Category: Web
-
Why You Should Never Use Floating Point for Money
The floating-point arithmetic are inadequate for financial systems, advocating for the use of BigDecimal to ensure precision and avoid rounding errors. Key principles include domain isolation, stringent data types, and thorough edge-case testing. Proper implementation is crucial for maintaining price integrity and avoiding financial discrepancies.
-
Optimizing Search Performance with CQRS: Relational Writes and NoSQL Reads
Most developers initially rely on relational databases, but as search demands grow, performance declines. Command Query Responsibility Segregation (CQRS) effectively tackles this by separating read and write operations. The write side focuses on data integrity, while the read side prioritizes speed, often utilizing NoSQL stores for efficient retrieval and eventual consistency between systems.
-
Granular Authorization in Spring Boot: Beyond Role Checks
Most applications have robust authentication and brittle authorization. A single if (user.isAdmin()) block guarding critical data is not a security model — it’s a liability. This post walks through the evolution from scattered role checks to a clean, declarative ABAC approach using Spring Security’s PermissionEvaluator, RoleHierarchy, and SpEL.
-
Making Testcontainers Work with Lima on macOS
If you switched from Docker Desktop to Lima and Testcontainers started failing silently, here is the exact configuration you need — five steps, no guessing.
-
Google Cloud Run Limitations: When Serverless Complexity Outweighs the Cost Savings
Google Cloud Run is a great fit for simple APIs, but once you need large file uploads, high availability, and event-driven reliability, the workarounds pile up fast. This post walks through the real cost of fighting Cloud Run’s constraints and when GKE Autopilot or Compute Engine becomes the more honest choice.
-
The Command Pattern in Java: Eliminating Fat Service Classes with Commands and Handlers
Fat Service classes are a liability — one class that does everything is a class that’s impossible to test and dangerous to change. This post shows how to apply the Command pattern in Java using Records, Repository interfaces, and single-responsibility Handlers to keep your business logic clean and isolated.
-
Spring Security 6 OAuth 2.1: Replacing Implicit Grant and ROPC with PKCE
If your Spring Security config still uses the Implicit Grant or Resource Owner Password flow, you’re running on borrowed time. This post breaks down why OAuth 2.1 makes PKCE mandatory, kills legacy flows, and shows the exact config difference between a legacy setup and a production-hardened one.
-
Why JavaScript Floating Point Math Breaks Your App (And How to Fix It)
JavaScript’s IEEE 754 floating point format means 0.1 + 0.2 !== 0.3 — and that’s just the obvious case. This post covers why it happens, where it silently breaks production code, and four concrete strategies: toFixed for display, integer arithmetic for money, a scale-round-ceil pattern for computed floats, and decimal.js for complex chains.
-
Fullstack 2026: Building the Modern Spring Boot 3.4 and React 19 Architecture
After 15 years in the industry, the author emphasizes the need for simplicity in development. The post discusses using Spring Boot 3.4 and React 19 to streamline setups by eliminating boilerplate, automating infrastructure, and enhancing developer experience. Key strategies include Docker integration, virtual threads, and proxy configurations for efficient development.
-
Google Sign-In for React Native: The Complete Setup Guide That Actually Works
Integrating Google Sign-In in a React Native app involves configuring Firebase and Google Cloud Console, managing SHA-1 fingerprints, and using the @react-native-google-signin library. Common issues arise post-deployment due to silent failures linked to mismatched fingerprints, emphasizing the need for accurate configuration across environments. Proper setup is crucial for a smooth user experience.
The Dev World - Sergio Lema 