I have written a few articles about ‘Browser Security Headers’ in recent months; I partly wrote them to encourage me to read more on the subject myself but I hope that someone starting off on the subject will find them useful.

Rather than write another quick post on the subject I have decided to reference a new training video that Troy Hunt and Scott Helme have recently published on Pluralsight. For those who have not heard of Pluralsight before it is the largest (and in my opinion the best) online training resource for those looking to learn more about technical subjects ranging from deep dive software programming videos to more “fluffy” subjects like project management and team building (there is even a video on “How to manage a developer” which I found rather entertaining). Pluralsight offer a free trial which is long enough for you to watch a few videos and decide if you feel they are worth paying for (or asking your boss to pay for as I have done).

The great thing about Troy and Scott’s new video is the format it is presented in; the two easy talking experts are not just talking at the screen with a slide show, they are discussing the subject with each other in what Pluralsight call a “play by play”. The format allows for a technical discussion as if you were sat around your desks at work (or even in the pub). They have taken an important technical subject (Browser Security Headers) and made it easy to consume and understand without too much jargon or presumed knowledge.

Read more

Partly for myself and partly for any interested readers I wanted to note down how melodiouscode.net works; what technologies and providers are used and for what purpose. This is not going to be a deep technical article but more of an overview and the basis for some more technical articles in the future.

Although this is a just a simple blog (for now anyway!) I have been using it to learn more about the systems that are out there to support and secure a larger website. Much of the work I have done is overkill for a small blog but I couldn’t talk about security if I wasn’t secure myself!

There are a number of components to melodiouscode.net the larger of which are listed here.

Read more

Two of my employers’ largest clients are law firms, and being law firms they regularly receive instructions from insurance firms for claims to be processed. This is where I come in, over the years I have created (or incremented) many instruction feeds that allow the insurance firms to electronically (normally via XML) instruct the law firms to investigate a claim. These services get hit hard and often; in some cases receiving hundreds of fresh client instructions an hour, this creates a lot of data and transactional records. Storage of this data is the subject of this blog post.

Anyone who has been in a car crash and reported it to their insurer will know that it causes a lot of questions detailing every aspect of the incident. All these questions and answers (plus the schema data) can make for thousands of lines of XML (sometimes tens of thousands if the schema was badly designed!). Be it a good idea or not every service I have worked on has always had a project requirement to keep a copy of the XML in a place that is human accessable; this often ends up being the file system.

You guessed it, I am writing this quick article because I have just been bitten by a system which stored hundreds of thousands of little files in one big folder (it was not written by me).

Read more

Our dog, Daisy the West Highland White Terrier, decided she desperately needed a pee at 5:50 am on Saturday; and the weekend makes it my turn to get up with her! After dealing with her needs and turning on the coffee machine I didn’t fancy picking up the project I have been working on and decided to try something new.

I needed a link for the password reset and password change pages of the project I am working on. I wanted to present the user with some simple to understand advice on how to pick a good password; don’t get me wrong there are some great resources out there but none of the ones I came across was simple enough for what I wanted. Being the over the top domain name owner that I am (seriously I have a problem) I went and bought some more.

On Saturday morning I wrote a simple one-page website that is now hosted on be-a-password.ninja (and beapassword.ninja just for completeness sake). It is a work in progress and just a simple site for the moment, as brain power and time allows it will become more detailed and hopefully more useful to the world. But for now, go and become a password ninja!

If anyone has any suggestions or comments (make them constructive) please leave a comment here!

And for those who don’t know, this is Daisy!

The header image for this post was supplied by @lasayehommes on unsplash.com. Thanks!

Read more