A great conference. A good deal of good talks.

To (perhaps) check later

Wednesday

• Practical CSS tips & tricks for backend developers - really useful tips! video
• No Estimates, Let's Explore the Possibilities video
• Form with Function: Adding Behavior with CSS - recommended by a friend (modal dialogs, tab switching, ...) video
• ? Anti-fragile and feedback. Trying to make up for the failures of "agile." video
• ? JavaScript Forensics - not sure what this is about but it might be interesting
• ? Designing and Programming Accessible Website and App UIs video

Thursday

• ? Declarative REST: State Machines for the Web video
• Continuous Delivery for Architects - Neal Ford video
• ? Desktop applications using JavaScript and Electron video
• ? High Performance in the Critical Rendering Path - how to make pages to load fast video
• This is Water - Neal Ford - an excursion into a strange, fantastical world with things like immutable database server, phoenix machines, and lambdas. video
• Securing Web APIs – Patterns & Anti-Patterns video
• ? Functional Data - event sourcing & FP video
• Authentication and authorization in modern JavaScript web applications – how hard can it be? video
• ? Taking other peoples money: A guide to online payments video
• ? Running Docker and Containers in Development and Production video
• Not Even Close: The State of Computer Security

Friday

• 595 billions income - untouched by human hands video
• Boosting security with HTTP headers video
• The rest of ReST - we'll look at the challenges of building usable real-world ReST APIs: Hypertext Application Language (HAL), HTTP Patch, ... video
• ? How do you scale a logging infrastructure to accept a billion messages a day? - DB -> ELK -> ELK + Kafka video
• ? Learning Client Hypermedia from the Ground Up - how to move specific knowledge of 1) addresses, 2) inputs, and 3) workflow out of the client app and place it into the message => a more robust, adaptable, and resilient client video
• ? Make it Faster - Lessons Learned from Benchmarking NoSQL on the AWS Cloud - best practices for performing database benchmarking on the AWS cloud & how to get more speed and efficiency in your production workloads video
• ? Crafting Evolvable Web API Representations - like structuring for evolution, sizing for optimum caching, the different ways to include metadata, ... video
• ? Mob Programming, A Whole Team Approach video
• ? Removing barriers - JetBrains's good and bad expericences with minimizing management video

Keynote Data and Goliath ☆☆☆☆

Continue reading →

---

By Matthew Podwysocki

Events

Lot of work (setup, remove listeners ...), not composable.

Promises

No way to abort promise in progress. (Me: has to remember to check for errors: then(onOk, onError).)

No try-catch-finally; only try-catch.

Streams

Node: Stream 1 were terrible (pause/resume unusable, data sent before ready, ...).


Continue reading →

---

According to the NDC Oslo talk Lean and Functional Programming
Continue reading →

---

@theburningmonk Yan Cui has a nice example demonstrating how Functional Reactive Programming [slides 185 - 206] (with Elm's Signals) yields a much shorter and easier to understand (one you know FRP) code than an imperative code with mutations spread all over the code base.

The game

Use the Up and Down keys to move the platforms and thus bounce the ball from left to right and back:

The imperative solution

Continue reading →

---

Troy Hunt (@troyhunt, blog) had a great, very hands-on 2-day workshop about webapp security at NDC Oslo. Here are my notes.

Highlights - resources

Personal security and privacy

• https://www.entropay.com/ - a Prepaid Virtual Visa Card
• mailinator.com - tmp email
• f-secure VPN
• https://www.netsparker.com/ - scan a site for issues (insecure cookies, framework disclosure, SQL injection, …) (lot of $k)

Site security

• https://report-uri.io/ - get reports when CSP rules violated; also displays CSP headers for a site in a human-friendly way
• https://securityheaders.io/ check quality of headers wrt security
• free SSL - http://www.startssl.com/, https://www.cloudflare.com/ (also provides web app firewall and other protections) ; 
• SSL quality check: https://www.ssllabs.com/ssltest/ 
• https://letsencrypt.org/ - free, automated, open Certificate Authority (Linux Found., Mozilla)
• HSTS Preload - tell Chrome, FF that your site should only be ever loaded over HTTPS - https://hstspreload.appspot.com/

Breaches etc.

• http://arstechnica.com/security/2015/06/hack-of-cloud-based-lastpass-exposes-encrypted-master-passwords/
• https://twitter.com/jmgosney - one of ppl behind http://passwordscon.org . http://password-hashing.net  experts panel. Team Hashcat. 
• http://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/ 

To follow

• ! http://krebsonsecurity.com/
• ! http://www.troyhunt.com/
• ! https://www.schneier.com/
• ! https://twitter.com/mikko (of F-Secure) also great [TED] talks
• kevin mitnick (jailed for hacking; twitter, books)

Continue reading →

---

It took me quite a while to figure out the right syntax for filtering instances by tag name and value in the AWS EC2 API's describeInstances
Continue reading →

---

Mounting an EBS volume to a Docker instance running on Amazon Elastic Beanstalk (EB) is surprisingly tricky. The good news is that it is possible.

I will describe how to automatically create and mount a new EBS volume (optionally based on a snapshot). If you would prefer to mount a specific, existing EBS volume, you should check out leg100's docker-ebs-attach (using AWS API to mount the volume) that you can use either in a multi-container setup or just include the relevant parts in your own Dockerfile.

The problem with EBS volumes is that, if I am correct, a volume can only be mounted to a single EC2 instance - and thus doesn't play well with EB's autoscaling. That is why EB supports only creating and mounting a fresh volume for each instance.


Continue reading →

---

I have derived the Docker container docker-grafana-influxdb-cloudwatch that bundles Grafana dashboards, InfluxDB for metrics storage, and runs cloudwatch-to-graphite as a cron job to fetch selected metrics from AWS CloudWatch and feed them into the InfluxDB using its Graphite input plugin. It is configured so that you can run it in AWS Elastic Beanstalk (the main problem being that only a single port can be exposed - I therefore use Nginx to expose the InfluxDB API needed by Grafana at :80/db/).


Continue reading →

---

When looking for ways to discover whether a proxy is being used by OS X, you will be typically pointed to

networksetup -getwebproxy

However that does not always work - for example when using "Auto Proxy Discovery" and/or "Automatic Proxy Configuration" with a proxy.pac file. scutils --proxy seems to detect all these cases (though it cannot give you the proxy when using auto config, I suppose):
Continue reading →

---

Chai is a popular Node/browser assertion library. However - as everything - it has its flaws. An important flaw is that it performs checks on property access - and if you e.g. misspell the name of an assertion, it will be just ignored (for there is no way for Chai to know that you tried to access a non-existent property). This may be fixed in the future with ES6 proxies but so far you risk having tests that actually do not test anything. Though you should of course always develop your tests so that they initially fail and thus you know they actually assert something :-).

Anyway, there is a neat quick way to verify that all your tests have at least one valid assertion - simply replace expect with expect.not.
Continue reading →

---

See this gist:


Continue reading →

---

The first Continuous Delivery and DevOps Conference
Continue reading →

---

How to back up your precious files stored on the WD My Cloud NAS into S3 with the slow but low-cost storage class "Glacier".

How does the backup work: duplicity does its job and uploads files to S3. The large data archives are recognized by S3 Lifecycle rules that we set up based on their prefix and moved to the Glacier storage class soon after upload. (It takes hours to restore something from Glacier but its cost is orders of magnitude lower than that of S3 itself). We leave metadata files in S3 so that duplicity can read them.

90% of this is based on http://www.x2q.net/2013/02/24/howto-backup-wd-mybook-live-to-amazon-s3-and-glacier/ and the WD build guide (http://community.wd.com/t5/WD-My-Cloud/GUIDE-Building-packages-for-the-new-firmware-someone-tried-it/m-p/770653#M18650 and the update at http://community.wd.com/t5/WD-My-Cloud/GUIDE-Building-packages-for-the-new-firmware-someone-tried-it/m-p/841385#M27799). Kudos to the authors!

You will need to:

1. Build duplicity and its dependencies (since WD Debian v04 switched to page size of 64kB, all pre-built binaries are unusable)
2. Configure S3 to move the data files to Glacier after 0 days
3. Create your backup script - see backup-pictures-to-s3.sh
4. Schedule to run incremental backups regularly via Cron
5. Preferably test restore manually

Continue reading →

---

I want to know when our app starts getting slower so I sat up an alarm on the Latency metric of our ELB. According to the AWS Console, "This alarm will trigger when the blue line [average latency over the period of 15 min] goes above the red line [2 sec] for a duration of 45 minutes.
Continue reading →

---

One of the annoying things with Jest
Continue reading →

---

Copyright © 2026 Jakub Holý
Powered by Cryogen
Theme by KingMob