Repudiation: The ‘R’ in STRIDE


If you are working in Infosec, there is a good chance that you’ve heard of ‘STRIDE’ (Spoofing, Tampering, Repudiation, Information Discloser, Denial of Service and Elevation). Each of these are topics worth delving into, but I want to talk about Repudiation a little bit, as it’s less obvious than the rest of them….

Continue reading

When Component Tests Are Surplus to Requirements


I’ve been working in a TDD/BDD environment for the past five years, and like many such shops the component level test is held as sacred. Before you touch a line of code or even consider a unit test, you need to ascertain how the new feature works at a component level, and code a test to prove as much.

But recently I’ve been working with a team that eschews such tests, with a multitude of components that are tested only at the unit level. At first I was shocked, then confused, but gradually I realised why and it makes perfect sense….for their situation. Read on and let me explain….

Continue reading

Compound Keys As Views in DynamoDB

71gGlPy3zqL._AC_SL1500_Like a lot of you, I’ve been working with NoSQL databases for a few years, and I thought I understood the paradigm -it’s just like regular relational database coding with a primary key, except that the attributes were loosely defined in a json structure (or other format). Still, the central idea remained, each table represented an entity type and each row an entity instance, however loosely defined. However, after watching this talk Rick Houlihan of AWS, I’m beginning to realise that’s not quite the case:

Continue reading

The Three Areas Of Git

oldguyGit can be a bit of a nightmare sometimes; it seems to take the UX idea of ‘complex plumbing but elegant porcelain’ and turns it on it’s head. However, git does make more sense than it first appears, once you understand a few of it’s underlying concepts, and how it approaches things.

One of the key conceptual breakthroughs that has helped me understand ‘git’ is the idea of their being three distinct ‘areas’, with their own set of data, and that every git command is effectively just copying data between these datastores. This idea of simply ‘copying data from a to b’ (as opposed to performing a complex action within git) might seem odd, but bear with me and I’ll explain….

Continue reading

Nginx: uWSGI’s hat….


So I’ve recently been tinkering away creating my own Django based app (more on that later!) and am at the point of being able to deploy it live as a website! Whoo hoo!But there’s a big difference between messing around with the Django development server and actually deploying to something production worthy. A common stack is uWSGI combined with nginx, but there’s much confusion over what these things are and what they do (not helped by some truly epic name clash). In this article I will try to set the stack straight….

Continue reading

Progression and Side Projects


So let’s say you get the plumbing bug when you’re a kid.

I don’t know how, maybe you fixed your childhood home’s water pressure issue by watching a Youtube video and got hooked on valves, pipes and plungers.

So you start helping out with other projects, your uncle installing a radiator, your neighbour’s new bathroom etc; you go on forums, get advice, get good, start giving advice, and you’re still just a kid. Everyone thinks you’re a genius.

Continue reading

A Human Guide To What HTTPS Certificates Actually Do

imagesThere seems to be a wealth of information about the technicalities of HTTPS and server certs, but very little user-friendly introductions about what problems they try to solve, which probably explains why so few developers bother with them. But they are worth understanding, especially as you may find yourself in a small-shop or devops role where you will need to use them extensively; on top of that, it’s actually quite interesting once you get into it….

Continue reading