Image for post
Image for post
Photo by Gary Butterfield on Unsplash

Whenever you take up an enterprise middleware assignment with existing backend systems, you are bound to discover a jack or two in the box. But when you come across a slow, yet mission-critical piece of software that cannot be upgraded nor replaced, you know you’ve hit the holy grail of antipatterns.

Daunting as it may be, it’s not without remedy. And often, a less thought-through design can make the situation far worse than it is. What I’m trying to propose here are a few design considerations you can try if you are ever found in the same unfortunate situation.

Are we there yet? — Response Caching

While analyzing the traffic received by the backend service, you might notice some repetitive query requests which are used to check the status of something. For example, if you take a customer service backend, there might be requests to check if the customer is active? or the loyalty type of the customer. Now, this information don’t change frequently. These kinds of requests are ideal to be cached.
Primarily, we could think of two ways of how caching could be setup. The first option would be the simplest and has no dependency on the backend service. When the cache node is requested for information it does not have, it will fetch it from the slow backend, update the cache and return it to the requester.
The second option is where the cache gets updated whenever the backend data gets updated. This requires an integration with the backend service, and the backend service should be equipped to either call an API on the cache node or should have logs that could be processed to extract the required information.
And naturally, the ideal solution would be a hybrid of these two options, but seldom would you have an ideal solution. …


Image for post
Image for post
Photo by MinuteKEY on Unsplash

If you’ve used APIs, you are not a stranger to oAuth2 and Refresh Tokens. Although there are numerous ways of securing an API, oAuth2 has always been the Durex to API and oAuth2 has never let API down, well almost, 98% of the time, if used correctly.

oAuth2 is a well versatile battle-hardened framework which is invaluable when it comes to securing and securely sharing resources. However during one of my previous engagements, I’ve come across a scenario where it didn’t fare very well. The objective is to explore the possibility of using something completely different to solve the problem. …


Image for post
Image for post
Photo by Erick Zajac on Unsplash

When you think of native Java apps, you think of an executable jar and this has been the case since Google has been indexing us, I mean the web. There is a profusion of platforms and frameworks which would allow you to boilerplate a java app really quickly and Quarkus is one of those. But Quarkus is a bit more as well. You focus on solving the problem whilst Quarkus will do everything else including, managing dependencies, bundling, and building you a native image of your choice. So once you’ve done writing your application, you should be able to run it in a Docker container, theoretically. …


Image for post
Image for post
Bolling Air Field horn amplifiers via Wikimedia Commons (Unknown author / Public domain)

Eavesdropping, has nothing to do with the Garden of Eden, or Eve, or.. well you get the picture, since that bad joke is out of the way, let’s focus on Acoustic Eavesdropping.

Acoustic Eavesdropping is the process of gathering information/intelligence using sound and has been used in various forms since as long as WWI, or even earlier. The picture above is a device used to listen to the sound of enemy aircraft during WWI as a warning of an air strike, this was the pre-radar era. Gathering intelligence using acoustics is quite widely used and nothing new. So I thought of using it to see if I can predict keystrokes using the sound of a computer keyboard. If you listen closely, you’ll notice that each key makes a slightly different sound. A quick Google search revealed a ton of research, which was promising. …


Image for post
Image for post
Image by 272447 from Pixabay

The darkest places in hell are reserved for those who do not take data loss seriously. Although Dante did not write that, I believe it’s true.

We live in a world where silicon, aluminum, copper, and lead is interwoven with flesh and blood to create an extension to ourselves we call smart devices, the very elements that are toxic to us. The software that gives life to these devices is like the soul, and without a proper sense of responsibility, ethics, and a moral compass, they too can very well end in eternal damnation, along with us.

You see, security is a bit like a contraceptive apparatus, there’s not much sense in putting one on after the whatever that is, has left or gotten into whatever the other thing that is. Being proactive is always the key. This is why you should be proactive and start looking at possible leaky joints in your solution and make it an integral part of the SDLC to check for leaky joints. Securing the SDLC is a topic for another time, for now though, let’s focus on the points of data loss in systems. …


Image for post
Image for post
Photo by Yaopey Yong on Unsplash

Rise and Shine! Oh, what a lovely morning, you could already feel a touch of spring in the air! Alrighty right, let’s get some work done!

“I need to work on that document we started yesterday, need to send it off EOD”

“Wonder what happened to Kim Jong Un, is he alive?”

“Hmm… turns out he’s ok”

“back to work, Ooh, encryption! Remember the article on elliptical curves, need to finish that”

“Sure, but first, let’s get on with this”

“But seriously though, what’s with all the NSA backdoor talk with ECC”

“For the love of God, and everything else that’s good and holy, can we please finish this doc?” …


Shane T. McCoy [Public domain], via Wikimedia Commons https://commons.wikimedia.org/wiki/File:Special_forces_gatling_gun.jpg
Shane T. McCoy [Public domain], via Wikimedia Commons https://commons.wikimedia.org/wiki/File:Special_forces_gatling_gun.jpg
Shane T. McCoy [Public domain], via Wikimedia Commons
https://commons.wikimedia.org/wiki/File:Special_forces_gatling_gun.jpg

When I say it’s coming, what I mean is that it’s already here. As a matter of fact, it’s been around for a while now. I guess that’s how QUIC HTTP/3 is, here even before it is here. Ok, so it’s still experimental, but most of the trailblazers like Google, Facebook, Mozilla have already adopted it and have being using it for a while now.

So what’s the big deal with HTTP/3? It’s just another version of HTTP. Wrong, this is the first version of HTTP purpose-built for the interactive & mobile internet, I feel. See, the earlier versions were increments or enhancements over HTTP/1.0 (HTTP/0.9 never really existed, I think ?). …


’Tis the season peeps! Lot of traveling, shopping and crowded roads, so, I thought of giving everyone a quick memory refresh on road signs and rules.

Before we start, if you drive a bus or is a benevolent soul who art above the law, you don’t have to read this, road rules don’t really apply to you folk. So have a Merry Christmas Ho! Ho Ho.

Dotted, single and double lines: Purely decorative. They bring a certain elegance to a rather mundane black/grey backdrop. They can be quite handy though, specially if you want to keep your vehicle straight on the road. As a rule of thumb, If your vehicle have less than four wheels keep the front wheel on the line. If four or more wheels, then center your vehicle to the line. …


Word of the day: finifugal. (Adjective) hating endings; of someone who tries to avoid or prolong the final moment of a story, relationship, or some other journey.

I believe that’s the best way to describe today, a day I didn’t want to think about, this is coming from a man who’s excited to know what’s beyond death.

As my fellow, CoD and PUBG players would understand the objective is to hit the target and not to become the target, and the way to do that is to focus on your target and move around, I guess life is the same.

We had a bloody good run if you ask me, we created an environment that was fun to work, we had friends at work when others had colleagues. We started with nothing and ended with a little more than nothing J. People who remember the beginning would truly understand how much we as a team have improved. However, nothing in the world is perfect, nor are we and as long as we acknowledge that, we will improve. …


Image for post
Image for post

Crossroads, that’s where I’m sort of at , no, not to sell my soul to the devil, more of a career situation. While I’m at it, I thought of doing a retrospective on things, just like agile teaches us you know. I’ve been working for a little over fifteen years now, and looking back there’s a lot, specially in the past few years. I’ve had well over 99 problems, however, these points never were. Like Steve Jobs said, you can only connect the dots looking back. So here goes some of the dots, go forth and connect!

Who’s the boss? I’ve seen posts on social media that says people leave bosses, not jobs. That’s a bit Hollywood if you ask me, trying to over romanticize a rather simple relationship. Yes, you do need mentors, but in the corporate world, you are not going to find nor should expect a father figure who’s going to sit you down, pat your head and teach you everything. You’ll have to be your own mentor. …

Charith De Silva

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store