Relay compiler and VSCode

If you are using relay to make your graphql development easier (it generates typescript types from your graphql schemas). This can make working with VSCode difficult as the IDE sometimes has a different view of the world to the latest generated version.

I have found the following extension for VSCode: Relay for VSCode I plan to try this tomorrow to see if it helps.

This may also help testing the components that use relay:

It’s impossible to secure the browser!

If you are exposing an endpoint to your front end on the public internet then it can be called at any time. There is no way to ensure that the call came from a browser. The only sane approach is to assume that any endpoint that you are exposing to the browser is a public API and should be treated as such (with the exception of ensuring backwards compatibility – private API’s are still subject to change/retirement without notice).

This also means that any javascript that you embed in the page and download to the browser will include a map of your exposed backend services and examples of how to authenticate and use it. Obfuscation will only go so far – the urls struct that you send out will be included in the messages.

Functional Domain Models and CQRS

I started brushing up on my DDD skills by re-reading Evans.(2004).
The main inspiration was to determine how to document a domain model.

Various searches led me to this article:

It’s the start of a series of articles on Event Sourcing/CQRS in Elixir. The sample application is about consent for medical records, but looks to be ideal for consent for GDPR!

This is a great introduction to CQRS with a functional approach.

The underlying git repository is here:

How To Have Boring Releases

Typically you would want to advertise exciting features when advertising a book. This time I want to prome boring releases.

This book includes a chapter on how we managed to take the drama out of releasing software. The software we released was exciting, but the actual releases were calm and measured. In one case we had a project manager prepare 30 scenarios, 27 bad and 3 good. In the end it went so well that none of the good scenarios applied. This was the digital release of the Cursed Child Script book.

Here is the book including a chapter on how we made the magic:

GDPR Compliance is Not A Afterthought

Here is the guidance from the ICO,by%20design%20and%20by%20default’.

The idea is that any system that is being worked on requires data protection by design and default.

This includes:

Asking permission from the user to use their personal information. If they need to opt in this needs to be explicit rather than assumed. (There are some circustances where permission is not required, but you need to make the owner of the data aware).

You should also record the version of the privacy notice that they accepted. If the terms change to include additional usage then permission needs to be requested again before the data is used. Permission may also be withdrawn.

The use, storage and processes must be clear. Breaches of these need to be reported to the authorities and affected users.

Fully doing this is not simple. There are benefits. This will typically require personal data to be held in a single place which can simplify processes (less duplication and inconsistency). The need to understand your internal processes will also help. It forces good communication practices.