Category: Tidbits

The Issue That Stopped Me I was browsing Apache Airflow’s open issues one evening — something I do when I want to understand the parts of the codebase I don’t use every day. Issue #59935 caught my attention immediately. The report was simple: pool names in Airflow can contain any characters — spaces, emojis, anything.

Workday Extend lets you build custom in-Workday apps that leverage Workday’s data model, UI and security. Extend apps are fully integrated into the Workday interface and can tap into Workday data via APIs and reports.  In practice, a dashboard app on Extend will call Workday data services (native REST or “Report-as-a-Service” reports) behind the scenes,

After working with Oracle databases for more than 15 years, one thing I have learned is that patching is not just a maintenance task, it’s a critical security and stability practice. Many production issues I have seen in enterprise environments could have been avoided simply by keeping databases updated with the latest Release Updates (RUs).

When working on modern software, a developer will often use hundreds or thousands of dependencies. Кeeping an accurate and consistent bill of materials is essential for license compliance and for security. Motivation In a large organization, the scope of dependencies review given by build-time scanning has some limitations.

The General Data Protection Regulation (GDPR) is a comprehensive EU data privacy law that came into effect in 2018. One of its key provisions is the right to erasure (Article 17), often called the “right to be forgotten.” In simple terms, individuals can request deletion of their personal data from a service, and organizations are

For decades, software engineering followed a relatively predictable path: learn the language, master the tools, deliver results, and progress. That model is quietly breaking. Today, engineers are expected to do more than build systems — they are expected to influence decisions, communicate across teams, and demonstrate impact beyond their immediate environment. Yet most career advice

Enterprise Java applications still serve business-critical processes but are becoming vulnerable to changing security threats and regulatory demands. Traditional compliance-based security methods tend to respond to audits or attacks, instead of stopping them. This paper introduces a risk-based security architecture, which focuses on protection according to the impact of the business, the probability of the

A global case management system depends on a telephony surface to bind a live call to a customer record. When a call arrives, an external CTI frame loads inside Lightning, identifies the caller, resolves the account, and anchors the interaction to an open case. That binding is logged, audited, and later referenced by downstream analytics

In a world where AI assistants and agents increasingly interact with external services through standardized protocols, securing communication between an AI client and its backend servers is an important aspect. The Model Context Protocol (MCP) standardizes how an AI assistant discovers and invokes tools exposed by remote servers in order to enrich the communication context,

Most Docker tutorials show secrets passed as environment variables. It’s convenient, works everywhere, and feels simple. It’s also fundamentally insecure. Environment variables are visible to any process running inside the container. They appear in docker inspect output accessible to anyone with Docker socket access. Debugging tools log them. Child processes inherit them. And in many