Interesting links

SLSA dip — At the Source of the problem!

This article is part of a series about the security of the software supply chain. Each article will be analyzing a component of the Supply chain Levels for Software Artifacts (SLSA) model in depth, from the developer’s workstation all the way to the consumer side of the chain.

What is backoff for?

This looks When do you want backoff and jitter, and when do you want adaptive retries? Are they just two ways to do the same thing, or is there something different about them?

Web Browser Engineering

TThis book explains, building a basic but complete web browser, from networking to JavaScript, in a thousand lines of Python.

DDD Crew

Interesting set of resources around DDD, including some nteresting mapping tools

Binbash Leverage Documentation

A good reference reference architecture. The documentation is good as well. the leading, easy to deploy, reusable and most automated solution for defining, provisioning and managing your secure and scalable multi-account AWS infrastructure environment.

Uptime and downtime with 99.99 % SLA

Was glad to note that AWS SLAs are given with monthly values, basically their invoicing period Their SLAs vary between 3 and 4 nines, or 43m 49s to 4m 22s, per month.

AWS Access Keys - A Reference

AWS Access Keys are the credentials used to provide programmatic or CLI-based access to the AWS APIs. This post outlines what they are, how to identify the different types of keys, where you’re likely to find them across the different services, and the order of access precedence for the different SDKs and tools.

Canarytokens.org - Quick, Free, Detection for the Masses

How to test your apps for #log4shell vulnerability 1. Generate a DNS token https://t.co/vCzVG0O03i2. Wrap that token in Prefix: ${jndi:ldap://Suffix: /a}3. Use that value in search forms, profile data, settings etc. of your apps4. Get notified when you triggered a reaction

Serverless Container-based APIs with Amazon ECS and Amazon API Gateway

This blog post guides you through the details of the option based on API Gateway and AWS Cloud Map, and how to implement it: first you learn how the different components (Amazon ECS, AWS Cloud Map, API Gateway, etc.) work together, then you launch and test a sample container-based API.

AWS and IPv6

Besides more IPs, what are the benefits of adopting all ipv6 and is it practical today?

cacheable-response

An HTTP compliant nodejs route path middleware for serving cache response with invalidation support

Bloom is a REST API caching middleware

I’m bothered that there are so few implementations of transparent read through caching for REST APIs. This is one, but doesn’t even use the proper cache-control headers, or asynchronous cache refresh

Serverless.tf

serverless.tf is an opinionated open-source framework for developing, building, deploying, and securing serverless applications and infrastructures on AWS using Terraform.

Exporting DynamoDB Data to Excel using Lambda with s3 on AWS

This is something I might need to replicate for my current project,where my dynamodb is just a staging stage before the data is eventually sent to our data lake. In the meantime, emailing the data to my colleagues in marketing will do nicely 😁

DynamoDB Design Patterns for Single Table Design

I need to up skill on dynamodb, planning to use it in a design but don’t know anywhere as much as I’d like about it. Single table design is especially interesting, seems to be a pattern worth understanding within a microservices architecture

Tutorial dojo

As part of my professional development, it is starting to feel like I should aim for certification. This site came up, offers allegedly good quality tutorials.

Google DORA DevOps capabilities

The DevOps Research and Assessment (DORA) team has identified and validated a set of capabilities that drive higher software delivery and organizational performance. These articles describe how to implement, improve, and measure these capabilities.

Layering Microservices

Another article supporting my view that layering your architecture is good, doesn’t equates to N-tiers and doesn’t clash with microservices, hexagonal and cell based architecture descriptions

Hexagonal architecture

Updated thoughts on hexagonal architecture, emphasising the importance of port and adapters to enforce strict separation of concerns between business logic and experience/presentatiin

Google SRE book

TIL that Google book on Site Reliability Engineering is available online!

developer security essentials

Another great resource from the footnotes of “Continuous architecture in practice”, handbooks and training materials on “developer security essentials”.

REST API design resource modeling

Good article about reconciling domain driven design and REST. Quite old, but then again the DDD books I have read are as well, and couched in very old fashion SOA language, which I haven’t had much to do in recent years. Feels like both a trip down memory lane and a refresher 🤨

Liberating structures

This website offers an alternative way to approach and design how people work together. It provides a menu of thirty-three Liberating Structures to replace or complement conventional practices.

Fundamental Practices for Secure Software Development

The best practices in the guide apply to cloud-based and online services, shrink-wrapped software and database applications, as well as operating systems, mobile devices, embedded systems and devices connected to the Internet.

Fearless Salary Negotiation

This is a great website, full of advice about salary negotiations for software developers (tho the advice seems portable to other job types). Not sure I agree with it all but this most likely down to doing it all wrong myself. Definitely worth a browse! Might even buy the book…