensitive Data Exposure Insufficient Attack Protection Cross-Site Request Forgery (CSRF) Using Components with Known Vulnerabilities Underprotected APIs (src: Book_ release it! - Michael Nygard) 2017 added (4) XML External Entities (XXE) covered in (2013.1) OWASP Injection by [[book-release-it-michael-nygard.md|Book_ release it!...

September 10, 2022

OWASP Broken Authentication and Session Management

session session hijacking anti-pattern: session id in plain text ref: cross site scripting (XSS) session fixation (hacker creates valid session, and tries to get the target to use it) Anti-pattern: authenticating an existing session pattern: generate a new session ID when (re)authenticating session prediction Anti-pattern: session IDs based on user’s own data Anti-pattern: sequential session ids just because a session looks random, does not mean it is random guidelines for handling session IDs !...

September 10, 2022

OWASP Sensitive Data Exposure

Sensitive Data Exposure All the valuable things people can steal from you or use against you. eg. credit cards, medical records, insurance files, purchasing data, emails pattern: applications request data encryption keys, which are encrypted themselves anti-pattern: don’t leave decryption keys laying around where and attacker could retrieve them (eg. in memory) AWS Cloud: use AWS Key Management Service (KMS) On Premise: HashiCorp Vault anti-pattern: half-heartedly using an encryption tool you picked...

September 10, 2022

Course: AWS & Typescript Masterclass - CDK, Serverless, React

(AWS & Typescript Masterclass - CDK, Serverless, React) Section 1: Introduction Section 2: AWS CDK & CloudFormation CDK commands Backend Section 3: Serverless project with CDK and Typescript Section 4: Serverless: AWS Lambda - bundling, testing and debugging Section 5: Testing and debugging Lambdas cdk run local lambda with sam-cli Debug typescript file with breakpoints (credentials via 1password) Section 6: AWS DynamoDb with CDK and Lambda Type Guards Section 7: [[aws-typescript-masterclass-7....

September 7, 2022

Model: Tuckman's Performance Model - forming, storming, norming, performing

(src: Book_ Team Topologies - Matthew Skelton & Manuel Pais) Each stage has it’s own common feelings behaviors team tasks The feelings and behaviours are useful for recognizing which stage you’re in. And to confirm that it is completely okay to feel and behave this way! (src: Article: Using the Stages of Team Development _ MIT Human Resources)

September 5, 2022

Model: 5 kinds of test doubles

" The vocabulary for talking about this soon gets messy - all sorts of words are used: stub, mock, fake, dummy. " Test Double the generic term for any kind of pretend object used in place of a real object for testing purposes. five particular kinds of double (1) Dummy objects passed around but never actually used. eg. fill parameter lists (2) Fake objects working implementations shortcut which makes them not suitable for production eg....

September 2, 2022