This time in monthly notes we cover design trends for interfaces, Apple steps up to iOS user interface templates game, learn Flexbox and Redux, something about microservices with Docker and see what GitHub has learned about CSP.
Building Efficient Dockerfiles – Node.js
Old but good to know. Many Dockerfiles are written inefficiently, especially if you’re using npm. You should use caching to improve the performance of your Docker container. tl;dr; add package.json to tmp before running npm install in there. (from WDRL 166)
Thinking in Redux (when all you’ve known is MVC)
Good explanation of Redux with React although the article uses it with React Native. Redux is quite simple in concept but you’ve to think differently how things work. Another option to Redux would be to use Mobx.
Finnish mountain biking expertise was awarded a couple of Design and Innovation Awards this year: Pole Evolink 140 and Huck Norris. The super long and slack Pole Evolink 140 bike throws up questions about geometry standards. And although not a new innovation with protecting your rims and tyres, the Huck Norris anti-pinch-flat insert is a plastic foam ring effectively protects your rims from dents and reduces the risk of burping. You can ride tubeless with an even lower tire pressure or even a lighter carcass, plus glean more grip.
A year has again come to its end and it’s time to look back what I’ve managed to write about and do some planning for the new year of 2017. In 2016 my writing schedule was as leisurely as usual and I managed to put together of 20 articles which nine of them are about weekly notes. On average I managed to keep my pace of at least one post per month. Yay but it should be better. Things have gone quite well, I’ve learned new things and got things done :)
One way of learning new things is to hear how others do things and get do ideas how to make things better. I’ve found that attending meetups and conferences are nice way to both freshen your thinking and get to know people working in the same field.
More interesting meetup in DevOps field was DevOps Finland Meetup goes Mobile where we heard how continuous delivery works for mobile applications at Zalando, learned mobile testing with Appium and what’s Qvik’s efficient mobile development cycle.
At work I’m developing web applications mainly with React and Java but looking for better tools is always good. Modern Java is nice but using Kotlin is better although I didn’t get the opportunity to push it into production. Kotlin felt nice and somewhat similar to Swift.
Doing microservices has last year gained more momentum and one good way to keep your docker containers small is to build them with Alpine Linux. Using minimal base image for you container is efficient both on size and having smaller footprint thus making the attack surface smaller. Alpine doesn’t use glibc but musl libc which may limit it use cases but e.g. Java and Node.js applications are running fine on top of it.
In software field I deployed Piwik web analytics as we couldn’t use Google Analytics. Piwik seems to be nice and open source alternative for analytics and has this far worked nicely.
HTTPS has become more affordable and even free with Let’s Encrypt SSL certificates. Setting up Lets Encrypt is relatively easy but using them needs also some automation with simple scripts.
As much as I love software development I like mountain biking and last year some interesting technology was presented to protect your tires and rims: Huck Norris and Procore. Whereas Huck Norris is lightweight solution to puncture prevention Procore provides better protection and they both have their use cases.
I’ve used Irssi for communicating with friends in IRC but I also tried to switch to using Weechat. Didn’t quite make the cut and nowadays IRC has almost lost to Telegram and Slack.
New year, interesting things ahead
What the year 2017 brings can’t be predicted but at least my personal goals will be learning React Native and doing some development also for Android. Mountain biking will have a big part in the Summer when the Enduro racing season starts and there’s couple of trips already planned.
Before opening the Christmas presents it’s time to check what’s in the monthly notes in December. This year there’s not much extra holidays so use them wisely :) Merry Christmas!
Issue 14, 23.12.2016
Angular 2 is terrible
5 Tips To Improve Your JS with ES6 – Crater Conf Talk
Building Microservices application on AWS
Good article summarizing the common characteristics of Microservices, the main challenges of building Microservices, and how to leverage AWS to overcome those challenges.
SQL Injection Cheat Sheet
A detailed resource to find technical information about the many different variants of SQL injection vulnerabilities. A good reference for both seasoned penetration testers and those just getting started in web app security. (from DB Weekly 135)
Did you know that after the first atomic bombs in the 1940s and 1950s the background radiation levels increased across the world and thus modern steel is contaminated with radionuclides because its production used atmospheric air. Low background steel is so called because it does not suffer from such nuclear contamination. This steel is used in devices that require the highest sensitivity for detecting radionuclides.
CSS classes don’t work the way you think they work
CSS classes apply in the order in which they are defined, not the order in which they are invoked. This is not intuitive. It hits you when common components have default styling, and you want to override it in a specific instance.
Generating Documentation for TypeScript Projects
Troy Hunt tells lessons of outsourcing to India, China and the Philippines. “If you’re looking at hourly rate as metric for outsourcing success, you’re doing it very, very wrong!” The essence of software development.
Netfox exposes details of all network requests so you can investigate problems without additional configuration. Somewhat similar but simpler than Charles for debugging network requests (from iOS Dev Weekly Issue 226)
Tracking your time with Toggl
I finally started using Toggl, to track my time at work. Best decision ever. If I just remember to track and switch tasks :)
My strategy for increased privacy
You pay for many services with your data and although you would pay with money instead, you can’t. Honkonen wants to introduce a third option. To keep privacy, but to use the awesome services available, so he’s devised a strategy for increased privacy. Something to think about.
Late Autumn and rain has arrived to Finland and now we have good reason to stay at home and read about new ideas and what happens in technology.
Weekly notes, issue 12, 30.10.2016
Learning new things
Cyber Security Base with F‑Secure
Free and open course to learn about tools used to analyse flaws in software systems, necessary knowledge to build secure software systems, the skills needed to perform risk and threat analysis on existing systems and the relevant legislation within EU. It’s a course series by University of Helsinki in collaboration with F‑Secure Cyber Security Academy that focuses on building core knowledge and abilities related to the work of a cyber security professional.
Google Style Guides
Thinking about how to format your code? Luckily Google Style Guides has solved it for you. And with explanations like for Java.
Free programming books by O’Reilly
O’Reilly is known for their programming books and they’ve compiled the latest insights of what’s happening in the world of software engineering, architecture, and open source. Lot’s of topics regarding microservices from different aspects.
Open Guides: Amazon Web Services
“AWS’s own documentation is a great but sprawling resource few have time to read fully, and it doesn’t include anything but official facts, so omits experiences of engineers.” Open Guides: AWS is by and for engineers who use AWS. It aims to be a useful, living reference that consolidates links, tips, gotchas, and best practices. It arose from discussion and editing over beers by several engineers who have used AWS extensively.
Total Nightmare: USB-C and Thunderbolt 3
“Simple-looking port hides a world of complexity, and the (thankful) backward-compatibility uses different kinds of cables for different tasks. Shoppers have to be very careful to buy exactly the right cable for their devices!”
Development and operations, DevOps, is in my opinion essential for getting things done with timely manner and it’s always good to hear how others are doing it by attending meetups. This time DevOps Finland went Mobile and we heard nice presentations about continuous delivery for mobile applications, mobile testing with Appium and the Robot Framework and efficient mobile development cycle. Compared to developing Web applications mobile brings some extra hurdles to jump but nothing that’s not solvable. Here are my short notes about the meetup.
The meetup was hosted by Zalando Technology at their new office here in Helsinki. Zalando is known to many as that online store that sells shoes, clothing and other fashion items but things don’t sell themselves and behind the scenes they have lots of technologies to keep things running. For the record I think they said that the meetup had 65 attendees of the 100.
They didn’t arrive to the final setup straightforward and it was iterative approach with how Git is used, code merged and releases done. Using Fastlane for all tedious tasks, like generating screenshots, dealing with code signing, and releasing your application made automating things easier. Interesting note was that their build server slaves are ansible managed Mac Minis on Rami’s desk. They had solved the problems nicely but testing is still difficult.
DevOps and rollbacks don’t work together, you roll forward.
Mobile testing with Appium and the Robot Framework
Mobile testing can be done with different tools and one option is to use Robot Framework just like for Web applications. Elmeri Poikolainen from Eficode demoed how to use Appium and run Robot Framework tests on real device. It has some limitations and I think with native applications it could be better to use native test tools like what Xcode has to offer.
This time weekly notes provides pointers to last weeks JavaOne, teaches you to design better forms, tells about 171 words every programmer should understand and how to learn something about psychology which might help to understand yourself and maybe also users. And last but not least the documentary of last year’s Transcontinental 2015 tells a story of awesome cyclist who ride across Europe to Istanbul.
Weekly notes, issue 11, 27.9.2016
JavaOne 2016: 85 recorded sessions
JavaOne was held las week and if you couldn’t attend it, like me, then you should have a look at the JavaOne 2016 Youtube playlist with 85 recorded sessions.
You need to be this tall to use [micro] services
Good hacker news comment on Microservices. “Thing is – these are all generally good engineering practices. But with monoliths, you can get away without having to do them. But with microservices, your average engineering standards have to be really high. Its not enough if you have good developers. You need great engineers.” (from @jaykreps)
Emoji from iOS beta 4
What does that emoji mean? Here’s a list of emoji as JSON, extracted from iOS 10 beta 4.
Keeping up with development
The 10 Best iOS Development Blogs
A list of the the ten best iOS development blogs in no particular order. If you’ve ventured to iOS development then most of these are propably familiar, like raywenderlich.com with great tutorials.
Developer Experience Matters
“Developer Experience is one of the biggest key factors for developers to decide if they use certain technologies to use. Developer Experience (DX) is a type of User Experience (UX)!” (from @girlie_mac)
Curated list of online Psychology courses
It’s good to understand what drives and affects us and one way to do that is to learn something about Psychology. This curated list of online courses covers topics like Introduction to Psychology, Introduction To Social Psychology, The Psychology Of Persuasion, Psychology of Popularity, Positive Psychology, Logical and Critical Thinking, The Science of Stress Management and Introduction to Consumer Behavior. (from Userfocus Newsletter September 2016)
Transcontinental 2015: Race to Istanbul
The Transcontinental is a race like no other. On the 24th of July 2015, 172 riders arrived in Garaardsbergen, Belgium and raced to Istanbul, Turkey. Much like the early days of bicycle racing cyclist ride with no team cars or soigneurs to look after them. It is each for their own taking on Europe’s toughest terrain. The documentary follows the highs and lows of the race from the view of the Race Directors.
Technology is everywhere and even in as simple sport as cycling as its core is full of technology from wireless shifting systems to smart suspension systems and electronic motors. I’ve been riding enduro mountain biking and with going downhill in rocky trails it’s good to have some protection for your tires and rims. Puncture prevention systems like Schwalbe Procore and Deaneasy Tube+ helps you to avoid Snake Bites and protect your rim from dents with two air chambers but you can also do it simpler with foamlike solution such as Huck Norris.
The challenger: Huck Norris
“With Huck Norris the rocks gets the punctures when you ride!” – Huck Norris
Huck Norris is a relatively simple technique inside your tubeless tire to protect from Snake Bites and dents to the rim. It looks like it’s made from normal foam sleeping pad but the material (chemically crosslinked polyethylene) is specially developed for MTB use with actual scientists. It has “three times the impact energy damping than anything commercially available”. The installation is as easy as it looks, you just put it inside your tubeless tire and there’s no need for modifications or glue. Huck Norris also makes it easier to mount the tubeless tire without compressor as it gives the tire a shape which helps the bead to set.
There’s not much more to said about Huck Norris. Just set it up, inflate the tire and you’re done. It weights 70g on 27.5″ size and 77g on 29″ size, is suitable for 21-30 mm internal rim width and you can use it with alloy or carbon rims. Also Plus size and Fatbike versions are coming soon. Huck Norris is made in Finland and you can get it from Vuoripyörä’s webshop for 50 euros for a pair packaged with a mud guard. For more information check out their webpage or Facebook.
Riding with Huck Norris
Huck Norris was just recently released for general availability and I’ve used it for about month. As you could figure, it makes the tire a bit more stiff than without but the extra protection and especially the possibility to race on mountain bike enduro style tracks with the air pressures you want makes it great. No need to over inflate.
But as usual, even Huck Norris can’t protect your rims when the going gets tough although it still might save your race like it did mine on Santa Cruz Enduro Series race at Levi. The special stages were fast with hidden rocks and hits were unavoidable. As you can see from the picture I dented my rim but Huck Norris absorbed the impact so that the rear tire was saved from flat and I got to finish the race. I think I broke it on stage 5 and still drove the 7 stages left. For the curious I had Maxxis Minion DHR II 29×2,3 (3C MAXX TERRA) with about 1,5 bar air pressure on Roval Fattie 29 rim with 29 mm inner width.
The dual-champer system: Schwalbe Procore
After the Enduro MTB race at Levi where I had broken my 29″ rear wheel I had to switch to my 650b+ wheels for the next race. Not what I would’ve wanted as I don’t like racing with 2,8″ tires. As the Huck Norris is not yet available for Plus sized tires I had to get something to protect the rear rim from the rocks at Santa Cruz Enduro Series race on Tahko. Luckily my local bike shop had Schwalbe Procore system and sold me one separately. A bit more weight to the rear but also less punctures.
Schwalbe Procore is a dual-chamber system, tire-within-a-tire anti-pinch-flat system. It consists of a small-diameter tube and tire that is inserted inside of a conventional tubeless tire and pressurized to over 80 psi. The insert acts as a secondary impact cushion that allows you to ride with lower, or at least the optimal, tire pressures without being concerned with pinch flatting and protects the rim. It also helps to prevent the tire from ‘burping,’ which is when the tire bead is pushed inboard of the edge of the rim and allows air to escape from a tubeless tire.
Procore is available for 26″, 27.5″ or 29″ rims with minimum of 23mm internal rim width and for minimum of 2,2″ tire. Compared to Huck Norris the weight is considerably more, 220 grams per wheel and it also adds it to the place you don’t want it: to the wheel, increasing rolling mass. Procore system (one pair) costs about 200 euros.
Schwalbe’s Procore kit consists of a pair of tubes and inner tires, a roll of high-pressure rim tape, tubeless sealant, air sleeves, tire installation lubricant, dedicated tire levers, and decals to outfit two wheelsets. I used my existing rim tape as kit’s rim tape (for 25 mm) was useless for my 29 mm rims.
Although the Procore looks complicated and I had heard rumors of installing it, in practice it was fairly easy as the installation instruction show. Pinkbike’s review of Schwalbe’s Procore has also good explanation of the installation but the review otherwise is somewhat a mess. The only hassles I had was with keeping the tire sealant inside while getting the bead to set as I was too lazy to empty it. And one thing I forgot to put in place was the small clear patch over the valve hole as an additional seal but it worked anyways. I was in a bit hurry to install the Procore so I don’t have any pictures of it. Why test your new equipment beforehand when you can test it at the race.
Riding with Procore
I have only rode with Procore couple of days, practice and race at Tahko enduro MTB event and some local trails and it does what it promises. Although Tahko race had serious rock gardens my plus sized tire and rim survived without flats or dents whereas other riders had problems. Or maybe I just drove too slow (finished 32th) as I wasn’t exactly comfortable with 2,8″ Nobby Nic tires with 1,2 bar pressure on slippery rocks and grass. Without Procore I would’ve inflated it to at least 1,5 bar. Anyways the extra protection was welcome and money saver.
Procore seems to be good system as it doesn’t affect the tire behavior and adds protection but they say in the Internet that the high-pressure inner tube adds strain to the rim, loosens spokes’ tension and there has been a notable number of documented issues with carbon rims. With aluminum rims the issue not so clear and very few aluminium or carbon rim manufacturers have officially approved it but they haven’t recommended against it either. As I didn’t have a spoke tension meter when I installed Procore I can’t say whether or not the Internet is right. Time will tell.
Huck Norris or Procore: use both
Schwalbe’s Procore, in my opinion, is a good solution for protecting your tires and rims while allowing you to ride with lower tire pressures. Compared to much simpler Huck Norris, the more technical dual-chamber systems adds extra protection when needed but also additional weight which isn’t an issue when going downhill but makes a big difference when it comes to accelerating, and for long days on the pedals. But I would think twice before using Procore with carbon rims whereas Huck Norris is suitable for any rim.
When I get my 29″ wheels running again I will put Procore to the rear and Huck Norris in the front. Best of both worlds.
Atlassian’s web applications are great tools for software development and they are relatively easy to setup because they come with Jetty servlet container and HQSQL database. You only have to install Java. Some of the applications can be also run like any normal deployable WAR-packaged web application for example with Apache Tomcat which gives you more control and administration options. But unfortunately code review tool Crucible isn’t one of those applications and maybe will never be.
Proxying connections to Crucible
By default Crucible runs in port 8060 which isn’t nicely looking for users. It’s way better to use ports 80 or 443 which are normal HTTP and HTTPS ports and are omitted from browser’s address bar. Of course you can configure that in the Administration screens, or by editing Crucible’s config.xml and restarting Crucible but if you run Crucible as a non root or also have other software running on the same server that isn’t an option.
One solution is to use Apache HTTP server to proxy connections from port 443 to Crucible’s listening port. I did it for Crucible and FishEye on CentOS x86_64 but things are mostly the same also on other Linuxes. I also disabled the HTTP port and used just the SSL enabled HTTPS with self generated certificates.
First we setup Apache for proxying connections to Crucible and then we generate some SSL certificates for HTTPS. If you haven’t Apache installed you can do it with yum like: yum install httpd.x86_64 mod_ssl openssl
1. Set HTTPS proxying in /etc/httpd/conf.d/ssl.conf
ProxyPassReverse /crucible ajp://127.0.0.1:8060/crucible
proxyPass /crucible ajp://127.0.0.1:8060/crucible
Summer has been relative nice this far even here in Finland and my short holiday is just couple of days away. But before that it’s time to check this years Java tools and technologies landscape report, get some useful plugins for Atom, start developing a React application with no configuration and read about the benefits of Serverless architecture. And while traveling it’s good to listen to podcasts for developers.
Weekly notes, issue 25.7.2016
Create Apps with No Configuration
Developing a React app has lots of things to setup so using Create React App, officially supported way to create single-page React application, as a boilerplate generator is good choice. And with single command, and all the build dependencies, configs, and scripts are moved right into your project so you’re not lock-in.
Java Tools and Technologies Landscape Report 2016
ZeroTurnaround has just released its Java Tools and Technologies Landscape Report 2016, which analyzes the data about the tools and technologies Java developers use. Good to note that the survey received just over 2000 responses.
When hacking up Bash scripts, there are often things such as logging or command-line argument parsing that: You need every time, Come with a number of pitfalls you want to avoid, Keep you from your actual work. Here’s an attempt to bundle those things in a generalized way so that they are reusable as-is in most scripts.
Cheating at Pokemon Go with a Hackrf and GPS spoofing
Pokemon Go has taken the world with enthusiasm and it requires you to walk around and explore the city for Pokestops, Gyms and hatching eggs. But why do that if you can cheat? Since the game is GPS based with little tinkering you can spoof your GPS location using a HackRF software defined radio and simulate walking around.