Alexander FO

Published on 11 April

How to Conduct a Developer Performance Review

By Alexander FO , In R&D Management

Performance reviews are a common and well-established practice in almost all companies, from startups to large enterprises. In this post, I’ll give my take on how to conduct an effective performance review for developers. I’ll provide general guidelines that apply to any profession. In addition, I’ll provide some tips that apply specifically to conducting performance reviews with developers. What Performance Reviews Do Regardless of the type of company you work for, performance reviews accomplish the following: The employee can give feedback about their general well-being and attitude toward their particular position and …

# performance review

Published on 11 April

Spring XML External Entities (XXE) Guide: Examples and Prevention

By Alexander FO , In Backend

XML is a markup language that we use to define and categorize data. Data stored in XML format can move between multiple servers or between a client and a server. Once a server receives an XML input, it parses it via an XML parser. XML external entities are basically references in the XML document to files or URLs outside of the XML document. Essentially, it’s an XML standard feature that enables accessing and/or loading external resources. However, this feature can be dangerous, as it can allow malicious actors to retrieve unauthorized sensitive …

# Java, security, Spring Boot

Published on 03 February

RDS Instance Types Explained & How to Choose and Size Yours

By Alexander FO , In Backend, DevOps

Introduction Cloud computing provides us with the ability to deploy infrastructure as code. Not so long ago, to deploy a new database server you had to buy physical hardware: a hard disk, CPU, RAM, power supply, etc. Afterward, you had to install the database server, make it run once the machine starts, provision replicas, set up a backup policy and allocate space for it, handle errors, and routinely update it with security patches and new versions. Wow, it took a while even to write what’s required if you manage databases yourself. Just …

# AWS, Databases, RDS

Published on 03 February

Spring CSRF Protection Guide: Examples and How to Enable

By Alexander FO , In Backend

A Cross-Site Request Forgery (CSRF) is one a common malicious attacks because it requires little technical expertise. The combination of the ease of execution, low barriers for executing it, and the prevalence of targets requires active measures against it. Let’s start with a few definitions. Cross-Site Request Forgery As explained in OWASP, a CSRF, also known as a one-click attack or session riding, is a popular attack vector on a website or SaaS application. It’s a type of malicious exploitation of a website where unauthorized commands are submitted from a user that the web …

# csrf, OWASP, security, Spring Boot

Published on 27 January

Spring CORS Guide: What it Is And How To Enable It

By Alexander FO , In Backend

Introduction A cross-domain call is an HTTP request done via the browser from domain A to domain B via AJAX. An “origin” in the context of a cross-domain call is the combination of the request’s protocol, port, and domain. Originally proposed in the early 2000s, it’s now a standard across all modern browsers. In this post, I’ll explain what CORS is, why it’s important, and how to properly work with it in Spring. Why Use CORS? Before CORS Let’s start by describing the situation before CORS was implemented. Before CORS, a request …

# CORS, Java, Software Security, Spring Boot

Published on 19 January

Spring SQL Injection Guide: Examples and Prevention

By Alexander FO , In Backend

Introduction As hackers find increasingly creative ways to attack applications, organizations must try to stay one step ahead in protecting themselves, even from the most common types of attacks and across a variety of frameworks. Let’s start this post with a few definitions. SQL Injection SQL injection is a common way that hackers and users with malicious intentions attempt to hack applications. In an SQL injection, they “inject” values into a database query in order to gain visibility into the database’s structure and eventually gain access to personal data stored in the …

# OWASP, Spring Boot, SQL

Published on 18 January

Agile Project Management: The Field Guide

By Alexander FO , In R&D Management

Software projects differ from projects in other engineering disciplines. For instance, if you think about a construction project that’s late and off schedule, you’ll (rightfully) think that adding more construction workers to the pool of employees working on the project will speed things up. The same happens for software projects, no? Well, no. It doesn’t. As described in the seminal book The Mythical Man-Month, “Adding manpower to a late software project makes it later” (p. 25). How can that be? This post is about agile project management in software projects and will try to …

# Agile, Software project Management, Waterfall

Published on 12 July

SQL vs NoSQL Performance: Where One Outperforms the Other

By Alexander FO , In Backend, DevOps

NoSQL databases have taken the world by storm in recent years. What started as a niche phenomenon grew to rival the popularity of the “old” SQL relational databases. However, relational databases still have their use cases and are not going to disappear anytime soon. In this post, I’ll discuss the differences between SQL and NoSQL databases and do an analysis of their respective performance. Lastly, I’ll give a list of use cases for which one is better than the other and vice versa. What Are SQL Databases? SQL databases, or relational databases, …

# Databases, NoSQL, SQL

Published on 27 April

Column-Oriented Database Examples: A Helpful List

By Alexander FO , In Backend, DevOps, Misc, Software Architecture

Column-oriented databases have seen a resurgence in interest in recent years. The first column-oriented databases appeared decades ago. However, they have never gained a lot of traction in the market. In recent years, though, big data and cloud computing spurred a new interest in these types of databases. The reason for this is that the unique implementation of columnar databases fits surprisingly well into the workloads and applications run in cloud computing. More on this below. In this post I’ll discuss the following: What are column-oriented databases? How do they differ from …

# Clickhouse, Column Oriented Databases, RDMBS

Published on 06 April

Technical Interviewing: 3 Actionable Tips to Hire Well

By Alexander FO , In Misc, R&D Management

To hire well in 2021 and beyond, organizations need to optimize their hiring process—to be able to adapt to the challenges that a remote workforce and a remote hiring process bring. This post lists three actionable tips to hire good technical candidates in this new world.

# Hiring, Technical Interviews