I’ve exclusively used Microsoft ergonomic keyboards (first the Natural Ergonomic 4000 then the Sculpt – both of which have been discontinued) for a long time. For a pointing device, I used the Microsoft Sculpt Ergonomic Mouse until it failed; I’m now using an Anker vertical mouse. These keyboards and mice have been great. However, I … Continue reading Looking at Some of the Most Popular Ergonomic, Mechanical Keyboards and Selecting One (Spoiler Alert: I Picked The Dactyl Manuform with Trackball)
Why Do I Keep Getting Certifications?
I recently became a Google Cloud Certified Professional Cloud Architect. This certification expands on my existing extensive array of credentials including 8 AWS certifications, CISSP, and VMware Spring Professional. Which begs the question: why do I have so many certifications and why do I keep getting more? There has been much written about professional certifications … Continue reading Why Do I Keep Getting Certifications?
2022 Free / Open Source Software Accomplishments
As 2022 draws to a close, it’s time to take a look back at some of the accomplishments I’ve made in terms of contributing to Free and Open Source Software. This year, as usual, my contributions are widely varied. I made contributions in a number of programming languages from Ruby to Java to C#. In … Continue reading 2022 Free / Open Source Software Accomplishments
How to Win at Hackathons and Coding Challenges
Hackathons and coding challenges are intense furnaces throwing immense temporal, technical, and social heat, heat that can be used to forge one’s mettle, pushing one’s limits. It is this process of trial by fire that allows one to grow, personally and professionally. Each of these events is unique, sometimes scarring, but always rewarding. I’ve participated … Continue reading How to Win at Hackathons and Coding Challenges
Creating SBOMs with the Snyk CLI
The Snyk CLI is a great tool used to scan a project and report vulnerabilities discovered in it. The Snyk CLI supports a wide variety of languages and build systems, making it ideal as a generic, go-to solution for vulnerability reporting. However, it only outputs vulnerabilities discovered – it does not generate an SBOM, which … Continue reading Creating SBOMs with the Snyk CLI
Improving the Reproducibility of Spring Boot’s Docker Image Builder
Reproducible builds are big wins for security, maintainability, and sanity. If you don’t like it when nothing has changed, yet your build suddenly breaks or doesn’t produce the same output, then improving reproducibility is for you. By default, Spring Boot’s Docker/OCI image building solutions, bootBuildImage (in Gradle) and spring-boot:build-image (in Maven), do not operate reproducibly. … Continue reading Improving the Reproducibility of Spring Boot’s Docker Image Builder
Shellcheck Scripts Embedded in GitLab CI YAML
I’m a big fan of linters. They detect problems earlier (also known as “shifting to the left”), and the earlier problem detection is, the more efficient remediation is. Therefore, I want to lint as much as possible. Lately, I’ve been working a lot with GitLab CI YAML which oftentimes has shell script embedded in it … Continue reading Shellcheck Scripts Embedded in GitLab CI YAML
Crafting Effective Announcements
The only constant in life is change. Heraclitus In this world of omnipresent change, effective communication is key to survival. Information that will impact others must be shared, and how that sharing is done will be the difference between success and failure. Will recipients of your message be confused, or will the message be clear? … Continue reading Crafting Effective Announcements
Identifying, Reporting, and Fixing CVE-2021-22119: DoS Vulnerability in Spring Security OAuth 2.0
In March 2021, I observed troubling behavior in multiple applications I supported that are built using Spring Boot: they would occasionally stop responding. Eventually, I tracked down the root cause to a DoS (Denial of Service) vulnerability in Spring Security OAuth 2.0: a simple shell script could take down any affected web application. Respecting the … Continue reading Identifying, Reporting, and Fixing CVE-2021-22119: DoS Vulnerability in Spring Security OAuth 2.0
Users and Client Secrets in Keycloak Realm Exports
Keycloak is an open source Identity and Access Management (IAM) solution that’s easy to run in Docker using a Configuration as Code (CAC) strategy enabling a workflow where a git source control repository can be cloned by a developer who can run one non-interactive script that starts Keycloak and gets it into a consistent state … Continue reading Users and Client Secrets in Keycloak Realm Exports