Monthly notes 23

Autumn approaches with heavy rains and cold weather and it’s good time to sit inside with warm mug of tea and read what has happened in the field of software development. This month’s notes are about cyber security, accessibility, microservices and tools to help your development.

Issue 23, 18.10.2017

Learning new things

Cyber Security Base with F-Secure
Course series by University of Helsinki in collaboration with F‑Secure Cyber Security Academy that focuses on building core knowledge and abilities related to the work of a cyber security professional. Starts on 31st of October, 2017. Learn about tools used to analyse flaws in software systems, necessary knowledge to build secure software systems, the skills needed to perform risk and threat analysis on existing systems and the relevant legislation within EU.

Developing accessibility in mind

Writing CSS with Accessibility in Mind
“An introduction to web accessibility. Tips on how to improve the accessibility of your web sites and apps with CSS.”

How to test NVDA screen reader behaviour on a Mac
Developing accessibility in mind has some extra hoops especially on macOS. Here’s good howto for setting up NVDA screen reader to Windows Virtual Machine.

Frontend

Deploying ES2015+ Code in Production Today
You can deploy ES2015+ code in production today. Every browser that supports <script type=”module”> also supports most of the ES2015+ features. For older browsers use <script nomodule>.

Backend

Testing Microservices — Java & Spring Boot
A comprehensive guide to Microservices testing with Spring Boot. (from Java Weekly 196)

Top 10 Docker logging gotchas every Docker user should know
Docker changed the way applications are deployed, as well as the workflow for log management. In this article, Stefan Thies reveals the top 10 Docker logging gotchas every Docker user should know. tl;dr; Use the default json-file driver which is reliable and things just work.

The Top 10 Jigsaw and Java 9 Misconceptions Debunked
There are a number of myths surrounding Java 9 – so this piece is doing some myth-busting. (from Java Weekly, Issue 195)

Event Messaging for Microservices with Spring Boot and RabbitMQ
In a microservice environment you may come upon the requirement to exchange events between services. This article shows how to implement a messaging solution with Spring Boot and RabbitMQ. (from Java Weekly, Issue 195)

Tools of the trade

Mermaid.js
Ever wanted to simplify documentation and avoid heavy tools like Visio when explaining your code? Mermaid is a simple markdown-like script language for generating charts from text via javascript. Has online editor and plugins for e.g. Atom. Good alternative for Draw.io.

A more connected universe
GitHub can now analyze and show you the project’s dependency graph. And … “Soon, your dependency graph will be able to track when dependencies are associated with public security vulnerabilities” (from Weekend Reading)

Rico’s cheatsheets
This is such a fantastic resource. 340 cheatsheets for a variety of tools, languages, libraries, and frameworks. (from Weekend Reading)

Something different

So all y’all know that UserAgent strings are total bullshit, right?

Monthly notes 22

The weather has turned Autumnal and evenings are getting darker which leaves us more “good” reasons to spend time with our computers and learn. This monthly notes provide guide to impactful performance improvements, tips for optimizing React apps, howto gifs for Chrome DevTools, tips for healthier ways for working and how sticker makes things faster.

Issue 22, 12.9.2017

Frontend

The State of the Web: guide to impactful performance improvements
How can we make the Web better by designing and developing with performance in mind? A look at various ways of making impactful performance improvements. (from WebOps weekly 132)

React is Slow, React is Fast: Optimizing React Apps in Practice
Practical tips for optimizing #ReactJS performance with react_perf and Chrome Devtools’ Timeline.

Increase your web development skill-set: 150 animated tips on Chrome DevTools
Chrome DevTools is powerful web development tool and these 150 gifs will help you grasp features in 30 seconds. Also text descriptions if you want to read more.

Using React with TypeScript (video)
A short practical demo about using React and Typescript. No slides, just code. (from @reactdaily)

Development

What is Clean Code and why should you care?
Clean code is subjective and every developer has a personal take on it. There are some ideas that are considered best practice and what constitutes as clean code within the industry and community, but there is no definitive distinction. And I don’t think there ever will be. “Clean code is code that is easy to understand and easy to change.”

3 Effective Ways to Maintain High Energy Levels at Work for Software Engineers
Good tips for energetic days at the office: “1. Find Solutions for Energy Waste; 2. Take a Real Break; 3. Shift Between Different Tasks.”

Lessons learned about running Microservices
There are many reasons and benefits related to opt for an architecture based on Microservices, but there is no free lunch, at the same time it also brings some difficult and hard aspects to deal with. B2W has used microservices since 2014 and this four parts serie starts with some best practices related about Microservices communication.
(from Microservices Weekly 97)

Backend

Basic API Rate-Limiting
If we want to apply client-specific rate limiting, a standard load balancer might be not enough – especially when there’s no uniform way of identifying clients. The article explains the basics about rate limiting and tells you about some implementations for rate limiters you can use. For example Guava RateLimiter isn’t meant for (web) API rate-limiting and you should use libraries like RateLimitJ or bucket4j project. (from Java Weekly Issue 186)

Guide to Spring Boot REST API error handling
Spring Boot gives very useful error messages to build REST APIs but those same messages are noisy and useless for the API consumer, not to mention they reveal implementation details. Luckily, Bruno Leite is here to explain how there are simple ways of handling this.

Something different

Mysterious Axxios Stickers Allegedly Reduce Vibrations On Bikes
Hmm. “Axxios’ technology can alter the modulus of elasticity for a material by interacting with it through electron fields on an atomic level. Not only that, but the company also claim this is done passively, with no external power source.” It’s known truth that stickers make things go faster ;)

Monthly notes 21

Holiday season is soon over here in Finland and it’s good to be back at work. Summer has been quite busy and sadly I skipped June’s monthly notes. So, time to move forward and keep on track what has happened in software development. This time it’s about monitoring Docker, using webpack, writing functional apps with Spring and Kotlin and comparing Spring app written in Java, Kotlin and Scala.

Issue 21, 2.8.2017

Microservices

Docker Monitoring: 5 Methods for Monitoring Java Applications in Docker
What are some of the most useful methods to monitor Java applications in Docker containers? Making Logs Useful, Performance Monitoring, Error Tracking, Container Metrics, Orchestration.

Moving from a Java Monolith to Microservices at Squarespace (video)
Julian Applebaum describes the challenges of moving to a service-oriented architecture, drawing boundaries between different layers of business logic and discovering fundamental tensions in restructuring application logic. Squarespace’s journey to a series of RESTful API endpoints was a matter of building services and integrating them slowly as they became reliable.

JavaScript

webpack: The Core Concepts
Start with nothing. Leave with boilerplate independence.

Unambiguous Webpack config with Typescript
You can write your Webpack config in Typescript, and it’ll save you a huge amount of pain. (from JavaScript Weekly 340)

A Set of Best Practices for JavaScript Projects
British design studio Hive has collected guidelines for working on JavaScript projects. Although it says for JavaScript projects the practices are applicable to other projects as well as it covers things like Git workflow, documentation and API. (from JavaScript weekly 342)

Static AST checker for a11y rules on JSX elements
Pairing this plugin with an editor lint plugin, you can bake accessibility standards into your application in real-time.

Java and Kotlin

Functional web applications with Spring and Kotlin
How to build reactive and functional web applications with Spring Framework 5, WebFlux and Kotlin. Video available. Sources of the reference project are available at GitHub and there’s also related blog post.

Basic Spring web application in Java, Kotlin and Scala – comparison
If you’ve been wondering how hard would it be to implement a basic Spring Boot app in alternative JVM languages, such as Scala and Kotlin, read this post. (from Java Weekly 185)

Project package organization
Package structure in Java projects is often neglected or applied mindlessly – here we can see a comparison of the two most popular approaches: package-by-layer vs. package-by-feature.
(from Java Weekly 185)

Simple Spring Boot Admin Setup
Spring Boot Admin dashboard setup can be slightly unintuitive – here’s a short overview of how to set it up. The post could use a picture.

Implementing a custom Spring Boot starter for CXF and Swagger
(from Java Weekly, Issue 184)

Something different

Monthly notes 18

Summer is finally approaching although the weather is still chilly here in Finland especially if you’ve spent your winter holiday in lovely Italy. Have to say that for mountain bikers Finale Ligure is a nice destination to start your season after long winter. April has also been quite busy with upcoming project deadline but here’s some monthly notes to keep you learning.

Monthly notes, issue 25.4.2017

iOS Development

Developers can finally respond to App Store reviews
Tooks some time to Apple to get this feature to App Store. Developers can now respond to reviews and this article includes just about everything you need to know. (from iOS Dev Weekly 294)

The Details That Matter
Small design changes can make a huge difference in apps’ UX. Nick Babich does a really nice job making design more approachable and explaining the merits of his suggestions. (from iOS Dev Weekly 294)

Save Yourself Some Xcode Time By Mastering These Tips
Every developer has to look for shortcuts. Shortcuts leave you more time to develop, rather than taking the long route (such as the mouse!) for many Xcode tasks. Seasoned Xcoders will know most of these tips, but I bet even they will have forgotten one or two. Learn these now and save yourself more time than you could imagine over your career. (from Indie iOS Focus Weekly 117)

Software development is hard

Tout est Terrible
Loose transcription of a talk Fred Hébert gave at the Web a Quebec conference. Everything is terrible, a spooky scary story of how we can have a simple application that looks reasonable and show a bunch of issues and potential bugs that can hide in it and surprise us in nasty ways. And that it’s hard to really feel safe about any code out there.

Competitive Programmer’s Handbook
Good resource for brushing up programming skills and theory knowledge. Books purpose is to give the reader a thorough introduction to competitive programming. It’s especially intended for students who want to learn algorithms and possibly participate in the International Olympiad in Informatics (IOI) or in the International Collegiate Programming Contest (ICPC).

Frontend development

JavaScript Patterns for 2017 [Video]
A 50 minute roundup of common, JavaScript-specific techniques like using modules, webpack, ES6 syntax, classes, async/await and more. (from JavaScript Weekly 331)

Facebook scraps React as we know it, welcomes successor React Fiber
React.js is dead. Long live React Fiber. Completely rewritten, backward compatible with minor breaking changes.

Why It’s So Important To Focus On The Bottom Nav Bar
Making our app easy to use can be anything but easy. One way to make it easier on yourself is by focusing as much navigation as you can on the bottom half of the screen. This post shows just how important it is along with some great tips and visual examples. (from Indie iOS Focus Weekly 117)

Tools

Webhook
Webhook is a lightweight configurable tool written in Go, that allows you to easily create HTTP endpoints (hooks) on your server, which you can use to execute configured commands. Hacker News comments. (from Hacker Newsletter 348)

Tips for monitoring Redis
Ways to get more info from Redis, such as on latency and slow commands. (from DB Weekly 151)

Simple Icons
Dan Leech built a great set of very simple SVG icons of popular brands. It’s available under a Creative Commons Zero license. (from WDRL 179)

How to install and use Headless Chrome on OSX
Google Chrome can now be run in headless mode, replacing PhantomJS or SlimerJS. Jim Cummins explains how to set it up on Mac OS. For Windows and Linux it should be similar using bash and a few adaptions to the local commands. (from WDRL 179)

Something different

4 Late-Night Protein Treats To Pair With Milk
I don’t know why these are called late-night treats but they look delicious. And done with protein powder and more “healthy” choices than normally.

Spruijt’s Ultimate Dilberts IT Collection
Who doesn’t like the entertaining, funny and always accurate Dilbert cartoons? This Ultimate Dilberts collection curates a selection of strips to watch for fun on a Friday afternoon or use occasionally in meetings and presentation.

Monthly Notes 17

Successful Software development is about good practices, agile methods and also ethics, interpersonal and leadership skills as the Fowler’s story from Über shows us. You can’t achieve great things without well working team, also on personal level. And what comes to actual development it’s good to remember that you shouldn’t over-engineer. On the other news, Spring is finally coming to Finland and the cycling season has started.

Montly notes, issue 29.3.2017

Software development

10 Modern software engineering mistakes
“Many articles say don’t over-engineer but don’t say why or how. Here are 10 clear examples.”. tl;dr; Prefer isolating actions than combining., Duplication is better than the wrong abstraction. Always take a step back and look at the macro picture. Reuse. Fork. Contribute. Reconsider. Refactoring is part of each and every story. No code is untouchable.

Why Software Development Time Estimation Doesn’t Work and Alternative Approaches
Alex Castrounis shares why estimating software development tasks by time and time tracking don’t work and how you can still get pretty accurate estimations to calculate the progress and a deadline for a project.

Lean Inception
How to work out what should be in MVP and start Agile project as quickly as possible?

Reflecting On One Very, Very Strange Year At Uber
Depressing story of Uber’s toxic organization culture and how not to handle issues. Also corporation process of reviews/transfers is awful.

Software Developer Interview: Your part.
If you’re looking for new challenges in software development career and go to a job interview you should carefully and thoroughly find out if the company is the right for you. Good list of interesting and important questions will help you on your way.

What .NET Developers ought to know to start in 2017
Have to remember to read this when I start using dotNet.

Front-end has always new frameworks

Vue.js 2.0 has gained popularity among React and Angular and it looks good alternative for front-end development. Vue.js in less than 30 minutes for beginners and Vue.js 2.0 In 60 Minutes will show you what’s it about and get you started.

Tools

GraphQL Part 1 and Part 2
Loren Sands-Ramshaw wrote a two-step guide on GraphQL, a relatively new query language that has better performance and is easier to handle as REST. (from Web Development reading list 175

EICAR Standard Anti-Virus Test File
You can use EICAR standard anti-virus test file for testing what happens when virus is found. It’s just text.

Pipeline as code with a Spring Boot application
I just recently clicked through Jenkins UI to setup pipelines. Boring. Next time I’ll try to define it with ‘pipeline as code’ concept.

User interface

Toggle button
Sometimes a user interface requires a clear “On”/”Off” switch. It’s usually a great idea when you want to show optional settings but indicate more as a checkbox does by default and in a simpler way as two radio options could provide it. Heydon Pickering now shares the technical approach to building semantic, accessible and easy-to-use toggle buttons. (from Web Development reading list 175

Something different

How to ride long Poles. The bike.
Good tips of how to ride mountain bike. Stand tall and keep your head up; Turn your body towards the direction you want your bike to go; Counter steer before the corner; Push the bike with your legs in turns; Bend knees.

Monthly notes 13

Looks like it’s again the end of another month and it’s time for weekly notes, now with the title of “Monthly notes” as it suits better for my writing activity :) This time it’s about resources of JavaOne 2016, stories from the field of outsourcing and SSL gone wrong, Type Systems for JavaScript, pushing React.js app to production, learning Docker antipatterns and how to track your time.

Monthly notes, issue 13, 28.11.2016

Java

JavaOne 2016 Observations by Proxy
Good collection of resources if you didn’t attend to JavaOne 2016 but like to stay on top what’s happening in the world of Java.

Securing JAX-RS Endpoints with JWT
JWT is becoming the de facto standard in web security yesterday. And JJWT is certainly a good way to go for an implementation as Baeldung shows. (from
from Java Web Weekly, Issue 146)

Frontend

Flow vs TypeScript: Type Systems for JavaScript
“Flowtype vs. TypeScript Type Systems for JavaScript – from the perspective of a practitioner” is good overview to what and why.

CSS classes don’t work the way you think they work
CSS classes apply in the order in which they are defined, not the order in which they are invoked. This is not intuitive. It hits you when common components have default styling, and you want to override it in a specific instance.

Generating Documentation for TypeScript Projects
“Documentation for JavaScript projects has traditionally been generated via annotations inserted as code comments. While this gets the job done, it seems far from ideal. The post explores how to use TypeScript to generate documentation from source code alone.”

How to push a ReactJS application in production and sleep better – React.js Day 2016
“‘Everything fails all the time’. In this session we are gonna explore testing and monitoring techniques to deliver and maintain a ReactJS + Redux application, and at the same time being able to go back to sleep without the fear that everything is gonna explode during the night.”

Stories from the field

Offshoring roulette
Troy Hunt tells lessons of outsourcing to India, China and the Philippines. “If you’re looking at hourly rate as metric for outsourcing success, you’re doing it very, very wrong!” The essence of software development.

Docker Container Anti Patterns
After reading about Docker in production being a failure, it’s good to revise how it should be used.

Be Afraid Of HTTP Public Key Pinning (HPKP) and
How To Issue A New SSL Certificate With An Old SSL Key
Good lessons learned of Smashing Magazine’s renewing of an expiring SSL certificate and problems with HTTP Public Key Pinning. (from WDRL 156)

Tools of the trade

Netfox
Netfox exposes details of all network requests so you can investigate problems without additional configuration. Somewhat similar but simpler than Charles for debugging network requests (from iOS Dev Weekly Issue 226)

Tracking your time with Toggl
I finally started using Toggl, to track my time at work. Best decision ever. If I just remember to track and switch tasks :)

Git: diffing binary files
Git ProTip: Adjust your .gitattributes to make `git diff` more useful for images and other binary formats! (from @DasSurma)

Learning

Google Interview University
A complete daily plan for studying to become a Google software engineer. (from @Autiomaa)

Something different

My strategy for increased privacy
You pay for many services with your data and although you would pay with money instead, you can’t. Honkonen wants to introduce a third option. To keep privacy, but to use the awesome services available, so he’s devised a strategy for increased privacy. Something to think about.

The Unsatisfying Challenge
“Everyday life can be annoying, but now you can share your pain in this challenge”