Mockito is Bad for Your Code

Mockito, a tool to make mocking easy, is actively encouraging test code. Here’s why.

What even is “Senior”?

“Senior Software Developer” — says the text on the business card. But what makes someone senior? Is it the age? Is it the years in the business? Know-how? There’s a sometimes heated and, to some extent, endless debate going on what makes an engineer senior.

Don’t Block ICMP

“Don’t ping my server!” — is the sentiment among many sysadmins, and usually leads to a full-on ICMP blocking. But, it’s a terrible idea. Here’s why.

The (painful) Enterprise Way to the Cloud

Use the cloud, they said. It will be great, they said. Why is it painful then?

Go is a terrible language

Go certainly caught a lot of attention. Let’s look at the bad parts!

Go is an awesome language

Go certainly caught a lot of attention. Let’s look at the good parts!

Building a custom SSH server for fun and... containers!

Let’s build an SSH server in Go that launches Docker containers for each session!

Forwarding IP traffic through a VPN

You have two servers and want to serve the traffic for an IP address on one server from another server?

Building an API-driven software: OpenAPI

Now that we have all the basics covered it is time to implement OpenAPI / Swagger in our project.

Getting started with Docker for the Inquisitive Mind

There are a million Docker tutorials out on the Internet, but few explain what’s actually going on behind the scenes when you issue your first commands. So let’s take a look!

Building an API-driven software: Database Access

Since our API-driven software is now running, let’s get started on the database.

Building an API-driven software: Setting up the backend

Let’s start our API driven software by setting up our basics for the backend.

Building an API-driven software: The Plan

Building up a stack with OpenAPI, Spring Boot, SpringFox, React, typescript and Material-UI.

The danger of monocultures

Monocultures already caused the death of one strand of banana. What can we learn from it in IT?

Immutable Infrastructure in Practice — Part 2

After setting up the server as a Docker baseline, we now venture in building a Docker infrastructure.

Immutable Infrastructure in Practice — Part 1

Recently I rebuilt the infrastructure that hosts this website following the principles of immutable infrastructure. Let’s see how that works!

We are at war

There’s an invisible war being waged in the IT industry. A war to find out which way is the best to produce code.

A beginners guide to unit testing

Having anxiety attacks before deployment? Do you keep breaking stuff that already worked? Unit tests are here to help!

Your choice of IDE matters

Your IDE is your best friend when it comes to being efficient. Why do so many people not use it?

Gentoo as a Docker build system?

Gentoo compiles everything from source, which sounds it might not be useful for Docker. Yet, it can be made to build a sub-100 MB image for PHP…

What the *** is an IoC container?

Just what in the name of the allmighy bit is an IoC / Dependency Injection container? If find that this confuses a lot of people. Let’s dig into it.

Make all classes final!

I have a pretty radical suggestion for clean code: make all your classes final!

Why people want Kubernetes?

I’ve previously argued that running Kubernetes is hard. Why do people still want it? Let’s look past the hype train and take a gander through the valuable things k8s provides.

What people misunderstand about OOP

Is OOP dead? Is Functional Programming the future? Some articles seem to suggest so. I would tend to disagree. Let’s discuss!

Monitoring: Basics

Monitoring your application is critical. But how do you do it? What are the important things you need to watch out for?

Immutable Infrastructure?

Immutability is an important concept I talked about before. But how do we apply it to infrastructure?

Host everything yourself!

Often when a big service provider messes up, there is an inevitable slew of people who tout the advantages of self-hosting everything. But is it really efficient?

Fundamentals: The Address Resolution Protocol

How does a computer know what MAC address belongs to an IP? How does ARP work?

Security: What is Cross-Site Request Forgery?

Cross-Site Request Forgery is a pretty well known security vulnerability, yet many developers still fail to secure their applications. Let’s discuss this!

Security: What is Server Side Request Forgery?

Cross-site Request Forgery or CSRF is a well known security vulnerability. But what is SSRF?

Fundamentals: The Internet Protocol

How do you scale a network to global proportions? The answer is the Internet Protocol. Let’s dive into it.

What can we learn from Kubernetes' first major security hole?

Kubernetes first major security hole is out… does this mean Kubernetes is not secure? What can we learn from it?

Kubernetes is hard

Kubernetes won the container wars… allegedly. However, Kubernetes is still hard and causing a lot of grief.

Fundamentals: VLANs explained

How do you run multiple networks over the same physical network? How do virtual LANs work?

Fundamentals: Ethernet explained

Ethernet is one of the most fundamental protocols underpinning todays internet. It is so fundamental that we often take it as granted and don’t even think about it.

Why Immutability Matters

I’ve talked about immutable objects in clean code before, but what exactly are they? Why do we use them?

Why should you use interfaces?

I’ve received the same question from a fair number of people: why would you even use interfaces?

Hexagonal React

ReactJS is a workhorse of frontend development, but it doesn’t do so well in terms of S.O.L.I.D. Can we change it by adopting a classic approach?

The Cookie Cutter Architecture

When it comes to business applications, you need an architecture that scales well. This is my take, based on Uncle Bobs EBI.

Make AWS less painful with Lambda functions

Amazon Web Services can sometimes be a royal pain in the backside, especially because a lot of their services are not entirely feature complete. A lot of these gaps can, however, be filled with Amazon Lambda.

Why testing is hard

Why do so many developers struggle with testing? Why don’t we all have 9x% test coverage on our code?

Fixing upload filters...

Here’s a thought experiment: how would I fix the upload filter law?


Build environments, server setups should be reproducible, even 6 months down the line. How does this work?

The curious case of Interfaces

Interfaces are like internal APIs for your code. So how should you create them?

Mandatory upload filters in the EU?

A new EU proposal would mandate all online platforms to institute upload filters. Let’s talk about that.

LXC vs Docker

LXC is the older of the two, but how do they compare? What’s the difference? Which one should you choose for your next project?

Structure your program based on Intent, not Architecture

When reviewing code I often see folders like model, view, controller, form, etc. There is a way to make your folder names talk, but this ain’t it.

Injection vulnerabilities: Bobby Tables and Friends

XSS, SQL injection, and other injection-class vulnerabilities can cause some serious damage. Let’s root them out!

One Controller, One Action

How many actions do you put in a controller? 5-6? 20? What would you say if I told you my limit is just one method?

Building your own CDN for Fun and Profit

Fresh from the hold-my-beer department, why don’t we build our own little CDN? Oh, and it actually makes sense.

Docker 101: Linux Anatomy

Docker is (mostly) used to run Linux, but in order to successfully create a Docker image, we must first understand how Linux works.

Under the hood of Docker

The runc and rkt container runtimes power Docker & co. But what powers the container runtimes? Read on for a deeper look into containerization technology.

Your marketing tools are killing your site performance

Google Tag Manager is probably the worst thing that happened to the web in the last 10 years. Yes, you read me right. Your shiny marketing tools are murdering your conversions. Wonder why? Read on.

Stop using PHP sessions!

OK, that title may be a little provocative, but PHP sessions have a fatal flaw that make them problematic with modern-day web applications. Let’s take a look.

Why Docker matters and why you should care

Have you ever wondered what all the fuss is about with this Docker thing? Are you having a hard time convincing your colleagues to take it seriously? Well then, read on, I’m going to lay it all out for you.

Intercontinental Docker Swarm

Docker is the new hotness. Swarm is an even newer, even hotter thing. The question is: will it blend? Can it run spanning multiple continents?

Functional Object Oriented Programming

Does the title strike you as strange? Do you think functional and object oriented programming are two fundamentally contradicting paradigms? I don’t think so.

Working with Certificates in Java

Let’s face it, the Java crypto API is a mess. It is extremely hard to use, and very confusing. Let’s try and make sense of this sorry excuse for an API.

A few words on null

If you’ve ever seen a NullPointerException in a log, you know how frustrating it can be. You basically have no idea what happened and why. The stack trace is completely useless and you’re left debugging an application that you didn’t necessarily write. What is this and why does it happen? How do you avoid it?

Interplanetary Filesystem

Quite by accident, I’ve stumbled upon a rather interesting technology called IPFS. It promises to replace HTTP as a transport protocol for websites and scale to interplanetary levels. Even though the claims sound just tiny bit far fetched, the technology behind it got me quite excited.

The loose, the strict and the static typing

There seems to be a great deal of confusion in the programming world what loose, weak, strict, static and duck typing actually mean. Let’s go through it and clear a few things up!

Clean Code: Dependencies

Managing dependencies is hard, especially if we are using third party libraries and projects. Let’s talk about splitting our code into layers!

Datastructures 101: Basics

Why would you learn data structures? You won’t need it unless you are a programmer, database engineer or university student… wait, you are? Never mind, keep on reading.

Clean Code: Responsibilities

I heard you want to be a better coder. You want to use reusable pieces, and you want to have an easier time maintaining older code. You may also want to work better in a team and ensure there are less bugs.

Getting started in Object-Oriented Programming

So you’ve been programming for a while, and you are still stumped with what object-oriented programming actually is? Then this may be the guide for you. We’ll take a departure from traditional explanations and look at a new way of explaining OOP.

Introduction to SQL databases Part 2

In the previous episode of our journey we have spoken about the basics of writing an SQL query. However, we did not speak of the limitations you can place on SQL tables.

Introduction to SQL databases Part 1

Whether you are running a web app, a financial system or a game, you need some method of storing your data. SQL allows you to query most traditional databases, like MySQL or PostgreSQL. Let’s take a look.

What is the CAP theorem?

The CAP theorem is one of the most fundamental principles of distributed system design. Yet, it is often misunderstood or outright disregarded.

Filtering spam with Exim and Spamassassin (properly)

SpamAssassin is a frequently used companion for Exim. However, most people set it up in a synchronous manner – spam is checked directly when the SMTP session is opened. While this is certainly a valid technique, it has it’s drawbacks. It leaves the server vulnerable to DOS attacks because the spam filtering is a big resource hog. Having SpamAssassin headers in the mail from the remote servers is also an issue, because the $h_X-Spam-* variables will start misbehaving suddenly.

Fixing RDNS_NONE with Spamassassin

When dealing with SpamAssassin and Exim, one may often encounter a mysterious RDNS_NONE

Proper time handling with PHP and MySQL

Few developers actually know that not only character encodings but also time handling can cause you headaches when it comes to PHP and MySQL. Contrary to popular belief, PHP’s time handling actually works quite reasonably if you know how time actually works. If you don’t, you may be in for a big surprise when you add 3 days to a date and end up with a date 4 days from now. The answer lies within the *NIX time handling.

Setting up Apache with PHP-FPM

Nowadays nginx seems to experience a serious growth in terms of numbers when looking at HTTP server software. Almost all articles regarding PHP-FPM detail the setup with nginx, very few talk about the good old Apache HTTPd. Admittedly, it’s a little harder to set up due to the myriad hacks layered in it’s internal infrastructure. It has one major advantage however: it handles .htaccess files which allows customers to configure their own little corner of the webserver without poking the admin or endangering the server’s stability.

Don't use FTP — Here's why

FTP has been around since the early days of the internet. Even though it’s old and cranky a lot of sysadmins, especially those just getting into managing a server, still don’t know anything else. FTP is outdated, has a lot of problems and sometimes it can be outright dangerous, however it’s wide spread acceptance as an easy way for transferring files makes it hard to switch to alternative protocols. If you have a choice, don’t use it. I’ll show you why.

Filtering spam with Exim only

Defense against spam has always been a hassle. Statistical filters only get you so far and they consume a LOT of resources. For exactly that reason I like to employ basic checking policies before accepting e-mail at all. These policies have gotten me pretty far and my false positive rate is pretty low.

Logging PHP errors to syslog-ng

Ever so often I get to set up hosts for running PHP. When running a load balanced solution, you have more hosts and reading logs gets complicated, development gets tedious. So what helps, is a central logging server. This is pretty easy to set up with syslog-ng, however PHP has a annoying habit of logging everything with the NOTICE error level.

Debugging applications with strace

There are times, when we get an application and need to find out what it does fast. We don’t have the time to read the source code. Fortunately there are multiple tools to our rescue, one of which is the strace Linux utility. strace means system call trace, it shows us every system call the application does, such as opening or reading a file, writing data to a network socket. It’s not a magic pill, it won’t show the internal working of the application, but it’s still very useful to find out what it does externally (IO operations and such).

The Big Exim Tutorial

In September 2009 I created the big Exim tutorial consisting of 5 parts on the Hungarian Unix Portal. In January 2010, I transfered it to my Hungarian site. Now I’m translating it to English.