David Ojeda's Blog

Rails noob journey

David Ojeda — Sat, 17 Apr 2021 14:30:15 GMT

I've been wanting to learn Rails since ages ago, but, you know, life was getting in the way (or me, rather).

A couple of weeks ago I decided to start a side-project related to another side-project. Sounds like an entry for a GitHub Graveyard, I know. Just bear with me.

My initial side-project was a personal finance blog in Spanish called "Perro Dinero" (has a special meaning in Spanish, but in English, it's just something like "money dog").

It started as a way to document my learning because my memory betrays me since I can remember (pun intended). My blog is still running, constantly updating it, and now it has two objectives:

Document my finance and investments learnings
Help other people improve their financial lives

I won't go further into explaining this side project, all you need to know is that it's about personal finance, it's in Spanish, my dog appears in every post 🐶, and you can visit it here 👇

https://perrodinero.blog

What does it have to do with Rails? Well, my brother and I are creating an app to help people get into long-term investing. No, we're not taking your money, just helping you decide what to invest in given your objectives.

Both of us have many years developing in Grails, the JVM version of Rails, and we both had the curiosity to see how working in Rails is/feels (we're big fans of DHH and Jason Fried, too). So we decided to create it with Rails.

We've encountered a few issues that took us from an hour to a couple of days to fix, and I just want to document them, as plainly and simply as possible.

So, yeah, expect some short Rails ramblings for the next few weeks.

Read you soon! 👋

Reduce Google Fonts file size by more than 80%

David Ojeda — Thu, 01 Oct 2020 04:16:10 GMT

Sometimes we only need a font for a couple of words, like a logo or slogan. Why do we download the whole font file if we only need a few letters?

In this post, I'll show you how you can reduce your font file size by more than 80%. This size reduction will be more effective the fewer characters you need.

Base HTML

This is the base HTML we'll use. It contains the Roboto font and two headers. One with Roboto font-family and the other with the default font:

html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <title>Documenttitle>
  <link href="https://fonts.googleapis.com/css2?family=Roboto" rel="stylesheet">

head>
<body>
  <h1 style="font-family: 'Roboto', sans-serif;">David Ojedah1>
  <h2>Default fonth2>
body>
html>

Measuring current font file size

If you open this file with your browser and open the network tab of the Developer Console, you would see this:

~657 bytes for the Google Fonts API call and ~11.1 kB for the actual Roboto font.

If you look at the HTML again, you can notice that we're only using the font for my name, David Ojeda. What if we could download only those letters? It turns out we can.

Changing the font URL

We need to change the font URL from this:

<link href="https://fonts.googleapis.com/css2?family=Roboto" rel="stylesheet">

to this:

<link href="https://fonts.googleapis.com/css2?family=Roboto&text=David%20Ojeda" rel="stylesheet">

What's new? The &text= URL parameter. We'll only download the characters we need. Just remember, the text parameter value:

Is case-sensitive.
Needs to be URL encoded.

Measuring updated font file size

Let's measure the size of the file now:

~359 bytes for the Google Fonts API call and ~1.3 kB for the actual Roboto font. That's like 89% file reduction for the font!

Wrap up

I found this implementation in the Google Fonts documentation days ago, and I wanted to share it so more people know about it.

It saved me this 80-90% file size on my personal finance blog, and I'm sure it can help others do the same.

Thanks for reading me! 💙

Queues: A Primer

David Ojeda — Wed, 30 Sep 2020 16:49:32 GMT

Queues are a natural phenomenon in everyday life. You queue to buy food, to pay in the supermarket, or to get on a plane. But queues are also used in software to handle heavy processes.

A queue can help devs like me and you store a request for later processing. It's a common practice to use a queue to handle data exports from a site, for example.

What you'll learn

In this post I'll compare queues in software development with queues in a fast food restaurant. You'll learn:

What's a queue
Uses of a queue
Caveats of queues
Benefits of using a queue
Common services you can use

Queuing for food: First In, First Out (FIFO)

When you go to a fast food place you need to first get in line to place your order.

You wait in line until it's your turn to say whatever you're gonna have. Ideally, no one gets in the line; that would be disrespectful and will cause some complaints.

This queue operates with a FIFO principle. That means that the first person dispatched is the first to be in line. The first that gets in line is the first to get out.

You can picture each person in line as a heavy processing job request from a client to the application. An asynchronous worker processes each of these requests that are waiting in line. And by worker I mean something like a server that's not reachable by your customers.

Each of these requests should respond in the order in which they were issued. But it's not always the case.

Preparing your food: Order might change

Once you place your order, the cashier sends it to the cooks, so they can start preparing it. The orders get into another queue.

Now, imagine there's only one cooker. You ordered a triple cheeseburger with extra onions, a vanilla milkshake, and small fries. The person after you only ordered some small fries.

The cooker might say: let me serve the customer that only ordered fries first because that's quick. That puts you after that customer in the queue even though you ordered first.

In software development, queues are usually used with distributed systems. And in these type of systems the order of the elements in the queue might change.

There are special types of queues that guarantee the order, but not every queue does it. So your application must not depend on the order of the requests.

There's another problem you need to manage. What if there's more than one cooker and two or more of them start preparing the same order? It's very common for an application to have multiple workers that read the same queue.

Mistakes in food preparation: Handling idempotency

If two cooks take your order they will each prepare you what you asked for. You'll end up with two cheeseburgers instead of one. There should be a way to avoid two cooks working on the same order.

A caveat of a distributed queue is that two workers can read the same message at the same time. So we say these requests should be idempotent. That is, the same operations requested multiple times should produce the same result.

For example, a DELETE request on a REST API should delete a resource the first time it's called. This usually returns a 200 (OK) or 204 (No Content) response. The result should be the same if that same request is called a second time: the deletion of the resource.

Some systems only disable the resource instead of deleting it from the database. In that case, the result (side effect in the application) and the response (literal response from the API) will be the same.

If the system deleted the resource the first time, then you'll receive a 404 (Not found) response on the second call. Here two identical requests had the same result, but a different response.

In both cases the delete request was idempotent. Two same requests resulted in the same outcome.

Getting your food: Notifying the end user

It's common to receive a device that vibrates and lights on when your order is ready. That's how the restaurant notifies you that your order is ready for pickup.

Workers also need a way to communicate to its users. Email is a great solution since most of the processing workers do is asynchronous.

The only job of the queue is to receive and store requests until they're processed.

Why do we need queues?

Queues improve user experience

You don't want to wait in front of the cashier until your order is ready; you don't know how long will it take.

Similarly, you don't want your users to wait while looking at a loading spinner. Moreover, it can be taxing on the client-facing servers.

The HTTP request window is short. Applications close the connection between server and client when a request is taking more than 30-60 seconds, resulting in a timeout.

How can you handle a resource-intensive task that takes more than 60 seconds? You send it to a queue, and a worker in the background can take that message and process it.

Queues are language agnostic

It doesn't matter if you send a message to a queue with Python and receive it with JavaScript. The intermediary, called the message broker, will handle it.

Queues decouple your systems

With queues, you can separate concerns and allow a different service or part of your application to handle specific requests.

The messages in the queue will be waiting even if your workers fail.

Popular queue services and message brokers

You don't have to implement the queue's internal logic, it's a solved problem. You can instead use one of these popular services:

I've only used Amazon SQS, and it's fast to start working with it. It gets complicated as you dig deeper, but it's a great way to start.

What I didn't tell you

There are other factors to consider when working with queues and message brokers. The intention of this post is to only give a general overview of how the mechanism works.

To give you an idea, you need to configure and/or handle, among many others:

Retry policy
Failed messages
Security of your queues
Duration of messages in the queue
Reliability and availability of your queues and message brokers

Wrap up

Queues are a great addition to your software developer arsenal. If you need to do a resource-intensive task, a queue should be one of your options.

Thanks for reading me! 👋

**Cover image taken from unDraw

4 Time Zone Bugs I Ran Into

David Ojeda — Wed, 23 Sep 2020 16:25:48 GMT

Software development is hard. Time zones are hard. Dealing with time zones in software development? Yeah, harder.

Here are 4 places where time zones might differ; and 4 personal bug stories for each case. I'll be referring to the same app for each story, the one I work with and maintain in my day-to-day job. This app works with Mexico's City time zone.

Time zone of your app

Your app runs with a default time zone. It's usually the time zone of the server it runs on, but it can be different.

In Java, you can define the time zone of the whole application when it boots. If for some reason you don't want to work with your server's timezone, this is the place to change it.

The bug - Time in Chile off by one hour

The app shows the date of creation of an object in many places. Three of these places were showing different times; two incorrect and one correct.

One error was because I forgot to pass the user's timezone to the date formatter. Quick fix.

The second error was weird. I couldn't identify why, so I compared it with the correct one.

But the third case was only right because the date had been double parsed! Once on the server and a second time on the client (browser).

So none of the three dates were actually correct. WTF?

After some headaches, I learned that each version of Java comes with a time zone data file. This file includes the latest information on the world's time zones, and the Internet Assigned Numbers Authority (IANA) manages it.

Time zone changes happen when governments decide to apply or not to apply daylight saving times (DST).

In 2015, Chile decided to move from seasonal DST to permanent DST, and some JRE releases included this change. But then, in 2016 Chile decided to revert to how it was before; seasonal DST instead of permanent. What was the issue? The app was using one of these JRE releases with an outdated time zone data file.

You can read more about these DST issues with Java here.

Time zone of your server

The operative system defines your server's time zone. I've always used Linux for production servers, and they come with UTC as the default time zone.

If you need to change this time zone, make sure to do it before your application starts or it won't reflect the change.

The bug - App using the wrong default time zone from the server

I was migrating some processes in our build and deployment pipeline. From configuring the app with every deploy to a pre-built AWS Amazon Machine Image (AMI) with HashiCorp's Packer.

One step of the initial configuration was to change the server's time zone to America/Mexico_City, and I was aware of it. So I created a bash script that changed the time zone on the AMI we were going to use. The script worked well when I tested it on a Linux instance. No problem there.

I proceeded to use this AMI in our staging environment and neither I nor my teammates noticed something off. So, to production!

Customer's questions and complaints about dates behaving weird arrived minutes later 😥

The issue? The script that updated the server's time zone was failing silently and I missed double-checking it in the staging environment. The app wasn't using an explicit time zone, so it took the server's. And the server's time zone was UTC by default, and we needed America/Mexico_City. I fixed the script and, to make sure, updated the app's default time zone to the expected one.

Time zone of your database

You can also change your database's time zone. I use AWS Relational Database Service (RDS) and the default time zone is UTC. You can update it from the parameter group of your cluster or individual instance.

The bug - Wrong database time zone

Now I was doing a migration of our database. I anticipated myself by changing the database's time zone to America/Mexico_City because the app and server had it. Every part of the system should be in the same page, right? Wrong!

The database was perfectly okay being in UTC while the app and server were in America/Mexico_City. That's how it worked.

This bug was not as critical as the previous ones because I caught it in our staging environment.

Time zone of your users

If it wasn't enough, each one of your users can have a different time zone, and you have to take that into consideration when showing time sensitive-data.

The bug - Many of them!

I've encountered many bugs related to user's time zones:

Missing time zone in date formatter.
Incorrect time zone selection from the user.
Missing DST time zone options for users to select.
Storing dates with time zone modifications that get parsed again when retrieved.

Time zones are one of the most complicated topics you'll find while developing software. They're complex by themselves, and even more when you throw some code into the mix.

I hope these short stories can help you avoid my mistakes in the future 🙌🏼

Thanks for reading me! 💙

I finished the #100DaysOfCode challenge in 140 days, here are my thoughts

David Ojeda — Sat, 08 Aug 2020 01:01:34 GMT

I started the #100DaysOfCode challenge on March 21st and finished it today, August 7th. FINALLY! 🥳 And yeah, that's way more than 100 days 🙃

For those who don't know, the #100DaysOfCode challenge consists of coding at least one hour every day for the next 100 days. Every day during this period you also must:

Tweet your progress using the #100DaysOfCode hashtag.
Engage with at least two other people doing the challenge.

The purpose of the challenge is to help you form a habit and to meet other people doing the same. Check the full challenge description on their official page.

When I started this challenge, I was at a point in life where I was looking to improve many of my current habits and to be more active on Twitter, and the challenge was a mix of both.

I want to share some thoughts about this journey and the challenge itself since I have mixed feelings. Before I go on, I want to say that this is my perspective. The perspective from an experienced dev who already codes in its 9-5 and has multiple side projects, not all code related.

Let's get to it.

Public commit is real

Yelling out loud that you'll commit and achieve something it's a powerful way to actually do it. And the challenge starts just like that, committing in public. It can help you build a habit if you didn't have one because it creates a sense of accountability. Even if no one really cares.

A more in deep view of this fact is in SWYX Learn In Public article. Highly recommended read 👌🏼

You meet great people along the way

The challenge invites you to share and engage with other people going through the same journey, and you end up creating bonds. I want to thank them:

Alex was my accountability buddy from the very beginning. He's a humble, great developer who's constantly learning and improving his craft. Check his DEV account!
Annie and I engaged in some of our tweets for the challenge, and it's been a pleasure to see her Twitter following skyrocket. Do check her out for some mind-blowing CSS illustrations 🤯
Alfredo and I are also accountability buddies. He loves DevOps related stuff and he's on his way to write consistently!

It's daunting to do anything 100 times in a row

Starting to form a habit by doing one thing, for at least one hour, for 100 days in a row, is like rolling out a snowball uphill. It will eventually grow so big that it will crush you.

When I formed my habit of working out, it didn't start by saying: "I'm gonna exercise for one hour for the next 100 days". That's exactly how you don't create a habit.

You'll probably start highly motivated the first few weeks, but believe me, life gets in the way. You'll eventually start to fall off because it's a HUGE commitment. And it's especially hard if you are just starting out as a developer.

It's like starting to run before you crawl.

Instead, to create my exercise habit I said: "I'm gonna exercise for at least five minutes, three times a week". The secret is that five minutes is more manageable, and for that reason more likely to happen.

Once you start, you'll find yourself doing more than five minutes because, well, you're already there with your gym clothes on. You build up from there, and now the snowball rolls downhill.

Missing one day is not the end of the world

I wish this previous sentence was part of the challenge's website.

Whenever I couldn't find a time slot to work on the challenge I felt anxious. Even if no one would even notice that I missed one day. Not even your all-time-friends: the bots.

But you already committed publicly to the challenge! You feel pressured. And many days I would open my computer, do some silly change to my code, and tweet about it. Damn, I even felt stupid sharing changes so small that where nowhere near the 1 hour commit I should be doing:

https://twitter.com/DavidOjedaL/status/1265895861688688642

That being said, take a break when needed. Nothing's gonna happen if you miss one or a couple of days. It's easy to burnout if you're also doing many other things at once. Your health is more important.

I learned A LOT

Not all 100 days of the challenge were related to a single subject or programming language; it was a huge mix of software-related work. Here are some things I did and learned during this journey.

Design

This is one of my weakest points, so I started with it. Color palettes, Figma and Tailwind CSS:

https://twitter.com/DavidOjedaL/status/1242483155401048065

Nina, a writing app (side project)

A web app to help me standardize my writing process.

Udacity's Front End Developer Nanodegree

I finished it in less than a month to take advantage of a discount 😁:

https://twitter.com/DavidOjedaL/status/1251000341128187906

AWS CDK

I started another Udacity's nanodegree because they gave me another free month, this one was for DevOps. I couldn't finish it within the free month so I dropped from it, but I managed to learn anyways:

https://twitter.com/DavidOjedaL/status/1260000143845330944

Personal blog re-design

It was time for a new design for my personal blog, and I wanted to try Eleventy for a while:

https://twitter.com/DavidOjedaL/status/1276038199668871168

Personal finances blog re-design

I also have a personal finance blog in Spanish, it's called Perro Dinero 🐕💰. I use Squarespace because at the beginning all I wanted to do was to focus on writing. Now that I have the habit, I want more freedom, so I'm moving to Eleventy too:

https://twitter.com/DavidOjedaL/status/1290885451990147072

Enjoy the journey

Engage and learn from others. I believe that's the most valuable takeaway of this challenge.

The rules and hashtag encourage you to comment on other's people work; positive vibes only 🤗. You meet new people, you learn from them, you expand your network. Do what you like, slow the pace if needed, but always have fun and enjoy the process.

Closing thoughts

The #100DaysOfCode challenge is a great initiative for new developers, it can help them to:

Create a coding habit.
Meet new people.
Learn new languages.
Showcase their work.

And the challenge is more than just coding, it's about sharing and community 🧡

I couldn't keep the 100 days streak or something even close because I already code every weekday. There were times when I didn't want to code on weekends, I wanted to disconnect. That's totally fine for me, but it didn't stop my anxiety.

So, was a great experience? It was!

If I went back in time would I do it again? I would!

Am I gonna do round 2? Not at all.

Do I recommend it?

If you're starting out as a developer or want to create a side project or habit and you need public accountability, go for it!

If you're an experienced developer with an already ongoing side project, the challenge might not be the best place to put your efforts on.

Thanks a lot for reading me, and I hope these words can help you through your journey, be it that you're already on it or planning to start 👋

Enable "Ignore load balancer 4xx errors" health rule on AWS Elastic Beanstalk using .ebextensions

David Ojeda — Fri, 20 Mar 2020 00:50:17 GMT

If you are an Elastic Beanstalk (EB) user, you are probably aware of a frequently requested feature that was released on July 25, 2018: To ignore application 4xx errors when determining your environment's health. It's was a new EB health rule that ignores 400-499 HTTP status codes when alerting if your environment instances are having trouble 🏥.

It is common for applications to receive many 4xx errors, for example, due to:

Client's API integrations using invalid credentials.
Client-side test tools.
Broken links that create 404 responses.

I started to use this feature since the moment it was released.

Today I logged in into my EB console and switched the design to the latest version of the console. Everything okay. Then, as I was exploring the new console, I noticed a new configuration that was not previously available: To ignore load balancer 4xx errors.

In this post, I will show you, through a story, how to enable this feature using .ebextensions, because, infrastructure-as-code, you know 🤓. The funny part, I can't seem to find the documentation anywhere on AWS. Never happened before, right? 🙃.

Follow along!

Digging through the docs 🗂

The first thing I do when trying to configure this new feature is: go to the docs page where the almost identical feature is documented, that is, the ignore application 4xx errors. I found that is the same page as it was before, with no extra information about a load balancer health rule. Citing the docs:

Currently, this is the only available enhanced heath rule customization. You can't configure enhanced health to ignore HTTP errors returned by an environment's load balancer, or other HTTP errors in addition to 4xx.

Liars! Just kidding 😝

Without luck on this doc page, I proceeded to look somewhere else:

Went through the EB release notes to see if I missed the announcement. No luck.
Went to the EB public roadmap and found nothing there either.
Asked on Twitter, but since no one follows all I got was a response from AWS support to look at their forum. Go follow me on Twitter! 👀.
Went to the EB forums and only found people asking how to work around the fact that there was no feature to ignore load balancer 4xx errors 🤦🏻‍♂️.
Asked a question in StackOverflow and got a comment saying that I should create a support ticket.

What next❓

I had already searched through a lot of docs without any progress. I posted the question on Twitter and StackOverflow, and I wasn't expecting any response soon. I thought about trying to guess the new field names and do a try-error session.

My current configuration document looks like this:

{
  "Rules": {
    "Environment": {
      "Application": {
        "ApplicationRequests4xx": {
          "Enabled": false
        }
      }
    }
  },
  "Version": 1
}

If I were the software developer that created this feature, how would I call the new field? Some options:

LoadBalancerRequests4xx
ALBRequests4xx
ELBRequests4xx

But, should they be nested under "Application" or should it be another high-level field? By this time I was already hungry, so I went to cook and eat 👨🏻‍🍳🍲

Enlightenment! 🔮

Taking a break helps, you should consider it in your daily routine. Back to the topic...

I realized that even though I can't find a way to configure this feature through code, I can do it directly in the console. This would only be temporary because the environments re-create themselves on each deploy- any new environment would have this feature disabled.

And here is where I got an idea💡 What if I:

Enable the feature on the console.
Save the environment configuration as an EB Saved Configuration.
Retrieve it with the EB CLI to see how the field is called at an API level.

That's exactly what I did. Once the configuration was saved, I retrieved it:

$ eb config get NAME_OF_MY_CONFIGURATION

and 💥, the configuration showed itself:

{
  "Rules": {
    "Environment": {
      "ELB": {
        "ELBRequests4xx": {
          "Enabled": false
        }
      },
      "Application": {
        "ApplicationRequests4xx": {
          "Enabled": false
        }
      }
    }
  }
}

There was a high-level field called "ELB", and a property "ELBRequests4XX"; I was not that erred 👨🏻‍💻.

I added those new fields to my .config file on the .ebextensions folder and everything worked as expected 👏🏼 Here is the final .config file I used:

option_settings:
  - namespace: aws:elasticbeanstalk:healthreporting:system
    option_name: ConfigDocument
    value: {
"Rules": {
  "Environment": {
    "ELB": {
      "ELBRequests4xx": {
        "Enabled": false
      }
    },
    "Application": {
      "ApplicationRequests4xx": {
        "Enabled": false
      }
    }
  }
},
"Version": 1
}

Wrap up 🔄

I can't imagine how complex is to add a feature to a system as big as AWS while maintaining all the docs updated. I don't blame them.

Nonetheless, we figured out at the end 🙌🏼. In short, to configure your EB environments to ignore load balancer 4xx errors, you need to add the previous .config file to your .ebextensions folder and deploy a new version.

Maybe the docs are updated by the time you read this, and the story will not be that fun 🙃 Anyhow, it was a blast to write.

I hope you enjoyed it. Thanks for reading me 💙

Copy to clipboard button with Stimulus 2.0 (Beta)

David Ojeda — Tue, 28 Jan 2020 00:46:41 GMT

Stimulus is a JavaScript framework developed by a team at Basecamp, and it aims to augment your existing HTML so things work without too much "connecting" code.

Contrary to other frameworks, Stimulus doesn't take over your front-end, so you can add it without too much hassle to your already running app.

Its documentation is very clear and digestible. Included in its handbook is an example of building a clipboard functionality, which I recommend you go through if you are trying Stimulus for the first time.

Right now we are replicating that functionality and adding a couple more things using a development build specified in this Pull Request (PR)

https://github.com/stimulusjs/stimulus/pull/202

It includes new APIs that will be released with version 2.0 of the framework, so they are not yet available with the current stable production release.

What are we building?

A one-time password "copy to clipboard" button what wraps the DOM Clipboard API.

You can access the final working version on Glitch.

Starting off

First, we are creating our base HTML where the one-time password will be and the actual button to copy it:

<div>
  <label>
    One-time password:
    <input type="text" value="fbbb5593-1885-4164-afbe-aba1b87ea748" readonly="readonly">
  label>

  <button>
    Copy to clipboard
  button>
div>

This doesn't do anything by itself; we need to add our Stimulus controller.

The controller definition

In Stimulus, a controller is a JavaScript object that automatically connects to DOM elements that have certain identifiers.

Let's define our clipboard controller. The main thing it needs to do? Grab the text on the input field and copy it to the clipboard:


(() => {
  const application = Stimulus.Application.start();

  application.register("clipboard", class extends Stimulus.Controller {
    // We'll get to this below
    static get targets() {
      return ['source']
    }

    copy() {
      // Here goes the copy logic 
    }
  });

})();

Now, this is a valid controller that doesn't do anything because it's not connected to any DOM element yet.

Connecting the controller

Adding a data-controller attribute to our div will enable the connection:

<div data-controller="clipboard">

[...]

Remember the static get targets() from above? That allows us to access DOM elements as properties in the controller.

Since there is already a source target, we can now access any DOM element with the attribute data-clipboard-target="source":

[...]

<input data-clipboard-target="source" type="text" value="fbbb5593-1885-4164-afbe-aba1b87ea748" readonly="readonly">

[...]

Also, we need the button to actually do something. We can link the "Copy to clipboard" button to the copy action in our controller with another identifier: data-action="clipboard#copy". The HTML now looks like this:

<div data-controller="clipboard">
  <label>
    One-time password:
    <input data-clipboard-target="source" type="text" value="fbbb5593-1885-4164-afbe-aba1b87ea748" readonly="readonly">
  label>

  <button data-action="clipboard#copy">
    Copy to clipboard
  button>
div>

Our controller is now automatically connected to the DOM, and clicking the copy button will invoke the copy function; let's proceed to write it.

The copy function

This function is essentially a wrapper of the DOM Clipboard API. The logic goes like this:

[...]

copy() {
  this.sourceTarget.select();
  document.execCommand('copy');
}

[...]

We take the source target we defined earlier, our text input that is, select its content, and use the Clipboard API to copy it to our clipboard.

At this point, the functionality is practically done! You can press the button and the one-time password is now available for you on your clipboard.

Moving further

The copy button works now, but we can go further. What if the browser doesn't support the Clipboard API or JavaScript is disabled?

If that's the case, we are going to hide the copy button entirely.

Checking API availability

We can check if the copy command is available to us by doing this:

document.queryCommandSupported("copy")

One of the best places to check this is when the Stimulus controller connects to the DOM. Stimulus gives us some nice lifecycle callbacks so we can know when this happens.

We can create a connect function on our controller and it will be invoked whenever this controller connects to the DOM:

[...]

connect() {
  if (document.queryCommandSupported("copy")) 
    // Proceed normally
  }
} 

[...]

One way to hide/show the copy button depending on the API availability is to initially load the page with the button hidden, and then displaying it if the API is available.

To achieve this we can rely on CSS:

.clipboard-button {
  display: none;
}

/* Match all elements with .clipboard-button class inside the element with .clipboard--supported class */
.clipboard--supported .clipboard-button {
  display: initial;
}

Our button is now hidden from the beginning, and will only be visible when we add the .clipboard--supported class to our div.

To do it, we modify the connect lifecycle callback.

Here is where we can start to see major differences from this latest development version. With the actual production version you would need to specify the CSS class in the controller, effectively doing this:

[...]

connect() {
  if (document.queryCommandSupported("copy")) 
    this.element.classList.add('clipboard--supported');
  }
} 

[...]

There is a new, better way to achieve it.

Classes API

Now, CSS classes can be actual properties of the controller. To do so, we need to add some identifiers to our HTML and add a new array to our controller:

<div data-controller="clipboard" data-clipboard-supported-class="clipboard--supported" class="clipboard">

[...]

[...]

application.register("clipboard", class extends Stimulus.Controller {

[...]

  static classes = ['supported']

  connect() {
    if (document.queryCommandSupported("copy")) 
      this.element.classList.add(this.supportedClass);
    }
  } 
[...]

Great! Now we can access our supported class string from our controller with this.supportedClass. This will help keep things loosely coupled.

The clipboard real-life example from Stimulus' handbook ends here. Now, to show the other newest additions and use the Classes API once more, we're adding the following functionality:

A new style to the "Copy to clipboard" button once it has been clicked
A refresh interval for the one-time password. This will generate a new password every 2.5 seconds
A data attribute to keep track of how many times the password has been generated

Values API

This, along with the Classes API, is one of the new additions to Stimulus. Before this API you would need to add arbitrary values to your controller with the Data Map API, that is, adding data-[identifier]-[variable-name] to your DOM element, and then parsing that value in your controller.

This created boilerplate such as getters and setters with calls to parseFloat(), parseInt(), JSON.stringify(), etc. This is how it will work with the Values API:

<div data-controller="clipboard" data-clipboard-supporte-class="clipboard--supported" data-clipboard-refresh-interval-value="2500" class="clipboard">

[...]

[...]

application.register("clipboard", class extends Stimulus.Controller {

[...]

  static values = {
    refreshInterval: Number
  }

  connect() {
    if (document.queryCommandSupported("copy")) 
      this.element.classList.add(this.supportedClass);
    }
    // Access refreshInterval value directly
    this.refreshIntervalValue; // 2500
  } 
[...]

Accessing your controller values is now cleaner since you don't need to write your getters and setters, nor do you need to parse from String to the type you need.

Moving forward, let's write the one-time password refresh.

Implementing password generation

We're going to define a new function to create a new random password. I grabbed this random UUID generator snippet from the internet:

([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g, c =>
                (c ^ crypto.getRandomValues(new Uint8Array(1))[0] & 15 >> c / 4).toString(16));

Adding it to our Stimulus controller:

  connect() {
    if (document.queryCommandSupported("copy")) 
      this.element.classList.add(this.supportedClass);
    }
    if(this.hasRefreshIntervalValue) {
          setInterval(() => this.generateNewPassword(), this.refreshIntervalValue)  
    } 
  } 

  // copy function

  generateNewPassword() {
    this.sourceTarget.value = ([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g, c =>
                (c ^ crypto.getRandomValues(new Uint8Array(1))[0] & 15 >> c / 4).toString(16));
  }
[...]

We use setInterval to refresh our password text field each 2500ms since that's the value we defined in the DOM.

Our refresh feature is now working! Some things still missing:

Add new style when copy button is clicked
Keep track of how many times a password is generated

Giving all we have learned so far, this is what's need to be done:

Add a new CSS class to the stylesheet, DOM element, and controller
Add this new class when the button is clicked, and remove it when the password is refreshed
Add to a counter when the password refreshes

This is how it will look at the end:

/* CSS */

.clipboard-button {
 display: none;
}

.clipboard--supported .clipboard-button {
  display: initial;
}

.clipboard--success .clipboard-button {
  background-color: palegreen;
}



<div data-controller="clipboard" 
     data-clipboard-refresh-interval-value="2500"
     data-clipboard-supported-class="clipboard--supported" 
     data-clipboard-success-class="clipboard--success"      
     data-clipboard-times-generated-value="1" 
     >

      <label>
        One-time password: <input data-clipboard-target="source" type="text" value="fbbb5593-1885-4164-afbe-aba1b87ea748" readonly="readonly">
      label>

      <button data-action="clipboard#copy"               
              class="clipboard-button" >
        Copy to Clipboard
      button>

    div>

 // JavaScript

 (() => {
    const application = Stimulus.Application.start()

    application.register("clipboard", class extends Stimulus.Controller {

      static get targets() {
        return ['source']
      }

      static values = {              
        refreshInterval: Number,
        timesGenerated: Number
      }

      static classes = ['supported', 'success'];

      connect() {                 
        if (document.queryCommandSupported("copy")) {
          this.element.classList.add(this.supportedClass);                
        }                            
        if(this.hasRefreshIntervalValue) {
          setInterval(() => this.generateNewPassword(), this.refreshIntervalValue)  
        } 
      }


      copy() {              
        this.sourceTarget.select();
        document.execCommand('copy');
        this.element.classList.add(this.successClass);
      }

      generateNewPassword() {              
        this.sourceTarget.value = ([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g, c =>
          (c ^ crypto.getRandomValues(new Uint8Array(1))[0] & 15 >> c / 4).toString(16));     
        this.element.classList.remove(this.successClass);
        this.timesGeneratedValue++;
      }                  

      // NEW! Read about it below
      timesGeneratedValueChanged() {              
        if(this.timesGeneratedValue !== 0 && this.timesGeneratedValue % 3 === 0) {
          console.info('You still there?');
        }
      }

    });

 })();

Apart from what we've already discussed about the Values API, there is also something new: Value changed callbacks.

These callbacks are called whenever a value changes, and also once when the controller is initialized. They are connected automatically given we follow the naming convention of [valueName]ValueChanged().

We use it to log a message each time the password has been refreshed three times, but they can help with state management in a more complex use case.

Wrapping up

I've created multiple Stimulus controllers for my daily job, and I must say that I always end up pleased with the results. Stimulus encourages you to keep related code together and, combined with the additional HTML markup required, ends up making your code much more readable.

If you haven't tried it yet, I highly recommend going for it! It offers a different perspective, one of magic 🧙🏻‍♂️.

Thanks for reading me 👋🏼.

My privacy setup 🔐

David Ojeda — Tue, 20 Aug 2019 23:42:54 GMT

One of the most precious things in this modern world is data, our own personal data.

With data, companies can persuade us to do, buy, like, and do whatever fits their interests- and most of the time those interests not really match ours.

I'm confident that you have already been in this situation: you are talking to a friend about, let's say, going to Disneyland, and a couple hours later while happily scrolling through your Instagram feed you see a sponsored Disneyland add. It's not a coincidence.

Or maybe you were chatting with a friend through Whatsapp, talking about babies. Just to receive an email from Amazon about some baby clothes offers. It's not a coincidence.

Many apps read, hear, and collect more information than we can imagine. Instagram hears what you say, Whatsapp reads what you write, Google knows where you are, and all that data is shared among so many other 3rd parties looking for profit. Knowledge is power.

If you think, "I don't really care, I have nothing to hide", it's not about hiding something. It's about unauthorized entities knowing everything about you. It's your life.

And in order to protect your data, your privacy, I put together this post with the details of my own privacy setup. It includes some rules I follow, as well as apps that help me protect my privacy.

Some general rules that apply to most of the things you do:

Don't give away your information just because it's easy. If you are signing up for a new service, I recommend you to investigate it before. You don't want to share details about you with a company that is known to sell them to someone else
For some temporary signups, you don't need real information. Some establishments, like coffee shops, ask you for your email address and name to connect to their WiFi, but most times you don't need a real email address since they don't ask for confirmation
Check allowed permissions of apps you install. There are apps that ask for way more than they need. If you can match every permission with a specific feature of the app, then you are probably good to go. Here is a Lifehacker guide for more information on the topic
Review privacy settings. Many apps have a privacy section on its settings where you can change what data can they collect or if targeted ads should be shown to you. Here's Twitter's for example:

Now let's get to the apps I use!

Brave

An open source privacy-first browser that comes with ad and tracker blocker by default. I have never missed Chrome or Firefox since I made the switch.

It's based on Chromium, so all your Developer Tools options are available to you. It also lets you open new tabs with Tor, for a truly private experience.

DuckDuckGo

A privacy-first search engine. DuckDuckGo doesn't store any of your searches, nor does it track you in any way. Every search you make is as it was your first search ever!

It does not have some quick responses as Google does, but it's totally worth it anyway. I have never missed Google Search either.

Signal

Signal is a messaging app that, you guessed it, it's privacy-first; it offers E2E encryption on everything. Plus, it's open source and a nonprofit organization. This app is even recommended by Edward Snowden!

The downside I have found so far is that not many people are willing to switch or use yet another messaging platform. Whatsapp is way to strong here in México at least.

Bouncer

This one is only for Android users. Bouncer is an app that allows you to grant permissions temporarily. It will automatically deactivate permissions after you have used the feature that required them.

For example, if you were to share your location using Whatsapp, you would need to accept the location permission first, then Bouncer will ask you once if you would like to remove or keep the permission after you have finished using it. As soon as you exit the app, Bouncer will remove location permissions from Whatsapp so it can't access them in the background. It's awesome!

Moreover, Bouncer doesn't even require internet permission, so you shouldn't fear of it sharing your information.

Tor

One of the world's strongest tool for privacy right now. It comes in many forms such as Tor Browser, Tor OS and private tabs with Tor from Brave, and it allows you to navigate the internet freely and with privacy thanks to its multiple layers of encryption.

It is slower than normal since the traffic goes through a series of relays, but for some people such as bloggers or journalists that must remain private, it's a jewel 💎.

NordVPN

A VPN will allow you to protect your IP address and to make sure no one can see which websites you visit. It can also help you block ads and protect you on public W-Fi networks.

I use NordVPN and it works just great! It offers hundreds of servers around the world and some more specialty servers such as double VPN, P2P and Onion over VPN.

There are some specific apps/companies that I try to avoid whenever possible. Here are some of them:

Google

I personally don't trust many giant tech companies like Google. They make really good products, I can't deny that. However, their business model thrives when users give away their privacy.

Take Gboard for example. This keyboard will have access to your camera, microphone, location and basically to anything you type with it. I admit the keyboard has really great features, but I would rather use something else than this keyboard just from the fact it comes from Google.

I do use Google Maps frequently, I just have many features disabled such as recommendations and location history.

This should be a no-brainer. Social networks profit from gathering personal information and then using it for ad targeting. I don't have Instagram nor Facebook, but I still have Twitter. I don't use the native apps though, I always check it on the website be it on mobile or desktop.

Leaving your social networks might feel impossible to you since you might have family and friends with whom you talk to or at least follow, and that's okay. I would recommend just not to share too many personal details on your posts.

Closing out

Your privacy is rapidly becoming a privilege rather than a right, that's why I use all these apps and tips to keep mine.

I don't pretend to cover everything there is about online privacy on this post, but hopefully it sparks your curiosity to learn and do more to protect what's yours. I still have plenty of things to do, and my next objective is to completely stop using Google Products.

Here are many resources I have studied/read/watched to keep myself informed about this. I highly recommend to check the DuckDuckGo resources below, they have immense high quality information about why you should care about privacy.

Cover image was generated using Cover-Image-Generator 💙

I hope you find some of what I have shared here useful, and if you know something else I should be doing please leave me a comment!

Groovy delegation strategy for query re-use in Grails

David Ojeda — Tue, 12 Mar 2019 17:01:21 GMT

The problem

Many of our web app views/pages, among other features, consist of a list of entries from a database table. For example, you can go to /customer/list and get a list and count of your customers. This is fairly common for MVC apps like ours.

What we've found is that we end up repeating a lot of code when getting those queries from the database since many of our Domains/tables are filtered by the same fields- current status of the entry (enabled or disabled), belongs to a certain company, user permissions allow him/her to see it, etc.

So we would end up with something like this to get the information for those list views:

    class Customer {
        Company company
        boolean enabled
    }      

    def customerList(def params) {
        Customer.createCriteria().list {
            eq 'enabled', params.boolean('enabled')
            eq 'company',  params.company
            maxResults params.int('max', 10)
        }
    }

    def customerCount(def params){
        Customer.createCriteria().get {
            eq 'enabled', params.boolean('enabled')
            eq 'company', params.company
            projections {
                countDistinct 'id'
            }
        }
    }

    class User {
        Company company
        boolean enabled
    }

    def userList(def params) {
        User.createCriteria().list {
            eq 'enabled', params.boolean('enabled')
            eq 'company', params.company
            maxResults params.int('max', 10)
        }
    }

    def userCount(def params){
        User.createCriteria().get {
            eq 'enabled', params.boolean('enabled')
            eq 'company', params.company
            projections {
                countDistinct 'id'
            }
        }
    }

The body of both list and count methods are almost the same, the only difference is the table or Domain to which the query goes.

So we're looking for a way to refactor this code in order to avoid repeating ourselves.

The solution

We will use a Groovy closure delegate to avoid repeating these type of queries. More specifically, we will use something called Closure Delegation Strategy to achieve it. Let's get to it!

Background theory

Groovy Closures

Closures by themselves deserve a dedicated blog post, but I find Groovy docs to be really clear and to the point. If you haven't worked with closures before or you are looking for a deeper understanding, please take a look at the docs.

Right now I will only- briefly -explain some closure concepts.

A Groovy closure looks like this:

    def myClosure = { "This is a closure" }

and you can call it like this:

    assert myClosure() == "This is a closure"

A Groovy closure defines three main components:

this: The class where the closure is defined
owner: The enclosing object where the closure is defined, could be a class or another closure. The difference with this: it will return the direct enclosing object. If the closure is defined in an inner class, it will return that class, while this will return the top-level class.
delegate: Is a third party object where methods calls or properties are resolved whenever the receiver of the message is not defined

It's hard to fully understand these concepts without prior experience with them, so here I provide a Groovy snippet where you can play and move things around to fully grasp the closure components.

The run() method includes some comments to clarify what's going on. You can copy-paste it here to try it out!

    class OuterClass {

        String name = 'outer class'

        static void main(String[] args) {}

        class InnerClass {

            String name = 'inner class'

            def ownerClosure = { owner }
            def thisClosure = { this }
            def delegateClosure = { delegate }

            def shoutMyName = {
                name.toUpperCase()
            }
        }

        def nestedThisClosure = {
            def closure = { this }
            closure()
        }

        def nestedOwnerClosure = {
            def closure = { owner }
            closure()
        }

        void run() {
            def inner = new InnerClass()

            // Here, **this** and **owner** are equal, that is, the enclosing class (InnerClass)
            assert inner.thisClosure() == inner
            assert inner.ownerClosure() == inner

            // Here, **this** is the enclosing class (OuterClass) and **owner** is the enclosing closure (nestedOwnerClosure)
            assert nestedThisClosure() == this
            assert nestedOwnerClosure() == nestedOwnerClosure

            // The **delegate**, by default, is set to the **owner**
            assert inner.delegateClosure() == inner.ownerClosure()
            assert inner.shoutMyName() == 'INNER CLASS'

            // And even though we can change the **delegate**
            inner.shoutMyName.delegate = this

            // We are still getting our InnerClass name, why?
            assert inner.shoutMyName() == 'INNER CLASS'

            // The default **resolveStrategy** for closures is **OWNER_FIRST**,
            // that means that the name field of the **owner** is resolved first.
            // Luckily, we can also change the **resolveStrategy** of the closure
            inner.shoutMyName.resolveStrategy = Closure.DELEGATE_FIRST
            assert inner.shoutMyName() == 'OUTER CLASS'

        }
    }

    new OuterClass().run()

Now that we have more knowledge of the power of closures, we can implement our delegation strategy to re-use our queries.

The implementation

As mentioned at the beginning, we have two very similar Domains with similar fields and we need to get both a list and count of those Domains at some point.

To solve this, we're going to create a closure to get the list and another closure for the count. Then, we're changing the closure's delegate according to the Domain we are querying.

Let's suppose we have a ListService where we're going to manage all this logic.

Here are the closures:

    class ListService {

        private def getList = { def params ->
            createCriteria().list {
                eq 'company', params.company
                if(!params.boolean('showDisabled', false)) {
                    eq 'enabled', true
                }
                maxResults params.int('max', 10)
            }
        }

        private def getCount = { def params ->
            createCriteria().get {
                eq 'company', params.company
                if(!params.boolean('showDisabled', false)) {
                    eq 'enabled', true
                }
                projections {
                    countDistinct 'id'
                }
            }
        }

    }

Now, we need to change the delegate of the closures dynamically, depending on the Domain to query:

    class ListService {

        [...]

        def getDomainList(def params, def domain) {
            getList.delegate = domain
            getList(params)
        }

        def getDomainCount(def params, def domain) {
            getCount.delegate = domain
            getCount(params)
        }

    }

Finally, we're going to use this service from our controller to return the values to our list view:

    class CustomerController {

        def listService

        def list() {
            [
                list: listService.getDomainList(params, Customer),
                count: listService.getDomainCount(params, Customer)
            ]
        }

    }

    class UserController {

        def listService

        def list() {
            [
                list: listService.getDomainList(params, User),
                count: listService.getDomainCount(params, User)
            ]
        }

    }

The list view now has everything it needs to render each result and paginate it!

Summary

The final flow is this:

A request comes to controller, e.g. UserController to get user's list
Controller uses ListService to query the database. It forwards the params from the request and specifies the Domain to query
ListService users the given Domain to change the closure's delegate and proceeds to execute the closure
Closure sees the createCriteria() method call and seeks for the object that implements it. Since we didn't change the closure's resolve strategy, it will look on the owner first. The owner, our ListService, doesn't implement a createCriteria() method, so the closure now looks at the delegate. The delegate is our Domain, and it has a createCriteria method, so it uses it and returns our results all the way back to our controller.

Now we have two closures that are being used by multiple Domains to get similar data from the database.

This is only one of many powerful use cases of closure delegates in Groovy. Have you used this feature before? If so, let me know in the comments!

Thanks for reading me ❤️

On handling outages: a case study

David Ojeda — Fri, 09 Nov 2018 22:50:06 GMT

If you happen to use Basecamp 3 to manage your projects, you might have noticed a huge outage on November 8th, 2018; it lasted almost 5 hours.

The issue was that they failed to use bigint for the primary keys of their tables so they ran out of IDs. The TLDR solution, taken from David Heinemeier- DHH, creator of Ruby on Rails and Founder and CTO at Basecamp:

We took half of our replicas offline, did the 3h migration, put them back online, will now be converting the other half of the fleet.

And I'm not writing this to expose and/or throw ** at them.

I'm writing this to applaud their communication and openness about the whole outage.

I'm writing this to expose how over-communication, honesty, humbleness and clarity DO make a difference, specially on difficult situations.

To give you some context, the first notice on their Twitter account about something going wrong was at 5:40 AM on November, 8th:

https://twitter.com/basecamp/status/1060527469361537024

From that tweet and until everything was working again, there were 15 more tweets with constant updates! With the last one being at 10:47 AM, November 8th, signed by DHH himself:

https://twitter.com/basecamp/status/1060604787819827201

All that information is a huge deal. You know they are working really hard to get everything up and going, and you might also know that outages can get really messy.

Despite all the chaos that was probably happening, they kept posting updates with specific details of the cause and solution being taken- on their Twitter account, status page and on their blog. And not only that, DHH was also posting some more technical details about the outage to the point where he links to the pull request that could have saved everything:

https://twitter.com/dhh/status/1060565296048562177

I find all this incredibly valuable and relieving. Even though it was a really long outage, they handled each and every customer interaction gracefully. I could not get upset with them with so much information about the problem/solution being provided.

Hell, that morning I was even more productive because Basecamp remained read-only; I could check on what was pending on my side and just get to it with no distractions.

I've been part, and cause, of outages at my company and it's really stressful. And we don't even handle the amount of traffic Basecamp 3 does.

So, as DHH states it, this is a reminder to stay humble. We could be the next ones involved in a situation like this. We all make mistakes, that's inevitable, but knowing how to properly communicate them is what matters in the long run.

Hope you have enjoyed this short rambling ❤️

Amazon S3 - The Basics

David Ojeda — Fri, 17 Aug 2018 21:03:06 GMT

What's Amazon S3?

Amazon Simple Storage Service, called S3, is an object storage solution to reliably store and retrieve any amount of data.

What can it do?

It can store your files, build packages, reports, images, and any type of data you can think about for later retrieval with a guaranteed 99.999999999% durability. Also, it can restrict access to specific data with very flexible rules.

Why use it?

S3 is extremely reliable and flexible. You want to use it if you at some point need to store and retrieve:

Huge amounts of data for analytics
Files for customers to access
Build files for your applications
Assets such as images and videos

Also, it has tons of integrations with other services within AWS.

Some basic S3 concepts

Buckets

A Bucket is like a top level directory in Linux in the sense that it is a node in level one. A bucket is then the "directory" that stores a group of objects or more directories (with no quotes since these are proper directories now). More clarification below.
Objects

Objects are the files itself. A bucket can contain many objects.

Bucket and objects example:

Bucket Policies

S3 bucket policies are the set of rules that explicitly define who has or not access to your bucket and to objects within that bucket.
ACLs

Access Control Lists is yet another way to define access to your buckets and objects. However, this is a legacy access control mechanism, so it's best to focus on bucket policies. The cases in which ACLs are needed are, for example, when a bucket policy grows too large- they are limited to 20 kb in size. Or when you want to restrict access to specific objects within a bucket.
Lifecycle Rules

Lifecycle rules are actions that S3 can apply to a group of objects depending on how much time they have been stored. For instance, you can delete objects that have been on your buckets for more than 90 days.

Apart from these concepts, one of the most important things to know about S3 is its consistency model.

S3 Consistency Model

The consistency model of S3 is called Read-after-Write consistency. For example, if you issue a PUT request to create an object on a bucket, the next GET request will ALWAYS have the desired object.

However, if you try to issue a GET first (object being non-existent), then a PUT and then another GET, you MIGHT not found the desired object. Issuing the request in this order, the consistency model is now called eventual consistency.

In other words:

Read-after-Write consistency:

PUT /my-bucket/photo.png -> 200
GET /my-bucket/photo.png -> 200

Eventual consistency:

GET /my-bucket/photo.png -> 404
PUT /my-bucket/photo.png -> 200
GET /my-bucket/photo.png -> 404

You also get eventual consistency when you delete an existing object. That is, you MIGHT see an object listed on your bucket even though you already deleted it a couple of seconds ago.

This is because changes made to your S3 buckets need some time to propagate and replicate through AWS servers.

Some S3 use cases

Store AWS Load Balancer logs for further analysis
Host static websites
Store assets for a static web page
Store exported data for your customers

Wrap up

This covers the very basics of S3 which are enough to get started with the service. S3 is one of the most used services of AWS due to its reliability, durability and integration with many other services inside and outside AWS.

Thanks for reading me! ❤️

Make Requests from Docker Container Running on Jenkins

David Ojeda — Fri, 25 May 2018 21:43:16 GMT

This post is about a specific problem I encountered where I couldn't make any requests from my Docker container to the outside world. It was my first time working with Jenkins Pipelines and decided to use Docker as my isolation agent.

Some facts related to my environment:

Jenkins is running on Tomcat, not on a Docker container
I have port redirection (80 to 8080 and 443 to 8443) using iptables

Code in question

The relevant part of my Jenkinsfile is this:

stage('build and test apps') {
  failFast true
  parallel {
    stage('front end') {
      steps {
        sh 'npm install --prefix front_end/'
        sh 'npm run build --prefix front_end/'
        sh 'npm run test --prefix front_end/'
      }
    }

    stage('back end') {
      steps {
        sh 'npm install --prefix back_end/'
        sh 'npm run test --prefix back_end/'
      }
    }
  }
}

The logs

The requests needed on the npm install command were failing with 403 http errors and this log was appearing:

npm ERR! Unexpected token < in JSON at position 0
npm ERR! 
npm ERR!
npm ERR!
npm ERR! Authentication required
npm ERR! 
npm ERR!
npm ERR! 
npm ERR!
npm ERR! If you need help, you may report this error at:
npm ERR!

After reading the logs, the first thing I thought was: this is something related to permissions of the user running the Docker container- tomcat in my case -but they weren't.

After debugging for quite a while, I stumbled upon some divine light on StackOverflow. Thanks to this, I found that I was redirecting all port 80 and 443 trafic from everywhere to their corresponding 8080 and 8443 ports.

The solution

Alter the iptables to create a negated rule and avoid redirects from the Docker subnet.

First, check your current iptables with this command: iptables -t nat -L -n --line-numbers

Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80 redir ports 8080
2    REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:443 redir ports 8443
3               tcp  --  0.0.0.0/0            0.0.0.0/0
4    DOCKER     all  --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination
1    REDIRECT   tcp  --  0.0.0.0/0            127.0.0.1            tcp dpt:443 redir ports 8443
2    REDIRECT   tcp  --  0.0.0.0/0            127.0.0.1            tcp dpt:80 redir ports 8080
3    DOCKER     all  --  0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    MASQUERADE  all  --  172.17.0.0/16       0.0.0.0/0

Chain DOCKER (2 references)
num  target     prot opt source               destination
1    RETURN     all  --  0.0.0.0/0            0.0.0.0/0

The value 0.0.0.0/0 on the source column refers to all trafic. So, in my case, I need to replace the first two entries of both the PREROUTING and OUTPUT chain:

Note: The default Docker subnet is 172.17.0.0/16. If you changed the default configurations make sure to change them in the commands also.

PREROUTING

iptables -t nat -R PREROUTING 1 ! -s 172.17.0.0/16 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080

iptables -t nat -R PREROUTING 2 ! -s 172.17.0.0/16 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443

OUTPUT

iptables -t nat -R OUTPUT 1 ! -s 172.17.0.0/16 -d 127.0.0.1/32 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443

iptables -t nat -R OUTPUT 2 ! -s 172.17.0.0/16 -d 127.0.0.1/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080

Now, requests from the Docker container return with a 200 http status and everyone is happy 🤗 Hope this helps you if you are having a similar problem!

As a side note, while doing all this, I also needed to learn more about iptables and their different options. I found this quick guide from linode handy.

Thanks for reading me!

How to Find Ghost CSS Elements

David Ojeda — Fri, 11 May 2018 16:14:30 GMT

I recently came across a bug on our landing page which caused a weird blank space overflow on the right side:

I looked for a couple of hours trying to find any CSS spacing causing it, or some wrong element on my HTML, but couldn't find anything out of place. The blank space wasn't even inside the element of the page 🧐

I then stumbled upon this post and rapidly found the problem. This blog post suggests some CSS styles to make ghost elements visible 👻:

* {
  background: #000 !important;
  color: #0f0 !important;
  outline: solid #f00 1px !important;
}

Now, I could find the section that was causing the problem:

In the end, it was a matter of fixing some mismatching HTML elements.

Would've had this CSS styles helping me debug from the beginning, could've saved me a couple hours of work 🤦🏻‍♂️

Extend nginx/Apache Proxy Configurations on AWS ElasticBeanstalk

David Ojeda — Fri, 26 Jan 2018 20:31:21 GMT

AWS ElasticBeanstalk applications use either an nginx or Apache proxy to relay requests. Using the .ebextensions feature of ElasticBeanstalk we can extend the configuration of these proxies. If you don't know how .ebextensions work you can read more here.

I'm going to extend the default nginx proxy configurations using .ebextensions. The same procedure can be used to extend an Apache proxy.

Create a .conf file

First we need to create a .conf file with the desired directives. A list of nginx directives can be found here. My conf file- named proxy.conf -increases some timeouts of the proxy:

proxy_read_timeout 120s;
proxy_send_timeout 120s;
proxy_connect_timeout 30s;

Create nginx conf.d directory

Now we need the directory where our configuration file will be. Under .ebextensions, create a directory named 'nginx', and inside it another named 'conf.d'. Then add the file you just created. Your dir structure should look like this:

.ebextensions
- nginx
  - conf.d
    - proxy.conf

Now, when you deploy a new version of your application, ElasticBeanstalk will automatically copy your files on the .ebextensions/nginx/conf.d/ directory to the /etc/nginx/conf.d/ directory of your instances.

This all works because the default nginx.conf file- on line 21 -specifies to include all .conf files under the conf.d directory:

# Elastic Beanstalk Nginx Configuration File

user                    nginx;
error_log               /var/log/nginx/error.log warn;
pid                     /var/run/nginx.pid;
worker_processes        auto;
worker_rlimit_nofile    200000;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    include       conf.d/*.conf;

    map $http_upgrade $connection_upgrade {
        default     "upgrade";
    }

    server {
        listen        80 default_server;
        access_log    /var/log/nginx/access.log main;

        client_header_timeout 60;
        client_body_timeout   60;
        keepalive_timeout     60;
        gzip                  on;
        gzip_comp_level       4;
        gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;

        # Include the Elastic Beanstalk generated locations
        include conf.d/elasticbeanstalk/*.conf;
    }
}

The directives from the .conf file will be added to the http block of the default configuration.

If you need to add directives to the server block you will need to add .conf files to the elasticbeanstalk folder (see line 39 of previous Gist). That dir structure would look:

.ebextensions
- nginx
  - conf.d
    - proxy.conf
  - elasticbeanstalk
    - my_other_conf.conf

Same can be done for an Apache proxy. The difference is on the directory structure. For Apache your structure should be this:

.ebextensions
- httpd
  - conf
    - proxy.conf

Wrap-up

Using .ebextensions is by far the simplest method to add custom configurations to your nginx or Apache proxy. Create as many configuration files as you need and add them to the corresponding directory under .ebextensions and you are done.

Gated Commits with Git

David Ojeda — Mon, 25 Sep 2017 13:20:57 GMT

A gated commit, also called a pre-tested commit, is an integration pattern in which a commit is not approved until a set of tests are ran against the code being commited. In other words, the commit does not go through if the test suite fails.

Why do you want this? It makes your application more resilient to change since now you are running a set or sub-set of your tests even before that code is available to anyone else.

I am going to show you how to implement a gated commit pattern with Git. In this example, our unit test suite will be the gate to allow our commits to make it to the codebase.

What do you need?

Git
Your application's Git repo
A test suite

Starting off: Git Hooks

We want our tests to run before a commit goes through. Git allows us to run custom commands just before that event happens thanks to Git hooks. I am not going to go into the details on how they work, but conveniently for us, there is a hook called pre-commit. This hook is executed just before the commit happens. Perfect spot for our test suite to run.

Setting up a pre-commit hook

In your Git repo, there is a folder named .git in which the hooks are stored. If you have never modified any hook, your .git directory structure will look like this:

To create our hook, we need to have a file called pre-commit (no extension required) inside our hooks directory. Let's create it. The only thing the file needs to have is the command you use to run your tests. Also, don't forget to make the file executable (chmod +x).

If your application is, let's say, a Ruby application, you probably run your tests using rake. If that's the case, your pre-commit file will look like this:

rake test:units

Or if you are into the JS hype, you can probably have this in your file:

npm tests

Independently of the language/framework you are using, your pre-commit hook needs to have the command to run your unit test suite. And, as long as the code inside the hook returns a zero exit code, the hook will allow the code to be commited. Otherwise, the commit will be rejected.

Testing

At this point you can go ahead and make a commit and see how our tests are run (and hopefully pass), thus opening the gate and letting the commit pass uncontested.

In the following example I am using a Grails application, and the pre-commit hook contains the following code:

grails test-app -unit

Success! 🥳

In the case that the test suite fails:

Sad face 🙁

Wrapping up

We have just created a Git pre-commit hook that contains specific commands to execute our app's unit test suite. Whenever a commit is issued, our tests run. If tests pass, we have a successful commit, if not, commit is rejected.

You can extend your tests of the pre-commit hook and build something as complex as you need. You can, for example, run a linter tool to make sure style guidelines are being followed. Or take it to the next level and integrate it with your Continuous Integration flow using additional hooks.

Hope this helps you build more resilience into your codebase and, ultimately, deliver more value to your customers in a safe and rapid fashion!