Creating a "real" Angular app is ridiculously difficult, because it requires you to learn some sort of backend technology, SQL, HTTP and a gazillion other unrelated technologies. This implies that before you can create as much as a single (useful) Hello World app in Angular, you've spent the larger parts of a decade to learn unrelated technologies required to know before you can connect your Angular app to a database, and actually do something useful with your app. If you want a .Net backend for instance, you'll need to know the following.
C#
.Net class hierarchy
Basic OOP
Basic design pattern theory
SQL if you're using an SQL database
Some database theory
HTTP
Etc, etc, etc
Simply the number of classes in .Net you'll need to study, understand, and consume, rapidly becomes mind blowing. This is before you even start out with the Angular parts of your app. Sure you could create a pure Angular application, and simply ignore the server altogether - But if you do, your app is little more than fancy animations and beautifully constructed buttons, coupled inside animating navbars and tabs. If you want to create a "real" Angular app though, you'll need some sort of backend, which of course implies spending 85% of your time, on things not even remotely related to Angular in any ways what so ever. Having a real backend as you learn Angular, is also for obvious reasons a million times funnier as you start out learning.
SQL injection is a type of attack where the backend database is manipulated to get access to the information that is prohibited to be shared. The data may consist of numerous items, sensitive data of the company, private customer details. The impact of this attack is very severe and disruptive for the company facing it. A successful attack will cause unauthorized viewing of the customer list, vanished tables, changes in content, the behavior of the web, and sometimes the attacker tries to get access to the administration database all the above causes are very crucial for a company to run. The attacker can continuously attack the company’s system that leads to long-term damage and undergoes unnoticed for an extended period.
Many high-profile companies have faced the attack of SQL injection and seen reputational damage, regulatory fines. SQL injection takes place only because of the companies that use the application of untrusted data like web form fields. When the web page fails to clean the cache before requesting the SQL query at the same time the attacker will also execute their SQL injection that the company will execute.
When I recently looked up 2021 DevOps trends, from the various predictions everyone has been making, it seems that DevOps is going through the roof. DevOps is everything, and everything is DevOps nowadays.
Here’s a partial list of DevOps trends that are exploding:
UX is the art of drawing the most efficient user experience — the goal is that the user’s experience is unparalleled, no matter whether it is an app, website, or even a non-technical platform. It is a critical and creative evaluation of the problem so as to propose a solution. It's an attempt to carefully craft a superb experience for an end-user.
Things to Do
Unlike the UX exercise for a web application or mobile app, it becomes extremely challenging when the project that you have undertaken is just UX without a tangible prototype for the customer.
A lot of technologies, practices, and architectural patterns have emerged over the years — and one of these is the microservice architecture, which we’ll dive into in this episode of cocktails.
Joining us today is one of the authors of the popular book “Fundamentals of Software Architecture”, and we discuss whether microservices are evolutionary or revolutionary, the major hurdles of trying to implement this architecture, and discover why there really aren’t any “best practices” when it comes to software architecture.
Heroku is a platform that enables developers to build, run, and operate applications entirely on the cloud with multi-language support for Ruby, Go, Scala, PHP, etc.
Ruby on Rails is a popular web framework written in Ruby. This guide covers how to deploy Rails 6 apps to Heroku.
We are familiar with spell checkers. For most spell checkers, a candidate word is considered to be spelled correctly if it is found in a long list of valid words called a dictionary. Google provides a more powerful spell corrector for validating the keywords we type into the input text box. It checks against a dictionary. If it doesn’t find the keyword in the dictionary, it suggests a most likely replacement. To do this it associates with every word in the dictionary a frequency, the number of the times that word is expected to appear in a large document. When a word is misspelled (i.e. it is not found in the dictionary) Google suggests a “similar” word whose frequency is larger or equal to any other “similar” word. In this post, I will introduce the approach of how to implement spell autocorrect. It includes
Trie
Edit distance
Nested HashMap
Trie (Data Structure)
For this program, we need a dictionary similar to Google’s. Our dictionary is generated using a large text file. The text file contains a large number of unsorted words. Every time our program runs it will create the dictionary from this text file. The dictionary will contain every word in the text file and a frequency for that word.
Security is the most critical aspect for any IT solutions and with the ever-increasing adoption of cloud-native technologies, the need for Zero Trust Architecture is irrefutable as:
The traditional networking approach is not effective enough to provide full security to cloud-native applications.
With cloud offerings being heavily getting used going forward, security policies around the application need to be scalable as well.
With more emphasis on loosely coupled microservice-based applications, chances of vulnerabilities getting introduced also increases.
People are using multiple clouds to take advantage of the offerings.
On-premise to the cloud and another way around connectivity is a reality.
Devices that span beyond traditional data centres & cloud are increasingly being used to provide connectivity to remote sites.
To sum up, it means there is no "real network boundary" anymore, and hence we need to have a way in which we don't trust anyone. Traditionally it was assumed that communication between entities inside the same data centre is secure; whereas with zero trusts, we don't even assume that. So, it has become a mandate to have a zero-trust security framework around your cloud-native applications.
The GitHub Code Scanning API, a service that is available for all public repositories and private repositories with advanced security enabled, has recently been updated. These updates provide access to more robust code data and alert statuses.
The updated API will now return additional status information when uploading a SARIF (Static Analysis Results Interchange Format) file, including “a pointer to the analyses endpoint for that result.” The API will also now support the ability to export files in SARIF format.
Many mobile development and testing teams agree that it’s inaccurate to think of mobile applications as the same software running on a smaller device. Indeed, mobile application testing services differ greatly from any other project type. Here’s how we see the unique traits of mobile software testing.
User Expectations
Mobile software is called mobile for a reason: these applications are expected to work on the go, anywhere, and at any time. Furthermore, accessibility is a key distinctive feature of mobile software. The different physical interactions that users have with their mobile devices change a lot for developers, UI/UX designers, and testers. At the same time, the global trend of digital experience personalization also added its twist to user expectations from the software they choose to install. When personalization meets accessibility requirements, demands for project testing teams can get out of hand.
After noticing suspicious review activity for the AccessiBe plugin, accessibility consultant Joe Dolson reported the fake reviews to WordPress.org’s plugin team. The reviews were removed in under 48 hours, thanks to Dolson’s detailed research.
At the time of reporting, Dolson found 31 five-star reviews, 2 four-star reviews, and 2 one-star reviews. After putting these into a spreadsheet, he found certain correlations among the first 11 five-star reviews:
“All eleven user accounts I viewed had a common pattern of registration and use: between zero and 3 support topics raised and 4-7 reviews over the last 18 months.
“Every one of these eleven accounts had at least one point of overlap with another user in that group. That is, for each plug-in or theme interacted with by one of the accounts, at least one of the other accounts also interacted with that plug-in or theme.
“Multiple accounts had submitted one-star reviews on another plug-in, and in a quick assessment of other one-star reviews on that plug-in, I quickly found another account that had also submitted a five-star review on AccessiBe.
Approximately 33 reviews were removed from the AccessiBe plugin’s page after the report. Plugin team member Mika Epstein said that the team “passes the reports to a volunteer who is amazing at hunting down VPNs and IPs for that.” She also recognized Dolson’s legwork and reporting as being instrumental in this particular case.
Dolson allowed me to view his spreadsheet, where he logged URLs for each suspected fake review, along with dates and reviews left on other plugins. These were not saved to the Internet Archive, but Dolson said they were all “pretty generic,” and that each one was a one-sentence review. The user profiles still appear to be there but do not have any activity listed.
“As a WordPress plugin author myself, I find the investment in falsifying positive reviews irritating,” Dolson said. “What some of us work for, they are simply buying – the appearance of a good product without the labor of winning customer opinion.
“I found the evidence of a hatchet job conducted systematically against another plugin chilling, however.”
The AccessiBe plugin is active on approximately 3,000 sites. Accessibility advocates have long held a certain amount of animosity towards the way its creators market the plugin as a quick fix solution, claiming it helps “mitigate the risk of lawsuits.” AccessiBe also has a well-documented history of paying for positive press. Dolson and others deeply involved in WordPress accessibility keep tabs on the plugin, which is how he came across the suspicious activity.
Soliciting paid or fake reviews is not a new infraction, and it has been explicitly forbidden in the directory’s guidelines for years. This falls under guideline #9: Developers and their plugins must not do anything illegal, dishonest, or morally offensive, which includes “Creating accounts to generate fake reviews or support tickets (i.e. sockpuppeting).”
Fake and paid reviews are a blight on any marketplace, and pop up now and then on the theme and plugin directories due to the power of WordPress.org as a distributions channel for freemium products. It makes it more difficult for the consumer to get an accurate understanding of the quality of the the product, but it’s not always easy to identify who commissioned the fake reviews.
Any user can help ensure the plugin directory has fair and honest reviews by flagging those that look suspicious. In the sidebar of individual review posts, logged-in users can flag a post for consideration. WordPress.org doesn’t often announce when it takes action to remove reviews but should confirm having received the report. In a rare case like this, Dolson’s writeup gives the wider community a glimpse into what it takes to track down fake reviews and get them cleaned up.
“Big Data is the profession of the future” is all over the news. I will say even more: data engineering skills for a developer is an urgent need. Before 2003, we had created as many petabytes of data as we do today every two days. Gartner analysts named cloud services and cybersecurity among the top techno trends of 2021.
The trend is easily explained. Huge arrays of Big Data need to be stored securely and processed to obtain useful information. When the companies moved to remote work, these needs have become even more tangible. E-commerce, Healthcare, EdTech — all these industries want to know everything about their online consumers. While the data is only stored on the servers, there is no sense in it at all.
Distributing applications on a couple of computers inside the same company is not an issue. A lot of products are available for automating the pushing of files onto computers. Issues might start to appear when you need to coordinate the deployment across different physical sites.
Today, GT Basic became the second theme from GermanThemes to go live in the WordPress theme directory. Like the company’s previous theme, GT Ambition, it is built around the block editor. It also introduces several custom block patterns.
The theme will not knock anyone’s socks off with its artistic merit. GT Basic is very much business in the front and business in the back, so it will not immediately appeal to everyone. However, it has everything you need and none of the things you don’t for setting up a WordPress website.
Out of the box, it is an architecturally-sound business theme. Its layout, structure, and typography make for a well-rounded design applicable to nearly any site. With a few modifications via the customizer, users can personalize it.
Its open-canvas feel gives ample room for using the entire content area for building custom page layouts, which is what business site owners should be looking for. The theme’s typography is on-point, creating a comfortable reading atmosphere for long-form content. It could serve well for a general blogging theme.
The theme is ripe for the possibility of child themes. These types of well-designed themes from a purely structural standpoint leave plenty of room for customization. GT Basic has just the right amount of visual options for users to put their unique spins on it. However, there is a lot of room for design-savvy people to do more.
About the Theme
GT Basic is, well, a basic theme. It is kind of there in the name. However, it includes enough options to make it more visually palatable. A few color and font changes could spice things up — the theme offers a range of system and Google font-family choices.
Modifying the theme’s typography and colors.
The theme also manages to not make a complete and utter mess of the customizer. GT Basic neatly tucks all of its options under a custom panel named Theme Options. Even its “theme links” section is in there. It is refreshing to see a theme not regurgitate pro links and single-use sections across the entire customizer controls frame. You will rarely see me use emoji, but the theme author deserves one on this point alone: 👏.
Where the theme gets things right is its support of the block editor. It does not try to do too much, relying on the core block styles as a foundation. It then tacks on a mere 46kb of additional CSS, unminifed, which is almost unheard of in today’s theme market.
GT Basic is one of the few themes I have seen that adds a custom block editor sidebar panel. Instead of going the page template route, it adds a full-width option, a method I have preferred over the years. It also has settings for users to disable the title and remove white space at the end of the content area.
The biggest downside to the theme is that the blog/posts page and archives display the full post instead of excerpts. It is one of my pet-peeves with theme design. Users should at least have the option to switch to an excerpt view.
The other cringe-worthy feature is the automatic output of the featured image alongside the full post content. This creates the dreaded double featured-image effect if the user also uses the same image within their post content. Again, a simple option to disable this would suffice.
Block Patterns
Inserting GT Basic’s portfolio block pattern.
I am a sucker for block patterns. Throw a few in any theme, and I will install it and see what I can build. The pattern system remains one of my favorite features of WordPress. It is also one of the areas where business themes can make their mark.
GT Basic includes four patterns for users:
Hero Section
Services
Call to Action
Portfolio
It does not take much to create unique layouts by mixing and matching two or more of them.
Thomas Weichselbaumer, the founder of GermanThemes, announced the adoption of block patterns in August 2020. He introduced block patterns across GermanThemes’ product line shortly after WordPress 5.5 introduced the feature.
GT Basic’s patterns would be more appealing if they included imagery and a spectrum of colors. The pattern layouts are designed well, but they lack the visual umph that inspires users. This is a missed opportunity to showcase how useful the patterns are. However, the theme author has built a few demos that could serve as inspiration.
FriendlyId is a very good gem that allows you to replace ids in your URLs with strings. This lets your Rails app work with ‘friendly’ URLs like ‘myapp/users/john’ as opposed to ‘myapp/users/1’.
Ruby on Rails development companies considers this gem as most essential for Rails applications due to its ability to make links memorable.
I’ve been a manager for many years at companies of different scale. Through these experiences, I’ve done my share of learning, and made some mistakes along that way that were important lessons for me. I want to share those with you.
But before diving in, I want to mention a strong caveat that my advice may be unique to my situation because I’m white and a woman in tech. My experiences may be relevant to that point of view, but your mileage may vary.
Another huge caveat: I’m sharing mistakes I’ve made so far in the interest of helping others, but I’m sure I’m not done making mistakes, either. I don’t have it all figured it out, I’m still on this journey.
Mistake 1: Thinking people give feedback the way they want to receive it
Feedback is one of the most important tools you have as a manager, but it can also be incredibly disruptive with poor execution. One of the hardest things I’ve had to learn is that humans aren’t pure functions: an input that works one day and gets one result, then again another day and get an entirely different result.
The same is true of how people give and receive feedback: someone may give you feedback in a particular way, but they prefer to receive much differently when it comes to themselves.
How do you get around this? Asking helps. I’ve started doing an exercise with my team where I ask the group as a whole how they would like to get feedback. Not only does it open up ideas, but it also helps that each individual has to think for themselves how they prefer to receive feedback. Normalizing this type of vulnerability and self-reflection can help us all feel like partners, instead of some top-down edict.
Another thing that’s helped? Asking folks directly in a one-on-one meeting if they have feedback for me as a manager, and following up with an anonymous survey. Again, it makes things feel less one-sided and provides everyone the opportunity to say things that they might not want to say directly to my face, which I know can be tough.
And lastly, if something comes up, addressing it immediately can be helpful. There’s nothing worse than your manager having an issue with something you did and only finding out about it three months later, especially if it’s tied to a performance review that you could have impacted had they been transparent earlier.
The truth is that even my advice here is imperfect. Feedback is tough. Being honest and improving together as a team is awkward. It’s incredibly worth it, though. That’s where the real growth is. That said, no two people are alike, no two groups are alike, and you may have to use your best judgement given the situation at hand.
Mistake 2: Trying to do everything yourself as a manager is the best way to help
Years ago, I managed a woman who was bright, talented, capable, and an all around pleasure. She was sort of new to the industry and could come across as timid, so I did my best to be a poop umbrella for her, fighting battles behind the scenes to set her up for success. She was on a steady track to land a senior role. Even after I decided to leave the company, I let the next manager know this person is track for a senior position in the next few months.
Then I moved to another city. Years later, I met up with the woman and was shocked to learn she never got the position.
Here’s what I learned: her promotion wasn’t the same high priority for the capable hands I left her in as it was for me. The team was challenged with a million other things that took center stage to the extent that her promotion fell off the radar. But even more than that, what became very clear to me was that all of that “protection” I thought I had set up for her didn’t really serve her well for the long haul. For example, I didn’t teach her how to advocate for herself or how to navigate the system. I vowed never to make that mistake again.
This is tough! If you’re strong and care about your team as people, it can feel very unnatural to teach someone to advocate instead of moving things out of their way themselves. And the point is not to throw that person into the fire. The point is to care. Are you teaching the things they need to learn? Are they really growing under you? Feeling like you’re protecting someone at all costs also lead to your own ego trip, too, which threatens progress.
Try to think through what skills someone needs to succeed without you. Teach those things incrementally. Sure, this is easy advice to say, but it’s really hard to do in the thick of things. Spend some time with it, and think through ways you can inject that learning into everyday work and interactions.
Mistake 3: Communicating something one time is enough
No one likes to feel like they’re repeating themselves. It’s annoying to say someone more than once, and it’s annoying to hear something over and again. But if you have a big enough group and there’s enough going on, things are going to slip through the cracks, so repetition becomes an important tool to make things stick. The trick is to say the same things, but in different ways.
There was a time last year when I asked my team to do something and none of them did it. What happened there? Given that it’s a team of highly efficient, strong collaborators, do you think they just all table-flipped and didn’t take action? Not a chance. I was the one who wasn’t clear. In fact, you can probably guess that if a whole group of people don’t understand or take action, the chance is that you, the manager, are the common denominator for why something is blocked. Not only did I not repeat myself enough to be clear, I didn’t align anyone with the why of the purpose of the task. It’s pretty easy to forget or not prioritize doing something if you have no clue why you’re doing it. Repeat yourself and align the group with the importance of the task and you’ll likely have a better result.
Think of all the ways we have to communicate these days: chats, emails, video meetings, texts, document comments, and so much more. And because some people communicate better in one medium than another, using all of the platforms have in various mediums becomes a strategy for repetition without nagging.
I’ve found that what work best is allowing everyone to own the information themselves. For example, if your team practices career laddering, the individual can read aloud each of the ladders in one-on-one and then talk you through their responses to each item. That way, you’re not lecturing — they are owning where they are and what the next steps are as you guide them along.
Mistake 4: You have to have everything together all the time
Some folks think that management looks like a steel fortress of preparedness and authority. I’m not so sure about that.
If something goes wrong, are you more likely to tell the manager acts as though they have everything together all the time, or the manager owns their mistakes? The truth is that your team needs to know you’re human. You can’t fix problems if you don’t know about them, and no one will tell you about them unless you make space for that.
One time, the night before a big release, someone on the team pushed a change that created thousands upon thousands of calls to a service that, in turn, thought it was the target of a DDoS attack, which then shut down our access. Here’s a moment when a lot of folks could have panicked and blamed one another. Instead, we giggled wildly, jumped into chat and on calls, fixed it, and kept going.
I couldn’t have been more proud of the team that day. Their response was wonderful. And it makes all the difference in how we work together, recover, and iterate.
You’re the manager, so if someone is going to show vulnerability first, it’s easiest on team dynamics if it’s you. You can try this by admitting you’re having a bad day, that you don’t understand something, or that made a mistake. You don’t have to do this constantly, a little is helpful.
This is way tougher if you are an underrepresented minority in tech. People will definitely think of an admitted mistake coming from one person as humility and another as failure. I myself struggle with this, too. I think it’s ok to admit that and feel the situation out given your circumstance.
Being a manager is tough. Your mistakes impact people, and that feeling of pressure can be a little isolating. I’ve made all of the mistakes above and more. I feel it’s critical to share so that when we encounter pitfalls, we don’t feel so alone and have a potential path forward.
