At Zumba, I implemented CSRF protection to all our state-changing user inputs. With a large and complicated site, implementing CSRF is a very tricky ordeal. There are several strategies with varying degrees of difficulty and effectiveness to consider. The real challenge, which is often not written about, is deploying it to active users with minimal disruption.Continue reading
For most of my career, I’ve been an individual contributor: focused on the tasks at hand, writing code, among other things. All of that changed about six years ago. I found myself managing products, releases, infrastructure, and making many software decisions. As a result, I was promoted to “Lead Software Engineer.” Other developers were looking to me for answers, and I was involved with high-level decisions for products and features, so it seemed like a natural progression. However, I was ill-prepared for what it takes to be a lead engineer.Continue reading
This is the follow-up post on building a chessbot for Slack.
The main focus on the previous segment was on technical engineering: authentication, request handling, image rendering, and chess rules. However, when submitting an app to the Slack App Directory, one has to take a step back and consider the entirety of the app from the user’s perspective.Continue reading