Skip to main content


Showing posts from March, 2021

Program Web APIs with .NET

  Here's a treasure trove of free educational resources for learning how to query and build Web (RESTful) APIs. All that with .NET. Microsoft is really upping its game when it comes to teaching people how to use its tools. It's main flagship is, of course, the revamped Microsoft Learn platform which encompasses all of its technologies such as .NET, Azure or Machine Learning. full article on i-programmer

Regexploit - Put A Stop To Regular Expression DoS Attacks

  There's a new tool that can identify resource-hungry regular expressions that can be potentially exploited in launching ReDos attacks. In  Can Regular Expressions Be Safely Reused Across Languages?  I looked into whether it is possible to reuse a regular expression crafted in JavaScript verbatim in Python. Would doing so lead to the same results and performance? Swap your languages of interest in place of JavaScript and Python; the question remains the same. Setting aside the question of equality of the cross-language results, the article also looked at the performance side of the story which perfectly relates to this Regxploit tale. full article on i-programmer

Does Sigstore Really Secure The Supply Chain?

  Linux Foundation's answer to supply chain attacks is to offer a free code signing service for open source developers, called Sigstore. While on the right track it does not  mitigate  all  supply chain hazards.The truth is that it's not possible to completely do so. To build useful software we don't reinvent the wheel but we base on work already done coming bundled in the form of libraries. The problem is that even a mediocre open source project can have loads of such dependencies which themselves depend on others, forming a length chain.Not a problem per se unless you aim implanting malicious code anywhere in this chain. After all it takes just one command: fuul article on i-programmer

Compile Spring Applications To Native Images With Spring Native

  Spring Native Beta is now available bringing a new way to deploy Spring applications. Spring Native lets you compile Spring applications to native images using the GraalVM native-image compiler. What's the advantage in that? Instant startup, instant peak performance, and reduced memory consumption, since the native Spring applications are deployed as a standalone executable, well docker image, without including a JVM installation. full article on i-programmer

Free Course On Functional Programming in Haskell

  Videos from an introductory course by Professor Graham Hutton from the University of Nottingham have been made freely available on YouTube. Designed for first year Computer Science students, they teache the basic principles of functional programming using Haskell. full article on i-programmer

Oh My Git! The Game

  Learn how to use Git with this fun, interactive game which takes you from being a complete newbie to efficient expert by covering everything you are likely to need.  Oh My Git! takes an unusual approach. Instead of being offered as an online playground it ships as multi-platform, self-contained, binaries including git-bash! I installed the Windows version and despite the cavet that it's still under development and laggy under this OS I didn't notice anything annoying. full article on i-programmer

Track Open Source Vulnerabilities With Google's OSV

  The Open-Source Vulnerabilities, OSV, database is a new, open source,  project from Google that goes beyond the current state of CVE tracking. Avoiding the introduction of vulnerabilities in a project is nothing short of science. Most projects use SAST scanning at the final stage in order to find and fix them. One great tool used in this way is Semgrep which combines the convenience of grep with the correctness of syntactical and semantic search and can be categorized as something between grep and a SAST tool. For the lowdown check my detailed article  Semgrep - More Than Just a Glorified Grep . full article on i-programmer

Netflix's GraphQL for Spring Boot

  Netflix has open sourced its DGS Framework (Domain Graph Service) GraphQL server framework for Spring Boot. Starting out as a tool internal to the corporation, it has been generously open sourced for the rest of us to enjoy. Netflix is one of those organizations that have gone beyond REST, embracing GraphQL instead. Rather than exposing a myriad of microservices to UI developers, Netflix opted for a unified API aggregation layer at the edge, powered by GraphQL. Since they also use Spring Boot for their infrastructure, merging was bound to happen. full article on