Freitag, 26. Februar 2021

Newsletter of Orlovsky Consulting GbR Ausgabe 2021 Monat: Februar

Unternehmenskultur als Erfolgsfaktor agiler-transformationen

Kommentar:  Ich bin auch der Meinung , dass es in der Firmenkulturen viele Probleme und Potenziale stecken und man muss diese nach und nach verbessern. Dieser Artikel ist ziemlich langatmig, aber inhaltlich beinhaltet sehr interessante Ansichtspunkte zu den Agilen Transformationen.

Cloud-Sicherheit: Fehlende Protokollierung und Fehlkonfiguration als Sicherheitsrisiken

Kommentar: Hier wird ein Sicherheitsbericht genannt , welcher die Cloud Sicherheit durch anonyme Auswertungen auf die Risiken von Cloud Nutzer auswertet und nennt potentielle Risiken für die Nutzung von Cloud.

So optimieren Sie Ihre Softwareprojekte:

Kommentar: hier werden die Gründe genannt warum die IT Projekte scheitern und wie man die Steuerung und die Verwaltung von den Projekt besser machen können, mir fehlt hier aber das Bezug auf Agile Vorgehen und Scrum.

Personalbeschaffung Mitarbeiter Recruting im Unternehmen

Kommentar: In diesem Artikel werden die Hürden von Personaler beschrieben, die Beschaffung von Personal ist sehr schwer und Ich vermute es wird nicht bessern, sondern noch schwieriger 2021 ablaufen. Ich fand sehr interessant den Vergleich zwischen internen und externen Recrutern, es fehlt aber in diesem Artikeln, dass auch die Mitarbeiter können neuen Personal anwerben und es auf jeden Fall länger hält.

Web security in 2021 is challanging: click here to read more!

Kommentar: Hier Ich beschreibe , was wir aktuell in 2021 als eine Hürde bei Authentifikation and Authentifizierung haben und welche Lösungen aktuell auf den Markt gibt.

Testautomatisierung für mehr Kontrolle und Geschäftswert

Kommentar: Sehr schönes Artikel, die Qualität ist sehr wichtig, wer was anders behauptet wird irgendwann damit konfrontiert, dass das Projekt schief ablaufen wird. Mir gefällt auch, dass Raffi Margaliot Senior Vice President und General Manager im Bereich Application Delivery Management, Micro Focus  eindeutig unterstützt die Idee , dass man die Qualität von Software sehr ernst nehmen muss und auch in schwierigen Zeiten wie wir jetzt haben die alle zur verfügung stehende Möglichkeit nutzt um es zu verbessern.

Web security in 2021 is challenging!

 Web security in 2021 is challenging!

What do I mean by such statement?
First of all ask yourself how do you implement or control the authentication and authorization in your project/s?

How you audit and or make sure that identity security providers , really secure theirs stuff?

Think about those questions for 5 minutes……

Done ? Good!

Let me explain my thinking pattern about it:
so a typical JavaScript based SPA (single page application) there no default out of the box solution which would give you a quick answer for a authentication and authorization problem. 
In particularity Angular, Vue and React don’t recommend you to use any particular implementation or framework for solving security requirements.

It’s all depends on OAuth2 security protocol!

I think as developer or whoever responsible for security it is a major obligation to think about how to protect sensible user data and in the past it was achieved thought SSL and cookies, SQL database and backend session management. 
Many web developer don’t consider such solution as good and proper for modern web SPA and they prefer to use JWT  (JSON WEB TOKEN) and some sort of cloud and «secure» entity provider.

The most famous are:
openID open standard which hosted and provided by different cloud providers

Sound easy enough, but wait a second, think about dependency!

OAuth2 in the nutshell: is a security protocol which ask user for key and get it and if all ok , then in return you get a security token, by which later you as user authorized to enter the SPA and do some stuff on it.
There would be some restrictions areas of SPA to which you as user shouldn’t be allowed.

Sounds really great! Secure and pretty complicated in the implementation!
Consider what the external security identity providers can really do for you: Okta and Auth0 are not OpenSource and if you use them commercially or for free you need somehow able to audit those security protocol before going into production with full implementation, because once decided , then later  it would be very, very, difficult to change.
In java script community some folks prefer to use Facebook , Google and even Apple for authentication and authorization purposes and opensource help to do exactly that.

For me as independent consultant and a company, we strongly believe that client’s needs must be met with high quality and certainly having a solution with only one secure entity provider is not satisfactory and not long term applicable (entity security provider companies not always able to keep up one and the same quality for very long time, it just a nature of things!)

For my project I decided to use an opensource entity provider Gluu Server , which can be used as commercial and as free solution and hosted almost everywhere!
For my project Job manager 2020 ,   this is very suitable solution, because then I can run it all with very small cost, but with high quality and high security. When I think about web security, there is no silver bullet, we as users should know how good our data is protected and what kind of security measures companies use.

In general as user you don’t think about, but in enterprises were lots of sensitive data, which must be protected this concern and my company always looking for suitable solutions and iterate on the best known industry practices.
Stay tuned, because next week I would write about my Gluu Server integration experience, how really it compatible with latest Angular App and what to think about!

Recommended websites for more information about web security with Oauth2 and Angular:

Recommended literature for getting an idea what actual challenge in Websecurity:
Solving Identity Management In Modern Applications Demystifying OAuth 2.0
Securing the Perimeter Deploying Identity and Access Management with Free Open Source Software by Michael Schwartz
Oauth2 in Action

Freitag, 5. Februar 2021

Work in progress SOE2500 : Player units

 Finally I have some good news about the developing state of my Game SOE 2500   , today I present player units (very rough prototype!).

Here is another example of my previous prototypes!

This is how it would look like conceptually!

If you don’t know what to expect in my game?

Let me give you short description:

core gameplay are the missions, the player would play as ruler (male or female) of human survivalist civilization motivated by the high stakes, struggle and conquest of the land and sea on planet Earth. This game inspired by familiar themes of my favorite games like Alpha Centauri, Civilization, Command and Conquer.
This game I developing in part time and as Indie developer if any studio or publisher is interested , then visit my official company site  and send me a contact request!

Besides all of that, I use Unity3D as my main game engine, the assets which you see here partially from Unity3D store and partially from other 3D modeling online platforms, I have another stockholder of my company which is professional 3D designer and which helps me to do all other 3D stuff like animations and movies.

If you interested into my overall game dev experience with Unity3D ?

Unity3D is interesting 3D engine, it has both visual and scripting part covered and the best thing it use C# which is very , very familiar to Java so if you know Java you can start write code and by happy.

Furthermore Unity3D supports Nunit test
, so this is pretty important to me, because I can write lots of test and cover any behavior of my game objects in Unity.
The asset store is great and the community , online course's and the documentation is very good, so if you consider to try yourself as game developer try Unity first, because many game dev concepts which you will see in Unity exist in other game dev engines.

When I think of my experience of game dev itself in Unity3D I really appreciate the amount of work which Unity3D official developers are doing for improving of theirs engine.
They implement frequent updates of Unity3D engine and you can even ask for support if something fails, in such case you need to describe the steps when and how the crash happens.
My next iteration of my game developing would be creation of a vertical slice of my game and see and “feel” what my game actually is, so stay tuned for further information ;)


Blog readers favorites