Martin Brennan

  • My writing blog

    |

    Just a little plug for my writing blog, where I am posting quotes, essays, short stories, and personal blog posts not related to tech. Check it out at https://writing.martin-brennan.com.

  • JSON schema

    |

    Updated this article in 2025 with fresh information.

    When writing a common data transfer format, you will need a strong schema or specification so each client that uses that format knows how to parse, validate, and construct data using it. In XML you can use XSD, which is used to specify validation rules and elements expected in an XML file, as well as specifying the type of data expected (strings, integers, dates etc.). When using JSON, the best way to achieve this is with JSON Schema, and I’ll give a quick run through of how to use it and the things you can do with it in this article.

    Read more...

  • Why xUnit?

    |

    In 2025, I haven't used xUnit in about 10 years, but it does seem to be still the most popular testing framework for .NET. That being said, some of the information here is likely outdated.

    I was fairly recently introduced to xUnit by a work colleague, and I now prefer it over the default Microsoft Unit Test project format. In fact, I feel kinda dumb for having used the default for so many years when there are so many alternatives, like xUnit, NUnit, and Moq. Granted I haven’t tried to use the other two, I thought I’d write about what I like about xUnit over the default MSTest framework.

    Read more...

  • Easy HTTPS with Let's Encrypt

    |

    Well, since my last post on HTTPS I’ve gone and put an SSL certificate on my webserver and forced HTTPS for all connections to this site. I decided to do this tonight while I was doing some other poking around over SSH, and found that it was even easier to set up than I thought it would be. To accomplish this, I used Let’s Encrypt, which issues free SSL certificates so more websites can be served over HTTPS. For those not in the know:

    Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit.

    First of all, I headed over to the Getting Started page of Let’s Encrypt, which sends you to the certbot tool. From here, you choose a web server and an operating system and you are given detailed instructions on how to install the certificate. Basically, certbot fetches and deploys SSL/TLS certificates for your webserver, which you then set up your webserver to use. For example, this site is running on an Ubuntu DigitalOcean droplet with the ngnix webserver. I found the guide How To Secure Nginx with Let’s Encrypt on Ubuntu 14.04 extremely helpful to read through as well in this process, and it also gives you a link to the SSL Server Test which will let you know if you’ve done everything okay.

    Overall, I found the process easy, and the guides and tools provided are top-notch. The people behind Let’s Encrypt have done a great job, and I’ll be recommending it to colleagues who are looking to do the same thing. You can now rest easy reading this blog and knowing it was written by me, Martin Brennan, and not the Illuminati injecting subliminal messaging driving you to BUY CONSUME REPRODUCE ▲.

  • Google Chrome to start marking HTTP connections insecure

    |

    Google Chrome has been steadily marching toward this end for some time now. From January 2017, Google will start flagging pages served over HTTP as Not Secure. The way that this will work in Chrome is that an indicator will be displayed in front of the address bar like they currently do with websites served over HTTPS with an invalid certificate. This will only be done on pages with credit card or password fields, which should have been served over HTTPS in the first place anyway. Firefox has already adopted this behaviour, and their main reasons for doing this, along with the Chrome team, is that it prevents MITM (Man in the Middle) attacks.

    Though this approach is sound, today I was thinking about the impact this may have on regular users who may or may not be aware of the different indicators in the address bar, or be aware of the concept of HTTP/HTTPS or secure/insecure sites. Will they be alarmed that more sites suddenly have red “error” messages in the top bar? Will this behaviour, important though it may be, detract from even more pressing security issues, such as expired or invalid certificates, creating a “boy who cried wolf” situation? It would be really interesting to observe a regular user of Google Chrome and see what they do in these situations. Nevertheless I’m sure the Chrome team has thought of this, and will hopefully have helpful documentation for the lay-user.

    I’m still not entirely sure that serving static sites, such as this blog, over HTTPS is worth it. I do not have any pages that accept credit card or password details. Though many would probably argue this point, and scold me for not realizing the importance of it, that my reliance on third party services like Disqus for comments and Google Adsense for ads would open up attack vectors if I serve my main blog as regular HTTP. I understand what proponents of making the web HTTPS are trying to achieve, to make passive eavesdropping by government agencies and malicious hackers much more difficult, and I do believe that at some point all pages will be HTTPS. As I saw it described today, if one person wears a mask they are still suspicious, if everyone wears a mask it becomes the norm. I just struggle to find time to set up an SSL certificate, though services like Let’s Encrypt may ease the pain of doing this, it’s just very low on my list of things to do. Though that platform is not without criticism, i.e. they do not offer free wildcard SSL certificates, I believe it is still a step in the right direction to get more people and websites onto HTTPS.

    Google is also said to be pushing encryption as a factor in their PageRank algorithm, so it soon may become much more important to have a site served over HTTPS to stay relevant in search results. If anyone has any advice or thoughts on the matter, or whether it is important for me to do it on this blog, please let me know in the comments below!

    If you want to read further on the subject, Jeff Atwood wrote a great article on the topic called Let’s Encrypt Everything.

  • Fast SQL server paging

    |

    In 2025 MSSQL Server paging with `OFFSET… FETCH` still works, but for large datasets this approach slows down on deep pages. Modern best practice is to use keyset/seek pagination instead, and only fetch total row counts when needed.

    Just a quick tip if you ever need to implement paging in MSSQL. Here is a simple example of the query, which gets page x of size y and gets the total row count as well.

    SQL 
    1
2
3
4
5
6

    SELECT ID, Name, [RowCount] = COUNT(*) OVER()
FROM MyTable
WHERE Name LIKE '%Example%'
ORDER BY ID
OFFSET @Page ROWS
FETCH NEXT @PageSize ROWS ONLY

    This must be used with an ORDER BY clause. The @Page and @PageSize determine which set of records are returned out of the total result set.

4 / 11