Jonathan Blow on Software Quality at the CSUA GM2

Let's Encrypt

Installation:

sudo pip install letsencrypt

Usage:

sudo letsencrypt certonly --webroot -w /your/web/root/directory -d yourdomain.com

The keys will be stored in /etc/letsencrypt/live/

Sample nginx config:

    listen 443 ssl;

    ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;

Setting up PHP 7.0 with MacPorts

sudo port install php70 php70-curl php70-fpm php70-gd php70-gettext php70-iconv php70-intl php70-mbstring php70-mcrypt php70-mysql php70-opcache php70-openssl php70-sqlite
sudo cp /opt/local/etc/php70/php.ini-development /opt/local/etc/php70/php.ini

Create the following PHP70-FPM config file: /opt/local/etc/php70/php-fpm.conf

[global]

error_log = log/php70/php-fpm.log
syslog.ident = php70-fpm
daemonize = no

[www]

user = nobody
group = nobody

listen = /var/run/php7-fpm.sock
listen.owner = nobody
listen.group = nobody
listen.mode = 0660

pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
slowlog = log/$pool.log.slow
catch_workers_output = yes

php_flag[display_errors] = on
php_admin_value[error_log] = /var/log/fpm-php7.www.log
php_admin_flag[log_errors] = on
php_admin_value[memory_limit] = 64M
sudo port load php70-fpm

PHP FPM will be accessible via: /var/run/php7-fpm.sock

Setting up PHP5.6 with MacPorts

sudo port install php56 php56-curl php56-fpm php56-gd php56-geoip php56-gettext php56-iconv php56-imagick php56-mbstring php56-mcrypt php56-mysql php56-openssl php56-opcache php56-redis php56-xdebug
sudo port select --set php php56
sudo cp /opt/local/etc/php56/php.ini-development /opt/local/etc/php56/php.ini

Create the following PHP56-FPM config file: /opt/local/etc/php56/php-fpm.conf

[global]

error_log = log/php56/php-fpm.log
syslog.ident = php56-fpm
daemonize = no

[www]

user = nobody
group = nobody

listen = /var/run/php5-fpm.sock
listen.owner = nobody
listen.group = nobody
listen.mode = 0660

pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
slowlog = log/$pool.log.slow
catch_workers_output = yes

php_flag[display_errors] = on
php_admin_value[error_log] = /var/log/fpm-php.www.log
php_admin_flag[log_errors] = on
php_admin_value[memory_limit] = 64M
sudo port load php56-fpm

PHP FPM will be accessible via: /var/run/php5-fpm.sock

Sample Nginx config:

server {
    listen       80;
    index index.php index.html;
    root /www;
    location / {
        # try to serve file directly, fallback to app.php
        try_files $uri /app.php$is_args$args;
    }
    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param HTTPS off;
    }
}

Installing composer on Mac OS X

curl -sS https://getcomposer.org/installer | php
sudo mv composer.phar /opt/local/bin/composer

Making Architecture Matter - Martin Fowler Keynote

Creating an encrypted Time Machine disk on ExFAT

hdiutil create -stdinpass -encryption "AES-256" -size 500g -type SPARSEBUNDLE -fs "HFS+J" YourImage.sparsebundle

Where YourImage is the name you want to give your backup image and 500g is the maximum size of your disk image.

open YourImage.sparsebundle
diskutil list

Find your mounted image in the list and get it's path, in my case it was: /dev/disk3s2

sudo diskutil enableOwnership /dev/disk3s2
sudo tmutil setdestination /Volumes/YourImage

references: http://hints.macworld.com/article.php?story=20140415132734925 http://garretthoneycutt.com/index.php/MacOSX#Creating_an_encrypted_sparsebundle https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/hdiutil.1.html

Running NodeJS in production

NodeJS is pretty straight forward to run on a developer laptop, however it is likely that at some point in time, we will want to run it in a production setting.

You can start up the Node app on the server by running node myapp.js. The narrative says that you can have a single NodeJS process serving all requests, this however does not work in practice:

Node does not have an official process manager, so we need to chose from community provided ones:

Even with a process manager, 1 faulty request that makes Node crash will crash all other requests that are in progress on the same process, there is no way to fix this.

Running multiple processes means we need an application load balancer. Some of the NodeJS process managers have load balancing capabilities, however since they are running with Node, it means they have the same limitations we are trying to overcome in the first place. Nginx is a good solution for this problem.

See also: http://geekforbrains.com/post/after-a-year-of-nodejs-in-production

My production NodeJS setup: https://github.com/istvan-antal/solid-node

The LAMP test

New flashy web technologies appear all the time, that claim they are better than their old outdated counterparts.

The LAMP test is designed to compare a new technology to something old but widely used to see wether it holds up to it's promise, or it's just a marketing ploy.

Most marketers of new technology showcase areas where the particular technology excels and ignore all the other areas where it fails compared to it's old counterpart.

A lot of new technologies look good on paper and demos, but fail when they are used under production conditions.

Surprisingly a lot of over-hyped web technologies fall short compared to boring technologies like: PHP, MySQL and jQuery.

AngularJS

AngularJS is one of the most hyped JavaScript-based frontend technologies built by Google.

I have developed 3 projects in AngularJS and have 1 year experience with the technology. During the last two years, I have consistently seen AngularJS to be advertised as the holy grail. I've seen managers put the Angular logo on their slides when pitching a project, just to make it more appealing.

In reality however AngularJS doesn't live up to it's promises.

This article sums of the issues best: Why you should not use AngularJS ( HN discussion )

The following comment sums up how mind blowing AngularJS's faults are:

I find the rise of Angular kind of baffling. Angular's scope system is exactly analogous to the scope system of a programming language. This is a solved problem! When you make a scope system, make it lexical, and require explicit declaration before use. If you're not making those choices, then at least acknowledge that these are the standard answers, with very clear advantages over other scoping systems, and explain why you are not using these answers. But with angular, we have a dynamic, implicit declaration scoping system. New scopes are introduced somewhat unpredictably, at the discretion of each directive. I thought that introducing dynamic, implicit-declaration, non-block-scoped variables in 2014 was like introducing a new car with a coal-burning engine, but no one even seems to remark on it. Then there's the dirty-checking loop. After every event there is a digest; every digest runs every watch. To me, just reading this description makes a voice speak up in my head: "Uh-oh! That sounds like O(n^2)!" Now that angular is being widely used, people are noticing that it's slow as shit. But why did the framework get to this level without anyone remarking, "this dirty-checking algorithm is fundamentally, irremediably not scalable"? Do people not have a sense even for the most coarse performance characteristics of algorithms like this? Or do people simply think that nowadays "performance does not matter"? Angular's "module" system is the strangest of all. It doesn't do namespacing or dependency tracking. What is even the point of it? What thought process led to this useless module system? It's just strange. Hundreds of years of people's work are spent on something, which the most cursory, CS 101 analysis shows to be seriously flawed. Is analysis simply a lost art in this industry? Oh well, people are finally realizing Angular has its faults, because they've seen them with their own eyes and now they believe them. It would be nice if we could learn from this, and maybe skip the next boondoggle (web components for instance), but I have no hope for it.

source: https://news.ycombinator.com/item?id=8652566

Problems with Angular: http://www.leanpanda.com/blog/2015/09/20/our-criticisms-of-angularjs/

In summary, if you use AngularJS in a large project:

Next