Deploy private npm packages into private containers using github actions  

By Stephan Wissel | 7/17/23 2:33 AM | Development - Notes / Domino | Added by Roberto Boccadoro

GitHub Actions are rapidly becoming my favorite CI environment. Their marketplace has an action for everything. Sometimes it takes a little trial and error before things work smoothly. This is one of that stories. Authentication is everything Imagine the following scenario: you have developed a set of private TypeScript (or JavaScript) packages and have successfully deployed them to the private GitHub npm registry under the name @myfamousorg/coolpackage - where myfamousorg must match the repository owner (org or individual). Now you want to use them in your application. That application shall be packed in a Container and made available in GitHub's private registry. All that automated using GitHub Actions.

TOTP and vert.x  

By Stephan Wissel | 2/7/23 9:13 AM | Development - Notes / Domino | Added by Roberto Boccadoro

TOTP and vert.x - Time-based one-time passwords (TOTP) are a common security feature in Identity Providers (IdP). There are use cases beyond IdP, mine was 'Understanding what it takes'). TOTP interaction You have two phases: enrollment and use. During enrollment a secret is generated and (typically) presented as QR Code. A user points one of the many Authenticator apps to it and gets a numeric code that changes once a minute. When you use it, you pick the current number and paste it into the provided field. The backend validates the correctness with some time leeway. What it is not Typically when enrolling you also get recovery codes, sometimes called scratch codes. They are NOT part of TOTP and implementation is site specific and not standardized. An implementer might choose to check your recovery codes when your TOTP fails or provide a separate interaction using those. The initial confirmation, is actually the first instance of "use" and one could have a successful enrollment without it. This is depending on the implementation. It isn't foolproof. An attacker could trick you into typing your TOTP code into a spoofed form or just hijack your session (cookie). That's why responsible web apps run a tight security with CSP and TLS (and once browser support is better Permission Policy)

Test-Driven Development Is a Paradox  

By Stephan Wissel | 10/21/22 7:37 AM | Development - Notes / Domino | Added by Roberto Boccadoro

TDD is favored by very succesfull engineers as a means of accellerating software development by preserving quality. Objections are plenty. The talk by Burt Hufnagel tries to address those. The TDD Paradox: TDD requires you to write more code, so you can be done sooner. It's like learning to drive a car. Your first mile takes, give or take, 40-50h to complete: Driving lessons, driving tests, get the license issued before you drive. You can walk a lot more in 50 hours, you get the drift...

Case insensitive deserialization  

By Stephan Wissel | 6/8/22 3:58 AM | Development - Notes / Domino | Added by Roberto Boccadoro

Case insensitive deserialization - Growing up in Windows with BASIC you learn case doesn't matter, so Color is the same as COLOR or cOLOR when it comes to variable names. Same applies to @Formula or item names in Notes documents. On the other side, Linux, Java, JavaScript and JSON are very much case sensitive. This poses a challenge when deserializing (handcrafted) JSON files.

The Quest for a software documentation system  

By Stephan Wissel | 3/10/22 1:54 AM | Development - Notes / Domino | Added by Roberto Boccadoro

The Quest for a software documentation system - Software documentation is a thankless business and never complete. Picking the right system can make or break your documentation success Contenders We have a number of options commonly used, each with strengh and weaknesses.

Factory based dependency injection  

By Stephan Wissel | 12/10/21 1:39 AM | Development - Notes / Domino | Added by Roberto Boccadoro

No man is an island and no code you write lives without dependencies (even your low-level assembly code depends on the processor's microcode). Testing (with) dependencies can be [insert expletive] The general approach to make dependent code testable is Dependency injection. Instead of calling out and create an instance of the dependency, the dependency is hand over as parameter. This could be in a constructor, a property setter or as method parameter.

Domino Docker and Debugging  

By Stephan Wissel | 6/30/20 2:15 AM | Development - Notes / Domino | Added by Oliver Busse

Given that Domino once was build to run on 486 capacity of servers, Docker and Domino are posed to be a match made in heaven (eventually). Jesse shared shared his Weekend Domino-Apps-in-Docker Experimentation, Paul shared his learning points and Daniel provided the invaluable Domino on Docker build scripts. So it's time to contribute my share. The topic is slightly more exotic