2023 Free / Open Source Software Accomplishments

I find it hard to believe, but it is true: another year has wrapped up. With the conclusion of 2023, I’m looking back at some of my free and open-source software accomplishments over those 12 months. My contributions are, once again, all over the place: different languages, industries, technology stacks, and architectural layers. I made … Continue reading 2023 Free / Open Source Software Accomplishments

Looking at Some of the Most Popular Ergonomic, Mechanical Keyboards and Selecting One (Spoiler Alert: I Picked The Dactyl Manuform with Trackball)

I’ve exclusively used Microsoft ergonomic keyboards (first the Natural Ergonomic 4000 then the Sculpt – both of which have been discontinued) for a long time. For a pointing device, I used the Microsoft Sculpt Ergonomic Mouse until it failed; I’m now using an Anker vertical mouse. These keyboards and mice have been great. However, I … Continue reading Looking at Some of the Most Popular Ergonomic, Mechanical Keyboards and Selecting One (Spoiler Alert: I Picked The Dactyl Manuform with Trackball)

2022 Free / Open Source Software Accomplishments

As 2022 draws to a close, it’s time to take a look back at some of the accomplishments I’ve made in terms of contributing to Free and Open Source Software. This year, as usual, my contributions are widely varied. I made contributions in a number of programming languages from Ruby to Java to C#. In … Continue reading 2022 Free / Open Source Software Accomplishments

Improving the Reproducibility of Spring Boot’s Docker Image Builder

Reproducible builds are big wins for security, maintainability, and sanity. If you don’t like it when nothing has changed, yet your build suddenly breaks or doesn’t produce the same output, then improving reproducibility is for you. By default, Spring Boot’s Docker/OCI image building solutions, bootBuildImage (in Gradle) and spring-boot:build-image (in Maven), do not operate reproducibly. … Continue reading Improving the Reproducibility of Spring Boot’s Docker Image Builder

Shellcheck Scripts Embedded in GitLab CI YAML

I’m a big fan of linters. They detect problems earlier (also known as “shifting to the left”), and the earlier problem detection is, the more efficient remediation is. Therefore, I want to lint as much as possible. Lately, I’ve been working a lot with GitLab CI YAML which oftentimes has shell script embedded in it … Continue reading Shellcheck Scripts Embedded in GitLab CI YAML

Crafting Effective Announcements

The only constant in life is change. Heraclitus In this world of omnipresent change, effective communication is key to survival. Information that will impact others must be shared, and how that sharing is done will be the difference between success and failure. Will recipients of your message be confused, or will the message be clear? … Continue reading Crafting Effective Announcements

Identifying, Reporting, and Fixing CVE-2021-22119: DoS Vulnerability in Spring Security OAuth 2.0

In March 2021, I observed troubling behavior in multiple applications I supported that are built using Spring Boot: they would occasionally stop responding. Eventually, I tracked down the root cause to a DoS (Denial of Service) vulnerability in Spring Security OAuth 2.0: a simple shell script could take down any affected web application. Respecting the … Continue reading Identifying, Reporting, and Fixing CVE-2021-22119: DoS Vulnerability in Spring Security OAuth 2.0