Posts

Showing posts from 2022

Setting up React Native on Apple Silicon MacBook Air M2

Starting point was following the guide here: https://reactnative.dev/docs/environment-setup for installing ruby I chose to use chruby to manage the version. however when creating a new project I was getting ruby version error ok lets install ruby 2.7.5 I was now getting build errors when trying to install ruby the trick was to add " -- --enable-shared " ruby-install ruby 2.7.5 -- --enable-shared

.NET Conf 2022

The sessions I am intending to watch, I'll be refining as I go: https://youtube.com/playlist?list=PLq-S-mihzsNyPQuymvYJzNGP8ji45BMo3 Full playlist here: https://www.youtube.com/watch?v=8V_BUGFKdaI&list=PLdo4fOcmZ0oVlqu_V8EXUDDnPsYwemxjn&index=3 Technical Content https://github.com/dotnet-presentations/dotNETConf/tree/main/2022/MainEvent/Technical Announcements to highlight: https://devblogs.microsoft.com/dotnet/announcing-dotnet-7/ https://devblogs.microsoft.com/dotnet/announcing-dotnet-7/#net-is-for-cloud-native-apps Related sample projects: https://github.com/davidfowl/TodoApi  - Todo REST API samples using ASP.NET Core minimal APIs. See  this tweet https://twitter.com/davidfowl/status/1591480438308339712?cxt=HHwWgIDQhdrBiZYsAAAA for what it showcases.

API Security Best Practices

Good kick off point https://owasp.org/www-project-api-security/ https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html https://github.com/OWASP/wstg https://stackoverflow.blog/2021/10/06/best-practices-for-authentication-and-authorization-for-rest-apis/ Around the industry https://www.f5.com/labs/learning-center/securing-apis-10-best-practices-for-keeping-your-data-and-infrastructure-safe https://blog.axway.com/learning-center/digital-security/keys-oauth/api-security-best-practices https://curity.io/resources/learn/api-security-best-practices/ https://medium.com/apis-and-digital-transformation/best-practices-for-building-secure-apis-2b4eb8071d41 https://learn.microsoft.com/en-us/azure/api-management/mitigate-owasp-api-threats https://learn.microsoft.com/en-us/dotnet/architecture/microservices/secure-net-microservices-web-applications/ State of API Security https://content.salt.security/gartner-2022-predicts https://content.salt.security/state-api-report.html Serv...

Micro-Frontends

https://betterprogramming.pub/the-future-of-micro-frontends-2f527f97d506 https://www.buildingmicrofrontends.com/  (book) https://hasgeek.com/jsfoo/microfrontends-conf/schedule/micro-frontends-communication-patterns-NJ6MRtNaEc1aNh8oe6kERY  (video) https://developer.mozilla.org/en-US/docs/Web/Events/Creating_and_triggering_events https://micro-frontends.org/ https://www.manning.com/books/micro-frontends-in-action  (book) https://martinfowler.com/articles/micro-frontends.html https://medium.com/adeo-tech/behind-leroymerlin-fr-micro-frontends-47fd7c53f99d https://engineering.zalando.com/posts/2021/03/micro-frontends-part1.html https://dev.to/kleeut/how-do-you-share-authentication-in-micro-frontends-5glc https://developer.okta.com/blog/2022/05/17/angular-microfrontend-auth https://auth0.com/blog/micro-frontends-with-angular-module-federation-and-auth0/ https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

Update ... Recommended Reading for Developers

Modern Software Engineering: Doing What Works to Build Better Software Faster by David Farley Software Engineering at Google: Lessons Learned from Programming Over Time by Titus Winters, Hyrum Wright, Tom Manshrek Refactoring: Improving the Design of Existing Code by Martin Fowler Good Code, Bad Code by Tom Long The Missing README A Guide for the New Software Engineer by Chris Riccomini and Dmitriy Ryaboy Docs for Developers: An Engineer's Field Guide to Technical Writing Paperback by Jared Bhatti, Zachary Sarah Corleissen, Jen Lambourne Skills of a Successful Software Engineer by Fernando Doglio

Web Design and Usability Starter

Design Systems https://storybook.js.org/tutorials/design-systems-for-developers/react/en/introduction/ https://www.invisionapp.com/inside-design/guide-to-design-systems/ https://blog.adobe.com/en/publish/2021/05/26/best-practices-to-scale-design-with-design-systems Website Design Guidelines https://99designs.com.au/blog/web-digital/website-usability-principles/ https://xd.adobe.com/ideas/principles/web-design/web-page-design/ https://blog.hubspot.com/blog/tabid/6307/bid/30557/6-guidelines-for-exceptional-website-design-and-usability.aspx SEO https://developers.google.com/search/docs/beginner/seo-starter-guide https://www.semrush.com/blog/seo-best-practices/ https://blog.hubspot.com/marketing/seo Page Speed https://moz.com/learn/seo/page-speed https://pagespeed.web.dev/ https://blog.hubspot.com/website/website-performance Web Accessibility https://blog.hubspot.com/website/web-accessibility Not so happy path https://medium.com/salesforce-ux/designing-the-not-so-happy-path-fde484759a54 ht...

Internal Developer Platform

Internal Developer Platform https://internaldeveloperplatform.org/what-is-an-internal-developer-platform/ https://platformengineering.org/talks-library/sunrise-zalandos-internal-developer-platform https://humanitec.com/blog/internal-platform-teams-what-are-they-and-do-you-need-one https://humanitec.com/blog/what-is-an-internal-developer-platform DevOps MUST Build Internal Developer Platform (IDP)  (youtube) How we built an Internal Developer Platform at Zalando  (youtube) Architecting an Internal IDP with Backstage and Humanitec  (youtube) From Kubernetes to PaaS to … Err, What’s Next?  (youtube) Backstage: Restoring Order To Your Chaos - Dave Zolotusky, Spotify  (youtube) DevOps, SRE and Platform Engineering https://www.getambassador.io/resources/rise-of-cloud-native-engineering-organizations/ https://octo.vmware.com/platform-engineering-and-sre-whats-the-difference/ https://iximiuz.com/en/posts/devops-sre-and-platform-engineering/ https://harness.io/blog/devop...

Microsoft Build 2022 my playlist

Deploy modern containerized apps and cloud native databases at scale Scale cloud-native apps and accelerate app modernization Azure PaaS and Cloud Native Development Continuous Delivery with GitHub Actions Australian Customer Stories: Enabling Sustainable Cloud-Native Transformation How Italy is delivering e-Gov services with Azure as a Backend for a 30 Million downloads app Lessons learned from upgrading mission-critical Azure services of Norway's largest payment platform Introducing Microsoft Dev Box and Azure Deployment Environments

You Build It You Run It

https://you-build-it-you-run-it.playbook.ee/ https://www.atlassian.com/incident-management/devops/you-built-it-you-run-it https://aws.amazon.com/blogs/enterprise-strategy/enterprise-devops-why-you-should-run-what-you-build/ You Build It You Run It. What does it mean to engineers and delivery leads?  (youtube)

Code samples using Azure Key Vault in .NET

https://github.com/Apress/applied-crypto-.net-azure https://www.scottbrady91.com/identity-server/outsourcing-identityserver4-token-signing-to-azure-key-vault https://damienbod.com/2020/04/09/using-certificates-from-azure-key-vault-in-asp-net-core/ https://vslepakov.medium.com/build-a-lightweight-pki-for-iot-using-azure-keyvault-acc46bce26ed  https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/keyvault/Azure.Security.KeyVault.Keys

Software Development Playbooks and Guidelines

Collection of references on engineering playbooks, reliability and production readiness guides: Microsoft  CSE Code-With Engineering Playbook Atlassian Engineering’s handbook The Delivery Hero Reliability Manifesto The Gruntwork Production Framework OpsLevel  Production Readiness in Depth: A Guide and Checklist

Best Practices for Software Supply Chain Security

The Secure Software Factory The Secure Software Factory is an implementation of the CNCF's Secure Software Factory Reference Architecture which is based on the  Software Supply Chain Best Practices White Paper . The software factory creates multiple pipelines configured to build a software artefact. It is composed of individual build stages chained together to retrieve the source code and dependencies, then scan, test, build and deploy the final artefact. The software factory relies heavily upon infrastructure and security-as-code to allow automated instantiation of pipelines, leading to the creation of multiple immutable pipelines. To eliminate the chance of error or misconfiguration there should be no manual configuration in place. This also leads to a system that is capable of performing a high level of automated security testing to validate its configuration and verify its products. Software Supply Chain Best Practices White Paper Securing a software supply chain in five stag...