How deep do you authenticate?   

By Stephan Wissel | 6/24/24 8:26 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

How deep do you authenticate? - Accessing applications usually entails some kind of identity. Some part(s) of your application provide identity (called IdP), while other's consume it (paraphrased from Captain Obvious). Identity could be provided from a record or document in your or another database, an LDAP directory, an OICD or a 3d party like your eMail provider or social account, or with some hoops and loops Webauthn (a.k.a passkey). The question is: how deep does it go ?

NoSQL schema design  

By Stephan Wissel | 6/10/24 1:31 PM | Development - Notes / Domino | Added by Roberto Boccadoro

NoSQL schema design - A question that pops up frequently in developer discussions is 'how to structure your data in a NoSQL way?'. To shed a light on this, we have a look at the approach invented 50 years ago and still an all time favorite.

Development Containers - the fine print  

By Stephan Wissel | 5/13/24 4:30 AM | Development - Notes / Domino | Added by Roberto Boccadoro

Development Containers are supposed to liberate your development environment from a specific local installation, like container technology liberated your runtimes (a.k.a YAMLed them into Docker or Kubernetes). Development != Runtime Containerization for development has some overlap and quite some difference to containerization for production:

Maven build with multiple Java versions   

By Stephan Wissel | 4/17/24 4:02 AM | Development - Notes / Domino | Added by Roberto Boccadoro

Imagine, you are tasked with maintaining a Java application that needs to run on more than one Java version. You want to ensure that it compiles, tests and builds on all of them. This is our story, buckle up, there are a few moving parts

nginx as ingress for Docker composeg  

By Stephan Wissel | 11/16/23 1:57 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

nginx as ingress for Docker compose - In June I wrote about how to use Docker & nginx to deliver statically rendered brotli files for your web (frontend) application. It improves delivery quite a bid, but left me wonder: isn't there too much static WebServer involved? Double hop to deliver static files.

Deploy private npm packages into private containers using github actions  

By Stephan Wissel | 7/17/23 2:33 AM | Development - Notes / Domino | Added by Roberto Boccadoro

GitHub Actions are rapidly becoming my favorite CI environment. Their marketplace has an action for everything. Sometimes it takes a little trial and error before things work smoothly. This is one of that stories. Authentication is everything Imagine the following scenario: you have developed a set of private TypeScript (or JavaScript) packages and have successfully deployed them to the private GitHub npm registry under the name @myfamousorg/coolpackage - where myfamousorg must match the repository owner (org or individual). Now you want to use them in your application. That application shall be packed in a Container and made available in GitHub's private registry. All that automated using GitHub Actions.

TOTP and vert.x  

By Stephan Wissel | 2/7/23 9:13 AM | Development - Notes / Domino | Added by Roberto Boccadoro

TOTP and vert.x - Time-based one-time passwords (TOTP) are a common security feature in Identity Providers (IdP). There are use cases beyond IdP, mine was 'Understanding what it takes'). TOTP interaction You have two phases: enrollment and use. During enrollment a secret is generated and (typically) presented as QR Code. A user points one of the many Authenticator apps to it and gets a numeric code that changes once a minute. When you use it, you pick the current number and paste it into the provided field. The backend validates the correctness with some time leeway. What it is not Typically when enrolling you also get recovery codes, sometimes called scratch codes. They are NOT part of TOTP and implementation is site specific and not standardized. An implementer might choose to check your recovery codes when your TOTP fails or provide a separate interaction using those. The initial confirmation, is actually the first instance of "use" and one could have a successful enrollment without it. This is depending on the implementation. It isn't foolproof. An attacker could trick you into typing your TOTP code into a spoofed form or just hijack your session (cookie). That's why responsible web apps run a tight security with CSP and TLS (and once browser support is better Permission Policy)

Please wait until that HTTP service is ready  

By Stephan Wissel | 1/3/23 10:17 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Our brave new world of containers and microservices runs on a combination of YAML and shell scripts. Getting them to run in the desired sequence can be a challenge. When ready isn't ready All container environments have a 'depends' clause, so the container runtime can determine the correct startup startup sequence for the zoo of containers comprising the application to be launched. Each container will usually signal when it is ready. However ready can mean different things to different applications. In the container world it should be: the service is available. However it could be: service was successfully started, but might be busy with house keeping. In the later case the start scripts of the dependent services need to do their own waiting

Test-Driven Development Is a Paradox  

By Stephan Wissel | 10/21/22 7:37 AM | Development - Notes / Domino | Added by Roberto Boccadoro

TDD is favored by very succesfull engineers as a means of accellerating software development by preserving quality. Objections are plenty. The talk by Burt Hufnagel tries to address those. The TDD Paradox: TDD requires you to write more code, so you can be done sooner. It's like learning to drive a car. Your first mile takes, give or take, 40-50h to complete: Driving lessons, driving tests, get the license issued before you drive. You can walk a lot more in 50 hours, you get the drift...

Case insensitive deserialization  

By Stephan Wissel | 6/8/22 3:58 AM | Development - Notes / Domino | Added by Roberto Boccadoro

Case insensitive deserialization - Growing up in Windows with BASIC you learn case doesn't matter, so Color is the same as COLOR or cOLOR when it comes to variable names. Same applies to @Formula or item names in Notes documents. On the other side, Linux, Java, JavaScript and JSON are very much case sensitive. This poses a challenge when deserializing (handcrafted) JSON files.

The Quest for a software documentation system  

By Stephan Wissel | 3/10/22 1:54 AM | Development - Notes / Domino | Added by Roberto Boccadoro

The Quest for a software documentation system - Software documentation is a thankless business and never complete. Picking the right system can make or break your documentation success Contenders We have a number of options commonly used, each with strengh and weaknesses.

Factory based dependency injection  

By Stephan Wissel | 12/10/21 1:39 AM | Development - Notes / Domino | Added by Roberto Boccadoro

No man is an island and no code you write lives without dependencies (even your low-level assembly code depends on the processor's microcode). Testing (with) dependencies can be [insert expletive] The general approach to make dependent code testable is Dependency injection. Instead of calling out and create an instance of the dependency, the dependency is hand over as parameter. This could be in a constructor, a property setter or as method parameter.

Domino Docker and Debugging  

By Stephan Wissel | 6/30/20 2:15 AM | Development - Notes / Domino | Added by Oliver Busse

Given that Domino once was build to run on 486 capacity of servers, Docker and Domino are posed to be a match made in heaven (eventually). Jesse shared shared his Weekend Domino-Apps-in-Docker Experimentation, Paul shared his learning points and Daniel provided the invaluable Domino on Docker build scripts. So it's time to contribute my share. The topic is slightly more exotic

Domino Administration Back to Basics Part 2 - Networking  

By Stephan Wissel | 2/4/20 7:37 PM | Infrastructure - Notes / Domino | Added by Kenio Carvalho

Domino Administration Back to Basics Part 2 - Networking - In Part 1 we learned about the marvelous world of Notes Names, X400 and the perils of messing with certificates. One big difference to X509 is the (almost) absence of certificate Command Line tools that can be so much fun. Domino Networking - protocols as you like it Domino predates the rise of TCP.

Domino Administration - Back to Basics (Part 1) Certificates  

By Stephan Wissel | 2/4/20 5:44 PM | Infrastructure - Notes / Domino | Added by Oliver Busse

Domino Administration - Back to Basics (Part 1) Certificates - Domino is different, a lot of its concepts predate the internet and quite often inspired the standards. This is not an step-by-step instruction, but an introduction into concepts. The 'step by step' approach is another story for another time.

Serving Single Page Applications with Domino  

By Stephan Wissel | 1/11/17 3:23 AM | - | Added by John Oldenburger

Single Page Applications (SPA) are all the rage. They get developed with AngularJS, ReactJS or {insert-your-framework-of-choice}. How does Domino fit into the picture with its integrated http stack, authentication and database? The answer isn't very straight forward.

The totally inofficial guide to Verse on Premises  

By Stephan Wissel | 1/3/17 5:02 PM | - | Added by Oliver Busse

Now that CNGD8ML is upon us, it is story time. Read about the why, who, what and what to watch out for. To successfully deploy Verse, make sure to carefully read and implement the installation instructions. The availability of Verse makes Domino the most versatile eMail platform around, offering you the choice of: Notes Client, Outlook, POP2, IMAP4, iNotes, Verse, iOS, Android.

Domino meets RXJava  

By Stephan Wissel | 9/13/16 6:13 AM | Infrastructure - Notes / Domino | Added by John Oldenburger

Verse on premises (VoP) is nearing its second beta release and fellow Notes experts are wondering if they need to install Apache Solr as part of the VoP deployment. There was a lengthy, high quality discussion and quite some effort evaluating alternatives. In conclusion it was decided to deliver the subset of Solr capabilities needed for VoP as series of OSGi plugins to the Domino server.

The quick and dirty Domino Cloudant export  

By Stephan Wissel | 1/21/16 3:37 AM | - | Added by Oliver Busse

Moving data out of Domino never has been hard with all the APIs available. The challenge always has been: move them where? Ignoring for a second all security considerations, the challenge is to find a target structure that matches the Domino model. Neither flat table storage nor RDBMS fit that very well.

Automated Tests in Bluemix Build and Deploy  

By Stephan Wissel | 11/26/15 2:01 AM | - | Added by John Oldenburger

Bluemix is a beautiful environment for agile software development. Its build and deploy capability ensure continious delivery, so you can focus on code. A well run project requires automatic testing (starting with unit tests up to integration testing). You can configure this in the Build and Deploy pipeline, so your project looks like this.

The lowdown on Notes application web and mobile enablement  

By Stephan Wissel | 11/3/15 3:41 PM | - | Added by John Oldenburger

There are millions (if not billions) of lines of code written for the Notes client in small, large, simple, complex, epidermal and business critical applications. With the rise of browsers, tablets and mobile devices there is a need to web and mobile enable these applications.

Domino, Extlib, GRUNT, JSON and Yeoman  

By Stephan Wissel | 10/29/15 9:58 PM | - | Added by Oliver Busse

With a few tweaks and clever setup, you can have web developers deliver front-ends for Domino without ever touching it. Contemporary web development workflows separate front-end and back-end through a JSON API and HTTP (that's 21st century 3270 for you). The approach in these workflows is to treat the webserver as source of static files (HTML, CSS, JS) and JSON payload data being shuffled back and forth. This article describes how my development setup makes all this work with Domino and Domino designer.

Validating JSON object  

By Stephan Wissel | 7/12/15 6:22 AM | - | Added by John Oldenburger

One of the nice tools for rapid application development in Bluemix is Node-RED which escapted from IBM research. One passes a msg JSON object between nodes that process (mostly) the msg.payload property. A feature I like a lot is the ability to use a http input node that can listen to a POST on an URL.

Random insights in Bluemix development  

By Stephan Wissel | 6/29/15 4:21 AM | - | Added by John Oldenburger

Each platform comes with it's own little challenges, things that work differently than you expect. Those little things can easily steal a few hours. This post collects some of my random insights. I'm a big fan of offline development. My preferred way is to use a local git repository and push my code to Bluemix DevOps service.

Adventures with NodeRed  

By Stephan Wissel | 6/2/15 9:48 AM | - | Added by John Oldenburger

Node-RED is a project that succesfully escaped "ET" - not the alien but IBM's Emerging Technology group. Build on top of node.js, Node-RED runs in many places, including the Rasberry PI and IBM Bluemix. In Node-RED the flow between nodes is graphically represented by lines you drag between them.

Your API needs a plan (a.k.a. API Management)  

By Stephan Wissel | 5/20/15 2:07 AM | - | Added by John Oldenburger

You drank the API Economy cool aid and created some neat https addressable calls using Restify or JAX-RS. Digging deeper into the concept of micro services you realize, a https callable endpoint doesn't make it an API. There are a few more steps involved.

The Rise of JavaScript and Docker  

By Stephan Wissel | 5/9/15 5:50 AM | - | Added by John Oldenburger

I loosely used JavaScript in this headline to refers to a set of technologies: node.js, Meteor, Angular.js ( or React.js). They share a communality with Docker that explains their (pun intended) meteoric rise. JavaScript on the server isn't exactly new. The first server side JavaScript was implemented 1998.

email Dashboard for the rest of us - Part 2  

By Stephan Wissel | 4/12/15 2:50 AM | Infrastructure - Notes / Domino | Added by Johnny Oldenburger

In Part 1 I introduced a potential set of Java interfaces for the dashboard. In this installment I'll have a look on how to extract this data from a mail database. There are several considerations to be taken into account. Since I have more than a hammer, I can split the data retrieval into different tooling.

email Dashboard for the rest of us - Part 1  

By Stephan Wissel | 4/11/15 11:08 AM | Infrastructure - Notes / Domino | Added by Johnny Oldenburger

One of the cool new features of IBM Verse is the Collaboration Dashboard. Unfortunately not all of us can switch to Verse overnight, so I asked myself: can I have a dashboard in the trusted old Notes 9.0 client? For a collaboration dashboard I see 3 types of data: collaborators, summary data and detail data.

XPages XML Document DataSource - Take 2  

By Stephan Wissel | 3/5/15 4:43 AM | - | Added by Johnny Oldenburger

For a recent project I revisited the idea of storing XML documents as MIME entries in Notes - while preserving some of the fields for use in views and the Notes client. Jesse suggested I should have a look at annotations. Turns out, it is easier that it sound. To create an annotation that works at runtime, I need a one liner only: @Retention(RetentionPolicy.RUNTIME) public @interface ItemPathMappings { String[] value(); }