Petya and WannaCry: Perimeter security is dead. Long live zero trust.

Both Petya and WannaCry are great demonstrations of how perimiter-based security is failing the industry and is better replaced with zero trust network security strategies like BeyondCorp. Read more »

Doing HTTP Sessions badly

In this article I explore some ways in which HTTP sessions can be used badly. I'm not talking from a church of RESTafarianism position here. I'm cool with web applications using HTTP sessions, but I want to explore the pitfalls of using them badly and given some easily followed guidance to… Read more »

Haskell Programming from First Principles: Final Review

Alas, all adventures must come to an end. In this final instalment of my incremental review of Julie and Chris' book I take some time to reflect on the entire book and give a holistic review. Read more »

Ambient Asset Management revisited

A while back I introduced the concept of ambient asset management. On further research I discovered some glaring gaps in that approach which I explore today. Read more »

OCP-friendly service layering with Dependency Injection

This is likely to be a controversial post given the complexity tradeoff. I welcome feedback on this idea. In this article I present a brief discussion of the motivation for DRY followed by concrete and consumable advice on how to achieve it using dependency injection and generics. Read more »

More results...