I just released the Starter Class of "Learn Spring Security":
1. Java and Spring
I’m starting this weeks review with a very solid analysis of various types of method invocations in Java, and the performance characteristics of each. This is an in-depth read but very much worthwhile to get a deeper understanding of the Java runtime.
Two-factor authentication is getting more and more prevalent, and for good reason – it greatly improves the security of your system. It’s great to read that implementing this auth strategy is not only doable, but really not that complicated.
I’m hoping to have the chance to implement this for a client using Spring Security and the Google Auth app – it would make for a good article.
Discussion on some of the Java 8 design decisions such as having default methods versus, for example, Scala traits. A reminder that language design is nuanced and a lot of factors play into it – overall, a great addition to the Java community.
An in depth discussion about naming in tests – it can serve as a good point of reference for choosing to name your tests artifacts, even if you don’t actually follow all the conventions the article lays out.
This recording is all about Project Sagan and the new (well, new-ish) spring.io website – all very meta and all built in Spring.
Yes, Spring Security 4 was announced recently, and yes – it looks very interesting. However, if you’re looking to get started with Spring Security, 3.2 is the way to go – this is a quick video that should get the ball rolling.
API design is a beautiful thing – here’s an useful process to keep in mind whenever you’re making a backwards incompatible change in an externally published interface.
This article puts forward an important premise – the latest major security issues of 2014 – the GOTO Fail and Heartbleed – could have been easily avoided if the developers were practicing unit testing. Be warned – the article is very long and in-depth – actually going over the tests themselves and showing exactly how the bugs could have been avoided.
>> Is TDD Dead? (the recording)
The initial “Is TDD Dead” hangout recording and the next one (happening today, on the 16th of May).
The first was OK and spurred a lot of discussion online about the value and practices of TDD, and testing in general, and I’m hoping that the second discussion is going to go a little more in depth.
If you’ve ever seen scientific code, you know how it looks, you know you don’t want to touch it and you know you couldn’t change it reliably if your life depended on it. If you’re interested in that area, of if you were ever frustrated working with a library such as Mahout – this is why.
An interesting quick read on password alternatives – which goes well with the article above discussing Two-Factor Auth. As an industry – this is definitely the direction we’re moving towards.