Search

Freitag, 2. April 2021

Orlovsky Consulting GbR: Nachrichten aus IT Bereich April 2021

 Projekt in Schieflage? Rettung kommt aus Brasilien, Bulgarien, oder Bangladesch

Kommentar: Ich stimme zu den Autor von diesen Artikel, die Anforderungen bei Projekten steigern , aber es passiert halt nichts was viele Firmen zur Verzug bringt. Wir müssen als Deutschland stärker mit anderen Länder kommuniziere wenn wir überhaupt was schaffen wollen.

Schwachstellen bei virtuellen Appliances
Kommentar:  Cloud hat unser Leben erleichtert , aber auch komplizierter gemacht, weil wir dann von den jeweiligen Cloud Anbieter stark abhängen und auf deren Sicherheitsvorgehen stützen müssen.

Veränderungsprojekte: Warum der Change oft nicht rundläuft
Kommentar: Ist kein Wunder, warum in Deutschland bei vielen Firmen die Veränderungen sehr schwierig aktuell ablaufen, da ist es sicherlich Hilfreich , dass man externe Unternehmen bei den Veränderungen in eigenen Unternehmen beschäftigt.

Fachkräftemangel bleibt weiter ein großes Problem für den deutschen Mittelstand
Kommentar: Ich behaupte , dass es gibt kein Fachkräftemängel, das Problem nach meiner Meinung viele Firmen verstehen nicht, dass die Deutsche Gesellschaft sich in letzten Jahren sehr stark gesplittet hat und die viele Jüngere und auch ältere Fachkräfte wollen nur als Freiberufler oder Unternehme beauftragt werden, flexibles arbeiten ist angesagt und wird dauerhaft ein Standard in Deutschland bleiben. Die Angst von Firmenbesitzer die Kontrolle über die Projekte zu verlieren ist auch mit dabei, deshalb die verstecken sich mit den schönen Fachkräftemängel Meinung, aber durch die Corona Krise wird es irgendwann nicht lang halten, weil man wird die Vorteile von der Zusammenarbeit mit externen erkennen, vielleicht ein negatives Jahresbilanz wird diese Unternehmen dazu motivieren, es bleibt weiterhin spannend.

Backups! Backups! Backups!
Kommentar: Im März was sehr stürmisch für mich, darüber können Sie auf der offizieller Webseite lesen.
 
Die Zukunft der Qualitätssicherung: Testautomatisierung und KI 
Kommentar: Qualitätssicherung gerät immer in die Enge Rahmenbedingungen, zwar unter Entwicklergemeinde gibt es dafür sehr gutes Verständnis , aber auf der Seiten von Management gibt es noch nicht ausreichende Unterstützung dafür.

Backups , Backups , Backups!!!!

Heutzutage ist alles modern und sehr stabil,

dies behaupten die meisten Hersteller von PC-Hardware Einzelteilen, nun was Ich vorletzte März Woche 2021 erlebt habe , war bestimmt nicht besonders angenehm und produktiv.

In meinem Büro Ich hatte sehr gute Ausstattung und Ich nutze ausschließlich SSD.
Ich war sehr überrascht und verärgert , wenn plötzlich meine SSD Festplatte anfing langsam und mit vielen Betriebssystem Abstürzen zu „arbeiten“.

Natürlich, dank dem Acronis und die Backups, was Ich immer erstelle konnte Ich meine Daten noch retten, aber trotzdem das Problem war, dass SanDisk Dashboard, also Tool was den Zustand von der Platte anzeigt, nichts über die Probleme berichten konnte.

Mir blieb nichts anders als die Platte auszubauen und diese zurück an den Hersteller in Polen abschicken und abwarten , wann die mir einen passenden Ersatz schicken würden.

Gleichzeitig Ich habe mir die SSD von Samsung bestellt und innerhalb von der letzten März Woche über DHL geliefert bekommen.

Die Corona Krise , setzt enormen Stress auf die Geschäftsprozesse , weil wenn man was schnell Bestellen muss , so muss man warten und hoffen , dass die Lieferung klappen würde, für uns den Kleinunternehmen es ist besonders Anspruchsvoll, weil unsere Kunden können nicht eine Woche lang bei kritischen Aufgaben warten und sind stetig auf die Schnelligkeit und die Lieferung von Quellcode angewiesen sind, Ich habe es Geschäft zum Teil weil Dank dem Acer Predator Triton 500 Ich habe meine Entwicklungsumgebung, aber natürlich doppelte Arbeit weil man die letzten Commits der Woche auf der defekten Festplatte hatte.

Logische Frage warum schreibe Ich öffentlich darüber?

Viele IT Beschäftigte arbeiten aktuell von Zuhause und können es kaum trennen , aber die Backups machen muss man Regelmäßig, es ist wie die Hände waschen bei Ärzten denken Sie darüber wie Sie reagieren würden, wenn auf einmal Ihr Rechner nicht mehr richtig funktioniert und es keine Reparatur Dienste gibt  und keine Shops arbeiten (sehr Apokalyptische Szenario) , aber es ist durchaus realistische, Ich habe es zum Teil erlebt und kann sagen es fühlt sich nicht so gut, weil man die Vertraglich vereinbarte Leistungen nicht realisieren konnte und die Arbeit stand still.

Meine Rat, falls Sie keine Backups haben, fangen Sie es an!
Kaufen Sie sich große Festplatte und die Software für die Backups und noch besser kaufen Sie sich zusätzlichen Laptop , wenn was richtig Kaput geht, dann können Sie immer noch die Probleme melden und auch zum Teil Ihre Arbeit weiter machen, Ihre Arbeitgeber wird Ihnen schon die kosten erstatten keine Frage.

Besonders bei Festangestellte Mitarbeitern diese Gedanke fehlschlägt, weil die haben sich auf die Firmenbackup Strategie die ganze Zeit sich verlassen, aber wenn man remote und auch sogar von zu Hause arbeitet , dann nach meiner Meinung es gehört zur guten Sitten sich zusätzlich abzusichern , weil die geleistete Arbeitsstunden nicht mehr wieder zurückzuholen sind und man erzeugt ungewollten Unmut innerhalb von Team , wenn man auf die Ergebnisse von jeweiligen Teammitglied sich verlässt.
Also was ist Ihre Backup Strategie?

Meine Firma und Ich haben davon eine gute lernende Erfahrung gesammelt, trotz diesen Umständen und Problemen Ich wünsche Ihnen sehr gesunde und ruhige Ostern, lassen Sie sich nicht demotivierend wir haben in 2021 noch vieles gutes und positives zu erleben und die Problemen bleiben in der Vergangenheit!

Samstag, 13. März 2021

Help Texas to recover from catastrophe!

 This is very big catastrophe in USA , they were hit pretty hard and  many people in Texas just trying to survive trough very , very bad environment!




Mittwoch, 3. März 2021

5: Final conclusion about running Gluu Server

 5: Final conclusion about running Gluu Server

The implementation of the security layer still in the "making" phase check this page later! Thanks!

This is is it final conclusion ;)


4: Integration with my Angular app

 4: Integration with my Angular app

Once before undergo actual implementation of Oauth2 some important preparation is needed:

I will go through following Github repos:

Even more reading of documentation:

Books reading: 

  1. Solving Identity Management In Modern Applications Demystifying OAuth 2.0, OpenID Connect, And SAML 2.0 by Yvonne Wilson , read the book review here
    Comment: this book pretty abstract , but it describes different OAuth 2 protocols, some of them simple and some of them are not, still this book doesn't provide how to do it in Angular?
  2. Securing the Perimeter Deploying Identity and Access Management with Free Open Source Software by Michael Schwartz , read the book review here
  3. OAuth 2.0 Identity and Access Management Patterns by Martin Spasovski read the book review here
  4. OAuth 2 in Action read the book review here
  5. Mastering OAuth 2.0  book review in progress
  6. Oauth 2 Cookbook
Video course online:
  1. Getting Started with OAuth 2.0 at pluralsight
    Comment: well that was interesting , but too abstract, better then the experience with book
  2. OAuth2 & OpenID Core Best Practices For Implementers 2020 at udemy ,
    Comment
    to simple after all previous experience!
  3. Understanding Oauth2 With NodeJS at pluralsight ,
    Commentthat was interesting actual code examples in java script  , still hard to follow most software architecture not explained and depends on NodeJs e.g. Node Express implementation, but rather code details are explained, still not what i expected.
  4. OAuth 2.0 Deep Dive Volume 1 Comment: need to watch ;)

Only after so much reading and code review, I would have pretty good understanding about how to implement web  security in my Angular project, so stay tuned for more info!


So whats next?!


3: Admin stuff and set up for Gluu Server

3: Admin stuff and set up for Gluu Server

Are we there yet?

Looks pretty cool and it is time to read the docu: https://gluu.org/docs/gluu-server/admin-guide/oxtrust-ui/

Cool there lot’s options to configure , if you know what you need to configure touch them, otherwise don’t! I try to go through each of the configuration options and give brief comments about it.

Manage Authentication

In manage Captcha I setup following and I hope make sense


I am not sure why CAS Protocol is empty

One strange thing that Person Authentication Scripts is mentioned as Manage custom scripts in the official Gluu server guide:

Manage Registration

This is obvious enough, sure I wished from the UI perspective have differently named options, but well its cool enough for me.

Attributes

Read the following docu https://gluu.org/docs/gluu-server/admin-guide/attribute/

Import/Export Attribute LDIF

Interesting options where you can copy attributes from another gluu serve instance, but I don’t need it for my case.

Cache Refresh

This even complex , use it whenever you think it make sense to you, but seriously attaching Microsoft Active Directory is kind of overkill.

LogViewer Configuration

This is pretty obvious in my opinion additional logger is not require  , but well some people like to overcomplicate the stuff.

View Log File

This is pretty cool feature, when you for example don’t want to use ssh , you can use this page for looking into Gluu Server messages.

There lots of logs which you view, for me currently that’s not so critical , but some folks from devops love to look hours into logs, not me , I basicly prefer to react on event  (not working server, security issue, hardware failure) and that’s it.

Server Status:

Cool here you see basic info, which I like, because you are not overwhelmed by the data ;)

Certificates:

Read the Gluu online docu  https://gluu.org/docs/gluu-server/admin-guide/certificate/

What have Gluu Server next in “store” ?

In my case only OpenID and UMA was displayed, so for OpenID read the following

online docu 

Scopes:

This is pretty OpenID specific, i just say that even more time need to be spent on reading  scope claims 

Clients:

This obvious too, here you can specify additional client which would be
authorize to use the OpenId at Gluu Server

UMA: 

Read the online docu https://gluu.org/docs/gluu-server/admin-guide/uma/
My impression , another feature of Gluu Server which you can touch only  if you know what you doing.
Basically it’s a interface between different auth servers. I Wonder why its enabled by default? ;)

Users:

Well this feature is pretty important , because here you can see the list of users which allowed to use Gluu Server for authentication and authorization purposes!
Read online docu https://gluu.org/docs/gluu-server/user-management/local-user-management/

Groups:

Show the list of groups with different authorization purposes

Manage people:

Here finally you can add a Person

Import People:

Here you can import users from Excel, this is not applicable in my case, because I don’t plan to insert manually user , this rather administrative job , which I don’t like to attend to.

The last feature of Gluu Server is a Personal tab : basically here you would see your administrator personal data , you can change the values in this tab trough the user search in another tab, don’t forget to setup the right time zone 

So whats next?!


2: Actual installation of Gluu server

 2: Actual installation of Gluu server

Read this documentation and follow specified instructions in the documentation bellow (for each Linux distro your experience can be very different): 

So Gluu server installed what’s next?!

Then at this point you need to run after install setup describe here 

Run with command setup.py  -c
Reference youtube video: 
You will be ask about your hostname: don’t provide stuff like localhost or ip address, write something creative like:

tuxatwork.gluu.org or pinguineattack.gluu.org 

Please notice that it should be qualified domain name , if you plan to have in future own domain , well use this domain name!

THIS IS VERY IMPORTANT OR OTHERWISE IT WOULD NOT WORK AS YOU EXPECTED!
Make sure that your fully qualified domain name is listed in /etc/hosts

Here you can find good example

So this my last warning use proper hostname: like mainframe.gluu.org or mainframe.info.org Basically it should look like this ip-address yourhostname.gluu.org I would provide some further screens, because it’s hard to explain ;)

this is what you see when you run setup Python script for the first time (this would you see without parameter running setup without –c parameter!)

Then on the next screen you will see some boring info,

just type orga name which you represents, email , city name and etc. next screen you need to pick the services which you want to install, I choosen

Apache Server and the Admin GUI Gluu product services web page, there you would get information about each of
possible service ;) (this would you see without parameter running setup without –c parameter!):

Next finally you see following:

Or with running with parameter –c

This is somehow tricky, my best advise use this default,
because installing way to many services is not sane and before you install
them think about your production case in any case my best advice look up what those services doing
and if you find them useful only then install,
in my case of single page application I use default settings ;)

Don’t forget to setup a oxTrust password for your login: which should pretty complex
and not brute forceable and shouldn’t be easy “hackable”!

The following steps are optional, follow them
with caution:

Then you can pick the persistence which in the case of Gluu  Server is a Couchbase and set the password for the admin of couchbase!

If Couchbase is not installed, well then use following guide https://gluu.org/docs/cb/,
well that wasn’t really helpful!!

Use the official Couchdb guide

Don’t forget to check that you install community version of couchdb!

Try https://access.redhat.com/solutions/10154  and download package in chrooted environment

/opt/dist/couchbase/ rename  couchbase community to enterprise edition example like following:

mv couchbase-server-community-6.6.0-centos8.x86_64.rpm \ couchbase-server-enterprise-6.6.0-centos8.x86_64.rpm

Oh my good it’s so difficult to setup the couchbase, well in my case I start from this point i do all steps without couchdb!!!!!

After many times of failure with couchbase setup I finally   decided to give up on couchbase usage in such small test case!

Here you actually select what you prefer to store in OpenDJ , I decided to stay with default settings, but even if you unselected , as you can see on following  screenshot those properties would be save in the Couchbase (If of course you was able to connect to it).

The following steps are important, follow them
with caution:

This is what you see if you selected install couchbase!
(this what would you see without parameter -c):

Wasn’t so difficult afterwards?! ;) Nope it is DIFFICULT!!!!!
After that confirm your packages selection! (this what would you see without parameter -c):

Now, if all packages as presented display , then hit next , finally the Gluu server installation begins and hopefully nothing brakes!
If you trying to use couchbase you can experience following errors, the Gluu setup wasn’t able to resolve them, because couchbase have pretty complex configuration
setup, but overall for my case I don’t use couchbase.


Finally after like 6 installation “trials” I have completely and successfully installed the Gluu server.


Man that’s was a lot of work, but it  was worth it ,

don’t forget you creating your own identity access provider service  , which allows you to have complete independence
from the famous identity cloud providers!!
Check what runs on your box: netstat –tulnp

You will see active open ports on your Linux box, Gluu Server takes a few minutes so wait like 10 minutes before running this command.

1. Preparation for Gluu Server installation

 1. Preparation for Gluu Server installation

Read this guide for the installation: https://gluu.org/docs/gluu-server/4.2/installation-guide/

Now take the decision with a supported by Gluu Server Linux distribution, I decide to use CentOS 

Simple, because there 0 license fees and its binary compatible to RHEL installation packets.

Now before going further make sure that your machine or vm meets following criteria, I recommend to go above , because with minimum req you would be to install Gluu server , but probably wouldn't perform as you expect! 

So here are minimum requirements for the VM instance:

  • 4 GB RAM
  • 2 GB swap space
  • 2 CPU units
  • 40 GB disk space
  • So this basically how my test machine in Vmware look like:

    Initially I tried with minimal setup, but it didn’t worked as I expected

    and with this setup all worked out ;)

    And this how I partition my test machine and I use everywhere ext4 ;)

    • SWAP  8 GB
    • Boot    1 GB
    • /  Rest 51 GB

    All looks great!

    Open port 443 with following command:

    firewall-cmd --zone=public --add-port=443/tcp --permanent
    firewall-cmd --reload

    Installation of CentOS is complete! 

    What’s next?!

    Back to main article

    0: Introduction to Gluu Server and reasons behind running own IAM Service

    0: Introduction to Gluu Server and reasons behind running own IAM Service

    Good introduction about Gluu projects: 


    Gluu Server using following licensed lib’s : look up following page: 

    https://gluu.org/docs/gluu-server/4.2/

    Many developers depend on external cloud based identity provider’s service’s and most times those services work without any problem, but if you ask me in 2021 would you alone count on those services, I say No!

    There many reasons to run own identity management service and one of them, which my main personal reason is that I am responsible businessman which deeply cares about data protection and integrity of the users which would use my platform.


    Furthermore, the external identity management service providers won’t  allow my company to audit the authentication and authorization services which my company must verify.

    It’s simple fact, sure many individuals and companies are believing what those companies telling, but we at Orlovsky Consulting GbR know how many USA and EU companies operating and without external validation of their implemented security , there always would be a health and reasonable doubt that what they doing is wrong.

    As product owner and full stack developer for project Job manager 2020 I take security very serious, because I want to guarantee the best possible experience during the usage of my platform, so here we go this is basic introduction and lets start with real work!.

     Whats Next?!

    Back to main article

    Integration with Gluu Server for authentication and authorization in Angular app!

    Integration with Gluu Server for
    authentication and authorization
    in Angular app!

    Today i start my “own road” to running own opensource Gluu IAM Server (Identity access management provider service) for my company opensource project:

    Job Manager 2020 Angular Version!

    My plan to read some books about OAuth2 security protocol and spent lots of time configuring the Gluu Server and run locally for tests and then later in cloud or in hybrid environment. (Depends on future scale and complexity of  this project)

    I think this would be very interesting , because not only i would use best practices in web security , but i gather experience with running of Gluu server, which in my opinion the best option for IAM opensource solution.

    Websecurity is a big topic and Oauth consist of man different important details which as web developer should not ignore.

    Here you can read about different phases of
    my experience working with
    Gluu Server and Oath2 security protocol.

    0: Introduction to Gluu Server and reasons behind running own IAM Service

    1: Preparation for Gluu Server installation

    2: Actual installation of Gluu Server

    3: Admin stuff and set up for Gluu Server

    4: Integration with my Angular app

    5: Final conclusion about running Gluu Server

    About Job Manager 2020 Angular version!

    So you want to know more about this project ?


    This is a opensource platform would revolutionize the way how job seekers manage they data , about where and when the applied at the different companies.

    Typical case would be that user generates email with all needed data to apply at particular company and if user allowed to be contacted by other companies, companies can and probably actively see contact with such job seeker.

    Sure i have in mind the IT professional, but such platform can be enriched with other feature like different job profile.

    So what is the most valuable feature in this platform?

    Jobseeker would get a opportunity to stand out from the people who too looking for the job , but don't use such platform.
    Finally companies don't need to spend to much time on seeking people via different platforms , because they would  contact a job seeker via such platform and i plan in future to integrate with other big job openings platform's so that there would be more options. 

    Job seekers organize theirs data in very structured way and companies don't spent time on puting the openings in many different platforms and just contact such users via opensource platform.

    Are you investor , or not sure what i mean, not a problem !
    Contact my company and we would be able to help you further!




    Montag, 1. März 2021

    Newsletter of Orlovsky Consulting GbR Ausgabe 2021 Monat: März

    Agilität: Offen tun und hierarchisch denken:  https://rb.gy/70pahq

    Kommentar:  Interessante Beobachtung, anscheinend es gibt noch viele Unternehmen , welche nach Wasserfall arbeiten oder arbeiten würden.

    Azure Sphere OS Built on a Compact   https://rb.gy/3wg3wn

    Kommentar: Microsoft hat sehr interessantes Linux für den eigenen Cloud gebaut , wow!

    Die Zukunft ist beweglich: Quo Vadis, Agilität?:
      https://rb.gy/72b63d

    Kommentar: Sehr interessante Beobachtung über die Veränderungen in den grossen Projekten, es ist definitiv geht alles die Richtung von Agil wie sonst. 

    Manager sehen hybrides Arbeiten als Modell der Zukunft: https://rb.gy/p1pp2m

    Kommentar: Klar durch Corona hat einiges geändert und es wird nicht besser, wobei dieser Artikel sehr positive Zukunftsperspektive kennzeichnet

    Buch Review Business Analysis und Requirements Engineering: click here for the review on books review

    Kommentar: : Ich habe sehr interessantes Buch gelesen, es geht um meine Lieblingsthema Projektanforderungsanalyse und wie man diese am besten durchführen kann.

    Test nonstop:  https://rb.gy/hfd0hz

    Kommentar:  Imbus hat hier Interessante Schulungen rund um die Softwarequalität und beschreibt wie man die Tests organisiert und durchführt.

    Freitag, 26. Februar 2021

    Newsletter of Orlovsky Consulting GbR Ausgabe 2021 Monat: Februar

    Unternehmenskultur als Erfolgsfaktor agiler-transformationen https://rb.gy/tqi9ql

    Kommentar:  Ich bin auch der Meinung , dass es in der Firmenkulturen viele Probleme und Potenziale stecken und man muss diese nach und nach verbessern. Dieser Artikel ist ziemlich langatmig, aber inhaltlich beinhaltet sehr interessante Ansichtspunkte zu den Agilen Transformationen.

    Cloud-Sicherheit: Fehlende Protokollierung und Fehlkonfiguration als Sicherheitsrisiken https://rb.gy/fbj7vt

    Kommentar: Hier wird ein Sicherheitsbericht genannt , welcher die Cloud Sicherheit durch anonyme Auswertungen auf die Risiken von Cloud Nutzer auswertet und nennt potentielle Risiken für die Nutzung von Cloud.

    So optimieren Sie Ihre Softwareprojekte: https://rb.gy/3y8bhf

    Kommentar: hier werden die Gründe genannt warum die IT Projekte scheitern und wie man die Steuerung und die Verwaltung von den Projekt besser machen können, mir fehlt hier aber das Bezug auf Agile Vorgehen und Scrum.

    Personalbeschaffung Mitarbeiter Recruting im Unternehmen https://rb.gy/3l2msa

    Kommentar: In diesem Artikel werden die Hürden von Personaler beschrieben, die Beschaffung von Personal ist sehr schwer und Ich vermute es wird nicht bessern, sondern noch schwieriger 2021 ablaufen. Ich fand sehr interessant den Vergleich zwischen internen und externen Recrutern, es fehlt aber in diesem Artikeln, dass auch die Mitarbeiter können neuen Personal anwerben und es auf jeden Fall länger hält.

    Web security in 2021 is challanging: click here to read more!

    Kommentar: Hier Ich beschreibe , was wir aktuell in 2021 als eine Hürde bei Authentifikation and Authentifizierung haben und welche Lösungen aktuell auf den Markt gibt.

    Testautomatisierung für mehr Kontrolle und Geschäftswert  https://rb.gy/rjnfaj

    Kommentar: Sehr schönes Artikel, die Qualität ist sehr wichtig, wer was anders behauptet wird irgendwann damit konfrontiert, dass das Projekt schief ablaufen wird. Mir gefällt auch, dass Raffi Margaliot Senior Vice President und General Manager im Bereich Application Delivery Management, Micro Focus  eindeutig unterstützt die Idee , dass man die Qualität von Software sehr ernst nehmen muss und auch in schwierigen Zeiten wie wir jetzt haben die alle zur verfügung stehende Möglichkeit nutzt um es zu verbessern.

    Web security in 2021 is challenging!

     Web security in 2021 is challenging!

    What do I mean by such statement?
    First of all ask yourself how do you implement or control the authentication and authorization in your project/s?

    How you audit and or make sure that identity security providers , really secure theirs stuff?

    Think about those questions for 5 minutes……


    Done ? Good!

    Let me explain my thinking pattern about it:
    so a typical JavaScript based SPA (single page application) there no default out of the box solution which would give you a quick answer for a authentication and authorization problem. 
    In particularity Angular, Vue and React don’t recommend you to use any particular implementation or framework for solving security requirements.

    It’s all depends on OAuth2 security protocol!

    I think as developer or whoever responsible for security it is a major obligation to think about how to protect sensible user data and in the past it was achieved thought SSL and cookies, SQL database and backend session management. 
    Many web developer don’t consider such solution as good and proper for modern web SPA and they prefer to use JWT  (JSON WEB TOKEN) and some sort of cloud and «secure» entity provider.

    The most famous are:
    openID open standard which hosted and provided by different cloud providers

    Sound easy enough, but wait a second, think about dependency!

    OAuth2 in the nutshell: is a security protocol which ask user for key and get it and if all ok , then in return you get a security token, by which later you as user authorized to enter the SPA and do some stuff on it.
    There would be some restrictions areas of SPA to which you as user shouldn’t be allowed.

    Sounds really great! Secure and pretty complicated in the implementation!
    Consider what the external security identity providers can really do for you: Okta and Auth0 are not OpenSource and if you use them commercially or for free you need somehow able to audit those security protocol before going into production with full implementation, because once decided , then later  it would be very, very, difficult to change.
    In java script community some folks prefer to use Facebook , Google and even Apple for authentication and authorization purposes and opensource http://www.passportjs.org/ help to do exactly that.

    For me as independent consultant and a company, we strongly believe that client’s needs must be met with high quality and certainly having a solution with only one secure entity provider is not satisfactory and not long term applicable (entity security provider companies not always able to keep up one and the same quality for very long time, it just a nature of things!)

    For my project I decided to use an opensource entity provider Gluu Server https://gluu.org , which can be used as commercial and as free solution and hosted almost everywhere!
    For my project Job manager 2020 https://github.com/orlovskyjavaprofi/jobmanager2020AngularVersion ,   this is very suitable solution, because then I can run it all with very small cost, but with high quality and high security. When I think about web security, there is no silver bullet, we as users should know how good our data is protected and what kind of security measures companies use.

    In general as user you don’t think about, but in enterprises were lots of sensitive data, which must be protected this concern and my company always looking for suitable solutions and iterate on the best known industry practices.
    Stay tuned, because next week I would write about my Gluu Server integration experience, how really it compatible with latest Angular App and what to think about!


    Recommended websites for more information about web security with Oauth2 and Angular:

    https://bit.ly/3pUXWJz
    https://bit.ly/2ZVHRbX
    https://bit.ly/3kpAtPA
    https://bit.ly/3bF4qqZ
    https://bit.ly/3aWuazM
    https://bit.ly/3bLD2aG
    https://bit.ly/2ZQ9bsa
    https://bit.ly/3q65jhD
    https://bit.ly/3qSF2V3

    Recommended literature for getting an idea what actual challenge in Websecurity:
    Solving Identity Management In Modern Applications Demystifying OAuth 2.0
    Securing the Perimeter Deploying Identity and Access Management with Free Open Source Software by Michael Schwartz
    Oauth2 in Action

    Freitag, 5. Februar 2021

    Work in progress SOE2500 : Player units

     Finally I have some good news about the developing state of my Game SOE 2500   , today I present player units (very rough prototype!).


    Here is another example of my previous prototypes!


    This is how it would look like conceptually!

    If you don’t know what to expect in my game?

    Let me give you short description:

    core gameplay are the missions, the player would play as ruler (male or female) of human survivalist civilization motivated by the high stakes, struggle and conquest of the land and sea on planet Earth. This game inspired by familiar themes of my favorite games like Alpha Centauri, Civilization, Command and Conquer.
    This game I developing in part time and as Indie developer if any studio or publisher is interested , then visit my official company site  and send me a contact request!

    Besides all of that, I use Unity3D as my main game engine, the assets which you see here partially from Unity3D store and partially from other 3D modeling online platforms, I have another stockholder of my company which is professional 3D designer and which helps me to do all other 3D stuff like animations and movies.

    If you interested into my overall game dev experience with Unity3D ?

    Unity3D is interesting 3D engine, it has both visual and scripting part covered and the best thing it use C# which is very , very familiar to Java so if you know Java you can start write code and by happy.

    Furthermore Unity3D supports Nunit test
    , so this is pretty important to me, because I can write lots of test and cover any behavior of my game objects in Unity.
    The asset store is great and the community , online course's and the documentation is very good, so if you consider to try yourself as game developer try Unity first, because many game dev concepts which you will see in Unity exist in other game dev engines.

    When I think of my experience of game dev itself in Unity3D I really appreciate the amount of work which Unity3D official developers are doing for improving of theirs engine.
    They implement frequent updates of Unity3D engine and you can even ask for support if something fails, in such case you need to describe the steps when and how the crash happens.
    My next iteration of my game developing would be creation of a vertical slice of my game and see and “feel” what my game actually is, so stay tuned for further information ;)

    Donnerstag, 14. Januar 2021

    Firefox and automate your bookmarks, automate opening of new tabs

    During the development time you always wish to speed up your productivity , don't spend too much time for opening the bookmarked pages with different important developer related content! You looking for a solution? Look no further! 

    So here you go!
    The ultimate solution if you need to automate the opening of your bookmarks in firefox browser. This tutorial was tested in Windows 7.

    First create on your desktop or where ever you like the openweblinks.bat file and put following code to it ( address means the website like for example www.javaprofide.de) :

    start "C:\Program Files\Mozilla Firefox\firefox.exe -new-window" address
    timeout /t 2
    start firefox -new-tab  address
    start firefox -new-tab  address
    start firefox -new-tab  address
    timeout /t 10
    start "C:\Program Files\Mozilla Firefox\firefox.exe -new-window" address
    timeout /t 2
    start firefox -new-tab  address

    What this code does ?
    First it starts new firefox window  with given website address, then it waits for 2 seconds and opens a tab in the already opened window.
    After 10 seconds a new firefox window is opened and there once again a tab can be opened.

    So pretty simple?
    I am pretty sure the same stuff can be done in iOS and Linux operatings systems, because it relies on the passing arguments format.

    Please notice, that your machine can be slower or faster then my and you need in some cases to adjust time for waiting , but truly after that one click and you open all you favorite bookmarks, no more time spent in looking and clicking ;)

    Blog-Archiv

    Blog readers favorites