Ibuildings blog

Secure your REST API with OAuth2 Implicit Grant

  • juli 18, 2013
  • Blog
  • 0

These last few years have seen the rise of some amazing frameworks oriented towards Single Page Application (SPA) like ExtJS, AngularJS, Backbone, Ember, etc. Following the trend where Front-end and Back-end separate. Client side technologies are now being managed by one team and Back-end services by another. This Separation of Concerns is wonderful for implementors as you only need a specification of the API and you can develop functionality concurrently. However all this client-side functionality often leaves the question: How are we going to secure the API if, at least in theory, it should be open for the browser of any device anywhere on earth? (no, we do not support the ISS).

Read more

    ETags for the Uninitiated

    • juni 21, 2013
    • Blog
    • 2

    Yet, ETags are one of the features that are the hardest to get right. Sometimes it’s not even clear how they work and while there’s a lot out there on the subject, it can also be difficult to put it all together. Developers frequently play either client and server roles in this exchange, which can make the responsibilities even more confusing.

    In this series of blog posts, we’re going to look at ETags from both perspectives: First, a client trying to consume an ETag-enabled API. By focusing on the client side, we can focus on the features ETags offer and learn how these are supposed to look in a perfectly implemented world. In a later post, we’ll look at the gory details of how that API implements ETags and does the appropriate checks.

    Read more

      Verifying our software with OWASP ASVS

      • maart 21, 2013
      • Blog
      • 0

      "If a tree falls in a forest and no one is around to hear it, does it make a sound?"

      Likewise if a software project is delivered and no one has looked at security, can it be said to be secure?
      If a tree falls... by Dunc(an) When a customer commissions Ibuildings for a new application, he usually has plenty of functional demands (I need it to do X and also Y and Z... oh and can I get A?). And maybe some thoughts have been given to performance metrics, but security? Well... it "needs to be secure".

      Read more

        Boosting mobile deployment with PhoneGap Build

        • februari 8, 2013
        • Blog
        • 1

        In July 2011 Nitobi (now acquired by Adobe) released a stable version of a small library called PhoneGap. It's main purpose was to close the gap between web- and native applications. This was achieved by wrapping web applications in a native app for each supported platform. Another feature to close the gap is to expose Javascript API's for functionality which is otherwise only available to native applications.

        Read more

        Sencha Touch 2

        • januari 14, 2013
        • 0

        Episode: 2012 - 15 
        Tommy Maintz 
        In this session, Tommy Maintz will guide you through building an HTML5 mobile web application using the latest release of Sencha Touch 2. 

        Read more

        Scalability issues: cure first, prevent later

        Episode: 2012 - 26
        Thijs Feryn 
        The "it works on my machine" mentality has resulted in numerous face palm moments. This is even more painful when a your app is under heavy load due to a marketing campaign. With some minimal code changes and some smart utilities, you can maximize your scalability and performance. Keywords: Varnish, PHP-FPM, Nginx, APC, CDN, Gearman, Memcached and a proper server setup. I'll show you how you can make a slow app with a crappy code base go mighty fast on one and even multiple servers. The focus of this talk is to cure first and eventually learn and prevent. 

        Read more

        Ten considerations for taking a web business to the mobile market

        Episode: 2012 - 10 
        Sam de Freyssinet 
        Business owners have woken up to the reality that the web is increasingly consumed on the move. Product owners are demanding new mobile sites that must be released yesterday! You manage an established online business, now you need to move into the mobile market. How do you take your existing business into a mobile domain? Does the entirety of your current business model need to exist in the mobile environment? Or is there a killer mobile app hidden within your existing product? This talk will walk through ten considerations that you must make when moving your online business to a mobile audience. 

        Read more

        DPCRadio: The API Dilemma

        Episode: 2012 - 30
        Chris Cornutt 
        Creating a good, useful and functional API for your application can be one of the most difficult parts of a project. With more and more things becoming API-powered, it's important to plan well and provide what the user expects. I'll look at some principles you can follow to make sure the API you write is the right one, both from the developer perspective and what you, as a user, should expect of a quality web service API.

        Read more

        DMCRadio: CocoonJS

        • november 19, 2012
        • 0

        Episode: 2012 - 12 
        Ibon Tolosana 
        CocoonJS is a native wrapper for HTML5 canvas based applications/games.Without any code changes and thanks to its OpenGL canvas bindings CocoonJS is able to execute you applications with almost a 1000% performance boost.CocoonJS offers native iOS and Android deployment environment. It is highly focused on monetization since applications deployed in CocoonJS have out-of-the-box Ad networks and tracking systems integration. Other features like asynchronous websockets, localStorage, facebook integration, etc. are available too. All this magic is achieved directly, without cross-compilation processes or being limited to custom APIs.

        Read more

        DPCRadio: Travis CI - Distributed CI for the masses!

        Episode: 2012 - 16
        Josh Kalderimis 
        Continuous Integration has typically been a practice only performed by companies who want that piece of mind for their client software, but does it need to be like this? Travis CI is a continuous integration service for the open source community. We make testing OS projects dead simple and fun. But most importantly, we help improve code quality for large projects like Doctrine2 and symfony, to smaller libraries like FOSRest. The vision behind Travis CI is to become for builds what PEAR is for distributing libraries. In this talk Josh, one of the core members of the Travis CI team, will introduce you to the vision behind Travis, the how it is implemented, and why it matters to everyone in the OS community. 

        Read more

        Getting started with Sencha Touch 2

        • november 13, 2012
        • Blog
        • 0

        The web as a mobile platform

        The web has been a great place on desktops and laptops for quite some time, but with a booming growth of mobile devices like tablets and smartphones, the internet has become increasingly more interesting on these devices as well. Building mobile apps for the web has some advantages when compared to native development, before we start with Sencha Touch 2 we will take a look at these advantages.

        Read more

        DMCRadio: Mobile Performance Considerations

        • november 12, 2012
        • 0

        Episode: 2012 – 09
        Estelle Weyl 
        Mobile browser performance is challenged by bandwidth, battery, and memory constraints. Slow loading and reacting sites create bad user experiences. Sites that drain batteries or crash the browser are infuriating. Porting a web application designed and developed for desktop devices—devices with virtually unlimited memory, and literally unlimited power (they’re plugged in, not running on battery) in many cases just doesn’t work. By understanding mobile limitations and keeping mobile in mind throughout the development process you can create more responsive, faster downloading, less battery consuming applications.

        Read more

        DPCRadio: SPL in the Wild

        Episode: 2012 - 27
        Elizabeth M Smith
        The standard PHP library (SPL) is growing in both maturity and use. But a lot of developers still aren't aware of the tools in SPL or simply haven't seen good examples of how to use the code. From interfaces to an autoload stack to classes that make objects act like arrays, there are tools to make every application leaner and faster, or simply more clever. Using live projects from github, take a look at the good, bad, and the ugly of SPL usage in PHP development. 

        Read more

        DPCRadio: A quick start on Zend Framework 2

        Episode: 2012 - 29
        Enrico Zimuel 
        In this talk we will present a simple web application built with Zend Framework 2. We will show the new features of the framework, such as the new MVC layer, the Event Manager, the Dependency Injection and much more. The aim of this talk is how to start programming with the new architecture of ZF2. Moreover, we will show the differences with the version 1 of the framework and how to migrate applications from ZF1 to ZF2. 

        Read more

        DMCRadio: Apponomics

        • oktober 30, 2012
        • 0

        Episode:2012 - 01
        Pratik Patel 
        You've got a great idea for a mobile app. You have a team together. You're building the killer app. Do you know enough about the various app stores to know what to do next? How about pricing strategies for iOS and Android? Have you thought about the Nook Color and Amazon Fire? In this session, I'll bring my experience as CTO of TripLingo, an Atlanta company developing foreign language learning apps. TripLingo has been featured on the iOS store a dozen times, as well as the Android market and Nook store. 

        Read more

        DPCRadio: Let's build a parser!

        Episode: 002
        Boy Baukema 
        Our world is filled with languages: HTML, CSS, JavaScript, PHP, SQL, INI, YAML, XML, XPath, MarkDown and more custom languages like Atlassians Jira JQL, Doctrines DQL and Behats Gherkin language. And other structured texts like date formats, Googles search syntax, Apache Configuration files and the HTTP protocol request and response. Large code bases, meta programming and the upcoming Domain Specific Modeling field make it imperative that we as developers are capable of reading and interpreting these languages. 

        Read more

        Understanding Hardware Acceleration on Mobile Browsers

        • oktober 23, 2012
        • 0

        Episode: 2012 - 04 
        Ariya Hidayat 
        GPU acceleration on mobile browsers, if it is leveraged correctly, can lead to a smooth and fluid applications, thus improving the user experience. There has been a lot of mentions and best practices of hardware acceleration these days, although so far it has been pretty general and hasn’t provided much technical direction apart from simple magical advice such as “use translate3d”. This talk sheds some more light on browser interactions with the GPU and explain what happens behind the scenes, covering the topic of acceleration of primitive drawing, the use of tiled backing store, and composited layer. Knowing the actual machinery behind hardware acceleration, you will be in the position to plan your strategy to improve the performance of your web application.

        Read more

        IB @ 2012.JSConf.eu

        • oktober 18, 2012
        • Blog
        • 0

        Ten years ago JavaScript was considered a toy, then the XMLHttpRequest object was discovered, then came the JIT engines, making JavaScript fast, now with new specifications (ES5, ES6, ES7) coming out and more libraries than you can shake a stick at JavaScript is as big an envinronment as any server-side language.

        Read more

        DPCRadio & DMCRadio: Programming Style and Your Brain

        Episode:2012-01
        Douglas Crockford 
        Computer programs are the most complicated things that humans make. They must be perfect, which is hard for us because we are not perfect. Programming is thought to be a "head" activity, but there is a lot of "gut" involved. Indeed, it may be the gut that gives us the insight necessary for solving hard problems. But gut messes us up when it come to matters of style. The systems in our brains that make us vulnerable to advertising and propaganda also influence our programming styles. This talk looks systematically at the development of a programming style that specifically improves the reliability of programs. The examples are given in JavaScript, a language with an uncommonly large number of bad parts, but the principles are applicable to all languages. 

        Read more

          Distributed Systems Tutorial

          • september 27, 2012
          • Blog
          • 0

          For the morning of tutorial day, I chose to attend Think like an ant, distribute the workload, given by Helgi Þormar Þorbjörnsson. Helgi is a former Ibuildings colleague and now a bigshot at Orchestra.io. I'm happy to see he's doing well. His presentation started off explaining to us why distributing can be a good thing by pointing out three significant aspects: budget, efficiency and perception.

          Read more

            Pagina's