Blog & Articles

Article

String-Vergleich gegen Timing-Angriffe härten

Der String-Vergleich über die Methode String#equals in Java ist anfällig für Timing-Angriffe. Der oft empfohlene Lösungsansatz ist schwierig korrekt zu implementieren. Aber selbst eine korrekte Implementierung kann bei der Ausführung noch für Timing-Angriffe anfällig sein. Die hier vorgestellte Methode schließt diese Probleme prinzipiell aus.

Article

Aus Erfahrung gut

Kubernetes hat sich in den letzten vier Jahren zur Standardlösung für Container-Management entwickelt. Vor allem zustandslose Anwendungen, die lokal keine Daten speichern müssen, sind mit Kubernetes einfach zu betreiben. Datenbanken und andere Komponenten der Persistenzschicht werden jedoch oft weiterhin klassisch betrieben oder als Service bei einem Cloud-Anbieter hinzugebucht. Operatoren bieten unter anderem die Möglichkeit, auch zustandsbehaftete Software verlässlich auf Kubernetes zu betreiben.

Article

Kubeless - FaaS auf Kubernetes
Blog Post

Injecting polyfills for missing JavaScript functions into WKWebView

Hybrid apps often use the WKWebView to display the web app part. Unfortunately there is no console output to being able to debug it. This blog post provides a guide on how to add polyfills to WKWebView with native code interaction. As a result you will be able to catch the console output of a webpage loaded in a WKWebView and print it to the Xcode debug console.

Blog Post

Integral Evolutionary Organizations

Most companies face the major challenge to get as many employees as possible actively involved, that they do not only do service as a small cog in the big gear, but that they contribute actively, creatively with their various skills and abilities. In his book Reinventing Organizations [1] Frederic Laloux presents integral evolutionary forms of organization as a solution. This text presents the core ideas supported also by other sources.

Article

Design- und Entwicklungs­prinzipien für ein besseres Frontend
Blog Post

Agile Architekturarbeit

Moderne Softwarearchitekturarbeit folgt selbstverständlich der agilen Arbeitsweise in Entwicklung und Projektmanagement.

Blog Post

INNOQcon Remote Edition 2020

Why two days of INNOQcon-remote edition have made my original dislike of online conferences vanish, why cyberspace is enriched by spatial audio and what advantages virtual events can still bring - a follow-up report.

Blog Post

Setup für Online Trainings

Tools und Technik für Online-Schulungen

Blog Post

Remote Training, funktioniert das?

Heimarbeit hat sich mittlerweile – mehr oder weniger freiwillig – bei den meisten Unternehmen in der IT durchgesetzt. Doch beim Thema Schulungen sind viele noch skeptisch, ob das funktionieren könnte.

Blog Post

Scraping a Docker Swarm service with Prometheus

Scraping a Docker swarm service from a Prometheus server that is outside the swarm is not as easy as it might look at a first glance. You have to fetch the metrics of all running service instances, but how to identify and access them?

Article

JSX-Komponenten mit Java nutzen

Eine Lingua franca für HTML-Views

Blog Post

Architektur-Reviews remote durchführen

Software Reviews lassen sich dank moderner Arbeitsmittel remote durchführen und schaffen dabei auch neue Möglichkeiten.

Blog Post

Cross-platform testing of TypeScript code with Jasmine and Karma

I like TypeScript. Writing code that already underwent basic checks (i.e. typechecking) before it can even touch an execution engine is a big win in my book. In particular, TypeScript is nice because it integrates well into the broader JavaScript ecosystem and comes with batteries (i.e. types) included. Unfortunately, most test runners require extra setup to work with tests written in TypeScript. Some even require staggering amounts of configuration.

Article

Ziele, Erwartungen und Vorerfahrungen

User Stories sinnvoll einsetzen

Blog Post

Using Javascript plugins in Go

There are projects, where you want to create an application, that is extensible by other parties without access to the sources iteself or re-compiling the whole binary. This concept is known as modules, plugins or features nowadays. This might be the case if you are creating a client application (e.g. to implement scripting functionality), but also if you want to have your server application extensible by third parties.

Article

Fabric vs. Corda

Während die meisten öffentlichen Kryptowährungen alle ein recht ähnlichen Peer-to-Peer-Ansatz verfolgen, deren Transaktionen sich grob in Bitcoin- oder Ethereum-ähnlich einteilen lassen, gehen die private Blockchains teilweise radikal andere Wege. In diesem Artikel wollen wir die beiden Platzhirsche Hyperledger Fabric und Corda miteinander vergleichen.

Article

Dynamische Proxys mit dem JDK umsetzen

Der dynamische Stellvertreter

Blog Post

Glücklich ohne Service Mesh

Es muss nicht immer ein Service Mesh sein. Auch Microservices sind nicht per se eine gute Idee. Für gute Entscheidungen müssen wir uns das Problem genau anschauen.

Article

Effectively Working from Home

For two years, we have been exclusively working from home. In this article, we provide tips on how to become productive working from home through appropriate hardware, software, methods, and communication techniques. And, we show how to stay motivated in the long term.

Blog Post

Remote work

Trust as a foundation for modern work

Article

Requirements Engineering

The priority to invest into requirements engineering often suffers in everyday life, although its importance has been proofed to be the basis to develop values for customers. The objective of this article is to recall the core definitions and statements of requirements engineering and to provide aid with links for further readings on how to apply it in practice.

Blog Post

About unit and integration tests

The terms unit test and integration test are typically used as something different, or even opposite. In this blog post I explain why this is misleading and how I prefer to talk about isolation vs. integration instead.

Blog Post

Kubernetes Probes

How to use readiness, liveness, and startup probes

Article

Command & Control, SAFe, Domain-driven Design, and Release Trains

Large complex projects are difficult to manage. Software release trains are one solution to coordinate such projects. But the approach is not a great fit for self-organization and modern management ideas.