• IntelliJ IDEA, ReSharper, SonarLint and SonarQube find the same errors, as PVS-Studio — so why do we need PVS-Studio?

      Sometimes people ask the question, which addresses a certain topic but is actually about another thing. As the saying goes, a competently asked question contains half the answer.

      Recently I've returned from the JPoint conference, where we first presented our new PVS-Studio analyzer for Java. Interest in static analysis is growing strongly in the last few years, so the audience perceived PVS-Studio enthusiastically. In addition to the positive feedback, as it happens, we had to handle objections. The most frequent objection to the suggestion to try PVS-Studio sounds something like this: «C'mon, why do we try PVS-Studio? We use IntelliJ IDEA, ReSharper, SonarLint and SonarQube. We've run PVS-Studio recently and it found errors, already highlighted by IntelliJ IDEA!»

      I just can't help but write a small reply note to this comment. I even have two responses to this objection. And yes, I intentionally stated ReSharper, as there are some questions to our C# analyzer as well. Well, here comes the answer.
      Read more →
    • The most common OAuth 2.0 Hacks

        OAuth 2 overview

        This article assumes that readers are familiar with OAuth 2. However, below a brief description of it is presented below.

        1. The application requests authorization to access service resources from the user. The application needs to provide the client ID, client secret, redirect URI and the required scopes.
        2. If the user authorizes the request, the application receives an authorization grant
        3. The application requests an access token from the authorization server by presenting authentication of its own identity, and the authorization grant
        4. If the application identity is authenticated and the authorization grant is valid, the authorization server issues the access and refresh (if required) token to the application. Authorization is complete.
        5. The application requests the resource from the resource server and presents the access token for authentication
        6. If the access token is valid, the resource server serves the resource to the application

        The are some main Pros and Cons in OAuth 2.0

        • OAuth 2.0 is easier to use and implement (compared to OAuth 1.0)
        • Wide spread and continuing growing
        • Short lived Tokens
        • Encapsulated Tokens

        — No signature (relies solely on SSL/TLS ), Bearer Tokens
        — No built-in security
        — Can be dangerous if used from not experienced people
        — Too many compromises. Working group did not make clear decisions
        — Mobile integration (web views)
        — Oauth 2.0 spec is not a protocol, it is rather a framework — RFC 6749

        Read more →
      • Configure Visual Studio across your organization with .vsconfig

          As application requirements grow more complex, so do our solutions. Keeping developers’ environments configured across our organizations grows equally complex. Developers need to install specific workloads and components in order to build a solution. Some organizations add these requirements to their README or CONTRIBUTING documents in their repositories. Some organizations might publish these requirements in documents for new hires or even just forward emails. Configuring your development environment often becomes a day-long chore. What’s really needed is a declarative authoring model that just configures Visual Studio like you need it.

          In Visual Studio 2017 Update 15.9 we added the ability to export and import workload and component selection to a Visual Studio installation configuration file. Developers can import these files into new or existing installations. Checking these files into your source repos makes them easy to share. However, developers still need to import these to get the features they need.

          Automatically install missing components

          New in Visual Studio 2019: you can save these files as .vsconfig files in your solution root directory and when the solution (or solution directory) is opened, Visual Studio will automatically detect which components are missing and prompt you to install them.

          Read more →
        • Free Wireguard VPN service on AWS

          • Translation
          • Tutorial

          Free Wireguard VPN service on AWS

          The reasoning

          The increase of Internet censorship by authoritarian regimes expands the blockage of useful internet resources making impossible the use of the WEB and in essence violates the fundamental right to freedom of opinion and expression enshrined in the Universal Declaration of Human Rights.

          Article 19
          Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.

          The following is the detailed 6 steps instruction for non-IT people to deploy free* VPN service upon Wireguard technology in Amazon Web Services (AWS) cloud infrastructure, using a 12 months free account, on an Instance (virtual machine) run by Ubuntu Server 18.04 LTS.

          I tried to make this walkthrough as friendly as possible to people far from IT. The only thing required is assiduity in repeating the steps described below.

          Read more →
        • 10 critical skills every DevOps engineer

          What is DevOps and Why is it important?

          DevOps is the combination of Development teams and Operation teams in order to create a business with traditional software development practices. DevOps gaining popularity at a rapid pace. Let's see how DevOps helps the delivery of Software products.

          When the development and operational teams are inseparable silos, it makes development life cycles longer due to lack of communication and cooperation between two teams. By merging those two we can make software development shorter cycles.

          DevOps is not a profession. It's culture. It builds teams and makes engineers work for a common goal rather than individual performances. This leads to better collaboration and increased efficiency.

          More importantly, DevOps reduces rollback failures, Rollbacks and give time to recover. The main characteristic of DevOps. This helps to find bugs and failures quickly giving rise to rectify bugs or recover from failures.
          Read more →