Scheduled pipelines now available in Bitbucket Pipelines

BitBucket blog announces the support for scheduled Bitbucket Pipelines.  This is super cool and has been on the wishlist for a while now.  Here are a few examples of how this feature is useful:

  • Nightly builds that take longer to run
  • Daily or weekly deployments to a test environment
  • Data validation and backups
  • Load tests and tracking performance over time
  • Jobs and tasks that aren’t coupled to code changes

Secure Headers – a PHP library for easier management of browser security features

Modern browsers offer a variety of security mechanisms for web developers.  Unfortunately, some of these aren’t so easy to manage.  One needs a deep understanding of the functionality as well as theory behind.  Secure Headers is a library that makes all that work a lot easier for PHP developers.  Here are some of the features:

  • Add/remove and manage headers easily
  • Build a Content Security Policy, or combine multiple together
  • Content Security Policy analysis
  • Easy integeration with arbitrary frameworks (take a look at the HttpAdapter)
  • Protect incorrectly set cookies
  • Strict mode
  • Safe mode prevents accidental long-term self-DOS when using HSTS, or HPKP
  • Receive warnings about missing, or misconfigured security headers

Passwords Evolved: Authentication Guidance for the Modern Era

Passwords Evolved: Authentication Guidance for the Modern Era” is a good collection of guidelines and concerns for password management in the modern day.

Here’s the bigger picture of what all this guidance from governments and tech companies alike is recognising: security is increasingly about a composition of controls which when combined, improve the overall security posture of a service. What you’ll see across this post is a collection of recommendations which all help contribute to a more robust solution by virtue of complimenting one and other. That may mean that individual recommendations such as dropping complexity requirements look odd, but when you consider the way humans tended to deal with that (they’d just choose bad passwords with a combination of character types) alongside guidance such as blocking previously breached passwords, things start to make a lot more sense.

Now there’s just one more thing: as good as all this guidance is, practically implementing it can be somewhat trickier.

How to defend your website with ZIP bombs

How to defend your website with ZIP bombs” has been making rounds on the Internet for the last few weeks.  It’s both sad, that we have to resolve to such measures, and funny as to how tongue-in-cheek this approach is.

Whether you are going to implement it for your web host or not, it’s well worth reading, for a better understanding of what’s going on online, in places, that you are probably not looking at.

The AWS spend of a SaaS side-business

As someone who went through a whole pile of trying and error with Amazon AWS, I strongly recommend reading anything you can on the subject before you start moving your business to the cloud (not even necessarily Amazon, but any vendor), and while you have it running there.  “The AWS spend of a SaaS side-business” is a good one in that category.

Fedora 26 Update

Fedora 26 has been release about a month and a half ago.  But I didn’t have the time to update my laptop until today.  There was also nothing particularly exciting for me in this release, so there was no rush.

Here’s what I had to do today to update my laptop from Fedora 25 to Fedora 26:

# Let's get into root to save a few keystrokes
sudo su -
# Install all updates for Fedora 25
dnf update
# Install dnf system upgrade plugin
dnf install dnf-plugin-system-upgrade
# Download upgrade packages for Fedora 26
dnf system-upgrade download --refresh --releasever=26
# Reboot and install Fedora 26
dnf system-upgrade reboot

If you need more help, have a look at DNF system upgrade wiki page.

The whole process took less an hour, but your mileage may vary.  For me, the download itself was the slowest part.  I had to pull down about 2.5 GBytes worth of packages, and given my office connection, it took about 35-40 minutes.

The installation itself took about 10-15 minutes, for which, I think, the solid-state disk (SSD) helped a lot.

One more reboot later, everything was up and running.  Of all the changes pushed into this version, I think, the upgrade to PHP 7.1 is the one that affects me the most.

Domain names and web hosting research

Web Hosting Geeks published a very extensive research into domain names and web hosting provider options.  It includes the analysis of domain name trends by TLD, as well as over 24,000 hosting companies and how they are doing.

Complete with reviews, and detailed stats about each and every company, I think, this is one of the most complete and in-depth data I’ve seen for a long time.

git add –patch and –interactive

I knew about git interactive staging for a while now, but I’ve never really used it.  Most days I work on a single feature or bug fix at a time and can commit sequentially, one change after another.  For an occasional mess, I found git interactive staging user interface too be too cumbersome.

The last couple of days at work were quite chaotic, with me jumping from one thing to another, and I decided to master that feature once and for all.  Looking for a better tutorial, I came across this blog post, which covers the interactive staging, but also provides a much simpler approach – “git add –patch“.

It’ll take some practice to get it into my finger memory, but I think I’m settled now.