Joe Freeman

CORS is designed to protect users from cross site attacks where one site has the browser execute code to connect to another site without the user recognizing that it happened. CORS relies on the Web Browser to recognize and block disallowed cross site requests.  Server side CORS does not block service requests or protect a web site from direct interrogation and or programmatic attack. Applications and Internet facing services cannot rely on CORS for general site protection. They can rely on CORS to protect the site when the site is connected to by a web browser.    Companies  should not  consider CORS any type of secure Authorization model. They should implement CORS policies that provide least privilege where possible. Specified by Server, Implemented by Browser Application servers can say that they allow connections from any browser no matter where that original browser session / page originally resided. This makes it simple for any page to aggregate information from multiple

Printing over my wireless connection from my Windows 10 machine often results in the confusing error. Another computer is using the printer  This is weird because no other compute is using the printer at that time :-(  I found the fix in the Cannon forums . Restart the Windows Print Server Search for "Services" on the Windows 10 Start Menu Scroll down to "Print Spooler" Click on restart Done!

Protect yourself! Validate yaml configuration file for syntax errors  before deploying your application.  Don't wait until you fail a deployment to recognize simple copy/paste errors and typos. Unit Test Code Create JUnit tests that run as part of every build. GitHub Find the  source code on GitHub in freemanSoft/ValidateSpringYml .  Source Code The following code validates application.yml.  You can pass in any file name or the wildcard "*" The previous Unit Test exercises the following utility method.  This method can validate all files that match the passed in pattern where  "*" means all yml files. Find the  source code on GitHub in  freemanSoft/ValidateSpringYml .  Original Post 2017 Oct 3

What is the relative value of a new hire in their first year?   The value is impacted based on many factors, the hire's motivation, their prior experience, the hiring company's onboarding process, the culture fit and other factors.  Good processes can dramatically impact the contributions made by new hires.   This posting is really not about about the interview and hiring process's impact on the quality and eventual capabilities new hires.  This posting is about the general rate at which new team members contribute as measured against their eventual capabilities. My main area of experience with this is with technical teams, software developers, testers and technical analysts.  I suspect it is also true for other skill positions and integrated team. Understanding the Learning and Networking Curve The graph shows my gut feel for the rate at which team members contribute within their first year relative to their capabilities. It doesn't rate the new team member

This blog discuss a little the "the Mainframe Servicing System Migration", a project that should considered a  Black Swan A Black Swan Event    The  black swan theory  or  theory of black swan events  is a  metaphor  that describes an event that comes as a surprise, has a major effect, and is often inappropriately rationalized after the fact with the benefit of  hindsight . The term is based on an ancient saying which presumed black swans did not exist, but the saying was rewritten after  black swans  were discovered in the wild.  The Fannie Mae loan processing servicing system replacement was Initially budgeted for  18 months and $75M.  Eventually cost about  72 months and > $800M. The project turned out to be a black swan that could have bankrupted other less stable companies. In the Mid 2000s Fannie Mae closed out either Q3 or Q4 in that year with a recorded profit of $1B. This was a "peak profit" period that stood out. They decided to push some

Enterprise level sales representatives are a whole other breed of person from their pre-sales engineer. Enterprise sales representatives execute and help formulate corporate sales strategies and programs.  They must be extremely self-confident sometimes carrying entire companies on their backs. Sales representatives performance directly impact the job stability of everyone else in the company. Pre Sales Engineers do best when they understand the personalities and styles of their partner representatives.  Two major personality types are hunters  and farmers. Most people are a mix of the two but some are hard core hunter or farmer. A Note on the Danger of Stereotypes Hunters and Farmers are descriptive stereotypes.  You rarely run into someone who is completely anything.  Think of this as you would any other personality classifications. It is a useful way of reminding yourself that you may need different approaches with different people in the same jobs. Hunters These folks s

I dabbled in Windows web app Azure deployments for 3 or 4 years before I realized I needed to pay attention to the Resource Group and App Service Plans I was using.   This became especially expensive when deploying CI/CD pipelines while teaching classes or when doing random operations while trying to understand how stuff worked.  I partially blame the great Visual Studio integration / wizards for this.  They made it easy to "start clean" every time I created a new project. Resource Groups let you bundle all the components that make up an applications or composite system.   See the  Azure Resource Manager overview  for more information.   Application Service plans are specific to web and task type deployments.  They describe the compute resources that will be sued by one or more Web Application deployments. You can think of it as a PaaS or Docker type container which is filled with deployments.  Multiple deployments and run in a plan.  A plan should generally not be used a

It is easy to set the iTerm titles to final part of the current working directory and the iTerm window title to be the full path of current tab. Start a new terminal window or tab after making the following changes.  New tabs and iTerm windows create new login sessions that read these file contents. Modify ~/.bashrc Edit  ~/.bashrc.  Create ~/.bashrc if it doesn't exist. Add the following text to the file.  Note that this text has comments that document where I found this on the internet # https://gist.github.com/phette23/5270658#gistcomment-1265682 # https://github.com/fish-shell/fish-shell/issues/2692 # Set iTerm2 tab titles to the last directory in PWD tabTitle() { echo -ne "\033]0;"$*"\007"; } # Set iTerm2 win titles to the full directory of PWD winTitle() { echo -ne "\033]2;"$*"\007"; } # Alias 'cd' to list directory and set title cd() { builtin cd "$@"; ls -lFah; tabTitle ${PWD

This article is about using Z-Wave with a Raspberry Pi.  Z-Wave and ZigBee are the two big wireless players in the Home Automation automation market.  A single z-wave wireless controller can communicate with a large number of devices.  These devices include outlet switches, power meters, alarm sensors, remote controlled light bulbs and other accessories. The USB stick on the left is a Z-Wave Z-Stick S2 that acts as an interface between a computer and a network of wireless devices. It can be controlled via COTS software open source libraries like openzwave .  The outlet on the right is a Z-Wave wireless controlled outlet that reports back power consumption and state. I received this controller / switch pair at the Microsoft Build conference a couple years back.  They were one of the "prizes" you could buy when you earned conference credits for running through the labs.  I really had no idea what they were for a couple years until I took the time to do some research. Th

The build management portion of Maven operates on a type of Template Pattern. Maven moves from lifecycle-phase to lifecycle-phase until there a step failure or until all steps are complete. The following diagram lists the build lifecycle phases. The orange squares represent the main targets that people run. Every phase is executed starting with Validate until the requested end phase is reached. For example "mvn validate"  runs just the Validate  phase. " mvn compile" runs Validate, Initialize, Generate Sources, Process Sources, Generate Resources, Process Resources and Compile. Each Maven Plugin  executes with in a phase. The Surefire  unit test plugin, as an example, typically runs the tests in the Test  phase.  This means that unit tests don't run if Validation, Compilation, class processing or any of the other preceding phases run with errors. Maven plugins can execute in their default phase or in any phase of your choosing.  Lifecycle phase

Static program analysis  is the  analysis of computer software  that is performed without actually executing programs (analysis performed on executing programs is known as  dynamic analysis ). [1]  In most cases the analysis is performed on some version of the  source code , and in the other cases, some form of the  object code . [2]   Static analysis provides a low cost way of automating code review of certain types of source code errors and standards.  Static code analysis, automated tests and code coverage are staples of the Continuous Integration process replacing manual effort with automation. Full featured IDEs implement their own integrated static analysis and test measurement tools. IntelliJ comes with a comprehensive set of integrated static analysis tools and rules.  It can run the rules in an incremental fashion updating results as code is edited.  Rule violations are immediately reflected in the user interface. CI servers and IDEs each have their own system from runn

"Let's do the time warp again..." Video A video version of this blog Business Cycle with Time dependencies? What is a business cycle and why do I need to test it?  I'm really talking about any type of business process that has time based business rules.  The rules can periodic in that they fire on a regular basis or they can one-time based on some time based criteria.  Most of the ones I've worked with are contract oriented or billing cycle oriented. Examples include telecom contracts, home mortgage servicing systems, term based insurance to just name a few.   They usually have some time based sequence of operations, date based rules and may have some type of state machine.   Testing is complicated by the fact that data may need to be of a certain age before processing begins.  Loan payments may need to be delinquent.  An insurance policy may start the renewal process some time before expiration.  Collateralize debt may have payment, reimbursement  an

This post describes the basic relationships of ELBs (now ALBs), EC2 instances and ASGs.  I used AWS for over a year before I realized how Auto Scaling Groups actually interacted with ELBs and EC2 instances. Terms EC2: An Amazon virtual machine used to host applications and services.  EC2 instances can be pooled for scale or failover.  EC2 instances can be based on any of the Amazon EC2 machine types. Elastic Load Balancer (ELB): The basic load balancer provided by Amazon.  They are used as a reverse proxy servers for pools of EC2 instances.   ELBs determine instance health via basic health check operations. Auto Scaling Group (ASG): A control mechanism that manages how many EC2 instances make up a pool. ASGs will create new EC2 instances based on configured pool sizes. They can also auto-scale up and auto-scale down the pool sizes based on load.  ASGs can register created EC2 instances with associated ELBs. Availability Zones (AZ): An Amazon region is made up of variou