my blog. for you.

Let’s talk digital.

I’m an independent IT consultant and entrepreneur in the Internet and software business. I’m interested in design, enterprise applications, web apps and SaaS products. I design and develop business solutions and applications. I help companies in terms of software quality and knowledge transfer, e.g. with Angular and Spring Boot.

Harry Roberts – Get Your “head” Straight @ beyond tellerrand Düsseldorf 2021

At this year's Düsseldorf edition of beyond tellerrand, Web Performance Consultant Harry Roberts gave this insightful talk on how to design and craft the oft-overlooked (no pun intended ...) HTML <head> element's content in terms of performance: Harry Roberts - Get Your "head" Straight - beyond tellerrand Düseldorf 2021 from beyond tellerrand on Vimeo. Read more

Aaron Parecki – Why Do We Really Need OAuth Anyway? @ beyond tellerrand Düsseldorf 2021

At this year's beyond tellerrand Düsseldorf IndieWebCamp co-founder and OAuth consultant Aaron Parecki gave a talk about OAuth, why we need it, and how we can use it to simplify authentication and authorization in web applications: Aaron Parecki - Why Do We Really Need OAuth Anyway? - beyond tellerrand Düseldorf 2021 from beyond tellerrand on Vimeo. Aaron also provides a guide to building an OAuth 2.0 server and a video course titled "The Nuts and Bolts of OAuth 2.0". Read more

The Layers Of The Web – Jeremy Keith @ beyond tellerrand Berlin 2019

Earlier this week - after a hiatus of almost two years on account of having been postponed due to the pandemic - this year's beyond tellerrand conference, an event about design, creativity, and the web, went ahead again. Even though Marc Thiele, the mastermind, organiser, and genuinely awesome person behind beyond tellerrand, ran a terrific series of online events under the Stay Curious moniker while on-site events weren't allowed to take place, it was amazing to be back at this wonderful event ... Read more

Image Compression Utility: Squoosh

When working with images on web applications and websites optimising images and reducing their download size is a quick win in terms of optimising page and app load times. There are plenty of image compression utilities out there - both web apps and tools for local installation. Recently, I've tried out several of those again because I wanted to reduce the overall load time of this website and according to website audit tools such as Lighthouse image sizes definitely was an area ... Read more

Debugging for Mobile Browsers

Occasionally, web developers need to debug a web app's behaviour in a specific browser on a specific device or class of devices. For desktop devices this usually isn't a problem because every modern browser nowadays provides a console, where application errors and custom console.log statements pile up. However, on mobile browsers there's usually no browser console, or browser development tools, for that matter. Analysing browser logs is still possible via vendors' development tools like Apple's Xcode, for example. Still, that process often ... Read more

Monoliths Aren’t Inherently Bad

Self-professed minimalist developer Kelsey Hightower a few months ago wrote about monoliths being the future. The microservice design pattern has been trending in software development for quite some now. Unfortunately, more often than not it's been indiscriminately treated as a panacea to every software architecture and design problem out there. Microservices can help with one aspect specifically: Reducing deployment risk. If you have a large monolith and frequently need to make changes to a specific part or feature provided by that monolith the whole ... Read more

API Security Best Practices by Expedited Security

For everyone dealing with web-based APIs, both as a provider and a consumer, web app security service supplier Expedited Security (known for Expedited SSL, among other products) has compiled a vast, extensive compendium on API security best practices. The importance of secure APIs and best practices that help has make APIs more secure and dependable can't be emphasised enough. Covering each possible attack vector and adopting every best practice out there can seem like a truly daunting task. Guides like this one help ... Read more

JSON Web Tokens: Downsides, Best Practices and Secure and Robust Alternatives

JSON Web Tokens (JWTs) nowadays are commonly used for transmitting authentication data in web applications, especially those exhibiting the widespread client-server architecture where you have a fat client / single-page application written in JavaScript as a front-end and a back-end server providing REST endpoints for use by that front-end client. However, while common there are good arguments against this practice. In a nutshell, JWT often are used for storing session data such user authorization and authentication information although they aren't particularly well-suited to ... Read more

Jess Frazelle: “For the Love of Pipes”

Somewhat recently, Jess Frazelle wrote about her love of UNIX pipes, a sentiment I wholeheartedly share, to the extent that I think web apps should behave more like Unix programs by making data readily available via APIs so other applications can easily process that data. This, in a nutshell, is the Unix philosophy as stated by Doug McIlroy: Make each program do one thing well. To do a new job, build afresh rather than complicate old programs by adding new "features". Expect the output ... Read more

HTTP and REST Standards, Protocols and Headers for More Secure and More Robust Applications

Standards.REST is a website that helps you create better, more robust HTTP- and REST-based applications by providing an overview of existing, proven standards that allow you to build on existing solutions rather than re-invent the wheel yourself. The list of standards mentioned includes OAuth 2.0, the HTTP Caching standard and Application-Level Profile Semantics (ALPS), which - among others - is used extensively in Spring Data REST and Spring HATEOAS. On a closely related note, Stefan Judis published an article on HTTP headers ... Read more
Next Page »