Monthly notes 13

Looks like it’s again the end of another month and it’s time for weekly notes, now with the title of “Monthly notes” as it suits better for my writing activity :) This time it’s about resources of JavaOne 2016, stories from the field of outsourcing and SSL gone wrong, Type Systems for JavaScript, pushing React.js app to production, learning Docker antipatterns and how to track your time.

Monthly notes, issue 13, 28.11.2016

Java

JavaOne 2016 Observations by Proxy
Good collection of resources if you didn’t attend to JavaOne 2016 but like to stay on top what’s happening in the world of Java.

Securing JAX-RS Endpoints with JWT
JWT is becoming the de facto standard in web security yesterday. And JJWT is certainly a good way to go for an implementation as Baeldung shows. (from
from Java Web Weekly, Issue 146)

Frontend

Flow vs TypeScript: Type Systems for JavaScript
“Flowtype vs. TypeScript Type Systems for JavaScript – from the perspective of a practitioner” is good overview to what and why.

CSS classes don’t work the way you think they work
CSS classes apply in the order in which they are defined, not the order in which they are invoked. This is not intuitive. It hits you when common components have default styling, and you want to override it in a specific instance.

Generating Documentation for TypeScript Projects
“Documentation for JavaScript projects has traditionally been generated via annotations inserted as code comments. While this gets the job done, it seems far from ideal. The post explores how to use TypeScript to generate documentation from source code alone.”

How to push a ReactJS application in production and sleep better – React.js Day 2016
“‘Everything fails all the time’. In this session we are gonna explore testing and monitoring techniques to deliver and maintain a ReactJS + Redux application, and at the same time being able to go back to sleep without the fear that everything is gonna explode during the night.”

Stories from the field

Offshoring roulette
Troy Hunt tells lessons of outsourcing to India, China and the Philippines. “If you’re looking at hourly rate as metric for outsourcing success, you’re doing it very, very wrong!” The essence of software development.

Docker Container Anti Patterns
After reading about Docker in production being a failure, it’s good to revise how it should be used.

Be Afraid Of HTTP Public Key Pinning (HPKP) and
How To Issue A New SSL Certificate With An Old SSL Key
Good lessons learned of Smashing Magazine’s renewing of an expiring SSL certificate and problems with HTTP Public Key Pinning. (from WDRL 156)

Tools of the trade

Netfox
Netfox exposes details of all network requests so you can investigate problems without additional configuration. Somewhat similar but simpler than Charles for debugging network requests (from iOS Dev Weekly Issue 226)

Tracking your time with Toggl
I finally started using Toggl, to track my time at work. Best decision ever. If I just remember to track and switch tasks :)

Git: diffing binary files
Git ProTip: Adjust your .gitattributes to make `git diff` more useful for images and other binary formats! (from @DasSurma)

Learning

Google Interview University
A complete daily plan for studying to become a Google software engineer. (from @Autiomaa)

Something different

My strategy for increased privacy
You pay for many services with your data and although you would pay with money instead, you can’t. Honkonen wants to introduce a third option. To keep privacy, but to use the awesome services available, so he’s devised a strategy for increased privacy. Something to think about.

The Unsatisfying Challenge
“Everyday life can be annoying, but now you can share your pain in this challenge”

Weekly notes 12

Late Autumn and rain has arrived to Finland and now we have good reason to stay at home and read about new ideas and what happens in technology.

Weekly notes, issue 12, 30.10.2016

Learning new things

Cyber Security Base with F‑Secure
Free and open course to learn about tools used to analyse flaws in software systems, necessary knowledge to build secure software systems, the skills needed to perform risk and threat analysis on existing systems and the relevant legislation within EU. It’s a course series by University of Helsinki in collaboration with F‑Secure Cyber Security Academy that focuses on building core knowledge and abilities related to the work of a cyber security professional.

Google Style Guides
Thinking about how to format your code? Luckily Google Style Guides has solved it for you. And with explanations like for Java.

Free programming books by O’Reilly
O’Reilly is known for their programming books and they’ve compiled the latest insights of what’s happening in the world of software engineering, architecture, and open source. Lot’s of topics regarding microservices from different aspects.

Open Guides: Amazon Web Services
“AWS’s own documentation is a great but sprawling resource few have time to read fully, and it doesn’t include anything but official facts, so omits experiences of engineers.” Open Guides: AWS is by and for engineers who use AWS. It aims to be a useful, living reference that consolidates links, tips, gotchas, and best practices. It arose from discussion and editing over beers by several engineers who have used AWS extensively.

The world of JavaScript

Progressive Web Apps with React.js: Part I  –  Introduction
Progressive Web Apps (PWA) take advantage of new technologies to bring the best of mobile sites & native apps to users. In the series of posts Addy Osmani shares his experience turning React-based web apps into PWAs.

Yarn – new JavaScript package manager
Yarn – fast, reliable, and secure JavaScript package manager. Alternative to npm client. Looks promising.

NPM vs. Yarn cheat sheet
Good survival guide to Yarn JavaScript package manager. Yarn has some goodies which npm doesn’t, like licenses generation.

Something different

11-hour struggle to make tea using Wi-Fi kettle
Making a cup of tea should be simple enough but if you’re using a Wi-Fi kettle it doesn’t always go according to plan.

Total Nightmare: USB-C and Thunderbolt 3
“Simple-looking port hides a world of complexity, and the (thankful) backward-compatibility uses different kinds of cables for different tasks. Shoppers have to be very careful to buy exactly the right cable for their devices!”

DevOps Finland Meetup goes Mobile at Zalando

Development and operations, DevOps, is in my opinion essential for getting things done with timely manner and it’s always good to hear how others are doing it by attending meetups. This time DevOps Finland went Mobile and we heard nice presentations about continuous delivery for mobile applications, mobile testing with Appium and the Robot Framework and efficient mobile development cycle. Compared to developing Web applications mobile brings some extra hurdles to jump but nothing that’s not solvable. Here are my short notes about the meetup.

The meetup was hosted by Zalando Technology at their new office here in Helsinki. Zalando is known to many as that online store that sells shoes, clothing and other fashion items but things don’t sell themselves and behind the scenes they have lots of technologies to keep things running. For the record I think they said that the meetup had 65 attendees of the 100.

Also if mobile is your thing there’s a new Meetup group for mobile developers in Finland which was announced at the meetup. They’re also on Twitter and Facebook.

Continuous Delivery for Mobile Applications

Rami Rantala from Zalando talked about “Continuous Delivery for Mobile Applications” and how they’re managing releases of their Fleek app which is available for Android and iOS in German markets.

They didn’t arrive to the final setup straightforward and it was iterative approach with how Git is used, code merged and releases done. Using Fastlane for all tedious tasks, like generating screenshots, dealing with code signing, and releasing your application made automating things easier. Interesting note was that their build server slaves are ansible managed Mac Minis on Rami’s desk. They had solved the problems nicely but testing is still difficult.

DevOps and rollbacks don’t work together, you roll forward.

Mobile testing with Appium and the Robot Framework

Mobile testing can be done with different tools and one option is to use Robot Framework just like for Web applications. Elmeri Poikolainen from Eficode demoed how to use Appium and run Robot Framework tests on real device. It has some limitations and I think with native applications it could be better to use native test tools like what Xcode has to offer.

Efficient Mobile Development Cycle

The last and most fast-paced talk was by Jerry Jalava from Qvik about “Efficient Mobile Development Cycle“. He talked about different practices and tools in the development cycle and it was nice overview to the complexity of the process from design to done. You can for example run remote preview with 27 devices.

Weekly notes 11

This time weekly notes provides pointers to last weeks JavaOne, teaches you to design better forms, tells about 171 words every programmer should understand and how to learn something about psychology which might help to understand yourself and maybe also users. And last but not least the documentary of last year’s Transcontinental 2015 tells a story of awesome cyclist who ride across Europe to Istanbul.

Weekly notes, issue 11, 27.9.2016

Development

JavaOne 2016: 85 recorded sessions
JavaOne was held las week and if you couldn’t attend it, like me, then you should have a look at the JavaOne 2016 Youtube playlist with 85 recorded sessions.

You need to be this tall to use [micro] services
Good hacker news comment on Microservices. “Thing is – these are all generally good engineering practices. But with monoliths, you can get away without having to do them. But with microservices, your average engineering standards have to be really high. Its not enough if you have good developers. You need great engineers.” (from @jaykreps)

Real world #kanban board

Good to know

The MIT License, Line by Line
171 words every programmer should understand. The MIT License is the most popular open-source software license. Here’s one read of it, line by line. Hacker News comments has also some wisdom. (from Hacker Newsletter #319)

re:publica 2015 – Mikko Hypponen: Is our online future worth sacrificing our privacy and security?
Video from year ago but still relevant as Mikko Hypponen explains why Facebook wants to get your phone number from Whatsapp. Watch from 12 minutes onward.

Emoji from iOS beta 4
What does that emoji mean? Here’s a list of emoji as JSON, extracted from iOS 10 beta 4.

Keeping up with development

The 10 Best iOS Development Blogs
A list of the the ten best iOS development blogs in no particular order. If you’ve ventured to iOS development then most of these are propably familiar, like raywenderlich.com with great tutorials.

How to keep your NPM dependencies up-to-date
“Tools for helping you keep your npm dependencies up-to-date. See the comments for more tools.” Uptr worked nicely for my use case. (from @jpaakko)

User experience is essential

Developer Experience Matters
“Developer Experience is one of the biggest key factors for developers to decide if they use certain technologies to use. Developer Experience (DX) is a type of User Experience (UX)!” (from @girlie_mac)

Curated list of online Psychology courses
It’s good to understand what drives and affects us and one way to do that is to learn something about Psychology. This curated list of online courses covers topics like Introduction to Psychology, Introduction To Social Psychology, The Psychology Of Persuasion, Psychology of Popularity, Positive Psychology, Logical and Critical Thinking, The Science of Stress Management and Introduction to Consumer Behavior. (from Userfocus Newsletter September 2016)

SXSW Keynote – You Know What? Fuck Dropdowns
35 reasons not to use a dropdown menu. (from Userfocus Newsletter September 2016)

Design Better Forms
Common mistakes designers make with forms and how to fix them. (from Userfocus Newsletter September 2016)

Something different

Transcontinental 2015: Race to Istanbul
The Transcontinental is a race like no other. On the 24th of July 2015, 172 riders arrived in Garaardsbergen, Belgium and raced to Istanbul, Turkey. Much like the early days of bicycle racing cyclist ride with no team cars or soigneurs to look after them. It is each for their own taking on Europe’s toughest terrain. The documentary follows the highs and lows of the race from the view of the Race Directors.

Protecting mountain bike tire and rim with Huck Norris and Procore

Technology is everywhere and even in as simple sport as cycling as its core is full of technology from wireless shifting systems to smart suspension systems and electronic motors. I’ve been riding enduro mountain biking and with going downhill in rocky trails it’s good to have some protection for your tires and rims. Puncture prevention systems like Schwalbe Procore and Deaneasy Tube+ helps you to avoid Snake Bites and protect your rim from dents with two air chambers but you can also do it simpler with foamlike solution such as Huck Norris.

The challenger: Huck Norris

“With Huck Norris the rocks gets the punctures when you ride!” – Huck Norris

Huck Norris is a relatively simple technique inside your tubeless tire to protect from Snake Bites and dents to the rim. It looks like it’s made from normal foam sleeping pad but the material (chemically crosslinked polyethylene) is specially developed for MTB use with actual scientists. It has “three times the impact energy damping than anything commercially available”. The installation is as easy as it looks, you just put it inside your tubeless tire and there’s no need for modifications or glue. Huck Norris also makes it easier to mount the tubeless tire without compressor as it gives the tire a shape which helps the bead to set.

Huck Norris
Huck Norris

Huck Norris installed
Huck Norris installed

There’s not much more to said about Huck Norris. Just set it up, inflate the tire and you’re done. It weights 70g on 27.5″ size and 77g on 29″ size, is suitable for 21-30 mm internal rim width and you can use it with alloy or carbon rims. Also Plus size and Fatbike versions are coming soon. Huck Norris is made in Finland and you can get it from Vuoripyörä’s webshop for 50 euros for a pair packaged with a mud guard. For more information check out their webpage or Facebook.

Riding with Huck Norris

Huck Norris was just recently released for general availability and I’ve used it for about month. As you could figure, it makes the tire a bit more stiff than without but the extra protection and especially the possibility to race on mountain bike enduro style tracks with the air pressures you want makes it great. No need to over inflate.

But as usual, even Huck Norris can’t protect your rims when the going gets tough although it still might save your race like it did mine on Santa Cruz Enduro Series race at Levi. The special stages were fast with hidden rocks and hits were unavoidable. As you can see from the picture I dented my rim but Huck Norris absorbed the impact so that the rear tire was saved from flat and I got to finish the race. I think I broke it on stage 5 and still drove the 7 stages left. For the curious I had Maxxis Minion DHR II 29×2,3 (3C MAXX TERRA) with about 1,5 bar air pressure on Roval Fattie 29 rim with 29 mm inner width.

Some hits were too tough
Some hits were too tough

The dual-champer system: Schwalbe Procore

After the Enduro MTB race at Levi where I had broken my 29″ rear wheel I had to switch to my 650b+ wheels for the next race. Not what I would’ve wanted as I don’t like racing with 2,8″ tires. As the Huck Norris is not yet available for Plus sized tires I had to get something to protect the rear rim from the rocks at Santa Cruz Enduro Series race on Tahko. Luckily my local bike shop had Schwalbe Procore system and sold me one separately. A bit more weight to the rear but also less punctures.

Schwalbe Procore is a dual-chamber system, tire-within-a-tire anti-pinch-flat system. It consists of a small-diameter tube and tire that is inserted inside of a conventional tubeless tire and pressurized to over 80 psi. The insert acts as a secondary impact cushion that allows you to ride with lower, or at least the optimal, tire pressures without being concerned with pinch flatting and protects the rim. It also helps to prevent the tire from ‘burping,’ which is when the tire bead is pushed inboard of the edge of the rim and allows air to escape from a tubeless tire.

Schwalbe Procore in short
Schwalbe Procore in short

Procore is available for 26″, 27.5″ or 29″ rims with minimum of 23mm internal rim width and for minimum of 2,2″ tire. Compared to Huck Norris the weight is considerably more, 220 grams per wheel and it also adds it to the place you don’t want it: to the wheel, increasing rolling mass. Procore system (one pair) costs about 200 euros.

Schwalbe’s Procore kit consists of a pair of tubes and inner tires, a roll of high-pressure rim tape, tubeless sealant, air sleeves, tire installation lubricant, dedicated tire levers, and decals to outfit two wheelsets. I used my existing rim tape as kit’s rim tape (for 25 mm) was useless for my 29 mm rims.

Half of the Schwalbe Procore kit
Half of the Schwalbe Procore kit

Although the Procore looks complicated and I had heard rumors of installing it, in practice it was fairly easy as the installation instruction show. Pinkbike’s review of Schwalbe’s Procore has also good explanation of the installation but the review otherwise is somewhat a mess. The only hassles I had was with keeping the tire sealant inside while getting the bead to set as I was too lazy to empty it. And one thing I forgot to put in place was the small clear patch over the valve hole as an additional seal but it worked anyways. I was in a bit hurry to install the Procore so I don’t have any pictures of it. Why test your new equipment beforehand when you can test it at the race.

Riding with Procore

I have only rode with Procore couple of days, practice and race at Tahko enduro MTB event and some local trails and it does what it promises. Although Tahko race had serious rock gardens my plus sized tire and rim survived without flats or dents whereas other riders had problems. Or maybe I just drove too slow (finished 32th) as I wasn’t exactly comfortable with 2,8″ Nobby Nic tires with 1,2 bar pressure on slippery rocks and grass. Without Procore I would’ve inflated it to at least 1,5 bar. Anyways the extra protection was welcome and money saver.

Procore seems to be good system as it doesn’t affect the tire behavior and adds protection but they say in the Internet that the high-pressure inner tube adds strain to the rim, loosens spokes’ tension and there has been a notable number of documented issues with carbon rims. With aluminum rims the issue not so clear and very few aluminium or carbon rim manufacturers have officially approved it but they haven’t recommended against it either. As I didn’t have a spoke tension meter when I installed Procore I can’t say whether or not the Internet is right. Time will tell.

Huck Norris or Procore: use both

Schwalbe’s Procore, in my opinion, is a good solution for protecting your tires and rims while allowing you to ride with lower tire pressures. Compared to much simpler Huck Norris, the more technical dual-chamber systems adds extra protection when needed but also additional weight which isn’t an issue when going downhill but makes a big difference when it comes to accelerating, and for long days on the pedals. But I would think twice before using Procore with carbon rims whereas Huck Norris is suitable for any rim.

When I get my 29″ wheels running again I will put Procore to the rear and Huck Norris in the front. Best of both worlds.

Using Apache for proxying connections to Crucible

Atlassian’s web applications are great tools for software development and they are relatively easy to setup because they come with Jetty servlet container and HQSQL database. You only have to install Java. Some of the applications can be also run like any normal deployable WAR-packaged web application for example with Apache Tomcat which gives you more control and administration options. But unfortunately code review tool Crucible isn’t one of those applications and maybe will never be.

Proxying connections to Crucible

By default Crucible runs in port 8060 which isn’t nicely looking for users. It’s way better to use ports 80 or 443 which are normal HTTP and HTTPS ports and are omitted from browser’s address bar. Of course you can configure that in the Administration screens, or by editing Crucible’s config.xml and restarting Crucible but if you run Crucible as a non root or also have other software running on the same server that isn’t an option.

One solution is to use Apache HTTP server to proxy connections from port 443 to Crucible’s listening port. I did it for Crucible and FishEye on CentOS x86_64 but things are mostly the same also on other Linuxes. I also disabled the HTTP port and used just the SSL enabled HTTPS with self generated certificates.

First we setup Apache for proxying connections to Crucible and then we generate some SSL certificates for HTTPS. If you haven’t Apache installed you can do it with yum like: yum install httpd.x86_64 mod_ssl openssl

1. Set HTTPS proxying in /etc/httpd/conf.d/ssl.conf

...

SSLProxyEngine on
ProxyRequests Off
ProxyPreserveHost On
ProxyPassReverse /crucible ajp://127.0.0.1:8060/crucible
proxyPass /crucible ajp://127.0.0.1:8060/crucible

RewriteEngine On
...

2. Generating SSL Certificate for Apache

# openssl genrsa -out localhost.key 1024
# openssl req -new -key localhost.key -out localhost.csr
# openssl x509 -req -days 365 -in localhost.csr -signkey localhost.key -out localhost.crt
# mv localhost.csr localhost.key /etc/pki/tls/private/
# mv localhost.crt /etc/pki/tls/certs/

3. Start httpd

# service httpd start

Configuring Crucible

4. Configure Crucible (http://hostname:8060/admin)

Edit Web Settings:
-----------------
Web context: crucible
Http Bind: (none)
Ajp13 Bind Address: ajp://127.0.0.1:8060/crucible

And you’re ready.

Weekly notes 10

Summer has been relative nice this far even here in Finland and my short holiday is just couple of days away. But before that it’s time to check this years Java tools and technologies landscape report, get some useful plugins for Atom, start developing a React application with no configuration and read about the benefits of Serverless architecture. And while traveling it’s good to listen to podcasts for developers.

Weekly notes, issue 25.7.2016

JavaScript

Create Apps with No Configuration
Developing a React app has lots of things to setup so using Create React App, officially supported way to create single-page React application, as a boilerplate generator is good choice. And with single command, and all the build dependencies, configs, and scripts are moved right into your project so you’re not lock-in.

A Better File Structure For React/Redux Applications
Something to think about how you organize your React code. Similar to how you could organize things with Java application.

Tools of the trade

Java Tools and Technologies Landscape Report 2016
ZeroTurnaround has just released its Java Tools and Technologies Landscape Report 2016, which analyzes the data about the tools and technologies Java developers use. Good to note that the survey received just over 2000 responses.

Atom treasures: a list of Atom plugins I can’t live without
AtomEditor is great for developers and better when extended with plugins. Found some new ones, like sync-settings. (from The Practical Dev)

New DevTools Web Performance Tooling Tips and Features (video)
Chrome’s DevTools is powerful but not always so easy to utilize. Paul Irish and Sam Saccone show off new tips, tricks and features in DevTools to help you debug the performance of your site.
(from HTML5 Weekly Issue 241)

Bash boilerplates
When hacking up Bash scripts, there are often things such as logging or command-line argument parsing that: You need every time, Come with a number of pitfalls you want to avoid, Keep you from your actual work. Here’s an attempt to bundle those things in a generalized way so that they are reusable as-is in most scripts.

Learning new things

79 Podcasts for Developers, Programmers & Software Engineers
Podcasts are incredibly useful for staying on top of all the latest happenings in software development.

Architecture

Benefits and drawbacks of Serverless architecture
Serverless architectures refer to applications that significantly depend on third-party services. But what are the benefits and drawbacks to such a way of designing and deploying applications. (from Java Web Weekly 133)

Something different

Cheating at Pokemon Go with a Hackrf and GPS spoofing
Pokemon Go has taken the world with enthusiasm and it requires you to walk around and explore the city for Pokestops, Gyms and hatching eggs. But why do that if you can cheat? Since the game is GPS based with little tinkering you can spoof your GPS location using a HackRF software defined radio and simulate walking around.

Expanding your horizons on JVM with Kotlin

The power of Java ecosystem lies in the Java Virtual Machine (JVM) which runs variety of programming languages which are better suitable for some tasks than Java. One relatively new JVM language is Kotlin which is statically typed programming language that targets the JVM and JavaScript. You can use it with Java, Android and the browser and it’s 100% interoperable with Java. Kotlin is open source (Apache 2 License) and developed by a team at JetBrains. The name comes from the Kotlin Island, near St. Petersburg. The first officially considered stable release of Kotlin v1.0 was released on February 15, 2016.

Why Kotlin?

“Kotlin is designed to be an industrial-strength object-oriented language, and to be a better language than Java but still be fully interoperable with Java code, allowing companies to make a gradual migration from Java to Kotlin.” – Kotlin, Wikipedia

Kotlin’s page summaries the question “Why Kotlin?” to:

  • Concise: Reduce the amount of boilerplate code you need to write.
  • Safe: Avoid entire classes of errors such as null pointer exceptions.
  • Versatile: Build server-side applications, Android apps or frontend code running in the browser. You can write code in Kotlin and target JavaScript to run on Node.js or in browser.
  • Interoperable: Leverage existing frameworks and libraries of the JVM with 100% Java Interoperability.

“You can write code that’s more expressive and more concise than even a scripting language, but with way fewer bugs and with way better performance.” – Why Kotlin is my next programming language

One of the obvious applications of Kotlin is Android development as the platform uses Java 6 although it can use most of Java 7 and some backported Java 8 features. Only the recent Android N which changes to use OpenJDK introduces support for Java 8 language features.

For Java developers one significant feature in Kotlin is Higher-Order Functions, function that takes functions as parameters, which makes functional programming more convenient than in Java. But in general, I’m not so sure if using Kotlin compared to Java 8 is as much beneficial. It smooths off a lot of Java’s rough edges, makes code leaner and costs nothing to adopt (other than using IntelliJ IDEA) so it’s at least worth trying. But if you’re stuck with legacy code and can’t upgrade from Java 6, I would jump right in.

Learning Kotlin

Coming from Java background Kotlin at first glance looks a lot leaner, elegant, simpler and the syntax is familiar if you’ve written Swift. To get to know the language it’s useful to do some Kotlin Examples and Koans which get you through how it works. They also have “Convert from Java” tool which is useful to see how Java classes translate to Kotlin. For mode detailed information you can read the complete reference to the Kotlin language and the standard library.

If you compare Kotlin to Java you see that null references are controlled by the type system, there’s no raw types, arrays are invariant (can’t assign an Array to an Array) and there’s no checked exceptions. Also semicolons are not required, there’s no static members, non-private fields or wildcard types.

And what Kotlin has that Java doesn’t have? For starters there’s null safety, smart casts, extension functions and lots of things Java just got in recent versions like Null safety, streams, lambdas ( although which are “expensive”). On the other hand Kotlin targets Java 6 bytecode and doesn’t use some of the improvements in Java 8 like invoke-dynamic or lambda support. Some of JDK7/8 features are going to be included in Standard Library in 1.1 and in the mean time you can use small kotlinx-support library. It provides extension and top-level functions to use JDK7/JDK8 features such as calling default methods of collection interfaces and use extension for AutoCloseable.

And you can also call Java code from Kotlin which makes it easier to write it alongside Java if you want to utilize it in existing project and write some part of your codebase with Kotlin.

The Kotlin Discuss is also nice forum to read experiences of using Kotlin.

Tooling: in practice IntelliJ IDEA

You can use simple text editors and compile your code from the command line or use build tools such as Ant, Gradle and Maven but good IDEs make the development more convenient. In practice, using Kotlin is easiest with JetBrains IntelliJ IDEA and you can use their open source Community edition for free. There’s also Eclipse plugin for Kotlin but naturally it’s much less sophisticated than the IntelliJ support.

Example project

The simplest way to start with Kotlin application is to use Spring Boot’s project generator, add your dependencies, choose Gradle or Maven and click on “Generate Project”.

There are some gotchas with using Spring and Kotling together which can be seen from Spring + Kotlin FAQ. For example by default, classes are final and you have to mark them as “open” if you want the standard Java behaviour. This is useful to know with @Configuration classes and @Bean methods. There’s also Kotlin Primavera which is a set of libraries to support Spring portfolio projects.

For example Spring Boot + Kotlin application you should look at Spring.io writeup where they do a geospatial messenger with Kotlin, Spring Boot and PostgreSQL

What does Kotlin look like compared to Java?
Simple example of using Java 6, Java 8 and Kotlin to filter a Map and return a String. Notice that Kotlin and Java 8 are quite similar.

# Java 6
String result = "";
for (Map.Entry<Integer, String> entry : someMap.entrySet()) {
	if("something".equals(entry.getValue())){
		result += entry.getValue();
}
 
# Java 8
String result = someMap.entrySet().stream()
		.filter(map -> "something".equals(map.getValue()))
		.map(map->map.getValue())
		.collect(Collectors.joining());
 
# Kotlin
val result = someMap
  .values
  .filter { it == "something" }
  .joinToString("")
 
# Kotlin, shorter 
val str = "something"
val result = str.repeat(someMap.count { it.value == str })
 
# Kotlin, more efficient with large maps where only some matching.
val result = someMap
  .asSequence()
  .map { it.value }
  .filter { it == "something" }
  .joinToString("")

The last Kotlin example makes the evaluation lazy by changing the map to sequence. In Kotlin collections map/filter methods aren’t lazy by default but create always a new collection. So if we call filter after values method then it’s not as efficient with large maps where only some elements are matching the predicate.

Using Java and Kotlin in same project

To start with Kotlin it’s easiest to mix it existing Java project and write some classes with Kotlin. Using Kotlin in Maven project is explained in the Reference and to compile mixed code applications Kotlin compiler should be invoked before Java compiler. In maven terms that means kotlin-maven-plugin should be run before maven-compiler-plugin.

Just add the kotlin and kotlin-maven-plugin to your pom.xml as following

<dependencies>
    <dependency>
        <groupId>org.jetbrains.kotlin</groupId>
        <artifactId>kotlin-stdlib</artifactId>
        <version>1.0.3</version>
    </dependency>
</dependencies>
 
<plugin>
    <artifactId>kotlin-maven-plugin</artifactId>
    <groupId>org.jetbrains.kotlin</groupId>
    <version>1.0.3</version>
    <executions>
        <execution>
            <id>compile</id>
            <phase>process-sources</phase>
            <goals> <goal>compile</goal> </goals>
        </execution>
        <execution>
            <id>test-compile</id>
            <phase>process-test-sources</phase>
            <goals> <goal>test-compile</goal> </goals>
        </execution>
    </executions>
</plugin>

Notes on testing

Almost everything is final in Kotlin by default (classes, methods, etc) which is good as it forces immutability, less bugs. In most cases you use interfaces which you can easily mock and in integration and functional tests you’re likely to use real classes, so even then final is not an obstacle. For using Mockito there’s Mockito-Kotlin library https://github.com/nhaarman/mockito-kotlin which provides helper functions.

You can also do better than just tests by using Spek which is a specification framework for Kotlin. It allows you to easily define specifications in a clear, understandable, human readable way.

There’s yet no static analyzers for Kotlin. Java has: FindBugs, PMD, Checkstyle, Sonarqube, Error Prone, FB infer. Kotlin has kotlinc and IntelliJ itself comes with static analysis engine called the Inspector. Findbugs works with Kotlin but detects some issues that are already covered by the programming language itself and are impossible in Kotlin.

To use Kotlin or not?

After writing some classes with Kotlin and testing converting existing Java classes to Kotlin it makes the code leaner and easier to read especially with data classes like DTOs. Less (boilerplate) code is better. You can call Java code from Kotlin and Kotlin code can be used from Java rather smoothly as well although there are some things to remember.

So, to use Kotlin or not? It looks a good statically-typed alternative to Java if you want to expand your horizons. It’s pragmatic evolution to Java that respects the need for good Java integration and doesn’t introduce anything that’s terribly hard to understand and includes a whole bunch of features you might like. The downsides what I’ve come across are that tooling support is kind of limited, meaning in practice only IntelliJ IDEA. Also documentation isn’t always up to date or updated when the language evolves and that’s also an issue when searching for examples and issues. But hey, everything is fun with Kotlin :)

Web analytics with Piwik: keeping control over your own data

Web analytics is one the essential tools for a website and including measuring web traffic and getting information about the number of visitors it can be also used as a tool to assess and improve the effectiveness of a website. The most common way to collect data is to use on-site web analytics, measure a visitor’s behavior once on your website, with page tagging technology like on Google Analytics which is widely used web analytics service. But what would you use if you want to keep control over your own data?

You don’t have to look far as the only open source web analytics application is Piwik which aims to be the ultimate open alternative to Google Analytics. Here’s a short overview to Piwik Analytics and how to get started with it.

“Web analytics is the measurement, collection, analysis and reporting of web data for purposes of understanding and optimizing web usage.” – Wikipedia

Piwik Open Analytics Platform

Piwik is web analytics application which tracks online visits to one or more websites and displays reports on these visits for analysis. In short it aims to be the ultimate open source alternative to Google Analytics. The code is GPL v3 licensed and available in GitHub. In technical side Piwik is written in PHP, uses MySQL database and you can host it by yourself. And if you don’t want to setup or host Piwik yourself you can also get commercial services.

Piwik provides the usual features you would expect from a web analytics application. You get reports regarding the geographic location of visits, the source of visits, the technical capabilities of visitors, what the visitors did and the time of visits. Piwik also provides features for analysis of the data it accumulates such as saving notes to data, goals for actions, transitions for seeing how visitors navigate, overlaying analytics data on top of a website and displaying how metrics change over time. The easiest way to see what it has to offer is to check the Piwik online demo.

Feature highlights

You might ask how Piwik differs from other web analytics applications such as Google Analytics? One principle advantage of using Piwik is that you are in control. You can host Piwik on your own server and the data is tracked inside your MySQL database: you’ve full control over your data. Software as a service analytics applications on the other hand, have full access to the data users collect. Data privacy is essential for public sector and enterprises who can’t or don’t want to share it for example with Google. You ensure that your visitors behavior on your website is not shared with advertising companies.

Other interesting feature is that it provides advanced privacy options: ability to anonymize IP addresses, purge tracking data regularly (but not report data), opt-out support and Do Not Track support. Your website visitors can decide if they want to be tracked.

You can also do scheduled reports which are sent by e-mail, import data from web server logs, use the API for accessing reports and administrative functions and Piwik also has mobile app to access the analytics data. Piwik is also customizable with plugins and you can integrate it with WordPress and other applications.

Piwik’s User Interface

Piwik has clean and simple user interface as seen in the following screenshots (taken from the online demo).

Piwik main view
Piwik main view

Piwik visitors overview
Piwik visitors overview

Setting up Piwik

Setting up Piwik is easy and there’s good documention available for running Piwik web analytics. All you need is web server like Nginx, PHP 5.5 and MySQL or MariaDB. You can setup it manually but the most easiest way to start with it is to use the provided Docker image and docker-compose. The docker-compose file setups four containers (MySQL, Piwik, Nginx and Cron) and with compose you can start it up. The Piwik image is available from official docker-library.

The alternative is to do your own Docker image for Piwik and related services. In my opinion it makes sense to have just two containers: one for Piwik related web stuff and other for MySQL. The Piwik container runs Piwik, Nginx and Cron script with e.g. supervisor. The official image uses Debian (from PHP) but Piwik runs nicely also on Alpine Linux. One thing to tinker with when using Docker is to get MySQL access to Piwik’s assets for LOAD DATA INFILE which will greatly speed Piwik’s archiving process.

If you’re setting up Piwik manually you can watch a video of installation and after that a video of configuring settings. After you’re done with the 5 minute installation you get the JavaScript tag which you add to the bottom of each page of your website. If you’re using React there’s Piwik analytics component for React Router. Piwik will then record the activity across your website within your database.

And that’s about all there is to starting with Piwik. Simple setup with Docker or doing it manually, adding the JavaScript tag, configuring some options if needed and then just wait for the data from visitors.

Summary

Piwik is good and feature rich alternative for web analytics application. Setting it up isn’t as straightforward as using some hosted service as Google Analytics but that’s the way self-hosted services always are. If you need web analytics and want to keep control of your own data and don’t mind hosting it yourseld and paying for the server then Piwik is a good choice.

Weekly notes 9

Summer is here and mountain biking trails are calling but keeping up with what happens in the field never stops. This week Apple had their worldwide developers conference which filled up social media although didn’t present anything remarkable. In the other news there was good collection of slides for Java developers, ebook for DevOps and HyperDev looks interesting for quickly bang out JavaScript.

Weekly notes, issue 9, 17.6.2016

Java: stay updated, reactive and in the cloud

13 Decks Java developers must see to stay updated
Selection of nice slideshows for Java developers. Best practices, microservices, debugging, Elasticsearch, SQL.

Java SE 8 best practices
Java 8 best practices by Stephen Colebourne’s is good read. The slides cover all the basic uses, such as lambdas, exceptions, streams and interfaces. (from the “13 Decks Java developers” post)

Microservices + Oracle: A Bright Future
Good slides of what are microservices. Considerations, prerequisites, patterns, technologies and Oracle’s plans. (from the “13 Decks Java developers” post)

Notes on Reactive Programming, Part I: The Reactive Landscape and Part II: Writing Some Code
A solid intro to the reactive programming. And no, it’s no coincidence that this is first. A reactive system is an entirely different beast, and such a good fit for a small set of scenarios. (from Java Web Weekly, Issue 128)

Netflix OSS, Spring Cloud, or Kubernetes? How About All of Them!
The Netflix ecosystem of tools is based on practical usage at scale, so it’s always super useful to go deep into understanding their tools. (from Java Web Weekly, Issue 128)

Takeouts from WWDC 2016


Digging into the dev documentation for APFS, Apple’s new file system

Interesting low level stuff in Mac OS Sierra. APFS takes over HFS+, has native encryption, snapshots (Time Machine done right) and is case-sensitive. Hacker News comments are worth reading.

The 13 biggest announcements from Apple WWDC 2016
WWDC 2016 was about software and incremental changes. Siri is opening up to app developers, iOS is growing up, iOS gets Apple TV remote app and Apple introduces single sign-on system.

Continuous learning

DevOpsSec: Securing Software through Continuous Delivery
DevOpsSec free ebook is worth reading if you’re interested securing software through continuous delivery. Uses case studies from Etsy, Netflix, and the London Multi-Asset Exchange to illustrate the steps leading organizations have taken to secure their DevOps processes.

Microservice Pitfalls & AntiPatterns, Part 1
An anti-pattern is just like a pattern, except that instead of a solution it gives something that looks superficially like a solution but isn’t one. A pitfall is something that was never a good idea, even from the start. (from The Microservice Weekly #31)

Tools of the trade

Introducing HyperDev
HyperDev looks to be an interesting new product at Fog Creek Software (known from e.g. Trello). It’s developer playground for building full-stack web-apps fast. “The fastest way to bang out JavaScript code on Node.js and get it running on the internet.” as Joel Spolsky describes it.

V8, modern JavaScript, and beyond – Google I/O 2016
Debugging Node.js apps with Chrome Developer Tools is soon enabled by coming v8_inspector support.

Something different

Why do we have allergies?
Allergies such as peanut allergy and hay fever make millions of us miserable, but scientists aren’t even sure why they exist.