My current previous WordPress hosting with SiteGround costs $20.39 per month.
Amazon Lightsail $3.50 per month for an instance running a WordPress image.
A saving of a couple hundred dollars over the year!
My current previous WordPress hosting with SiteGround costs $20.39 per month.
Amazon Lightsail $3.50 per month for an instance running a WordPress image.
A saving of a couple hundred dollars over the year!
This is a very useful open source tool used internally by Microsoft to validate that best practices are being followed in their Azure ARM templates.
This short post shows how to incorporate the AzSK ARM Template Checker into your Azure YAML Pipeline.
If you want to use a Linux build agent, you can use the PowerShell task to run AzSK.
- task: PowerShell@2
inputs:
targetType: 'inline'
script: |
Set-PSRepository -Name "PSGallery" -InstallationPolicy Trusted
Install-Module AzSK
Import-Module AzSK
Get-AzSKARMTemplateSecurityStatus -ARMTemplatePath $Env:BUILD_SOURCESDIRECTORY/arm-templates
failOnStderr: true
Otherwise if you are using a Windows build agent, you can use the Azure Extension
Imagine we want to produce a Map with each unique word as a key and it’s frequency as the value.
Prior to Java 8 we would have to do something like this:
Map<String, Integer> map = new HashMap<>(); for(String word : words) { if(map.containsKey(word)) { int count = map.get(word); map.put(word, ++count); } else { map.put(word, 1); } }
However with the map.merge method we can now do:
Map<String, Integer> map = new HashMap<>();; for(String word : words) { map.merge(word, 1, Integer::sum); } return map;
Pretty nice eh?
Here are some great reasons to stop using email for team communication and instead switch to Slack
package hello; import io.specto.hoverfly.junit.core.HoverflyConfig; import io.specto.hoverfly.junit.rule.HoverflyRule; import org.junit.ClassRule; import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.context.SpringBootTest; import org.springframework.test.context.junit4.SpringRunner; import org.springframework.test.web.reactive.server.WebTestClient; import static io.specto.hoverfly.junit.core.SimulationSource.defaultPath; @RunWith(SpringRunner.class) @SpringBootTest( webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT, classes = hello.Application.class) public class IntegrationTests { @ClassRule public static HoverflyRule hoverflyRule = HoverflyRule.inSimulationMode(defaultPath("sm9-create-ticket.json"), HoverflyConfig.localConfigs().asWebServer().proxyPort(8500)); @Autowired private WebTestClient webClient; @Test public void testCreateTicket() { this.webClient.get().uri("/ticket?query=x").exchange().expectStatus().isOk() .expectBody(String.class).isEqualTo("Response from HPSM for create ticket"); } }
Within DevOps the terms Continuous Integration, Continuous Delivery and Continuous Deployment get thrown around a lot. Here is the simplest definition I could come up with to quickly explain each to a non techie like a project manager.
Continuous Integration | Running unit and other tests on every branch on every commit and merging to master every day |
Continuous Delivery | As above but each commit CAN be pushed to production |
Continuous Deployment | As above but each commit IS pushed to production |
This post shows step by step how to deploy your serverless Java AWS Lambas continuously to production. Moving from pull request, merge, build, deploy and finally test.
For our project we are going to assume a standard Maven Java project structure, with Cloudformation and build specification config in the root of the project.
Within the Maven pom.xml file, you must include the lambda core libraries.
The first step in the AWS CodePipeline is to fetch the source from the S3 bucket
Next step in the pipeline, you need to configure a CodeBuild project.
Set the current environment image to aws/codebuild/java:openjdk-8
Use the following buildspec.yml in the root of your project:
After the artifact is built, we now want to create a change set using CloudFormation.
Define your Lambda function using Java (using serverless format), in your Cloudformation config file, placed in the root of your Maven project.
LambaFunctionName:
Type: AWS::Serverless::Function
Properties:
Handler: au.com.nuamedia.camlinpayment.handler.MenuHandler
Runtime: java8
Timeout: 10
MemorySize: 1024
Events:
GetEvent:
Type: Api
Properties:
Path: /menu
Method: get
The ChangeSet can then be executed and the changes automatically rolled out to production safely. Any problems encountered and an automatic rollback occurs.
Congratulations! you now have your Java AWS Lamba functions deploying to production using Continuous Deployment. AWS CodePipeline is easily configurable via the UI and can also be defined as code and stored in version control.
Type | Duration | Target | Scope | Estimate | Displayed on |
Epic | Multiple sprints over a few months | Product Owner | High level objective | – | Backlog |
User Story | Single sprint | End user or customer | Feature level | Story Points | Backlog |
Task | Few days | Development Team | Assignable to individual | Hours | Agile board |
According to the 2015 Verizon Data Breach Investigations Report (DBIR). 98% of attacks are opportunistic in nature, and aimed at easy targets. The report also found that more than 70% of attacks exploited known vulnerabilities that had patches available.
The recent breach at Equifax was caused by a known vulnerability in the popular Struts web framework library, when uploading files. It took Equifax at least two weeks after the attack to discover the data breach and this was almost four months after the exploit had been made public. Automated alerting on known exploits could have prevented this catastrophic security hole.
This post shows an automated way to check your third party library dependencies to ensure your site does not become a victim to these opportunistic attacks.
We will use the dependency checker provided by OWASP. This example shows integration with a Maven build where the check is run against every build during the verify stage. The first run will take a while as it has to download the entire vulnerability database. Subsequent runs will have this cached and so will run much faster.
Maven dependency include:
<dependency> <groupId>org.owasp</groupId> <artifactId>dependency-check-maven</artifactId> <version>${org.owasp.dependency-check-maven.version}</version> <scope>test</scope> </dependency>
<plugin> <groupId>org.owasp</groupId> <artifactId>dependency-check-maven</artifactId> <version>3.1.2</version> <configuration> <cveValidForHours>12</cveValidForHours> <failBuildOnCVSS>8</failBuildOnCVSS> </configuration> <executions> <execution> <phase>verify</phase> <goals> <goal>check</goal> </goals> </execution> </executions> </plugin>
Maven command to run:
mvn org.owasp:dependency-check-maven:check
https://www.triology.de/en/blog-entries/automatic-checks-for-vulnerabilities-in-java-project-dependencies
https://jeremylong.github.io/DependencyCheck/dependency-check-maven/index.html
https://www.owasp.org/index.php/OWASP_Dependency_Check
Gretchen Rubin says a useful way to think about people’s behavior is by considering how willing they are to meet or resist expectations on them. Expectations can either be external, like your boss asking for a project to be completed or internal, like exercising regularly.
From these she identifies the four combinations labelled as The Four Tendencies.
External Expectation
|
Internal Expectation
|
|
---|---|---|
Upholder | ![]() |
![]() |
Questioner | ![]() |
![]() |
Obliger | ![]() |
![]() |
Rebel | ![]() |
![]() |
Meets
Resists
This could provide you with more empathy when considering your colleagues, friends or family and make you a more effective communicator. Maybe try thinking about members of your software development team and which tendency they seem to exhibit.
Which one are you? Take the quiz and find out.