By Matthew Podwysocki

Events

Lot of work (setup, remove listeners ...), not composable.

Promises

No way to abort promise in progress. (Me: has to remember to check for errors: then(onOk, onError).)

No try-catch-finally; only try-catch.

Streams

Node: Stream 1 were terrible (pause/resume unusable, data sent before ready, ...).


Continue reading →

---

@theburningmonk Yan Cui has a nice example demonstrating how Functional Reactive Programming [slides 185 - 206] (with Elm's Signals) yields a much shorter and easier to understand (one you know FRP) code than an imperative code with mutations spread all over the code base.

The game

Use the Up and Down keys to move the platforms and thus bounce the ball from left to right and back:

The imperative solution

Continue reading →

---

According to the NDC Oslo talk Lean and Functional Programming
Continue reading →

---

Troy Hunt (@troyhunt, blog) had a great, very hands-on 2-day workshop about webapp security at NDC Oslo. Here are my notes.

Highlights - resources

Personal security and privacy

• https://www.entropay.com/ - a Prepaid Virtual Visa Card
• mailinator.com - tmp email
• f-secure VPN
• https://www.netsparker.com/ - scan a site for issues (insecure cookies, framework disclosure, SQL injection, …) (lot of $k)

Site security

• https://report-uri.io/ - get reports when CSP rules violated; also displays CSP headers for a site in a human-friendly way
• https://securityheaders.io/ check quality of headers wrt security
• free SSL - http://www.startssl.com/, https://www.cloudflare.com/ (also provides web app firewall and other protections) ; 
• SSL quality check: https://www.ssllabs.com/ssltest/ 
• https://letsencrypt.org/ - free, automated, open Certificate Authority (Linux Found., Mozilla)
• HSTS Preload - tell Chrome, FF that your site should only be ever loaded over HTTPS - https://hstspreload.appspot.com/

Breaches etc.

• http://arstechnica.com/security/2015/06/hack-of-cloud-based-lastpass-exposes-encrypted-master-passwords/
• https://twitter.com/jmgosney - one of ppl behind http://passwordscon.org . http://password-hashing.net  experts panel. Team Hashcat. 
• http://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/ 

To follow

• ! http://krebsonsecurity.com/
• ! http://www.troyhunt.com/
• ! https://www.schneier.com/
• ! https://twitter.com/mikko (of F-Secure) also great [TED] talks
• kevin mitnick (jailed for hacking; twitter, books)

Continue reading →

---

It took me quite a while to figure out the right syntax for filtering instances by tag name and value in the AWS EC2 API's describeInstances
Continue reading →

---

Mounting an EBS volume to a Docker instance running on Amazon Elastic Beanstalk (EB) is surprisingly tricky. The good news is that it is possible.

I will describe how to automatically create and mount a new EBS volume (optionally based on a snapshot). If you would prefer to mount a specific, existing EBS volume, you should check out leg100's docker-ebs-attach (using AWS API to mount the volume) that you can use either in a multi-container setup or just include the relevant parts in your own Dockerfile.

The problem with EBS volumes is that, if I am correct, a volume can only be mounted to a single EC2 instance - and thus doesn't play well with EB's autoscaling. That is why EB supports only creating and mounting a fresh volume for each instance.


Continue reading →

---

I have derived the Docker container docker-grafana-influxdb-cloudwatch that bundles Grafana dashboards, InfluxDB for metrics storage, and runs cloudwatch-to-graphite as a cron job to fetch selected metrics from AWS CloudWatch and feed them into the InfluxDB using its Graphite input plugin. It is configured so that you can run it in AWS Elastic Beanstalk (the main problem being that only a single port can be exposed - I therefore use Nginx to expose the InfluxDB API needed by Grafana at :80/db/).


Continue reading →

---

When looking for ways to discover whether a proxy is being used by OS X, you will be typically pointed to

networksetup -getwebproxy

However that does not always work - for example when using "Auto Proxy Discovery" and/or "Automatic Proxy Configuration" with a proxy.pac file. scutils --proxy seems to detect all these cases (though it cannot give you the proxy when using auto config, I suppose):
Continue reading →

---

Chai is a popular Node/browser assertion library. However - as everything - it has its flaws. An important flaw is that it performs checks on property access - and if you e.g. misspell the name of an assertion, it will be just ignored (for there is no way for Chai to know that you tried to access a non-existent property). This may be fixed in the future with ES6 proxies but so far you risk having tests that actually do not test anything. Though you should of course always develop your tests so that they initially fail and thus you know they actually assert something :-).

Anyway, there is a neat quick way to verify that all your tests have at least one valid assertion - simply replace expect with expect.not.
Continue reading →

---

The first Continuous Delivery and DevOps Conference
Continue reading →

---

See this gist:


Continue reading →

---

How to back up your precious files stored on the WD My Cloud NAS into S3 with the slow but low-cost storage class "Glacier".

How does the backup work: duplicity does its job and uploads files to S3. The large data archives are recognized by S3 Lifecycle rules that we set up based on their prefix and moved to the Glacier storage class soon after upload. (It takes hours to restore something from Glacier but its cost is orders of magnitude lower than that of S3 itself). We leave metadata files in S3 so that duplicity can read them.

90% of this is based on http://www.x2q.net/2013/02/24/howto-backup-wd-mybook-live-to-amazon-s3-and-glacier/ and the WD build guide (http://community.wd.com/t5/WD-My-Cloud/GUIDE-Building-packages-for-the-new-firmware-someone-tried-it/m-p/770653#M18650 and the update at http://community.wd.com/t5/WD-My-Cloud/GUIDE-Building-packages-for-the-new-firmware-someone-tried-it/m-p/841385#M27799). Kudos to the authors!

You will need to:

1. Build duplicity and its dependencies (since WD Debian v04 switched to page size of 64kB, all pre-built binaries are unusable)
2. Configure S3 to move the data files to Glacier after 0 days
3. Create your backup script - see backup-pictures-to-s3.sh
4. Schedule to run incremental backups regularly via Cron
5. Preferably test restore manually

Continue reading →

---

I want to know when our app starts getting slower so I sat up an alarm on the Latency metric of our ELB. According to the AWS Console, "This alarm will trigger when the blue line [average latency over the period of 15 min] goes above the red line [2 sec] for a duration of 45 minutes.
Continue reading →

---

One of the annoying things with Jest
Continue reading →

---

Our systems always depend on other systems and services and thus may and will be subject to failures – network glitches, dropped connections, load spikes, deadlocks, slow or crashed subsystems. We will explore how to create robust systems that can sustain blows from its users, interconnecting networks, and supposedly allied systems yet carry on as well as possible, recovering quickly – instead of aggreviating these difficulties and turning them into an extended outage and potentially substiantial financial loss. In systems not designed for robustness, even a minor and transient failure tends to cause a chain reaction of failures, spreading destruction far and wide. Here you will learn how to avoid that with a few crucial yet simple stability patterns and the main antipatterns to be aware of. Based primarily on the book Release It! and Hystrix. (Presented at Iterate winter conference 2015; re-posted from blog.iterate.no.)


Continue reading →

---

Copyright © 2026 Jakub Holý
Powered by Cryogen
Theme by KingMob