Saturday, January 10, 2015

Interesting REST tools for developers.

Postman REST plugin for Chrome allows you to send HTTP requests directly to REST APIs.

Swagger useful for documenting REST APIs into a JSON format that can then be executed in a web browser against a live API.

ngrep is useful when you need to see exactly what is being sent between client and web server (or proxy server)  it will show you traffic in real time on a given port.

for example sudo ngrep -W byline -d lo port 9001 will show what is happening on some arbitrary REST API configured for port 9001

mitmproxy/mitmdump (mitm - Man In The Middle) is an intercepting and traffic capture proxy that will do many, many things including capturing and saving web traffic.

For example to capture all traffic destined for a server on port 9001, use this command which configures mitmdump as a forwarding proxy on port 7001 and writes traffic to "outfile".

mitmdump -p 7001 -P -w outfile

Wednesday, January 7, 2015

Swagger is great but integrating documentation with code seems like a bad idea.

Swagger is a way of documenting REST API's.  It's useful and clever.

However much of the ecosystem seems oriented toward integrating Swagger documentation directly into the API source code.

This seems like a bad idea.  I want my REST API source to be minimalistic and simple.  The less code, the fewer bugs.  Integrating Swagger directly into the source code seems to significantly increase the code size and therefore the potential number of bugs.

For large projects this would seem to lead to a significant increase in code complexity.

A further issue is that the Swagger spec is being updated over time and keeping your source code in sync with Swagger seems less practical than keeping a static Swagger spec for your API updated.

Better to just make a static Swagger file that documents the API.  I can't see that this approach is significantly less functional than integrating Swagger into the code.

Actually interested versus conceptually interested.

People applying for jobs often say "I don't have experience with technology X but I'm really interested in it.".

But they haven't downloaded it, played with it, built a sample project with it, or written a short blog post about it or tweeted on it or whatever. So they aren't actually interested, they are "conceptually interested".

Often there's a long cover letter explaining the excuses for being conceptually interested rather than actually interested. The excuse is usually lack of time to be actually interested.

Being conceptually interested is mainly useful for applying for jobs and is quite different from being actually interested.

Saturday, January 3, 2015

There's no shortage of programming talent. Only a shortage of recruiting talent.

I constantly send developers to employers for interview.

Sometimes I get detailed feedback and why the developer was rejected for the job (they almost always are). Often the reasons that the developer was rejected aren't any indicator of whether or not this person is a great developer.

So yet another great developer gets passed by yet another employer that is "focused on finding the best developers".

There's no shortage of programming talent.

Australia left wondering how to handle ice (crystal meth) epidemic.

Consider this article: Ice hits Melbourne's heroin heartland

People who live in and around these drug affected communities are yearning for the "good old days of heroin" when drug addicts just went to sleep after getting stoned instead of becoming violent and aggressive as they do on ice.

Drug users turn to ice because it's cheap and available.

Perhaps the way to combat ice is to make "the good old drugs" like heroin free (as in $0) and free (as in freely available) so people don't need to turn to "the bad new drugs" like ice to get high.

Instead of the police "getting heroin off the streets", maybe it's time we did the opposite.  Supply and demand.  Give the drug addicted people the less harmful drugs for free in an attempt to stamp out demand for the more harmful drugs. If there's no heroin then the drug addicted folks will want something - that something seems to be ice.

Friday, January 2, 2015

Private networks aren't. Time to direct connect everything to the Internet.

I understand this is a controversial idea that will lead to howls about how little I understand about security and what a bad idea this is.  Ignorance hasn't stopped me so far so I'll say it anyway.

It's time to direct connect all computing  devices to the Internet and do away with the concept of the "private network".

Private networks create the illusion that devices on the private network are somehow "protected from the Internet" and "not visible to hackers",  leading to complacency around the security of systems that are on private networks.  Systems on private networks are often configured to trust other machines on the private network, so once a hacker gains access to one machine on the private network, the task of hacking into other machines becomes easier.

Perhaps it's time to direct connect all computing devices to the Internet so everyone can be real about how secure they need to be to avoid penetration by hackers. You can't hide your computers behind the illusory safety of a private network.  Cause private networks aren't.