This year has started slowly and weekly notes has frozen to monthly notes. This time they tell us i.a. how to put Spring Boot in Docker, useful features of Java EE 7, ponder what all there’s to do to launch your mobile app, read tips how to get better with Node.js and how smaller is better. And finally we have Yoga routine to keep our body in shape.
New year’s Spring Boot tricks in a container
Read how you can combine Spring Boot’s hot restarting and running application in a Docker container. Of course you could just run Spring Boot from the IDE and expose the MongoDB container port for the application.
The Website Obesity Crisis
Keynote from Web Directions 2015: The Website Obesity Crisis. Beautiful websites come in all sizes and page weights but mostly-text sites are growing bigger with every passing year when there’s no reason for that. There’s also video.
How to Become a Better Node.js Developer in 2016
Tips and best practices not just for development but how to operate Node.js infrastructures, how you should do your day-to-day development and other useful pieces of advice. (from Twitter)
15-minute yoga routine to enhance balance and agility
See how yoga can help you to enhance your balance and agility, including a 15-minute video that demonstrates these principles. This is targeted more for mountainbike riders than developers but better agility and balance doesn’t hurt anyone :)
I’ve been using IRC for some time and although Irssi has served me well, it’s time to try something different. WeeChat is a modular chat client with support for IRC and the interesting part is that it’s possible to use other interfaces like glowing-bear web frontend. WeeChat is similar to Irssi so switching over shouldn’t be an issue. But to get the configuration right and what you had on Irssi needs some effort. Here are my notes about starting with WeeChat and how I like my chat client to look.
Compiling Weechat on CentOS 6
I have my shell on CentOS and although you can find WeeChat from the repositories, it’s quite old (0.4.3 when 1.4. is the newest). So you might want to compile WeeChat by yourself. Compiling WeeChat is explained on the User Guide. You need to install some libraries before you can try using make.
After you’ve installed the needed packages download WeeChat sources and extract the weechat-1.4.tar.gz package to directory you want.
Go to the directory you extracted WeeChat and run the following commands:
$ mkdir build
$ cd build
$ cmake .. -DCMAKE_INSTALL_PREFIX=/path/to/directory
$ make install
Quick Start guide helps you to get started so I don’t duplicate that here. If you’re familiar with Irssi you should feel more or less at home. As I didn’t use much scripts in Irssi the most difficult part for me was to create as good theme as I had with Irssi. Otherwise the switch went better than expected.
Start WeeChat with weechat so we can start configuration.
When I started with WeeChat of course I googled how others had configured it and thus my configuration is based on this and some other snippets.
buffer_autoclose.py: Automatically close inactive private message buffers.
iset.pl: Interactive Set for configuration options
colorize_nicks.py: Use the weechat nick colors in the chat area and command line.
urlbuf.py: Common buffer for received URLs.
irssi_awaylog.py: Log highlights/private messages when you are away.
screen_away.py: Set away status when detaching and attaching from screen or tmux.
To see and set the options for the plugins you can use /set with wildcard “*”
You can install scripts also by typing “script search iset” and a selection of available plugins will appear. To leave it type “q” then press enter, if you want to install the script type “i” then press enter.
Adjust layout and colors
Make the title bar and the status bar using dark colors.
1. Enable option “eat_newline_glitch”, so that new line char is not added at the end of each line displayed (it will not break URL selection):
/set weechat.look.eat_newline_glitch on
2. Move nicklist to top and remove alignment on nick:
/set weechat.bar.nicklist.position top
/set weechat.look.prefix_align none
/set weechat.look.align_end_of_lines time
I found the first option to be better as it lets you to have the prefix after nick and before text. It’s not as good as Irssi has it but it works. I hope they’ll merge this pull request which should make it better.
You can also use the bare display (default key: Alt+l).
Joining channels with channel names on different character set, like ISO8859-1 and umlauts.
The default key is Ctrl+r (command is: /input search_text_here). And jump to highlights: Alt+p / Alt+n.
Log all messages on IRC buffers but not join/part/quit messages:
All IRC buffers: /set logger.level.irc 3
Server and its channels: /set logger.level.irc.freenode 3
Specific channel: /set logger.level.irc.freenode.#weechat 3
Configuration with iset
Now you should have basic setup quite right and to continue configurations it’s nice to use iset plugin. Just type /iset to enter the iset screen. You will now see a list of all the parameters which can be modified. If you type something in the input bar, it will look for the pattern in the list of variables. If you want to search through the values, put an = before the pattern.
To change the value, press Alt + Enter then enter the new value (it is possible to navigate through values depending on variable type by pressing the Tab key).
After short use WeeChat works as well as Irssi and vice versa. It will be seen if I stuck with it or get back to Irssi. I’m not quite satisfied with the configuration but it works well enough.
A year has again come to its end and it’s time to look back what I’ve managed to write about and do some planning for the new year of 2016. This year my writing schedule was as leisurely as usual and I managed to put together of 19 articles. Which five of them are about my new post series, weekly notes. On average I managed to kept my pace of at least one post per month. Yay. Things have gone quite well overall. I’ve learned new things and got things done :)
Mobile development on the rise
Things on Sailfish OS and Jolla front has been quiet but I did a new game: Falldown. Or actually ported it from Ubuntu Touch. It was a fun experience as I needed to build Bacon2D library for Sailfish OS and package it correctly so it can be accepted on Jolla Store.
It will be interesting to see how my iOS applications attract users and will they beat my Sailfish OS user base :) At least it will be easier to get statistics from your apps from iTunes Connnect than Jolla Harbour. Over a year I have collected data manually and plotted how my five apps have users on Jolla.
Keeping up with Weekly notes
For some time I have read or in practice collected several software development related newsletters on my inbox. I like to follow what happens on the field and reading Twitter, Reddit and Hacker News is nicely complemented with some newsletters. But that’s not all there is to it. I’ve found it’s useful to make summaries what I’ve read and thus started my Weekly notes blog post series. Although next year I probably will post weekly notes bi-weekly. That’s fortnightly, once in two weeks.
Learning from others at meetups
One way of learning new things is to hear how others do things and get do ideas how to make things better. I’ve found that attending meetups and conferences are nice way to both freshen your thinking and get to know people working on the same field. This year I went to OWASP Helsinki Chapter meeting 27 and got to hear Troy Hunt’s talks of “50 Shades of AppSec” and “Hack yourself first”. It was great event, met old friends from school and the views from the sauna were magnificent.
Agile methodologies are know widely used and accepted but what’s beyond agile? That was the theme what Tampere goes Agile asked this year. It was my first time visiting the event and it was nice experience. The topics provided something to think about and not just the same agile thinking. You could clearly see the theme “Inspired beyond agile” working through different presentations and the emphasis was about changing our mindsets. In short: Agile is mindset. Culture eats agile. no management, no projects. Think small. Focus on benefit. Test & automate. Pair. Liberate.
The meetup scene in Helsinki seems to be warming up and there’s lots of events to go. I didn’t write posts from all meetups I attended like Finland AWS Meetup with Sovelto but wrote about DevOps Finlands’ meetup about ApiOps and test automation. Nice events and good talks later on.
I will certainly keep notes on interesting meetups also next year.
Books on the shelf
I like reading books but usually not the kinds which are technical and you could learn something from. But still I got my hands on “Iron-Clad Java: Building secure Web applications” book which was highly informative and you can’t read it without learning important things about security. In good and bad the book gives somewhat opinionated answers what technics and tools you can use to address security issues but overall the advice is solid and un-biased and more or less framework agnostic.
The other software related book I found myself reading was “Real World Java EE Night Hacks”. It walks through best practices and patterns used to create a Java EE 6 application and covers several important topics from architecture to performance and monitoring to testing. The book has 167 pages with source code so the topics are more about getting the idea than explaining them thoroughly.
In 2016 I will make myself study for the Java Programmer Certificate and read the OCA/OCP Java SE 7 Programmer I & II Study Guide. That’s about 1000 pages to go through with lights on.
Software development as usual
I work as a software developer and it entails all kinds of interesting aspects of doing things. Virtualization isn’t a new thing but with tools like Vagrant you can easily automate the creation of your development environment. And for that you need a base box which you can get from 3rd party or what’s better, you can create your own Vagrant base box with veewee. This way you know what’s in the box and get to customize it for your needs. I used Vagrant for WordPress theme development and later for creating legacy Java EE 5 development environment for OC4J, Oracle 11g XE and Java 1.5 on OS X.
New year, interesting things ahead
Past year was good and I got to do fun projects like my first iOS application and in overall all things went as usual. Work, training, personal projects and stuff like that. Nothing spectacular.
New year of 2016 will be interesting as I just started in new job at awesome company, Gofore. I’m looking forward to new projects and getting things done with great coworkers. I’m certain that there will be interesting articles to be written next year so stay tuned by subscribing to the RSS feed or follow me on Twitter. Check also my other blog in Finnish.
Happy new year!
“This is a new year. A new beginning. And things will change.”
Christmas holidays is soon here but before that it’s time to see what I’ve read this week. I’ve been playing with legacy Java EE 5 development and came across System Integrity Protection in OS X which prevents you of installing JDK 5. And on top of that I just wish I could run OC4J with JDK 5 on Docker as you can do for WebLogic 12.2.1. In security point of view there was startling announcement as Juniper Networks had found backdoor in their firewalls code. We also learn the basics of web accessibility and if you’re not using dotfiles and you’re on Linux or OS X, now is a good time to start.
Java EE Kick-off app
Java EE kickoff app is an app skeleton that demonstrates a couple of technologies:
JSF 2.1 views, CDI backing beans, JASPIC authentication, EJB services, Bean Validation, JPA models, Java EE 6 and H2 database.
The web accessibility basics
List of absolute web accessibility basics every web developer should know about and which are extremely easy to implement but matter a lot. Next time you build something, consider incorporating those few things. (from WDRL 117)
WebLogic 12.2.1 on Docker
Interesting article with examples of how to run WebLogic 12.2.1 on Docker as I just played with Vagrant and Ansible for creating legacy Java EE 5 development environment with OC4J. Maybe in the future legacy environments are easier to manage as you can virtualize them more easily.
One Googler’s take on managing your time
If you don’t have time to read this… read it twice. The maker’s day is most effective in half-day or full-day blocks. Commit to protecting Make Time on your calendar including the time and place where you’ll be making, and ideally detail on what you’ll be making. That way, you know, it’ll actually happen.
Detect and disconnect WiFi cameras in that AirBnB you’re staying in
There have been a few too many stories lately of AirBnB hosts caught spying on their guests with WiFi cameras, using DropCam cameras in particular. Here’s a quick script that will detect two popular brands of WiFi cameras during your stay and disconnect them in turn.
Researchers Solve Juniper Backdoor Mystery; Signs Point to NSA
Internal code review pays off for Juniper. This week Juniper Networks revealed in a startling announcement that it had found “unauthorized” code embedded in an operating system running on some of its firewalls, ScreenOS. As the terrific summary of the Juniper backdoor explains, it allowed attackers to take complete control of Juniper NetScreen firewalls. This is a very good showcase for why backdoors are really something governments should not have in these types of devices because at some point it will backfire when other hackers will piggyback on top of existing backdoor to build their own backdoor.
Instagram’s Million Dollar Bug
tl;dr; Security researcher finds remote code execution vulnerability in Instagram which pivots to getting all kinds of data from AWS S3 but Facebook CSO plays it down to trivial and a thing which violates the poorly worded whitehat program rules. The point of this story is that Facebook fails on their bug bounty program as their actions show that it would be better just to “sell million dollar bugs on the black market for a million dollars” and not get threaten with legal actions for just being a good guy.
Issue 4, 2015-12-16
Spring Boot Memory Performance
Interesting article about Spring Boot memory performance (and tools to measure it). But shouldn’t we compare it to Java EE?
Hibernate Logging Guide
Logging database queries with Hibernate is relatively easy but it’s good to recall the logging options. Like use different log categories and don’t use show_sql to log SQL queries.
You Don’t Know JS (book series)
SurviveJS – Webpack and React SurviveJS – Webpack and React shows you how to build a simple Kanban application based on these technologies. There’s a free online version of the book and Leanpub version with extra content.
OS X security and privacy guide
Collection of thoughts on securing a modern Apple Mac computer using OS X 10.11 “El Capitan”, as well as steps to improving online privacy. Targeted to “power users”.
Empire of Code
Empire of Code is a space game with a mix of strategy, tactics and coding.
Issue #3, 2015-12-09
Building for HTTP/2
Raspberry Pi Zero: the $5 computer
Raspberry Pi gets even smaller and cheaper with the Zero and provides almost the same processing power as the original. Unfortunately they sold out quickly and didn’t get one yet. (from Hacker News)
Weekly notes are here again and I have to say that the week has passed swiftly. With all the pre-christmas parties and switching jobs, I also managed to read some articles. Here are my chosen articles for this week.
Segment’s Engineering Team’s Best Practices
There are lots of “Best Practices” you gather while working with things and Segment’s Engineering Team chose a handful of ‘pro tips’ to share that seemed most broadly applicable. They keep their engineering guidelines in Wiki page. Do you? (from Weekend reading)
Broken Performance Tools (pdf)
Good overview to performance tools and how to be cautious using them as they are broken and misleading. Trust nothing, verify everything. Observe, Profile and Visualize Everything. Benchmark Nothing. Do Active Benchmarking. (from IRC)
1Password for teams
Passwords are everywhere and 1Password for team sharing is said to be better than Meldium, OneLogin or Bitium. It has fantastic UI, works great on mobile, can share logins, WiFi, credit cards, notes and documents. (from Weekend reading)
Seriously, Don’t Use Icon Fonts
I’m not sure what’s my opinion about using icon fonts and by reading the comments the issue isn’t quite clear. SVG browser support is fine so there is no need to use icon fonts anymore as it can harm accessibility. (from Web Design Weekly)
Buffer’s Transparent salaries
Salaries seems to be a thing you don’t talk about but maybe we should. Couple of years ago Buffer shared their transparent salary formula and now they have update it and made a web app to test it. Haven’t seen similar approaches here in Finland although if I remember right Vincit has internally transparent salaries.
(from Web Development Reading List)
Chrome Extensions – AKA Total Absence of Privacy
Using extensions should be done with care as they aren’t always what they look like. Some Chrome extensions are constantly tracking you per default, making it very difficult or impossible for you to opt-out. These extensions will receive your complete browsing history, all your cookies, your secret access-tokens used for authentication (i.e., Facebook Connect) and shared links from sites such as Dropbox and Google Drive. (from Weekend reading)
For some time I’ve been reading several newsletters to keep note what happens in the field of software development and the intention was also to share the interesting parts here. And now it’s time to move from intent to action.
In the new “Weekly notes” series I share what interesting articles I have read with short comments. The overall topic is technology but other than that they can cover all things related to software development, from web applications to mobile development and from devops to user experience. I’ll publish my reading list every week or every two weeks.
I also tweet about interesting topics so follow me on Twitter: Follow @walokra
Modern Java – A Guide to Java 8
Java 8 brings quite a lot of new things like default interface methods, lambda expressions, method references and repeatable annotations. This tutorial guides you step by step through all new language features. (from Hacker News)
How snowmaking works
If the Mother Nature isn’t doing its job and making snow, we can do it by ourselves. Important topic as couple of Winters even here in Finland have been mild and it’s not looking good this year either. “A resort that can guarantee 5+ inches of powder every day is a license to print money.” (from Hacker News)
Couple of weeks ago at Tampere goes Agile the question was what’s beyond agile and partial answer was DevOps. I’ve read about DevOps before and tried to introduce it to use in my daily job but new things move slowly. So, it was good time to hear more about DevOps and how others are using it at DevOps Finland meetup about ApiOPs and Test Automation. The meetup was held at GE Healthcare building in Vallila and organized by Eficode. Delicious coffee and sandwiches were from Warrior coffee. Here’s my short notes about the topics discussed.
The talk was more about mindset related to developing APIs than tools but Swagger was mentioned for representing your API and SoapUI for testing. For API management Moilanen talked about APInf which is an API management platform.
Test automation with Robot Framework
Eficode guys talked about Test automation with Robot Framework which is a generic test automation framework for acceptance testing and acceptance test-driven development (ATDD). It’s originally developed in Nokia Networks 2005 and open sourced in 2006. Robot Framework uses keyword-driven testing approach and it’s capabilities can be extended by test libraries implemented either with Python or Java. Robot Framework is quite big in Finland but to get the work forward and more known worldwide there’s now Robot Framework Association put together by Eficode, Omenia, Reaktor, Eliga, Knowit, Qentinel and HiQ.
After some technical difficulties with projector we heard intro to Robot Framework with Selenium2Library and saw video about using it. Selenium is a suite of tools to automate web browsers and with Selenium2Library you can use it with Robot Framework to easily implement and maintain automatic browser testing of your web application. Another use case which I find interesting is for testing REST APIs.
You can use Robot Framework in many was as we saw with the demo of a machine for automating payment terminal testing which Eficode had built (slides, blog post in Finnish). It was a Shapeoko 2 CNC milling machine where Arduino parsed g-code sent over terminal bus, payment terminal was captured with Tesseract OCR and it was controlled by Robot Framework running in Raspberry Pi. They had extended Robot Framework with new libraries for communicating over serial bus and reading images from Raspberry Pi camera.
What you can do with Robot Framework is up to you as the framework doesn’t limit you.
Future of DevOps Finland
The last talk of the meetup was about the future of DevOps Finland. DevOps Finland was started in 2013 by Erno Aapa and now the load is distributed over new planning team to keep things active. Sharing is caring and so we were encouraged to share our experiences and war stories about DevOps by talking in some future meetup.
Some possible future themes for the meetup were also discussed.
e.g. Coreos, Mesos, Kubernetes, AWS tools, Rancher.
DevOps on Windows
PoweShell and Azure.
DevOps without computers
AWS lambda, heroku, dokku, aws beanstalk, Google app engine, IBM Bluemix. (DevOps as a service).
Couple of years ago I wrote about patching RichFaces 3.3.3 AJAX.js for IE9 and as the browser world has moved on, it’s now time to patch RichFaces 3.3.3 AJAX.js for Internet Explorer 11. Of course you could update your web application to JSF 2 and RichFaces 4 or PrimeFaces but it’s neither trivial nor free. The issue with RichFaces 3.3.3 still stands, development has moved to 4.x version and they’ve dropped support for the older versions although at least IE issues could be easily fixed. Fortunately patching RichFaces AJAX.js is relatively easy.
The problem with Internet Explorer 11 is that although you upgraded Sarissa Framework and patched RichFaces AJAX.js file for IE 9 it just isn’t enough anymore as IE 11 uses different User-agent string and disguises itself as “like Gecko”. The User-agent string in Win 8.1 for IE11 is “Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko”. The issue is also discussed on JBoss Forums and on Stack Overflow.
The different User-agent string breakes the “rerender” after Ajax Request. For example using a4j:function in combination with “rerender” is not working on IE 11 and the problem is that after Ajax request the result XML can’t be correctly append to the body. Also the rerendering is abnormal for h:inputTextarea, rich:modalPanel, h:inputTextarea and rich:calendar.
The other thing I noticed with RichFaces 3.3.3 and modern browsers is that if you use ui:fragment which contains rich:suggestionbox and rerender it, the suggestionbox doesn’t work correctly. It gives an error: SCRIPT5007: Unable to get property 'parentNode' of undefined or null reference. For now I didn’t have time to figure out the issue and just changed my page structure and function.
Although it’s 2015 using JSF 1.2 and RichFaces 3.3.3 is still working quite nicely :)