Cheating and building secure iOS games

You probably have one of the million games where you earn achievements and unlock specials on your iPad or iPhone. If you develop games, you've probably wondered about people cheating your games? In this blog we're going to show you how to try cheating out yourself and how to build secure iOS games.Read more →

De-mystifying Jest Snapshot Test Mocks

So, let’s say you have a nice React Native setup with the Jest testing library. You want to snapshot-test all your components of course! But you’re getting seemingly unrelated errors when you tried to mock a third party module in your snapshots and you’re lost in all that API documentation. Let’s dig into an example and get a clear picture of what’s happening under the hood.

Read more

Monitoring a Kubernetes Environment

This post is part 3 in a 4-part series about Container Monitoring. Post 1 dives into some of the new challenges containers and microservices create and the information you should focus on. Post 2 describes how you can monitor your Mesos cluster. This article describes the challenges of monitoring Kubernetes, how it works and what this means for your monitoring strategy.
 
What is Kubernetes?
Kubernetes is a powerful orchestration system, developed by Google, for managing containerized applications in a (private) cloud environment. Kubernetes is able to automate the deployment, management and scaling of containerized applications and services. Kubernetes provides the infrastructure to build a truly container-centric development and operations environment.

Monitor Your Mesos Cluster with StackState

This post is part 2 in a 4-part series about Container Monitoring. Post 1 dives into some of the new challenges containers and microservices create and the information you should focus on. This article describes how to monitor your Mesos cluster.

Apache Mesos is a distributed systems kernel at the heart of the Mesosphere DC/OS and is designed for operations at very large scale. It abstracts the entire data center into a single pool of computing resources, simplifying running distributed systems at scale. Mesos supports different types of workloads to build a truly modern application. These distributed workloads include container orchestration (like Mesos containers, Docker and Kubernetes), analytics (Spark), big data technologies (Kafka and Cassandra) and much more.

Read more →

Docker container secrets on AWS ECS

Almost every application needs some kind of a secret or secrets to do it's work. There are all kind of ways to provide this to the containers but it all comes down to the following five:

  1. Save the secrets inside the image
  2. Provide the secrets trough ENV variables
  3. Provide the secrets trough volume mounts
  4. Use a secrets encryption file
  5. Use a secrets store

Read more →

TDD is not about unit tests

-- Dave Farley & Arjan Molenaar

On many occasions when we come at a customer, we're told the development team is doing TDD. Often, though, a team is writing unit tests, but it's not doing TDD.

This is an important distinction. Unit tests are useful things. Unit testing though says nothing about how to create useful tests that can live alongside your code. On the other hand TDD is an essential practice for improving the design of your code. These are very different things.

Read more →

The Container Monitoring Problem

This post is part 1 in a 4-part series about Docker, Kubernetes and Mesos monitoring. This article dives into some of the new challenges containers and microservices create and the metrics you should focus on.

Containers are a solution to the problem of how to get software to run reliably when moved from one environment to another. It’s a lightweight virtual machine with a purpose to provide software isolation.

So why are containers such a big deal?

Containers simply make it easier for developers and operators to know that their software will run, no matter where it is deployed. We see companies moving from physical machines, to virtual machines and now to containers. This shift in architecture looks very promising, but in reality you might introduce problems you didn’t see coming.

Read the full article on http://blog.stackstate.com/the-container-monitoring-problem

Caveats and pitfalls of cookie domains

Not too long ago, we ran into an apparent security issue at my current assignment - people could sign in with a regular account, but get the authentication and permissions of an administrator user (a privilege escalation bug). As it turned out, the impact  of the security issue was low, as the user would need to be logged in as an admin user already, but it was a very confusing issue. In this post I’ll try and explain the situation, how browsers handle wildcard subdomain cookies, and what to keep in mind when building an authentication back-end when it comes to cookies storing session information.

Read more →

The secret to making people buy your product

There is no greater waste than building something extremely efficient, well architectured (is that a word?), with high quality that nobody wants.

Yet we see it all the time. We have the Agile manifesto and Scrum probably to thank for that (the seeing bit.) “Our highest priority is to satisfy the customer through early and continuous delivery of valuable software”. It’s the valuable bit that is embodied by the Product Owner in Scrum, or “the value maximiser”.

Lean Startup has taught us that we suffer from cognitive bias and simply assume we know what customers want, and therefor should treat our requirements as assumptions. Get out of the building and ask our customers! We all know that Henry Ford would disagree. But could both be right.

Read more →

Share This