Recently I had reason to investigate a reported vulnerability in the YUI 2 library. CVE-2022-48197 claimed cross-site scripting in the TreeView component, but provided very little detail. Was this a real security issue?
Continue readingAll posts by Tom
Language is tricky — Descriptive versus Selective Identifiers
Here’s a puzzle. Does a “wrapped URL” refer to the wrapped result, or the original URL input that was wrapped?
Language is our tool, but occasionally we can get confused or go in circles over semantics. Find the story of this brain-bender, and how we clarified it, here.
Continue readingSearch JIRA & Confluence instantly from your Address Bar
Hey! Want to be able to open JIRA issues or Wiki pages instantly, without needing to open a bookmark before you can search?
Chrome lets you define custom “search engines” to search JIRA/ Wiki, using only a keyword in your URL bar.
Continue readingSpring Boot — How to hot swap Thymeleaf templates
This is an often-asked question on the Internet — and one which, previously, had no good answer. Now, thanks to @Jianrong Chen, we have a one-liner configuration to do it!
Continue readingAvoiding insurmountable queue backlogs
Queues offer a promise of reliability for integrating applications, but can cause more subtle operational risks.
Queues exhibit ‘bi-modal behavior’ — low latency when everything is working well, but can rapidly form large backlogs when a failure occurs. This can dramatically increase the recovery time from outages.
Amazon offer an extremely interesting article about the reliability of queuing, with strategies to limit and manage backlogging.
How to write a good Git Commit Message
How often have you found commit messages in your Git history to be uninformative? Or alternatively, wordy rambles that are slow to read — and may well not have the information you need anyway?
Headline + Bullet Points is an approach I’ve found to make Git commit messages informative and fast to write.
Continue readingMicro and midi-services: how should I divide my services?
With microservices architectures, one key question is where should the boundaries be. Is every entity a separate service? And how fine-grained should service architectural divisions be? We can offer some simple rules of thumb.
Continue readingPerformance deficits in Apache Cassandra
Recently I was conducting an evaluation of several different databases for a messaging workload. While benchmarking Apache Cassandra, I noticed unusual patterns in performance metrics. I followed these clues and eventually found some major thread-pool design questions and a potential 18x performance gain realizable on Windows.
Continue readingGood names help — can ‘Foo’ hurt?
Naming is the most important part of design. Concise yet meaningful names are hugely important.
One of my top recommendations to improve legacy code, is to improve & clarify naming. Names should be short and sweet, yet meaningful. For example — Customer.Name.
Continue readingHow to handle InterruptedException
Blocking methods in Java often declare they may throw InterruptedException. How should we handle it?
In this article, Brian Goetz explains why rethrowing it is usually the most correct approach.