Skip to main content


Deliver SaaS According Twelve-Factor App

If you haven't heard of  the twelve-factor app , it gives us a recommendation or a methodology for developing SaaS or web apps structured into twelve items. The recommendation has some connections with microservice architecture and cloud-native environments which become more popular today. We can learn the details on its website . In this post, we will do a quick review of the twelve points. One Codebase Multiple Deployment We should maintain only one codebase for our application even though the application may be deployed into multiple environments like development, staging, and production. Having multiple codebases will lead to any kinds of complicated issues. Explicitly State Dependencies All the dependencies for running our application should be stated in the project itself. Many programming languages have a kind of file that maintains a list of the dependencies like package.json in Node.js. We should also be aware of the dependencies related to the pla

How To Use Protocol Buffer in Javascript

We have understood a few advantages of protocol buffer like what I've explained in my other post . Now, let's look at how we can implement it in our code. The "transpiler" tool, named protoc , supports the generation of a helper class for managing the object instance in a variety of programming languages. In this post, we use Javascript as an example and run in a Linux environment. Preparation Before we develop our code, we should install protoc for generating the helper class. Download protoc binary from the release page . Extract the content and store the directories  ( bin  and  includes ) in /usr/local  directory so that the executable binary can be accessed directly. Run protoc --help to check its manual. Install a required dependency globally to enable protoc  to generate the Javascript files by running: npm i -g protoc-gen-js . Create a proto file First, we should create an empty directory

Cycle of Hatred

We realized what was inside his mind when Pein talked to Naruto.

How To Measure Modularity

A module is a set of parts that can be used to build a more complex system. How parts can be set or grouped together is based on some considerations. How optimised our module or how good the modularity level of our system is, are our questions. Several aspects are very common when we want to measure the modularity of our system or software: cohesion , coupling , and connascence . Cohesion It is the indicator of whether we efficiently group some parts together. A cohesive module means all parts in the module are well coupled. If we break a cohesive module in our code into pieces or smaller modules, that will lead to an increase in coupling across modules and a decrease in the readability of the code. There are a few types of cohesion based on the cause of cohesiveness such as functional, sequential (input-output relation), procedural (execution order), logical, or temporal. One that is not strongly related to the functional aspect is logical cohesion. For example, we may

Advantages of Using Protocol Buffer

A protocol buffer is a mechanism to share objects between machines which is language agnostic and has a target to reduce the payload size. We are already common with JSON which is used by most RESTful APIs to send/receive objects to/from any kind of client. JSON is already convenient and supported by many platforms, but, why we should know about the protocol buffer. Besides the optimization of payload encoding, protocol buffer which is also called  protobuf introduces schema definition that should be maintained by the machines to encode or decode the objects delivered. The main processes for delivering the objects are called serialization and deserialization. Serialization is the process of transforming an object instance in an application into an optimized binary payload. Deserialization is the process of decoding the binary data into the desired object. Let's take a look at the following table that shows a comparison of XML, JSON, and protobuf.

OWASP Top 10 Security Threats

The Open Worldwide Application Security Project (OWASP) is an online community that produces freely available articles, methodologies, documentation, tools, and technologies in the fields of IoT, system software and web application security (Wikipedia). In this post, I want to share the top 10 security threats published by OWASP. The list is regularly updated by OWASP, the following list is based on 2021 publication. Broken Access Control This security issue can be caused by many things such as violation of the least privilege principle, unprotected API endpoints, use of unique identifiers without permission checking, and so on. There are several threats related to broken access control. Insecure Direct Object Reference . It happens when an application provides direct access to objects based on user-supplied input. For example, after submitting a form, the endpoint returns an ID of the object being submitted while with that ID, a user can access the

End of Garden of Words

 It is rain

Tools To Help You Create API Documentation

Nowadays, many paid and free tools can help us make beautiful API documentation for our software projects. These are a few of them with an explanation of each advantage. RapiDoc This open-source tool can generate API documentation based on OpenAPI specifications. So, if you already use the Swagger tool to generate your documentation, you can use the configuration and generate a new documentation page instantly. To use RapiDoc, we can create an HTML file that includes the Javascript library provided by RapiDoc or we can include it in a Javascript framework like React and Vue. It is very customisable, we can add custom HTML or markdown in the generated documentation, apply a dark theme or custom style, create custom methods, and many more. It also supports in page console to try an API request. ReadMe It is a service that can transform static API documentation into interactive developer hubs. Developer hubs mean it can mon

What Is The Importance of Software Architect

Someone said, "Architecture is about anything important,  whatever it is." But, what software architecture really is. Four components construct a foundation of software architecture.   Structure It is more like an  architectural style such as monolithic, microservices, layered, etc. So, if an architect talks about microservice, for example, he just talks about the software structure he is building. Characteristic It defines the  success criteria of software such as reliability, scalability, security, availability, etc.   Decisions It defines the rules on how the software is constructed. For example, a decision in a software development project states that each service in a microservice system can only have full-access permission to its own database. When a certain element cannot fully follow the rule then it is called variance in the system.   Principles The difference between decision and principle is that principle is more about providing guidelines for the dev

Why DevSecOps Is Important

DevSecOps stands for development, security, and operations. By its name, we can guess it is more like DevOps with the integration of security tools. The more formal definition, it is an approach to design and automate the integration of security at every phase of the software development lifecycle. This term became more popular when many cloud providers and code management tools started to use the name in many places on their platforms. As it integrates security tools in every phase of SDLC and automates the process, this approach can help developers catch vulnerabilities early. Besides it can help us to ensure that our project aligns with regulatory compliance from the beginning. This state can lead to cost-effective software delivery by reducing time to market and can help organizations build a security-aware culture. Security become a concern of more companies nowadays as the increasing of cyber incidents. Traditional DevOps may lack in a few aspects. First, in traditio

Kenshin's First Scar

Wandering who is the first person can make a scar on Kenshin's face. It is unexpected.

Create Effective Documentation for Software Project

As your software project grows, it may involve more contributors. If you build a platform that publishes APIs that can be consumed by the public, you may expect more users to use your platform. If you work on an internal project that involves many parties from several vendors, you may expect everyone can understand your project and collaborate well. In any scenario, effective documentation can help you achieve what you want. We should consider a  user-oriented design for our documentation which considers who will use our product and what goal our users pursue by reading the documentation. Sometimes, it can help us in developing the project itself by trying to see the project from a user perspective. These are types of common audiences and the information needed. Evaluators who examine whether the service or tool is useful. They need a high-level overview, a list of features, or expected benefits. New users who just learn the usage. Th