2015 retrospective

A year has again come to its end and it’s time to look back what I’ve managed to write about and do some planning for the new year of 2016. This year my writing schedule was as leisurely as usual and I managed to put together of 19 articles. Which five of them are about my new post series, weekly notes. On average I managed to kept my pace of at least one post per month. Yay. Things have gone quite well overall. I’ve learned new things and got things done :)

Mobile development on the rise

I started mobile development couple of years back with Jolla and Sailfish OS and this year I continued with iOS. Starting iOS development with Swift and Xcode for Apple iPhone and iPad devices has been quite a different experience than using Qt, QML and JavaScript for Sailfish OS. Learning new concepts with Swift and how the App Store works has been great but not always as fun as they say. Especially using the Xcode’s Interface Builder for creating user interface is a task I’m not comfortable with compared to using plain code as with QML. But I got my first iOS application published for iPhone and iPad: Highkara news reader for High.fi news portal. It’s available on App Store.

Highkara news reader
Highkara news reader

Things on Sailfish OS and Jolla front has been quiet but I did a new game: Falldown. Or actually ported it from Ubuntu Touch. It was a fun experience as I needed to build Bacon2D library for Sailfish OS and package it correctly so it can be accepted on Jolla Store.

It will be interesting to see how my iOS applications attract users and will they beat my Sailfish OS user base :) At least it will be easier to get statistics from your apps from iTunes Connnect than Jolla Harbour. Over a year I have collected data manually and plotted how my five apps have users on Jolla.

Jolla Store statistics
Jolla Store statistics
Active install graph
Active install graph

Keeping up with Weekly notes

For some time I have read or in practice collected several software development related newsletters on my inbox. I like to follow what happens on the field and reading Twitter, Reddit and Hacker News is nicely complemented with some newsletters. But that’s not all there is to it. I’ve found it’s useful to make summaries what I’ve read and thus started my Weekly notes blog post series. Although next year I probably will post weekly notes bi-weekly. That’s fortnightly, once in two weeks.

Learning from others at meetups

One way of learning new things is to hear how others do things and get do ideas how to make things better. I’ve found that attending meetups and conferences are nice way to both freshen your thinking and get to know people working on the same field. This year I went to OWASP Helsinki Chapter meeting 27 and got to hear Troy Hunt’s talks of “50 Shades of AppSec” and “Hack yourself first”. It was great event, met old friends from school and the views from the sauna were magnificent.

Or is it?
Or is it?

Agile methodologies are know widely used and accepted but what’s beyond agile? That was the theme what Tampere goes Agile asked this year. It was my first time visiting the event and it was nice experience. The topics provided something to think about and not just the same agile thinking. You could clearly see the theme “Inspired beyond agile” working through different presentations and the emphasis was about changing our mindsets. In short: Agile is mindset. Culture eats agile. no management, no projects. Think small. Focus on benefit. Test & automate. Pair. Liberate.

Continuous flow of waterfall
Continuous flow of waterfall

The meetup scene in Helsinki seems to be warming up and there’s lots of events to go. I didn’t write posts from all meetups I attended like Finland AWS Meetup with Sovelto but wrote about DevOps Finlands’ meetup about ApiOps and test automation. Nice events and good talks later on.

I will certainly keep notes on interesting meetups also next year.

Books on the shelf

I like reading books but usually not the kinds which are technical and you could learn something from. But still I got my hands on “Iron-Clad Java: Building secure Web applications” book which was highly informative and you can’t read it without learning important things about security. In good and bad the book gives somewhat opinionated answers what technics and tools you can use to address security issues but overall the advice is solid and un-biased and more or less framework agnostic.

The other software related book I found myself reading was “Real World Java EE Night Hacks”. It walks through best practices and patterns used to create a Java EE 6 application and covers several important topics from architecture to performance and monitoring to testing. The book has 167 pages with source code so the topics are more about getting the idea than explaining them thoroughly.

In 2016 I will make myself study for the Java Programmer Certificate and read the OCA/OCP Java SE 7 Programmer I & II Study Guide. That’s about 1000 pages to go through with lights on.

Software development as usual

I work as a software developer and it entails all kinds of interesting aspects of doing things. Virtualization isn’t a new thing but with tools like Vagrant you can easily automate the creation of your development environment. And for that you need a base box which you can get from 3rd party or what’s better, you can create your own Vagrant base box with veewee. This way you know what’s in the box and get to customize it for your needs. I used Vagrant for WordPress theme development and later for creating legacy Java EE 5 development environment for OC4J, Oracle 11g XE and Java 1.5 on OS X.

Installing CentOS to Vagrant Box with Veewee
Installing CentOS to Vagrant Box with Veewee

Getting to play with Vagrant and provisioning it with Ansible was maybe the most useful thing this year what comes to development environments. Also switching from Eclipse to highly praised IntelliJ IDEA was great move. Although it took some time to get familiar with IDEA’s keyboard shortcuts. IDEA is nice upgrade form Eclipse especially for JavaScript development but Eclipse has it’s perks with Java and Maven.

Developing legacy applications and using enterprise Java EE environments were still on my daily list and I got to deal with annoyances like disabling Derby in Oracle WebLogic 12c and patching Richfaces 3.3.3. for IE 11. Fortunately it looks that next year I get to leave those behind and concentrate on modern environments.

One thing I didn’t have time to write this year was about starting JavaScript development. As a full-stack developer I’ve found myself writing more JavaScript this year than Java. Mostly Backbone.js and later got my hands dirty with Angular.js. To manage our build process and JavaScript libraries I wrote about setting up bower and gulp in Windows although you could ditch Bower and go just with npm. So many new tools to use that I think next year there won’t be shortage on topics to write :)

New year, interesting things ahead

Past year was good and I got to do fun projects like my first iOS application and in overall all things went as usual. Work, training, personal projects and stuff like that. Nothing spectacular.

New year of 2016 will be interesting as I just started in new job at awesome company, Gofore. I’m looking forward to new projects and getting things done with great coworkers. I’m certain that there will be interesting articles to be written next year so stay tuned by subscribing to the RSS feed or follow me on Twitter. Check also my other blog in Finnish.

Happy new year!

“This is a new year. A new beginning. And things will change.”

Weekly notes 5

Christmas holidays is soon here but before that it’s time to see what I’ve read this week. I’ve been playing with legacy Java EE 5 development and came across System Integrity Protection in OS X which prevents you of installing JDK 5. And on top of that I just wish I could run OC4J with JDK 5 on Docker as you can do for WebLogic 12.2.1. In security point of view there was startling announcement as Juniper Networks had found backdoor in their firewalls code. We also learn the basics of web accessibility and if you’re not using dotfiles and you’re on Linux or OS X, now is a good time to start.

Until next week, Happy Holidays!

Issue 5, 2015-12-23


Survey of essential tools/frameworks for the modern Java developer
Opinionated choices for modern Java developer.

Java EE Kick-off app
Java EE kickoff app is an app skeleton that demonstrates a couple of technologies:
JSF 2.1 views, CDI backing beans, JASPIC authentication, EJB services, Bean Validation, JPA models, Java EE 6 and H2 database.

What is the “System Integrity Protection” feature in El Capitan?
I was developing legacy Java EE 5 application and came across problems with installing JDK5 for OS X El Capitan. Turns out that even with root you can’t modify certain directories. It’s for your own protection. Annoying.

The Serverless Start-Up – Down With Servers
Do you need servers? Using AWS Lambda to build a startup that has no servers per se. (from Weekend reading)

The web accessibility basics
List of absolute web accessibility basics every web developer should know about and which are extremely easy to implement but matter a lot. Next time you build something, consider incorporating those few things. (from WDRL 117)


3 Disasters Which I Solved With JProfiler
Interesting article of using JProfile to solve problems caused by using JPA and Hibernate.

WebLogic 12.2.1 on Docker
Interesting article with examples of how to run WebLogic 12.2.1 on Docker as I just played with Vagrant and Ansible for creating legacy Java EE 5 development environment with OC4J. Maybe in the future legacy environments are easier to manage as you can virtualize them more easily.

Unofficial guide to dotfiles on GitHub
Good source for dotfiles with different environments and tools. I’ve found that Mathias Bynens’ OS X defaultsscript is legendary. (from Hacker News)

To think about

One Googler’s take on managing your time
If you don’t have time to read this… read it twice. The maker’s day is most effective in half-day or full-day blocks. Commit to protecting Make Time on your calendar including the time and place where you’ll be making, and ideally detail on what you’ll be making. That way, you know, it’ll actually happen.


Detect and disconnect WiFi cameras in that AirBnB you’re staying in
There have been a few too many stories lately of AirBnB hosts caught spying on their guests with WiFi cameras, using DropCam cameras in particular. Here’s a quick script that will detect two popular brands of WiFi cameras during your stay and disconnect them in turn.

Researchers Solve Juniper Backdoor Mystery; Signs Point to NSA
Internal code review pays off for Juniper. This week Juniper Networks revealed in a startling announcement that it had found “unauthorized” code embedded in an operating system running on some of its firewalls, ScreenOS. As the terrific summary of the Juniper backdoor explains, it allowed attackers to take complete control of Juniper NetScreen firewalls. This is a very good showcase for why backdoors are really something governments should not have in these types of devices because at some point it will backfire when other hackers will piggyback on top of existing backdoor to build their own backdoor.

Instagram’s Million Dollar Bug
tl;dr; Security researcher finds remote code execution vulnerability in Instagram which pivots to getting all kinds of data from AWS S3 but Facebook CSO plays it down to trivial and a thing which violates the poorly worded whitehat program rules. The point of this story is that Facebook fails on their bug bounty program as their actions show that it would be better just to “sell million dollar bugs on the black market for a million dollars” and not get threaten with legal actions for just being a good guy.

Something different

20+ Cheatsheets & Infographics For Photographers
Informatic cheatsheets for photographers covering various aspects of photography. Also a good resource for fresh and new ideas.

Weekly notes 4

This week there are couple of books to read which helps you to learn functional programming, realize that you don’t know JavaScript and helps you to build Kanban board with Webpack and React. Also you can read thoughts on securing OS X, get some information about Spring Boot memory performance and read about reasonable approach to React and JSX. Happy reading.

Issue 4, 2015-12-16


Spring Boot Memory Performance
Interesting article about Spring Boot memory performance (and tools to measure it). But shouldn’t we compare it to Java EE?

Hibernate Logging Guide
Logging database queries with Hibernate is relatively easy but it’s good to recall the logging options. Like use different log categories and don’t use show_sql to log SQL queries.

Here are some of the best resources to learn about PHP 7
PHP 7 is out and it might be time to learn more about it and migrate from 5.6.X to 7.0.X. For example benchmarks of WordPress using PHP 7 are showing a 2-3x speed improvement. The only question is if the plugins are ready for PHP 7? (from WDRL 116)

Airbnb React/JSX Style Guide
“A mostly reasonable approach to React and JSX” (from Weekend Reading)


Professor Frisby’s mostly adequate guide to functional programming
Book on the functional paradigm in general which uses the world’s most popular functional programming language: JavaScript. Available in ePUB, MOBI and PDF.

You Don’t Know JS (book series)
Series of books diving deep into the core mechanisms of the JavaScript language. The series is released in GitHub as drafts, free to read and you can get buy them through O’Reilly.

SurviveJS – Webpack and React
SurviveJS – Webpack and React shows you how to build a simple Kanban application based on these technologies. There’s a free online version of the book and Leanpub version with extra content.

Good to know

What the Web Can Do Today
Good list of feature sets on the web. Includes code examples.

OS X security and privacy guide
Collection of thoughts on securing a modern Apple Mac computer using OS X 10.11 “El Capitan”, as well as steps to improving online privacy. Targeted to “power users”.

Something different

Empire of Code
Empire of Code is a space game with a mix of strategy, tactics and coding.
You can play the game with or without coding skills, but knowing how to code will definitely give you an advantage. Unleash your Python and JavaScript skills.

Empire of Code

Weekly notes 3

It has been rainy week here in Finland with pre-christmas parties (again) and also our 98th independence day. Yay! This weeks articles are about JavaScript, Microservices, User experience and tutorial for ToDo app with React.js.

Issue #3, 2015-12-09


Advancing JavaScript without breaking the Web
Christian Heilmann presented earlier this year at the MunichJS meetup how the advancements in ECMAScript (aka JavaScript) are a great opportunity, but also a challenge for the web. His article with slides and video takes a look at how whilst adding new, important features we’re also running the danger of breaking backwards compatibility.

Spring Boot Microservices, Containers, and Kubernetes – How-to
Ray Tsang discusses how to create a Java-based microservice using Spring Boot, containerize it using Maven plugins, and subsequently deploy a fleet of microservices and dependent components such as Redis using Kubernetes.

Building for HTTP/2
Rebecca Murphey shares the fresh concepts of HTTP/2 and how it will affect our tool and build-chain for JavaScript applications. A few good thoughts in there that we can keep in mind to optimize the delivery of large-scale front-end applications. (from WDRL 115)

User experience

How to fix a bad user interface
Some good advice how to fix a bad user interface. tl;dr; Handle your app User Interface states. (from Hacker News)

How Apple Is Giving Design A Bad Name
“Apple is destroying design… revitalizing the old belief that design is only about making things look pretty.” And with recent iPhone Battery case Apple looks to have lost the spark. (from Userfocus Dec 2015)

Good to know

Using the HTML5 Fullscreen API for Phishing Attacks
I was wondering why browsers show the “annoying” message when you go into fullscreen mode but it’s there for a reason, to let people detect phishing attacks. (from WDRL 115)

Tools of the trade

Let’s Encrypt now in public Beta
Let’s Encrypt is a new Certificate Authority with the goal of helping everyone encrypt. It’s free, automated, and open. Now in Public Beta so you can give it a try by following this guide. (from Hacker News)

Must see JavaScript dev tools
A great walk through some of the greatest JavaScript developer tools that currently exist and why Eric uses them. (from JavaScript Weekly 261)

Linux Performance analysis in 60s
Netflix blog presents tools for doing Linux Performance Analysis in 60,000 Milliseconds. (from Hacker News)


Raspberry Pi Zero: the $5 computer
Raspberry Pi gets even smaller and cheaper with the Zero and provides almost the same processing power as the original. Unfortunately they sold out quickly and didn’t get one yet. (from Hacker News)

Getting started

How to Build a Todo App Using React, Redux, and Immutable.js.
Build a test-driven example “Todo Application” using React. So many new tools to go through. (from JavaScript Weekly 261)

An Introduction to ClojureScript tutorial
ClojureScript is a popular Clojure to JavaScript compiler. (from JavaScript Weekly 261)

Something different

MacBook case you can decorate with Lego bricks.

Weekly notes 2

Weekly notes are here again and I have to say that the week has passed swiftly. With all the pre-christmas parties and switching jobs, I also managed to read some articles. Here are my chosen articles for this week.

Issue #2 // Week 49, 2015


Exploring the Wall Street Journal’s Pulitzer-Winning Medicare Investigation with SQL
Interesting writeup with examples how they used SQL to cover controversial practices in Medicare billing in Wall Street Journal’s Pulitzer-Winning ‘Medicare Unmasked’ data investigation. (from Slashdot)

Segment’s Engineering Team’s Best Practices
There are lots of “Best Practices” you gather while working with things and Segment’s Engineering Team chose a handful of ‘pro tips’ to share that seemed most broadly applicable. They keep their engineering guidelines in Wiki page. Do you? (from Weekend reading)

Broken Performance Tools (pdf)
Good overview to performance tools and how to be cautious using them as they are broken and misleading. Trust nothing, verify everything. Observe, Profile and Visualize Everything. Benchmark Nothing. Do Active Benchmarking. (from IRC)

Tools of the trade

What Are The Best JavaScript IDEs?
Crowdsourced summaries and comparisons of 18 different IDEs and text editors used by JavaScript developers. (from JavaScript Weekly)

1Password for teams
Passwords are everywhere and 1Password for team sharing is said to be better than Meldium, OneLogin or Bitium. It has fantastic UI, works great on mobile, can share logins, WiFi, credit cards, notes and documents. (from Weekend reading)

Zube, task board for Github issues
Zube is a task board for Github issues looks crafty. (from Weekend reading)

To watch

HTTP/2 101: A 25 Minute Introduction to HTTP/2
Good talk by an engineer on the Chrome team about the second major version of the HTTP network protocol which is already supported by most major browsers.

To think about

Seriously, Don’t Use Icon Fonts
I’m not sure what’s my opinion about using icon fonts and by reading the comments the issue isn’t quite clear. SVG browser support is fine so there is no need to use icon fonts anymore as it can harm accessibility. (from Web Design Weekly)

Buffer’s Transparent salaries
Salaries seems to be a thing you don’t talk about but maybe we should. Couple of years ago Buffer shared their transparent salary formula and now they have update it and made a web app to test it. Haven’t seen similar approaches here in Finland although if I remember right Vincit has internally transparent salaries.
(from Web Development Reading List)

Chrome Extensions – AKA Total Absence of Privacy
Using extensions should be done with care as they aren’t always what they look like. Some Chrome extensions are constantly tracking you per default, making it very difficult or impossible for you to opt-out. These extensions will receive your complete browsing history, all your cookies, your secret access-tokens used for authentication (i.e., Facebook Connect) and shared links from sites such as Dropbox and Google Drive. (from Weekend reading)