Melvin

SOLID as a rock (Design patterns workshop - PHPBenelux pt 1)

MelvinLouwerse

On 24 and 25 January it was time again for PHPBenelux the 5th version no less. Two days full of PHP talks that started Friday morning with tutorials. My choice of tutorial was “Design patterns workshop” by Brandon Savage.

 

Before the tutorial really started about specific design patterns themselves we went back to the basics and got a explanation of SOLID. Because SOLID is the base of most of the design patterns and Object Orientated Programming. SOLID stands for five principles that should help with the making of better, more testable and easier extendable code.

Lees meer
Melvin

It's becoming a pattern (Design patterns workshop – phpbenelux pt 2)

MelvinLouwerse

A continuation of the last blog about the "Design Patterns workshop: by Brandon savage during the PHPBenelux conference 2014

Lees meer
Boy Baukema

4 HTTP Security headers you should always be using

BoyBaukemaSecurity

What started as a dream for a worldwide library of sorts, has transformed into not only a global repository of knowledge but also the most popular and widely deployed Application Platform: the World Wide Web.
The poster child for Agile, it was not developed as a whole by a single entity, but rather grew as servers and clients expanded it's capabilities. Standards grew along with them.

While growing a solution works very well for discovering what works and what doesn't, it hardly leads to a consistent and easy to apply programming model. This is especially true for security: where ideally the simplest thing that works is also the most secure, it is far too easy to introduce vulnerabilities like XSS, CSRF or Clickjacking.

Because HTTP is an extensible protocol browsers have pioneered some useful headers to prevent or increase the difficulty of exploiting these vulnerabilities. Knowing what they are and when to apply them can help you increase the security of your system.  

Lees meer
Milan

Co-development teams

MilanVerzijlbergh

Bij onze software development trajecten werken wij met projectteams. Afhankelijk van het soort en de omvang van het project wordt een team samengesteld op basis van de specifieke technische kennis en kunde van de developers. Vaak bestaat een team volledig uit developers van Ibuildings, maar we werken ook in co-development teams waarbij naast developers van Ibuildings ook eigen developers van de klant aan het project werken. 

Bij zo’n co-development traject is het noodzakelijk om extra aandacht te besteden aan een goede fundering voor het project. Naast een introductie in de tools die Ibuildings gebruikt bij software development projecten, moet er ook overeenstemming zijn over de werkwijze die aan het project ten grondslag ligt. Met andere woorden, ervoor zorgen dat we als team dezelfde taal spreken.

Lees meer
Martijn

Ready steady cook

Martijnde Letter

Afgelopen woensdag hadden we de laatste interne workshop van het jaar en deze ging over de best practices met Vagrant en Chef.

Lees meer
Ross

Workshops, workshops everywhere

RossTuck

Ibuildings organiseert regelmatig een interne workshop. Hierbij worden (veelal) technische onderwerpen behandeld en aan de hand van een opdracht verder uitgewerkt.

Maar hoe maak je een workshop over Symfony 2 en Domain Driven Design (DDD) interessant voor iedereen?

Lees meer
Ross

ETags for the Uninitiated pt2

RossTuck

In the opening to this series, we discussed what ETags are and demonstrated their most common use case, caching. This time around, we’ll look at a lesser known but perhaps even better feature of ETags: keeping changes safe when writing to the server.

Lees meer
Boy Baukema

Secure your REST API with OAuth2 Implicit Grant

BoyBaukema

These last few years have seen the rise of some amazing frameworks oriented towards Single Page Application (SPA) like ExtJS, AngularJS, Backbone, Ember, etc. Following the trend where Front-end and Back-end separate. Client side technologies are now being managed by one team and Back-end services by another. This Separation of Concerns is wonderful for implementors as you only need a specification of the API and you can develop functionality concurrently. However all this client-side functionality often leaves the question: How are we going to secure the API if, at least in theory, it should be open for the browser of any device anywhere on earth? (no, we do not support the ISS).

Lees meer
Ross

ETags for the Uninitiated

RossTuck

Yet, ETags are one of the features that are the hardest to get right. Sometimes it’s not even clear how they work and while there’s a lot out there on the subject, it can also be difficult to put it all together. Developers frequently play either client and server roles in this exchange, which can make the responsibilities even more confusing.

In this series of blog posts, we’re going to look at ETags from both perspectives: First, a client trying to consume an ETag-enabled API. By focusing on the client side, we can focus on the features ETags offer and learn how these are supposed to look in a perfectly implemented world. In a later post, we’ll look at the gory details of how that API implements ETags and does the appropriate checks.

Lees meer
Boy Baukema

Verifying our software with OWASP ASVS

BoyBaukema
"If a tree falls in a forest and no one is around to hear it, does it make a sound?"

Likewise if a software project is delivered and no one has looked at security, can it be said to be secure?

If a tree falls... by Dunc(an) When a customer commissions Ibuildings for a new application, he usually has plenty of functional demands (I need it to do X and also Y and Z... oh and can I get A?). And maybe some thoughts have been given to performance metrics, but security? Well... it "needs to be secure".

Lees meer
Martin

Boosting mobile deployment with PhoneGap Build

Martinde Keijzer

In July 2011 Nitobi (now acquired by Adobe) released a stable version of a small library called PhoneGap. It's main purpose was to close the gap between web- and native applications. This was achieved by wrapping web applications in a native app for each supported platform. Another feature to close the gap is to expose Javascript API's for functionality which is otherwise only available to native applications.

Lees meer
Martin

DMCRadio: CocoonJS

Martinde KeijzerJavaScript

Episode: 2012 - 12 
Ibon Tolosana 
CocoonJS is a native wrapper for HTML5 canvas based applications/games.Without any code changes and thanks to its OpenGL canvas bindings CocoonJS is able to execute you applications with almost a 1000% performance boost.CocoonJS offers native iOS and Android deployment environment. It is highly focused on monetization since applications deployed in CocoonJS have out-of-the-box Ad networks and tracking systems integration. Other features like asynchronous websockets, localStorage, facebook integration, etc. are available too. All this magic is achieved directly, without cross-compilation processes or being limited to custom APIs.

Lees meer
Martin

Getting started with Sencha Touch 2

Martinde KeijzerJavaScript

The web as a mobile platform

The web has been a great place on desktops and laptops for quite some time, but with a booming growth of mobile devices like tablets and smartphones, the internet has become increasingly more interesting on these devices as well. Building mobile apps for the web has some advantages when compared to native development, before we start with Sencha Touch 2 we will take a look at these advantages.

Lees meer
Martin

DMCRadio: Mobile Performance Considerations

Martinde Keijzer

Episode: 2012 – 09
Estelle Weyl 
Mobile browser performance is challenged by bandwidth, battery, and memory constraints. Slow loading and reacting sites create bad user experiences. Sites that drain batteries or crash the browser are infuriating. Porting a web application designed and developed for desktop devices—devices with virtually unlimited memory, and literally unlimited power (they’re plugged in, not running on battery) in many cases just doesn’t work. By understanding mobile limitations and keeping mobile in mind throughout the development process you can create more responsive, faster downloading, less battery consuming applications.

Lees meer
Martin

DMCRadio: Apponomics

Martinde Keijzer

Episode:2012 - 01
Pratik Patel 
You've got a great idea for a mobile app. You have a team together. You're building the killer app. Do you know enough about the various app stores to know what to do next? How about pricing strategies for iOS and Android? Have you thought about the Nook Color and Amazon Fire? In this session, I'll bring my experience as CTO of TripLingo, an Atlanta company developing foreign language learning apps. TripLingo has been featured on the iOS store a dozen times, as well as the Android market and Nook store. 

Lees meer
Martin

Understanding Hardware Acceleration on Mobile Browsers

Martinde Keijzer

Episode: 2012 - 04 
Ariya Hidayat 
GPU acceleration on mobile browsers, if it is leveraged correctly, can lead to a smooth and fluid applications, thus improving the user experience. There has been a lot of mentions and best practices of hardware acceleration these days, although so far it has been pretty general and hasn’t provided much technical direction apart from simple magical advice such as “use translate3d”. This talk sheds some more light on browser interactions with the GPU and explain what happens behind the scenes, covering the topic of acceleration of primitive drawing, the use of tiled backing store, and composited layer. Knowing the actual machinery behind hardware acceleration, you will be in the position to plan your strategy to improve the performance of your web application.

Lees meer
Boy Baukema

IB @ 2012.JSConf.eu

BoyBaukemaJavaScript

Ten years ago JavaScript was considered a toy, then the XMLHttpRequest object was discovered, then came the JIT engines, making JavaScript fast, now with new specifications (ES5, ES6, ES7) coming out and more libraries than you can shake a stick at JavaScript is as big an envinronment as any server-side language.

Lees meer