Tropeçando 102

OWASP TOP 10

Each year, OWASP (the Open Web Application Security Project) publishes the top ten security vulnerabilities. It represents a broad consensus about the most critical security risks to web applications. Click through on the lessons below to learn more about how to protect against each security risk.

Your Product Owner Is Not Your Product Manager

Your Product Owner Is Not Your Product Manager. Product management has evolved to encompass numerous roles and responsibilities. Leaders looking to hire a product professional must consider what skills and knowledge their business needs demand.

While the market has evolved and will continue to evolve, there remains a need for both a product owner’s and a product manager’s skills and expertise. By considering the nature and scale of a project and understanding the skills and responsibilities associated with each of these distinct roles, leaders can ensure they hire the right person to help them develop and launch products successfully.

Insert-Only Tables and Autovacuum Issues Prior to PostgreSQL 13

If you have write-only tables (or heavy, heavy writes), you may need to check this post. Autovacuum has some issues before PostgreSQL 13, and you might have some great workarounds to use until upgrading your database version.

Enterprise CI/CD best practices

Free book with 23 best practices to apply to your CI/CD pipeline. Those best practices aim to help you design (or use as a checklist) a solid pipeline for your software.

A war story about COVID, cloud, and cost. And why serverless wins.

Nice story about serverless outcomes and potential. Based on COVID-19 pushing of infrastructure and computing services, billing is an important subject. The article has an excellent example of how both scale environment and low bill costs work together on a serverless tech stack.

Tropeçando 100

How Exception to the Convention Does More Harm than Good

We have a project, and to make it easier, we use specific standards. E.g., we use spaces in every file.

But sometimes, we get to a situation when these standards are stressful. We don't understand them and just want them to bend over. How does our short-term need for pleasure affects long-term well-being of the project?

Splitting a Domain Across Multiple Bounded Contexts

How designing for business opportunities and the rate of change may give you better contexts.

Your Jest Tests are Leaking Memory

Jest is designed in a way that makes memory leaks likely if you’re not actively trying to squash them. For many test suites this isn’t a problem because even if tests leak memory, the tests don’t use enough memory to actually cause a crash. That is, until you add one more test and suddenly the suite comes apart. In this article, we’ll walk through why it’s so easy for Jest to leak memory, how to tell if your tests have a memory leak, and then how to debug and eliminate leaks in your tests. Even if you don’t use Jest, it’s still useful to understand the process in case you need to debug memory leaks in other javascript code.

How to handle flaky tests

Flaky tests are automated tests that are non-deterministic. That means they may pass or fail when executed against the same build artifact or deployed system.

If you’ve ever retried the execution of a failed test run in your CI/CD pipeline tool without any code or config changes in order to get a failing test case to pass, that’s an indicator that you have a flaky test case.

Why Serverless Teams Should Embrace Continuous Refactoring

Serverless adoption brings promises to many organizations! Promises of cost efficiency, engineering efficiency, and business efficiency. However, serverless is not a technology that, once successfully adopted, can be left unattended to rust.

The motivation to adopt serverless should never be to get the job done and never look back. If you adopt it with this attitude you will inevitably get into the legacy migration juggernaut that will haunt you much sooner than you anticipated.

Tropeçando 98

(Operating Lambda: Debugging code – Part 1)[https://aws.amazon.com/blogs/compute/operating-lambda-debugging-code-part-1/]
(Operating Lambda: Debugging configurations – Part 2)[https://aws.amazon.com/blogs/compute/operating-lambda-debugging-configurations-part-2/]
(Operating Lambda: Debugging configurations – Part 3)[https://aws.amazon.com/blogs/compute/operating-lambda-debugging-integrations-part-3/

In the Operating Lambda series, I cover important topics for developers, architects, and systems administrators who are managing AWS Lambda-based applications. This three-part series discusses core debugging concepts for Lambda-based applications.

(Those pesky pull request reviews)[https://jessitron.com/2021/03/27/those-pesky-pull-request-reviews/]

They’re everywhere. In Slack: “hey, can I get a review on this?” In email: “Your review is requested!” In JIRA: “8 user stories In-Progress” (but code-complete). In your repository: 5 open pull requests. They’re slowing your delivery. They’re interrupting your developers.

How can we get people to review pull requests faster??

(Operating Lambda: Using CloudWatch Logs Insights)[https://aws.amazon.com/blogs/compute/operating-lambda-using-cloudwatch-logs-insights/]

In the Operating Lambda series, I cover important topics for developers, architects, and systems administrators who are managing AWS Lambda-based applications. This three-part series discusses monitoring and observability for Lambda-based applications and covers:

  • Using Amazon CloudWatch, CloudWatch Logs Insights, and AWS X-Ray to apply monitoring
    across services.
  • How existing monitoring concepts apply to Lambda-based applications.
  • Troubleshooting application issues in an example walkthrough.
    This post explains how to use CloudWatch Logs Insights in your serverless applications.

(CDK Lambda Deployment takes about a minute - how about sub second Function Code Deployment?)[https://aws-blog.de/2021/04/cdk-lambda-deployment-takes-about-a-minute-how-about-sub-second-function-code-deployment.html]

Creation of Lambda infrastructure with the CDK is really powerful. Updating the Function code is really slow. Here is a fix for that to get to a sub-second Lambda function deployment time.

(Best practices for developing cloud applications with AWS CDK)[https://aws.amazon.com/blogs/devops/best-practices-for-developing-cloud-applications-with-aws-cdk/]

In this post, we discuss strategies for organizing the development of complex cloud applications with large teams, using the AWS Cloud Development Kit (AWS CDK) as a central technology. AWS CDK allows developers and administrators to define their cloud applications using a familiar programming language, such as TypeScript, Python, Java, or C#. Applications are organized into stages, stacks, and constructs, which allows for modular design techniques in both runtime logic (such as AWS Lambda code or containerized services) and infrastructure components such as Amazon Simple Storage Service (Amazon S3) buckets, Amazon Relational Database Service (Amazon RDS) databases, and network infrastructure.