Many of us are not familiar with vulnerability reporting and how it is different from reporting a regular bug. Frequently, I’ve seen people report vulnerabilities or potential security issues incorrectly. A public bug tracker or Stack Overflow is NOT the right tool; developers need to handle vulnerabilities differently and should not disclose them until the project/vendor fixes them. In this post, you will learn basics about vulnerabilities, how they relate to Common Vulnerabilities and Exposures...

Read more

What happens when you suddenly need to work from home due to a myriad of reasons? Whether it’s the daily expectation or an occasional occurrence, working remotely has it’s benefits and challenges. After coming to a fully remote team at Okta, I discovered a few things about the reality of working outside of an office building that I’d like to share. Communication is EVERYTHING When Working Remote I discovered that my communication skills actually improved...

Read more

The World-Wide Web, as we know it, started around 1993 by serving static HTML files with links to other HTML files. It didn’t take long for developers to find ways of making websites more “dynamic” using technologies like Common Gateway Interface (CGI), Perl, and Python. Since the ’90s, I have built web applications using a variety of languages, platforms, and frameworks. I’ve written application frameworks, content management systems, a blog engine, and a social media...

Read more

I’ve always tended to lean toward Command-Line Interfaces (CLIs) over Graphical User Interfaces (GUIs). Maybe it’s because I cut my teeth in computing in the Windows 3.1 days. I split my time between the “new” Windows 95 and Linux (usually RedHat 5 or Debian 2). When things weren’t going well in a GUI (which was a LOT of the time), you just dropped to a terminal, typed in a command, and BAM! you were in...

Read more

I’ve been a longtime fan of CSS frameworks since 2005. I led an open-source project called AppFuse at the time and wanted a way to provide themes for our users. We used Mike Stenhouse’s CSS Framework and held a design content to gather some themes we liked for our users. A couple of other CSS frameworks came along in the next few years, namely Blueprint in 2007 and Compass in 2008. However, no CSS frameworks...

Read more

NestJS is a modern, progressive framework for building Node.js applications and APIs. NestJS is built on TypeScript, and is designed to use solid programming metaphors such as controllers and modules. Having automatic Swagger API documentation built-in is also a great feature. Postgres (or PostgreSQL), much like other relational databases, provides a way to persist and query data. It’s a powerful, open-source, object-relational database system with over 30 years of active development that has earned it...

Read more

Posing this question on Twitter, I was amazed at the amount of responses it got: Check the thread out here. There were definitely some great points from both sides, but I wanted to explore my take on the choice in more depth. For clarity, GUIs are Graphic User Interfaces, and CLIs are Command Line Interfaces. Let’s start with: WHY COMMAND LINE INTERFACES SUCK (Don’t worry, it’s not that dramatic - just using a catchy title!...

Read more

Gatsby is a tool for creating static websites with React. It allows you to pull your data from virtually anywhere: content management systems (CMSs), Markdown files, APIs, and databases. Gatsby leverages GraphQL and webpack to combine your data and React code to generate static files for your website. JAM - JavaScript, APIs, and Markup - apps are delivered by pre-rendering files and serving them directly from a CDN, removing the requirement to manage or run...

Read more

PASETO is the latest trend in security token formats. Its primary goal is to reduce the problems the JSON Web Token (JWT) related specifications introduce. In this post, I’ll give you a brief introduction to PASETO tokens and then jump into an example that creates and parses tokens using in Java using JPaseto. If you’d rather watch a video, I created a screencast too! What is PASETO? PASETO stands for Platform-Agnostic SEcurity TOkens. The PASETO...

Read more

Over the last year or so, a new buzzword started floating around Angular forums and blogs. The word was Ivy. Ivy promises to make your application faster and smaller. But what exactly does this new technology do? Ivy is a complete rewrite of Angular’s rendering engine. In fact, it is the fourth rewrite of the engine and the third since Angular 2. But unlike rewrites two and three, which you might not have even noticed,...

Read more