my blog. for you.

Let’s talk digital.

I’m an independent IT consultant and entrepreneur in the Internet and software business. I’m interested in design, enterprise applications, web apps and SaaS products. I design and develop business solutions and applications. I help companies in terms of software quality and knowledge transfer, e.g. with Angular and Spring Boot.

Manuel Matuzovic – Lost in Translation @ beyond tellerrand Düsseldorf 2022

At beyond tellerrand Düsseldorf 2022 frontend developer and accessibility expert Manuel Matuzović gave this insightful - and genuinely funny - talk on web accessibility and in particular on how information often gets lost when web developers focus almost exclusively - to the exclusion of semantics and a design's intent - on the visual aspects while translating requirements into HTML and CSS: Read more

7 Practical Design Tips

Some time ago, Adam Wathan & Steve Schoger of Tailwind CSS and Refactoring UI published this article with "7 Practical Tips for Cheating at Design". While I don't think that you can actually cheat at design, design being a skill that can and has to be learned, practiced, and honed like any other, pragmatic advice such as using colour and font weight for creating information hierarchy can help with achieving some quick wins and reaping the low-hanging fruit when it comes to ... Read more

Stratospheric – 1.6 Released: AWS CDK Bootstrapping 🏗

This week, we released version 1.6 of Stratospheric - From Zero to Production with Spring Boot and AWS. The main reason behind this release is that we somehow entirely missed talking about an important topic: Bootstrapping an AWS environment for the AWS CDK. You may have already run into this issue when trying to deploy one of our AWS CDK stacks: Has the environment been bootstrapped? Please run 'cdk bootstrap' We've now added a dedicated section on the AWS environment bootstrapping and explained the why ... Read more

Spring Framework RCE Vulnerability With War File Deployments on Tomcat

Yesterday, an RCE vulnerability in the Spring Framework has been announced: Spring Framework RCE, Early Announcement CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+ While, as of now, only WAR deployments of Spring Boot applications running under Apache Tomcat seem to be affected, it is still recommended to upgrade to Spring Boot 2.6.6 as soon as possible, even for Spring-based applications deployed as a JAR, because "the vulnerability is more general, and there may be other ways to exploit it that have ... Read more

Documenting REST APIs Provided by Express Applications

swagger-jsdoc is an NPM library that allows us to generate an OpenAPI specification for REST APIs provided by an Express application. swagger-jsdoc consumes YAML-formatted OpenAPI specification segments within JSDoc comments annotated with the @openapi annotation and turns those into a comprehensive OpenAPI specification for our API. This specification, in turn, can for example be used for automatically having a Swagger UI documentation page created for our REST APIs (using Swagger UI Express, for instance). While annotating Express routes with syntactically and semantically correct OpenAPI ... Read more

Optimising Docker Image Sizes: “Self-extracting” Node.js Applications

As a follow-up on last week's article on tools for inspecting Docker images, and Docker image sizes in particular, today I'd like to introduce another - more custom - approach for reducing the size of Docker images for production deployments. As a means of shaving off an additional 50 MB from the packaged application in question I came up with an idea somewhat reminiscent of the self-extracting archives of yore (of the WinRAR and 7-Zip flavours, for instance) for reducing the size ... Read more

Stratospheric – 1.4 Released: Migration to AWS CDK v2 🏗

On Tuesday this week, we released another update of Stratospheric - From Zero to Production with Spring Boot and AWS, which includes these changes and updates: The AWS CDK (Cloud Development Kit) project, which we use to manage and deploy our AWS infrastructure, moves fast. Last year in December, AWS announced that the CDK v2 is now generally available. As one of our main goals for Stratospheric is to stay up-to-date with the latest tools and frameworks, we took the effort to update ... Read more

SCuri: Automating Unit Test Boilerplate Code for Angular Components

As I wrote about quite some time ago in this blog post, which details my solution for managing transitive dependencies for Angular unit tests . although Angular applications in general are easily testable and unit tests are first-class citizens with the framework itself, there's still some potential for improvement when in it comes to test maintainability. In particular, listing and referencing an Angular component's dependencies (i.e. the dependencies of the system under test) such as providers or imported modules can become tedious ... Read more

The Recent Log4j2 Vulnerability and How to Address it in Spring Boot Applications

By now, you probably will have heard about the Log4Shell 0-day exploit in Log4j 2 already. Since this is relevant to every Java developer and potentially every Java and hence - by extension - every Spring Boot application out there, I'd like to address this issue and how to mitigate it in Spring Boot applications. When using the default settings without any other dependencies, Spring Boot applications in general won't be vulnerable because Spring Boot uses Logback in its starter dependencies. However, if your ... Read more

Harry Roberts – Get Your “head” Straight @ beyond tellerrand Düsseldorf 2021

At this year's Düsseldorf edition of beyond tellerrand, Web Performance Consultant Harry Roberts gave this insightful talk on how to design and craft the oft-overlooked (no pun intended ...) HTML <head> element's content in terms of performance: Harry Roberts - Get Your "head" Straight - beyond tellerrand Düseldorf 2021 from beyond tellerrand on Vimeo. Read more
Next Page »