Dockerizing all the things: Running Ansible inside Docker container

Automating things in software development is more than useful and using Ansible is one way to automate software provisioning, configuration management, and application deployment. Normally you would install Ansible to your control node just like any other application but an alternate strategy is to deploy Ansible inside a standalone Docker image. But why would you do that? This approach has benefits to i.a. operational processes.

Although Ansible does not require installation of any agents within managed nodes, the environment where Ansible is installed is not so simple to setup. In control node it requires specific Python libraries and their system dependencies. So instead of using package manager to install Ansible and it’s dependencies we just pull a Docker image.

By creating an Ansible Docker image you get the Ansible version you want and isolate all of the required dependencies from the host machine which potentially might break things in other areas. And to keep things small and clean your image uses Alpine Linux.

The Dockerfile is:

FROM alpine:3.6
 
ENV ANSIBLE_VERSION 2.3.0.0
 
ENV BUILD_PACKAGES \
  bash \
  curl \
  tar \
  openssh-client \
  git \
  python \
  py-boto \
  py-dateutil \
  py-httplib2 \
  py-jinja2 \
  py-paramiko \
  py-pip \
  py-setuptools \
  py-yaml \
  ca-certificates
 
RUN apk --update add --virtual build-dependencies \
  gcc \
  musl-dev \
  libffi-dev \
  openssl-dev \
  python-dev
 
RUN set -x && \
  apk update && apk upgrade && \
  apk add --no-cache ${BUILD_PACKAGES} && \
  pip install --upgrade pip && \
  pip install python-keyczar docker-py && \
  apk del build-dependencies && \
  rm -rf /var/cache/apk/*
 
RUN mkdir -p /etc/ansible/ /ansible
 
RUN echo "[local]" >> /etc/ansible/hosts && \
  echo "localhost" >> /etc/ansible/hosts
 
RUN curl -fsSL https://releases.ansible.com/ansible/ansible-${ANSIBLE_VERSION}.tar.gz -o ansible.tar.gz && \
  tar -xzf ansible.tar.gz -C /ansible --strip-components 1 && \
  rm -fr ansible.tar.gz /ansible/docs /ansible/examples /ansible/packaging
 
ENV ANSIBLE_GATHERING smart
ENV ANSIBLE_HOST_KEY_CHECKING false
ENV ANSIBLE_RETRY_FILES_ENABLED false
ENV ANSIBLE_ROLES_PATH /ansible/playbooks/roles
ENV ANSIBLE_SSH_PIPELINING True
ENV PYTHONPATH /ansible/lib
ENV PATH /ansible/bin:$PATH
ENV ANSIBLE_LIBRARY /ansible/library
 
WORKDIR /ansible/playbooks
 
ENTRYPOINT ["ansible-playbook"]

The Dockerfile declares an entrypoint enabling the running container to function as a self-contained executable, working as a proxy to the ansible-playbook command.

Build the image as:

docker build -t walokra/ansible-playbook .

The command for running ansible-playbook from inside the container, e.g.:

docker run --rm -it -v $(pwd):/ansible/playbooks \
    walokra/ansible-playbook site.yml

If Ansible is interacting with external machines, you’ll need to mount an SSH key pair for the duration of the play:

docker run --rm -it \
    -v ~/.ssh/id_rsa:/root/.ssh/id_rsa \
    -v ~/.ssh/id_rsa.pub:/root/.ssh/id_rsa.pub \
    -v $(pwd):/ansible/playbooks \
    walokra/ansible-playbook site.yml

To make things easier you can use shell script named ansible_helper that wraps a Docker image containing Ansible:

#!/usr/bin/env bash
docker run --rm -it \
  -v ~/.ssh/id_rsa:/root/.ssh/id_rsa \
  -v ~/.ssh/id_rsa.pub:/root/.ssh/id_rsa.pub \
  -v $(pwd):/ansible_playbooks \
  -v /var/log/ansible/ansible.log \
  walokra/ansible-playbook "$@"

Point the above script to any inventory file so that you can execute any Ansible command on any host, e.g.

./ansible_helper play playbooks/deploy.yml -i inventory/dev -e 'some_var=some_value'

Now we have dockerized Ansible, isolated it’s dependencies and are not restricted to some old version which we get from Linux distribution’s package manager. Crafty, isn’t it? Check the docker-ansible-playbook repository for more information and examples with Ansible Vault.

This blog post and Dockerfile borrows from Misiowiec’s post Running Ansible Inside Docker and his earlier work. If you want to test playbooks it’s work checking out his ansible_playbook repository. Since then Alpine Linux has evolved and things could be cleaned a bit more like getting Ansible directly from testing repository.

Monthly notes 23

Autumn approaches with heavy rains and cold weather and it’s good time to sit inside with warm mug of tea and read what has happened in the field of software development. This month’s notes are about cyber security, accessibility, microservices and tools to help your development.

Issue 23, 18.10.2017

Learning new things

Cyber Security Base with F-Secure
Course series by University of Helsinki in collaboration with F‑Secure Cyber Security Academy that focuses on building core knowledge and abilities related to the work of a cyber security professional. Starts on 31st of October, 2017. Learn about tools used to analyse flaws in software systems, necessary knowledge to build secure software systems, the skills needed to perform risk and threat analysis on existing systems and the relevant legislation within EU.

Developing accessibility in mind

Writing CSS with Accessibility in Mind
“An introduction to web accessibility. Tips on how to improve the accessibility of your web sites and apps with CSS.”

How to test NVDA screen reader behaviour on a Mac
Developing accessibility in mind has some extra hoops especially on macOS. Here’s good howto for setting up NVDA screen reader to Windows Virtual Machine.

Frontend

Deploying ES2015+ Code in Production Today
You can deploy ES2015+ code in production today. Every browser that supports <script type=”module”> also supports most of the ES2015+ features. For older browsers use <script nomodule>.

Backend

Testing Microservices — Java & Spring Boot
A comprehensive guide to Microservices testing with Spring Boot. (from Java Weekly 196)

Top 10 Docker logging gotchas every Docker user should know
Docker changed the way applications are deployed, as well as the workflow for log management. In this article, Stefan Thies reveals the top 10 Docker logging gotchas every Docker user should know. tl;dr; Use the default json-file driver which is reliable and things just work.

The Top 10 Jigsaw and Java 9 Misconceptions Debunked
There are a number of myths surrounding Java 9 – so this piece is doing some myth-busting. (from Java Weekly, Issue 195)

Event Messaging for Microservices with Spring Boot and RabbitMQ
In a microservice environment you may come upon the requirement to exchange events between services. This article shows how to implement a messaging solution with Spring Boot and RabbitMQ. (from Java Weekly, Issue 195)

Tools of the trade

Mermaid.js
Ever wanted to simplify documentation and avoid heavy tools like Visio when explaining your code? Mermaid is a simple markdown-like script language for generating charts from text via javascript. Has online editor and plugins for e.g. Atom. Good alternative for Draw.io.

A more connected universe
GitHub can now analyze and show you the project’s dependency graph. And … “Soon, your dependency graph will be able to track when dependencies are associated with public security vulnerabilities” (from Weekend Reading)

Rico’s cheatsheets
This is such a fantastic resource. 340 cheatsheets for a variety of tools, languages, libraries, and frameworks. (from Weekend Reading)

Something different

So all y’all know that UserAgent strings are total bullshit, right?

Monthly notes 22

The weather has turned Autumnal and evenings are getting darker which leaves us more “good” reasons to spend time with our computers and learn. This monthly notes provide guide to impactful performance improvements, tips for optimizing React apps, howto gifs for Chrome DevTools, tips for healthier ways for working and how sticker makes things faster.

Issue 22, 12.9.2017

Frontend

The State of the Web: guide to impactful performance improvements
How can we make the Web better by designing and developing with performance in mind? A look at various ways of making impactful performance improvements. (from WebOps weekly 132)

React is Slow, React is Fast: Optimizing React Apps in Practice
Practical tips for optimizing #ReactJS performance with react_perf and Chrome Devtools’ Timeline.

Increase your web development skill-set: 150 animated tips on Chrome DevTools
Chrome DevTools is powerful web development tool and these 150 gifs will help you grasp features in 30 seconds. Also text descriptions if you want to read more.

Using React with TypeScript (video)
A short practical demo about using React and Typescript. No slides, just code. (from @reactdaily)

Development

What is Clean Code and why should you care?
Clean code is subjective and every developer has a personal take on it. There are some ideas that are considered best practice and what constitutes as clean code within the industry and community, but there is no definitive distinction. And I don’t think there ever will be. “Clean code is code that is easy to understand and easy to change.”

3 Effective Ways to Maintain High Energy Levels at Work for Software Engineers
Good tips for energetic days at the office: “1. Find Solutions for Energy Waste; 2. Take a Real Break; 3. Shift Between Different Tasks.”

Lessons learned about running Microservices
There are many reasons and benefits related to opt for an architecture based on Microservices, but there is no free lunch, at the same time it also brings some difficult and hard aspects to deal with. B2W has used microservices since 2014 and this four parts serie starts with some best practices related about Microservices communication.
(from Microservices Weekly 97)

Backend

Basic API Rate-Limiting
If we want to apply client-specific rate limiting, a standard load balancer might be not enough – especially when there’s no uniform way of identifying clients. The article explains the basics about rate limiting and tells you about some implementations for rate limiters you can use. For example Guava RateLimiter isn’t meant for (web) API rate-limiting and you should use libraries like RateLimitJ or bucket4j project. (from Java Weekly Issue 186)

Guide to Spring Boot REST API error handling
Spring Boot gives very useful error messages to build REST APIs but those same messages are noisy and useless for the API consumer, not to mention they reveal implementation details. Luckily, Bruno Leite is here to explain how there are simple ways of handling this.

Something different

Mysterious Axxios Stickers Allegedly Reduce Vibrations On Bikes
Hmm. “Axxios’ technology can alter the modulus of elasticity for a material by interacting with it through electron fields on an atomic level. Not only that, but the company also claim this is done passively, with no external power source.” It’s known truth that stickers make things go faster ;)

Monthly notes 21

Holiday season is soon over here in Finland and it’s good to be back at work. Summer has been quite busy and sadly I skipped June’s monthly notes. So, time to move forward and keep on track what has happened in software development. This time it’s about monitoring Docker, using webpack, writing functional apps with Spring and Kotlin and comparing Spring app written in Java, Kotlin and Scala.

Issue 21, 2.8.2017

Microservices

Docker Monitoring: 5 Methods for Monitoring Java Applications in Docker
What are some of the most useful methods to monitor Java applications in Docker containers? Making Logs Useful, Performance Monitoring, Error Tracking, Container Metrics, Orchestration.

Moving from a Java Monolith to Microservices at Squarespace (video)
Julian Applebaum describes the challenges of moving to a service-oriented architecture, drawing boundaries between different layers of business logic and discovering fundamental tensions in restructuring application logic. Squarespace’s journey to a series of RESTful API endpoints was a matter of building services and integrating them slowly as they became reliable.

JavaScript

webpack: The Core Concepts
Start with nothing. Leave with boilerplate independence.

Unambiguous Webpack config with Typescript
You can write your Webpack config in Typescript, and it’ll save you a huge amount of pain. (from JavaScript Weekly 340)

A Set of Best Practices for JavaScript Projects
British design studio Hive has collected guidelines for working on JavaScript projects. Although it says for JavaScript projects the practices are applicable to other projects as well as it covers things like Git workflow, documentation and API. (from JavaScript weekly 342)

Static AST checker for a11y rules on JSX elements
Pairing this plugin with an editor lint plugin, you can bake accessibility standards into your application in real-time.

Java and Kotlin

Functional web applications with Spring and Kotlin
How to build reactive and functional web applications with Spring Framework 5, WebFlux and Kotlin. Video available. Sources of the reference project are available at GitHub and there’s also related blog post.

Basic Spring web application in Java, Kotlin and Scala – comparison
If you’ve been wondering how hard would it be to implement a basic Spring Boot app in alternative JVM languages, such as Scala and Kotlin, read this post. (from Java Weekly 185)

Project package organization
Package structure in Java projects is often neglected or applied mindlessly – here we can see a comparison of the two most popular approaches: package-by-layer vs. package-by-feature.
(from Java Weekly 185)

Simple Spring Boot Admin Setup
Spring Boot Admin dashboard setup can be slightly unintuitive – here’s a short overview of how to set it up. The post could use a picture.

Implementing a custom Spring Boot starter for CXF and Swagger
(from Java Weekly, Issue 184)

Something different

Keeping data secured with iStorage datAshur Personal2 USB flash drive

Knowledge is power and keeping it secured from unauthorised eyes is important, be it inside of a computer, on external hard drive or on USB flash drive. Especially small external devices are easy to lose and can leave your data vulnerable if not encrypted. Fortunately there are solutions like iStorage datAshur Personal2 which is an USB flash drive with combination of hardware encryption, physical keypad and tamper-proofing. I got 8 GB version of Personal2 for testing (for free) and here’s a quick review how the device works.

datAshur Personal2 secures data with hardware encryption and on-board keypad

iStorage datAshur Personal2 is an USB 3.0 flash drive designed to keep your data protected from unauthorised access even if it’s lost or stolen. It’s operating system and platform-independent and available up to 64 GB. The beef about the flash drive is that user needs to enter 7-15 digit PIN code onto the rechargeable battery powered on-board keypad before connecting the drive to the USB port and accessing the data. All data transferred to the datAshur Personal2 is encrypted in real-time with built-in XTS-AES 256-bit hardware encryption. The device automatically locks when unplugged from the computer or power to the USB port is turned off and it can be set to lock after a certain amount of time. And what’s good about hardware encryption is that it (in theory) shouldn’t slow the drive down when writing or reading files to or from the drive. The device has protection against brute forcing and it’s aluminium housing is dust- and water- resistant.

Personal2 differs from most flash drives in length, being a little longer to accommodate the keypad. Buttons are quite small so large fingers may have some difficulty finding the right key. Overall build quality looks good although the removable USB plug cover is cumbersome and easily lost. The keypad is powered with rechargeable battery and even if the battery goes dead you can just recharge it from the USB port. The keypad on the iStorage datAshur is critical for security as it means the device works independently from a computer and prevents a keylogger from recording a code entered via keyboard. It also makes it operating system and platform-independent and doesn’t require any specific software or drivers.

The datAshur Personal2 can be configured with two different PINs: user and admin PINs, making it perfect for corporate and government deployment. If the user forgets their PIN, the drive can be unlocked using the Admin PIN which will then clear the old User PIN and allow the User to set a new PIN. It also ensures that the corporate data can be retrieved from the device when an employee leaves the company.

The device also has a reset feature which clears both User and Admin PINs, deletes all data, creates a new randomly generated encryption key and allows the drive to be reused. To prevent brute-force attacks, if both admin and user PINs have been created and incorrect user PIN is entered ten consecutive times, the brute force mechanism will trigger and the user PIN will be deleted. If the admin PIN is entered incorrectly ten consecutive times, then both the user and admin PINs, the encryption key and all data will be deleted and lost forever. The device will revert back to factory default settings and needs to be formatted before it can be reused.

The device comes with quick start guide which tells you how to unlock the drive and how to change the user PIN. I tested the Personal2 with macOS Sierra and getting started with it was easy. The drive worked just like any other normal USB flash drive and after unlocking it was recognised as usual. I didn’t measure the read or write speeds but they seemed fine for that size of a drive. They say that it’s up to 116MB/s read and 43MB/s write which is typical for small USB 3 flash drives. Of course decent performance is required but transfer speeds are not the reason why you buy encrypted USB flash drives.

The datAshur Personal2 isn’t the first or last encrypted USB flash drive with hardware keypad but it seems to work nicely. It costs somewhat more than a normal USB flash drive (8GB is £39, 64GB is £79) but that’s what you pay for keeping sensitive data secured. And what comes to performance, it’s always a compromise between security and speed.

Monthly Notes 20

Midsummer started the holiday season in Finland and things are slowing down. Time to take some break from routines, enjoy the Summer and stroll in the forest. And on rainy days read books and check out what happens in technology. Here’s monthly notes for June and it’s about microservices, designing user experience and React.

Issue 20, 26.6.2017

Microservices

The Dark Side of Microservices
There’s much debate for and against using Docker and microservices and although I don’t fully agree with the writer, the post gives something to think about.

The Hardest Part About Microservices: Your Data
Microservices aren’t as easy as you think. This blog series looks good for explaining it. First understand your data.

Microservices implementation — Netflix stack
There are lot of tools and technologies for implementing Microservices. This article is focusing on doing it with the Netflix stack and SpringBoot. (from The Microservices Weekly)

7 reasons to switch to microservices — and 5 reasons you might not succeed
Using a microservices can improve resilience and expedite your time to market, but breaking apps into fine-grained services offers complications. The article doesn’t provide much surprises but gives something to think about. (from The Microservices Weekly)

User Experience needs thought

Building systems that don’t match your worldview
Developing systems with accessibility in mind makes it possible and pleasant to use for all groups. WCAG is one part of the solution.

Cultural Blind Spots in UX
Designing for international markets is about understanding the nuances, starting with how cultures look at web pages in different ways.

How Human Memory Works: Tips for UX Designers
If design is all about understanding humans, then understanding how our memory works is going to play a vital part. (from iOS dev weekly #306)

React

React Express: Learn React with Interactive Examples
An opinionated, all-in-one guide walking through create-react-app, webpack, Babel, ES2015+, JSX, Redux, CSS-in-JS, and more. (from JavaScript weekly 340)

Techniques for decomposing React components
React components have a lot of power and flexibility but it’s incredibly easy for components to grow over time, become bloated and do too much. Adhering to the single responsibility principle not only makes your components easier to maintain, but also allows for greater reuse. However, identifying how to separate the responsibilities of a large React component is not always easy. Here are three techniques to get you started, from the simplest to most advanced. (from JavaScript weekly 340)

Something different

Notes from OWASP Helsinki chapter meeting #31

What is DevSec, how to use Docker securely, why developers leak credentials? All those questions were answered at OWASP Helsinki chapter meeting #31 which was held 13.6.2017 at Solita premises. Here’s my short notes from the event. I’ll add links to presentations when they’re available.

DevSec – Developers are the key to security

DevSec is a emerging trend to move developers closer to security experts, akin to DevOps. Antti Virtanen from Solita talked about DevSec and how they do it (slides, pdf). As talk’s title tells us developers are the key but often buying one cybersolution is easier (giving out money) than peoples’ time. But if we look at the return of investment, passive defense is more effective.

Value for life?
Challenges in DevSec
Issues with DevSec
Recipe works!

Docker Security

Docker is currently experiencing very high adoption rate and people are deploying on Docker without considering the security landscape. Mika Vatanen from Digia told us about Docker Security (slides, pdf), possible attack vectors, how Docker handles security and what recommendations we should use when using it.

Possible attack vectors
How Docker handle security

Docker image tech recommendations
Docker image: tech recommendations
Docker image: policy recommandations
Docker runtime
Host and engine recommendations
AppArmor and seccomp
Seccomp
Seccomp

Leaking credentials – a security malpractice more common than expected

Bogdan Mihaila from Synopsys talked about Protecode and research of leaked credentials (slides, pdf).

Why credentials are leaked
Keys that got public
Mitigation
Conclusion: raise awareness

Upcoming: DevSecOps “mini-hackathon”

Last topic was introduction to upcoming “mini-hackathon” by Pekka Sillanpää from OWASP Helsinki. They are planning a hands-on event in August for familiarizing and investigating some nice open source tools, including: OWASP Dependency-Check, ZAP Proxy, OWASP DefectDojo, DevSec hardening framework and Clair. See more info from OWASP Helsinki page.

Monthly Notes 19

Summer is finally coming to Finland and it’s nice to spend more time biking in the forests than sitting in the office or reading news but nevertheless here’s this months notes. This time it’s about videos of Chome DevTools, something about Microservices and security and how switching to HTTPS isn’t so easy.

Issue 19, 29.5.2017

Tools of the trade

Chrome DevTools: State of the Union 2017
Filmed at Google I/O, Paul Irish runs through new Chrome DevTools features in 41 minutes. (from FrontEnd Focus #291)

Rethinking Microservices with Stateful Streams
Microservices are one of those polarising concepts that technologists either love or hate. Splitting applications into autonomous units clearly has advantages, but larger service-based systems tend to struggle as the interactions between the services grow. (from Microservice Weekly)

An Essential Guide to the Serverless Ecosystem
A roundup of the key serverless computing platforms, tools and frameworks available. (from DevOps Weekly #117)

Web Developer Security Checklist
Michael O’Brien shares a security checklist for web developers so that you don’t forget anything crucial in your next projects. (from WDRL #183)

Why OWASP Top 10 is no longer relevant
Good points why of OWASP Top 10 only 4 are nowadays somewhat relevant. Explains and points to new attack vectors.

War stories

HTTPS on Stack Overflow: The End of a Long Road
It’s taken years for all of Stack Overflow and its related sites to go full-HTTPS. This post goes into extreme depth on the challenges faced and problems solved along the way. (from DevOps Weekly #117)

Container isolation gone wrong
Thorough story of Microservices isolation and troubleshoot in kernel level. tl;dl; gather metrics and monitor, don’t trust kernel.

Something different

Norppalive
WWF brings you a live cam starring a freshwater seal that lives in Lake Saimaa, Finland. The Saimaa ringed seal, saimaannorppa in Finnish, is one of the rarest seals in the world.

Monthly notes 18

Summer is finally approaching although the weather is still chilly here in Finland especially if you’ve spent your winter holiday in lovely Italy. Have to say that for mountain bikers Finale Ligure is a nice destination to start your season after long winter. April has also been quite busy with upcoming project deadline but here’s some monthly notes to keep you learning.

Monthly notes, issue 25.4.2017

iOS Development

Developers can finally respond to App Store reviews
Tooks some time to Apple to get this feature to App Store. Developers can now respond to reviews and this article includes just about everything you need to know. (from iOS Dev Weekly 294)

The Details That Matter
Small design changes can make a huge difference in apps’ UX. Nick Babich does a really nice job making design more approachable and explaining the merits of his suggestions. (from iOS Dev Weekly 294)

Save Yourself Some Xcode Time By Mastering These Tips
Every developer has to look for shortcuts. Shortcuts leave you more time to develop, rather than taking the long route (such as the mouse!) for many Xcode tasks. Seasoned Xcoders will know most of these tips, but I bet even they will have forgotten one or two. Learn these now and save yourself more time than you could imagine over your career. (from Indie iOS Focus Weekly 117)

Software development is hard

Tout est Terrible
Loose transcription of a talk Fred Hébert gave at the Web a Quebec conference. Everything is terrible, a spooky scary story of how we can have a simple application that looks reasonable and show a bunch of issues and potential bugs that can hide in it and surprise us in nasty ways. And that it’s hard to really feel safe about any code out there.

Competitive Programmer’s Handbook
Good resource for brushing up programming skills and theory knowledge. Books purpose is to give the reader a thorough introduction to competitive programming. It’s especially intended for students who want to learn algorithms and possibly participate in the International Olympiad in Informatics (IOI) or in the International Collegiate Programming Contest (ICPC).

Frontend development

JavaScript Patterns for 2017 [Video]
A 50 minute roundup of common, JavaScript-specific techniques like using modules, webpack, ES6 syntax, classes, async/await and more. (from JavaScript Weekly 331)

Facebook scraps React as we know it, welcomes successor React Fiber
React.js is dead. Long live React Fiber. Completely rewritten, backward compatible with minor breaking changes.

Why It’s So Important To Focus On The Bottom Nav Bar
Making our app easy to use can be anything but easy. One way to make it easier on yourself is by focusing as much navigation as you can on the bottom half of the screen. This post shows just how important it is along with some great tips and visual examples. (from Indie iOS Focus Weekly 117)

Tools

Webhook
Webhook is a lightweight configurable tool written in Go, that allows you to easily create HTTP endpoints (hooks) on your server, which you can use to execute configured commands. Hacker News comments. (from Hacker Newsletter 348)

Tips for monitoring Redis
Ways to get more info from Redis, such as on latency and slow commands. (from DB Weekly 151)

Simple Icons
Dan Leech built a great set of very simple SVG icons of popular brands. It’s available under a Creative Commons Zero license. (from WDRL 179)

How to install and use Headless Chrome on OSX
Google Chrome can now be run in headless mode, replacing PhantomJS or SlimerJS. Jim Cummins explains how to set it up on Mac OS. For Windows and Linux it should be similar using bash and a few adaptions to the local commands. (from WDRL 179)

Something different

4 Late-Night Protein Treats To Pair With Milk
I don’t know why these are called late-night treats but they look delicious. And done with protein powder and more “healthy” choices than normally.

Spruijt’s Ultimate Dilberts IT Collection
Who doesn’t like the entertaining, funny and always accurate Dilbert cartoons? This Ultimate Dilberts collection curates a selection of strips to watch for fun on a Friday afternoon or use occasionally in meetings and presentation.

Monthly Notes 17

Successful Software development is about good practices, agile methods and also ethics, interpersonal and leadership skills as the Fowler’s story from Über shows us. You can’t achieve great things without well working team, also on personal level. And what comes to actual development it’s good to remember that you shouldn’t over-engineer. On the other news, Spring is finally coming to Finland and the cycling season has started.

Montly notes, issue 29.3.2017

Software development

10 Modern software engineering mistakes
“Many articles say don’t over-engineer but don’t say why or how. Here are 10 clear examples.”. tl;dr; Prefer isolating actions than combining., Duplication is better than the wrong abstraction. Always take a step back and look at the macro picture. Reuse. Fork. Contribute. Reconsider. Refactoring is part of each and every story. No code is untouchable.

Why Software Development Time Estimation Doesn’t Work and Alternative Approaches
Alex Castrounis shares why estimating software development tasks by time and time tracking don’t work and how you can still get pretty accurate estimations to calculate the progress and a deadline for a project.

Lean Inception
How to work out what should be in MVP and start Agile project as quickly as possible?

Reflecting On One Very, Very Strange Year At Uber
Depressing story of Uber’s toxic organization culture and how not to handle issues. Also corporation process of reviews/transfers is awful.

Software Developer Interview: Your part.
If you’re looking for new challenges in software development career and go to a job interview you should carefully and thoroughly find out if the company is the right for you. Good list of interesting and important questions will help you on your way.

What .NET Developers ought to know to start in 2017
Have to remember to read this when I start using dotNet.

Front-end has always new frameworks

Vue.js 2.0 has gained popularity among React and Angular and it looks good alternative for front-end development. Vue.js in less than 30 minutes for beginners and Vue.js 2.0 In 60 Minutes will show you what’s it about and get you started.

Tools

GraphQL Part 1 and Part 2
Loren Sands-Ramshaw wrote a two-step guide on GraphQL, a relatively new query language that has better performance and is easier to handle as REST. (from Web Development reading list 175

EICAR Standard Anti-Virus Test File
You can use EICAR standard anti-virus test file for testing what happens when virus is found. It’s just text.

Pipeline as code with a Spring Boot application
I just recently clicked through Jenkins UI to setup pipelines. Boring. Next time I’ll try to define it with ‘pipeline as code’ concept.

User interface

Toggle button
Sometimes a user interface requires a clear “On”/”Off” switch. It’s usually a great idea when you want to show optional settings but indicate more as a checkbox does by default and in a simpler way as two radio options could provide it. Heydon Pickering now shares the technical approach to building semantic, accessible and easy-to-use toggle buttons. (from Web Development reading list 175

Something different

How to ride long Poles. The bike.
Good tips of how to ride mountain bike. Stand tall and keep your head up; Turn your body towards the direction you want your bike to go; Counter steer before the corner; Push the bike with your legs in turns; Bend knees.