David Arcia

9 Powerful Systems

In my opinion the general availability of virtual threads made 21 the most disruptive and innovative Java release since 8... ... and still people seem to focus on stuff like this 👇 Sometimes I really don't understand developers 🤷

empiricism is the key to progress rationalism is the key to sounding smart

To quote Martin Fowler: "You shouldn't start a new project with microservices, even if you're sure your application will be big enough to make it worthwhile.​" The main reason for this is the complexity of microservice-based systems. I don't want to dive deeper into this. But I do want to bring something else to your attention. There's a way to combine: - Physical architecture of Monoliths - Logical architecture of Microservices And get the benefits of both. It's called a Modular Monolith. Did you ever build one?

𝗖𝗹𝗼𝘂𝗱 𝗣𝗿𝗼𝗱𝘂𝗰𝘁 𝗠𝗮𝗽𝗽𝗶𝗻𝗴 (𝗔𝗪𝗦 𝘃𝘀. 𝗔𝘇𝘂𝗿𝗲 𝘃𝘀. 𝗚𝗖𝗣 𝘃𝘀. 𝗢𝗖𝗜) I've just released the new issue of my 𝗻𝗲𝘄𝘀𝗹𝗲𝘁𝘁𝗲𝗿 to more than 14.000 addresses, talking about: 🔹 𝗖𝗹𝗼𝘂𝗱 𝗣𝗿𝗼𝗱𝘂𝗰𝘁 𝗠𝗮𝗽𝗽𝗶𝗻𝗴 🔹 𝗧𝘆𝗽𝗲𝘀 𝗢𝗳 𝗖𝗹𝗼𝘂𝗱 𝗖𝗼𝗺𝗽𝘂𝘁𝗶𝗻𝗴 𝗦𝗲𝗿𝘃𝗶𝗰𝗲𝘀 🔹 𝗦𝗰𝗮𝗹𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝗶𝗻 𝘁𝗵𝗲 𝗖𝗹𝗼𝘂𝗱: 𝗩𝗲𝗿𝘁𝗶𝗰𝗮𝗹 𝘃𝘀 𝗛𝗼𝗿𝗶𝘇𝗼𝗻𝘁𝗮𝗹 𝗦𝗰𝗮𝗹𝗶𝗻𝗴 Check it out from the following link: newsletter.techworld-with-milan.com/p/cloud-produc…. #technology #softwareengineering #programming #techworldwithmilan #cloudcomputing

Scala Native 0.5.0-SNAPSHOT is now available in Sonatype snapshots, so I decided to do a silly multi-threading comparison against regular JVM launcher (jvm-packaged), Native Image (jvm-native), and Scala Native in release-fast. Even same ballpark would've been amazing!

No, sorry, intellectual humility is not fake modesty over your entire worth as a person. It’s enthusiastic curiosity for always learning new things and being open to revising your views.

𝗢𝗪𝗔𝗦𝗣 𝗧𝗼𝗽 𝟭𝟬 𝗔𝗣𝗜 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗥𝗶𝘀𝗸𝘀 Here is the list of the top 10 API security risks in 2023. 𝟭. 𝗕𝗿𝗼𝗸𝗲𝗻 𝗢𝗯𝗷𝗲𝗰𝘁 𝗟𝗲𝘃𝗲𝗹 𝗔𝘂𝘁𝗵𝗼𝗿𝗶𝘇𝗮𝘁𝗶𝗼𝗻 - APIs tend to expose endpoints that handle object identifiers, creating a wide attack surface of Object Level Access Control issues. 𝟮. 𝗕𝗿𝗼𝗸𝗲𝗻 𝗔𝘂𝘁𝗵𝗲𝗻𝘁𝗶𝗰𝗮𝘁𝗶𝗼𝗻 - Authentication mechanisms are often implemented incorrectly, allowing attackers to compromise authentication tokens or to exploit implementation flaws to assume other user's identities temporarily or permanently. 𝟯. 𝗕𝗿𝗼𝗸𝗲𝗻 𝗢𝗯𝗷𝗲𝗰𝘁 𝗣𝗿𝗼𝗽𝗲𝗿𝘁𝘆 𝗟𝗲𝘃𝗲𝗹 𝗔𝘂𝘁𝗵𝗼𝗿𝗶𝘇𝗮𝘁𝗶𝗼𝗻 - The lack of or improper authorization validation at the object property level. 𝟰. 𝗨𝗻𝗿𝗲𝘀𝘁𝗿𝗶𝗰𝘁𝗲𝗱 𝗥𝗲𝘀𝗼𝘂𝗿𝗰𝗲 𝗖𝗼𝗻𝘀𝘂𝗺𝗽𝘁𝗶𝗼𝗻 - Satisfying API requests requires resources such as network bandwidth, CPU, memory, and storage. 𝟱. 𝗕𝗿𝗼𝗸𝗲𝗻 𝗙𝘂𝗻𝗰𝘁𝗶𝗼𝗻 𝗟𝗲𝘃𝗲𝗹 𝗔𝘂𝘁𝗵𝗼𝗿𝗶𝘇𝗮𝘁𝗶𝗼𝗻 - Complex access control policies with different hierarchies, groups, and roles, and an unclear separation between administrative and regular functions, tend to lead to authorization flaws. 𝟲. 𝗨𝗻𝗿𝗲𝘀𝘁𝗿𝗶𝗰𝘁𝗲𝗱 𝗔𝗰𝗰𝗲𝘀𝘀 𝘁𝗼 𝗦𝗲𝗻𝘀𝗶𝘁𝗶𝘃𝗲 𝗕𝘂𝘀𝗶𝗻𝗲𝘀𝘀 𝗙𝗹𝗼𝘄𝘀 - APIs vulnerable to this risk expose a business flow - such as posting a comment - without compensating for how the functionality could harm the business if used excessively in an automated manner. 𝟳. 𝗦𝗲𝗿𝘃𝗲𝗿 𝗦𝗶𝗱𝗲 𝗥𝗲𝗾𝘂𝗲𝘀𝘁 𝗙𝗼𝗿𝗴𝗲𝗿𝘆 - Can occur when an API is fetching a remote resource without validating the user-supplied URI. 𝟴. 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗠𝗶𝘀𝗰𝗼𝗻𝗳𝗶𝗴𝘂𝗿𝗮𝘁𝗶𝗼𝗻 - APIs and the systems supporting them typically contain complex configurations, meant to make the APIs more customizable. 𝟵. 𝗜𝗺𝗽𝗿𝗼𝗽𝗲𝗿 𝗜𝗻𝘃𝗲𝗻𝘁𝗼𝗿𝘆 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 - APIs tend to expose more endpoints than traditional web applications, making proper and updated documentation highly important. 𝟭𝟬. 𝗨𝗻𝘀𝗮𝗳𝗲 𝗖𝗼𝗻𝘀𝘂𝗺𝗽𝘁𝗶𝗼𝗻 𝗼𝗳 𝗔𝗣𝗜𝘀 - Developers tend to trust data received from third-party APIs more than user input, and so tend to adopt weaker security standards. Check the details in the comments. _______ If you like my posts, please follow me, @milan_milanovic, and hit the 🔔 on my profile to get a notification for all my new posts. Grow with me 🚀! #technology #softwareengineering #programming #techworldwithmilan #api

the modern designer

Migrating Netflix to GraphQL safely netflixtechblog.com/migrating-netf…

Engineer: “I can write that code.” Senior Engineer: “Should we write that code?” Staff Engineer: “We should delete that code.” Principal Engineer: “Delete all the code.”

Masks xkcd.com/2367/ m.xkcd.com/2367/

¿Qué opinan de estas Medidas?

The best Zoom alternative is fewer virtual meetings and more considered, long-form write-ups. It won’t replace them all, but if your remote day is nothing but a long series of Zoom meetings with small breaks in between, you’re probably doing it wrong.

“Dear basketball... I'll always love you forever." Kobe Bryant in his #Oscars winning animated short from 2017. Rest In peace... twitter.com/__thirdandlong…

👉 “The App Store will no longer accept new apps using UIWebView as of April 2020 and app updates using UIWebView as of December 2020.” developer.apple.com/news/?id=12232…

The dark side of expertise. lwn.net/Articles/80955…

My lessons from the decade: * You never stop learning * You can't know everything * Failure is healthy & helps us grow * Your biggest competition is yourself * Communication is key in life & work * Be kind & empathize with others * Value friends & family * Get enough sleep :)

“10x engineers”: Stereotypes and research jasoncrawford.org/10x-engineers

Popular Docker Vulnerabilities You Should Know About resources.whitesourcesoftware.com/blog-whitesour…