About and Disclaimer

About and Disclaimer

Melodious Code is the personal blog of a software developer from the United Kingdom (we don’t all live in silicone valley). Posts are likely to be related to software development or technology in general. Posts will be as regular or irregular as they are, no promises are made.

Verification

You can locate me on keybase and view my verified identities: https://keybase.io/melodiouscode.

Cookies

You can read about cookies and my use of them over on our cookie page.

Analytics

I use Cloudflare Analytics to see if anyone actually visits this website; their data retention policy is at the lowest level possible (so they delete analytic data as quickly as possible). All demographic info settings have been disabled; so that as little information as possible is collected.

Statement Of Neutrality, Alignment And Interests

I work as the manager of a software development team (.NET, SQL, etc) for a UK based Business Services Company; this website is separated from my professional activities. Should any article relate to the business of a firm I am directly attached to it is not to be taken as their word or opinion; everything I write is my opinion and mine only (unless otherwise marked on the article). Should I write an article on behalf of another firm it will be listed here for the purposes of disclosure:

Sponsored or requested articles

  • None at this time

Commercial Interests

I do not directly hold commercial interest in any technology firm (other than by my employment as a software developer, but I do not write directly about my firm unless obviously indicated). I do not directly hold any stocks or shares in a technology firm (I may via my pension fund, but that is not under my control). In the event that I am provided with a product or service to write about this will be clearly indicated in the article.

Relationship to Employer

My personal activities; be they blogs, articles, social media posts, or otherwise are entirely my own. No posts/etc are approved by my employer (unless clearly marked as such), past or present. All statements and views expressed are my own.

Disclaimer

Introduction

This disclaimer governs your use of “this site”; by using “this site”, you accept this disclaimer in full. If you disagree with any part of this disclaimer, you must not use “this site”.

Use of Content

All content provided on this website is provided under the Creative Commons Attribution-Non-Commercial-Share Alike 2.0 UK: England & Wales Licence, details of which can be found at on the Creative Commons site. This licence is applied across all aspects of the site unless otherwise specified.

Please note that this licence does not apply to any images referenced to in, or hosted upon, this site for which melodiouscode.net does not hold the rights.

Disclamer

Any and all code or information provided on “this site” is given as is, without warranty unless otherwise expressly specified. No responsibility will be taken for the use and/or misuse of code or advise given herein. If any person is not sure about how to implement something they have garnered from this site, they should contact the author or consult the wider community.

External Links

Throughout “this site” you will find links to external sites not hosted by melodiouscode.net. Although every effort is taken to ensure the validity and accuracy of these links, no responsibility is taken for the content of said links. Melodiouscode.net would also like to make it plain, that the content of external sites does not in anyway reflect on the true beliefs or opinions of the author.

Entire Agreement

This disclaimer may be revised from time to time. The revised disclaimer will apply from the date of its publication on “this website”, and superseads all previously published disclaimers. Please check this page regularly to ensure that you are familiar with the current version.

This disclaimer along with any other policy items listed upon “this site” constitute an agreement between us and you, in relation to your use of “this site” and all works held within, and supersedes all previous agreements in respect to your use of “this site”.

Law and jurisdiction

This disclaimer will be goverened by and construed in accordance with English law, and any disputes relating to this disclaimer (or items governed by it) will be subject to the exclusive jurisdiction of the courts of the United Kingdoms of England and Wales.

Us

You may contact melodiouscode.net with regards to this disclaimer or any other legal items via [email protected]

Further notes

The Site is a participant in the Amazon EU Associates Programme, an affiliate advertising programme designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.co.uk (and its sister sites within the EU or USA).

Read more

Developer Professional Development

Developer Professional Development

I have met many developers who think they know everything (and are happy to tell you that they do); they found a way to write some functions and they have used that pattern ever since (because it is the best). Professional Development is an alien topic to them; why would they spend hours watching videos or reading articles when they have work to do?

As a developer I feel that continual professional development is key; not only to your ability as a coder but also to any projects which you may already be working on. There is always a better way to do something (not that is always a reason for refactoring!).

As part of my continual professional development (CPD) I spend several hours a week watching training videos on new subjects, reading blog articles, and looking at other’s code for inspiration.

This page exists to list some training resources that I have found particularly useful (I am not professionally linked to any of these sites or services, I just found them useful); in addition to these you can also find a list of most of the training videos I have watched here.

Development Practices

Security

ASP.NET MVC

SQL Server

Read more

Reading List

Reading List

Over the years we all collate a list of sites/blogs/etc that we keep an eye on (or that form our morning coffee reading list); personally I used to use Google Reader to aggregate all my rss feeds. Unfortunately Google decided for some unknown reason to shut it down; since then I have been using “the older reader” to group together my feeds; it is perfect!

Out of my morning coffee link list I feel these are worth visiting, reading, and subscribing with, you may or may not agree (but isn’t that the joy of the internet?):

You can also find me on the web at:

Blogs etc

  • Coding Horror Programming and the human factor
  • Daily .NET Tips As the title says, daily .NET tips
  • John Skeet John Skeet’s Coding Blog
  • Mark Zhou Mark Zhou – A developer who develops for developers
  • Scott Hanselman Scott is a programmer, teacher and tech speaker who writes some very interesting articles.
  • Scott Helme This Scott is a security researcher and speaker from the UK; if you are interested in web security (HTTPS, CSP, SRI, etc) then Scott’s blog is a must.
  • Troy Hunt An Aussie MVP Security Expert who also writes some great PluralSight courses
  • Lars Klint Lars is a Microsoft MVP, PluralSight Author, and speaker. He knows alot about mobile development and according to his bio is a part time crocodile wrangler!
  • Cloudflare Cloudflare basically run the internet, so read!

Development

  • .NET Blog The .NET Blog; written by the .NET team.
  • Brent Ozar Brent Ozar are the experts on most things SQL
  • Daily .NET Tips As the title says, daily .NET tips
  • JetBrains Company Blog JetBrains make many useful .NET tools, one (resharper) that I use on a daily basis
  • Scott Hanselman Scott is a programmer, teacher and tech speaker who writes some very interesting articles.
  • MSSQL Tiger Team MSSQL Tiger Team This is the official team web log for SQL Server engineering (TIGER) team

Other Useful Sites

  • Have I Been Pwned? HaveIBeenPwned.com is a project by Troy Hunt; he collates many of the data leaks online and presents them in a way that can be searched for your own protection!
  • Report-Uri A great resource run by Scott Helme allowing you to track the effectivnes (and any problems with) your Content Security Polices and the like.

Web comics

  • CommitStrip A web comic about the daily life of some web developers
  • Dilbert You must know who dilbert is? You don’t, then go start from comic #1
  • Hi, I’m Liz Quick and simple web comic that always creates a laugh!
  • Questionable Content I have read QC from start to now; I own the print books, need I say more?
  • XKCD Would any list of web comics be complete without the genius that is XKCD?

Photo by Thomas Kelley on Unsplash.

Read more

Protect yourself online, don’t wreck yourself

Protect yourself online, don’t wreck yourself

I have been watching a lot of the TV show Criminal Minds recently (blame my wife); in the show there is a technical wizard known as Penelope. She is the teams super hacker and data manipulation extraordinaire. In some of the episodes Garcia (her surname, it’s an American show they all call each other by their surnames because its more dramatic) delves deep into an unsub’s (Unknown Subject, the bad guy serial killer crazy person they are trying to catch) digital life and comes up with all the answers

Very little effort seems to be put in to the hacking, she just gets into their social media accounts, or their emails and finds out the address of their secret death dungeon thanks to an invoice from the power company stored under “Super Secret Death Documents” in their gmail folders. This got me thinking (the security bit, not the super-secret-death-dungeon bit) about how easy some forms of “hacking” are, and how you can protect yourself online.

It isn’t hard to work out the basics about a person these days; there is so much Open Source Intelligence (OSINT) available to the casual social engineer (for more information about OSINT and Social Engineering check out one of Troy Hunt’s courses on Plural Sight or his blog). Facebook, LinkedIn, and twitter are generally a good starting point to find out all sorts of information about your “target”.

Last time you signed up for an email account (or similar) do you remember those questions about your first pet, or your mothers maiden name? Those tiny bits of knowledge can be used to reset the password to your email account; once you are in there (as Garcia was) you can access almost everything a person has online (resetting passwords via their inbox as you go). From my generation on-wards (and more so for younger generations) you will almost certainly find someones mother on their Facebook wall (liking everything they post as mine does), and then from their profile you may find their maiden name (or even their parents posting on their wall!). How many people list their dog on Facebook, posts about how nice it looks in its Christmas jumper, that’s another tick box covered!

One source of data that I haven’t seen Criminal Minds use yet is the data breach; why bother hacking someones account when the password they use for everything is in a leaked data-set? Surely Garcia must have them all downloaded so she can search for the unsub’s passwords? Coincidentally if you haven’t already go and check out haveibeenpwned and see if you have been breached (I bet you have). There seems to be a new data breach every few days so if you haven’t been “pwned” yet you will be!

Protect yourself, don’t wreck yourself!

So what can you do to protect yourself online and your accounts against Garcia (or some script kiddo from a far flung country)? Well there are a few things, some simple, some more complex (but still worth doing).

Stop using the same password

No seriously stop, just stop using the same passwords everywhere. All it takes is for that basic little website about how much you like cats to get breached (rather likely considering they run as a vBulletin forum) and your password for Gmail/your bank/your government login/etc to be leaked (along with your email address as you used that to sign in). But “how can I remember hundreds of passwords” I hear you scream, simple just don’t!

Use a password manager

In the past I would not have recommended a password manager; giving someone else all your passwords seemed like crazy talk. However that was before all the breaches started; companies were not storing user passwords securely so each breach leaked credentials (often in plain text). Remembering a unique and secure password for each system you use is unlikely to work; however learning one long, complex, and strong password is easy, using that password to secure a highly encrypted vault is even easier! haveibeenpwned

There are many password managers out there, depending on your preference (offline or online) I suggest looking at KeePass or 1password. Which ever password manager you choose please do you research first; I am not saying that the smaller firms are not trust worthy but the larger and more public a firm the more likely it is to be secure (password managers get a lot of attention from white and black hats alike) due to the coverage it receives.

Look into Multi-Factor Authentication

Google recently stated that over 90% of Gmail users still don’t use two factor authentication (also known as Multi-Factor) to secure their accounts. Two Factor Authentication (2FA) is just what it sounds like; your password is the first factor, a single use code (from a mobile device for example) acts as the second. Services which offer 2FA provide an enrolment code which an app on your mobile device can understand; allowing it to display random codes over time which the server can validate.

When you log in you have to provide both your password and the 2FA code; this means that if someone obtains your password (from a breach for example) they can not log into your account without having access to your 2FA device. It is a quick and simple way to improve your security substantially.

Some sites (such as twitter, amazon, and google) allow you to receive an SMS with the 2FA code; there is currently a debate around how secure the use of mobile for 2FA is. However it is important to note that any form of 2FA is more secure than no form; so unless you are securing your massive crypto-currency reserves (we all have those right?) mobile 2FA will be fine for now!

Turn on Alerts

A well written system will allow a user to review audit logs; or obtain alerts of unusual activity (think about how your bank informs you of strange activity). Check out the security settings on the websites you use; many will likely allow you to receive an alert for login from new devices.

On top of these active alerts; don’t forget to subscribe to a service such as HaveIBeenPwned which does it’s best to inform you if and when your email accounts (or even entire domains if you own them) appear in data breaches online.

##tldr; How do you protect yourself online? This post has grown longer than I intended it to; so here are a few quick action points you can use to protect yourself online:

  1. Stop using the same passwords on different services; invest in a password manager such as KeePass or 1password.
  2. Enable 2FA/MFA protections on as many accounts as you can; check out twofactorauth.org for a list (and instructions) of many sites which support it.
  3. Review security settings on the sites you use; enable alerts and check logs.
  4. Sign up to HaveIBeenPwned.

Read more