my blog. for you.

Let’s talk digital.

I’m an independent IT consultant and entrepreneur in the Internet and software business. I’m interested in design, enterprise applications, web apps and SaaS products. I design and develop business solutions and applications. I help companies in terms of software quality and knowledge transfer, e.g. with Angular and Spring Boot.

HTTP Status Codes in a Nutshell

Recently, full-stack developer Parik tweeted this slide from a talk that neatly - if in a somewhat flippant manner - summarises HTTP status codes: https://twitter.com/parik36/status/1521467121720598536 1**: "Hold on!" 2** "Here you go!" 3**: "Go away!" 4**: "You fucked up." 5**: "I fucked up." In other - only slightly more technical - terms, HTTP status codes can be categorised as: 1**: Informational 2** Successful 3**: Redirects 4**: Client errors 5**: Server error Read more

Manuel Matuzovic – Lost in Translation @ beyond tellerrand Düsseldorf 2022

At beyond tellerrand Düsseldorf 2022 frontend developer and accessibility expert Manuel Matuzović gave this insightful - and genuinely funny - talk on web accessibility and in particular on how information often gets lost when web developers focus almost exclusively - to the exclusion of semantics and a design's intent - on the visual aspects while translating requirements into HTML and CSS: Read more

Harry Roberts – Get Your “head” Straight @ beyond tellerrand Düsseldorf 2021

At this year's Düsseldorf edition of beyond tellerrand, Web Performance Consultant Harry Roberts gave this insightful talk on how to design and craft the oft-overlooked (no pun intended ...) HTML <head> element's content in terms of performance: Harry Roberts - Get Your "head" Straight - beyond tellerrand Düseldorf 2021 from beyond tellerrand on Vimeo. Read more

Aaron Parecki – Why Do We Really Need OAuth Anyway? @ beyond tellerrand Düsseldorf 2021

At this year's beyond tellerrand Düsseldorf IndieWebCamp co-founder and OAuth consultant Aaron Parecki gave a talk about OAuth, why we need it, and how we can use it to simplify authentication and authorization in web applications: Aaron Parecki - Why Do We Really Need OAuth Anyway? - beyond tellerrand Düseldorf 2021 from beyond tellerrand on Vimeo. Aaron also provides a guide to building an OAuth 2.0 server and a video course titled "The Nuts and Bolts of OAuth 2.0". Read more

The Layers Of The Web – Jeremy Keith @ beyond tellerrand Berlin 2019

Earlier this week - after a hiatus of almost two years on account of having been postponed due to the pandemic - this year's beyond tellerrand conference, an event about design, creativity, and the web, went ahead again. Even though Marc Thiele, the mastermind, organiser, and genuinely awesome person behind beyond tellerrand, ran a terrific series of online events under the Stay Curious moniker while on-site events weren't allowed to take place, it was amazing to be back at this wonderful event ... Read more

Image Compression Utility: Squoosh

When working with images on web applications and websites optimising images and reducing their download size is a quick win in terms of optimising page and app load times. There are plenty of image compression utilities out there - both web apps and tools for local installation. Recently, I've tried out several of those again because I wanted to reduce the overall load time of this website and according to website audit tools such as Lighthouse image sizes definitely was an area ... Read more

Debugging for Mobile Browsers

Occasionally, web developers need to debug a web app's behaviour in a specific browser on a specific device or class of devices. For desktop devices this usually isn't a problem because every modern browser nowadays provides a console, where application errors and custom console.log statements pile up. However, on mobile browsers there's usually no browser console, or browser development tools, for that matter. Analysing browser logs is still possible via vendors' development tools like Apple's Xcode, for example. Still, that process often ... Read more

Monoliths Aren’t Inherently Bad

Self-professed minimalist developer Kelsey Hightower a few months ago wrote about monoliths being the future. The microservice design pattern has been trending in software development for quite some now. Unfortunately, more often than not it's been indiscriminately treated as a panacea to every software architecture and design problem out there. Microservices can help with one aspect specifically: Reducing deployment risk. If you have a large monolith and frequently need to make changes to a specific part or feature provided by that monolith the whole ... Read more

API Security Best Practices by Expedited Security

For everyone dealing with web-based APIs, both as a provider and a consumer, web app security service supplier Expedited Security (known for Expedited SSL, among other products) has compiled a vast, extensive compendium on API security best practices. The importance of secure APIs and best practices that help has make APIs more secure and dependable can't be emphasised enough. Covering each possible attack vector and adopting every best practice out there can seem like a truly daunting task. Guides like this one help ... Read more

JSON Web Tokens: Downsides, Best Practices and Secure and Robust Alternatives

JSON Web Tokens (JWTs) nowadays are commonly used for transmitting authentication data in web applications, especially those exhibiting the widespread client-server architecture where you have a fat client / single-page application written in JavaScript as a front-end and a back-end server providing REST endpoints for use by that front-end client. However, while common there are good arguments against this practice. In a nutshell, JWT often are used for storing session data such user authorization and authentication information although they aren't particularly well-suited to ... Read more
Next Page »