Weekly Bits and Pieces, 2013, Week 31.

Le weekly bits et pieces, with added security and authentication stuff for the web.

  • Working with web services can be a bit of a pain from within the browser, because client-side cross-domain requests are restricted with a same origin policy.
  • JSON-P is a way around this, but is limited to GET requests.
  • Cross-Origin Resource Sharing (CORS) is a spec from the W3C for allowing cross-domain requests from within the browser.
    • It’s not properly supported in IE versions earlier than 10 though.
  • The first conference on “Software Engineering” took place in 1968. (more info)
  • One of the biggest, if not the biggest, benefits of TDD is that it makes you really think about your code and your architecture.
    • It makes you think about decoupling and about interfaces.
  • The Abstract Factory pattern has been kind of superceded by inversion of control.
  • You should never write all the tests for your system up front. But you should always write tests first when writing a new piece of code on a task.
  • The mouse was first demoed in 1968, but it wasn’t until 1984 that it really entered popular culture (with the Apple Macintosh.)
  • Test Data Builders are an alternative to the Object Mother.
  • Visuals are hard to test, so perhaps best to leave those to exploratory testing with a real tester.
  • webdevchecklist is very handy if you’re a web developer.
  • Token-based authentication is the way to go.
  • Thinktecture AuthorizationServer is an implementation of the OAuth2 authorization framework.
  • JSON Web Token (JWT) is a JSON encoded way of doing claims-based authentication.
  • OAuth2 is a set of patterns, a framework — not a specification.
  • Switching the internet from IPv4 to IPv6 is a big task — a bit like a country switching from driving on the left-hand side of the road to driving on the right-hand side.