by ·0 Comments

Trying how-old.net, a site built out by Microsoft to help highlight their Azure and Cortana offerings, based on an announcement 1794792_10152310994679276_59118407_n at Strata.  My Facebook profile picture got hits ranging from 20 – 52. More 20ish (yay!) and some joker put in 99… Interesting machine learning and data science experiment. (The machine got it precisely right in terms of my actual age, though I think the picture is two or so years old, so judge “right” appropriately.)

by ·0 Comments

Headed on the train up to NYC to attend Strata, which is a BigData + Hadoop conference. Looking forward to sessions on Spark, as well as getting exposure to other open source platforms which might be of interest to my company or to its clients. And, of course, interested in making contacts that help us either hire more people or enter into new business areas – particularly those that have fewer barriers to entry to bringing on people!

That’s the blend of things that go into my idea of a successful conference visit. I should come away with some 3-5 contacts that make sense to follow up with, post conference, and should find 2-3 things that I hadn’t previously really been exposed to. Oh, and I should be able to come away with some sort of themes of the event – folks were talking about topicY moreso than topicX, or the main thrust of the birds of the feathers sessions aligned or didn’t align with what I saw in the curated conference speaker topics. And somehow fit in a bit of wandering around the expo to see if there’s a commercial offering that makes sense to track or compare the open-source world to – some killer feature or ease of use bundling or new infrastructure or platform as a service offering to experiment with.

After the event, I’ll put together a summary – intent is to post it here, as well as make it available through our corporate LinkedIn page. Nerdery publicly shared!

by ·0 Comments

Code-reviewing a proposed merge request from a guy who doesn’t usually do web development, but pitches in on minor bugs.  However, today, he surprised me with something I’d never seen before….

ng-show-start and ng-show-end.  I saw it in the code, saw what he intended, and nearly passed it by.  But then realized I’d never seen an AngularJS directive like that.  ng-show’s documentation didn’t mention any such type of use, and besides, that would be a new directive.  A hunt through our source code didn’t turn it up in either our angular.js source file (patched by the guys before me) or in any custom directive.  (Yes, I did look for ngShowStart, rather than ng-show-start…).  A hunt through Google showed a guy asking on StackOverflow how to do an ng-show-start, and getting told to wrap an ng-show in an outer element rather than do a -start / -end combination.

So I was about to bust his chops in the code review, but then realized he’d only repeated a pattern he saw in the code.  Pulled it up in Chrome using the Batarang plugin to see what more I could figure out.  All I discovered is that the code did what he intended, but I had no idea how it actually worked.  As in, to my knowledge, there was no way that code should be useful, but here it was doing what he intended……

I finally found my answer, nowhere near the ng-show documentation.  It turns out that _any_ directive can have this -start/-end behavior, thus making specific Google searches very non-useful.  There’s a multiElement attribute available, which

When this property is set to true, the HTML compiler will collect DOM nodes between nodes with the attributes <span class="pln">directive</span><span class="pun">-</span><span class="pln">name</span><span class="pun">-</span><span class="pln">start </span>and <span class="pln">directive</span><span class="pun">-</span><span class="pln">name</span><span class="pun">-</span><span class="kwd">end</span>, and group them together as the directive elements. It is recommended that this feature be used on directives which are not strictly behavioural (such as <span class="pln">ngClick</span>), and which do not manipulate or replace child nodes (such as <span class="pln">ngInclude</span>).

Not sure what words I can add to this posting to help make this easier to find for the next coder, but this counted as a couple of hours of my afternoon today…

 

by ·0 Comments

I’m a government contractor.  Government contractors (and I assume many folks in private industry who work with data that should be protected) work on networks in which sys admins keep things locked down.  This presents real challenges for software developers.

1.  The tool list one uses has to be blessed.  Meaning, the tool itself and its version.  Meaning, there’s always a lag for anything to move through the process.  You’d like to use an IDE with a time-saving or other productivity feature?  Well, we already scan these other 3 – not sure why we need to add your 4th one to the list…..

2. The operating system one uses has the same challenge.  The time required to cross-check an operating system, given the base layer at which it operates in the technical stack, is significant.  Don’t think you’re using that new optimization anytime soon….  And, of course, tools which require relatively new versions of OS’es (Docker, say?) are tied up for a good long time.

3. For those of us with Linux operating environments, locked down operating systems often mean working with dated yum repositories.  You want that thing that was released 6 months ago?  It might make its way in in another 6 months when that repositories’ contents are brought inside.

4. “Air gap”…   We’re not even talking about compatibility here or concerns about dated artifacts…   Don’t think about using a yum repo that’s not already been imported in.  It’s just not “there” for you to use…

Challenge of the day: I want to use a Chrome extension for use in AngularJS debugging.  An older version of the extension’s available in my world, but my / my team’s primary development environment is CentOS, which doesn’t support Chrome.  There are folks who’ve contributed scripts to get Chrome running on CentOS, but those require access to repos which our sys admin team likely won’t let come through…  Reasonably certain of that, but still working through a set of steps at home to set up a CentOS VM, install Chrome, and install my extension.  Key items being that all things needed for installation have to be able to be brought in as specific artifacts.  I’ll need to test by installing them on my VM and then disable Internet access out to verify no secrets up my sleeve.  None of that can really happen on the work network – need to prove it _can_ all work out here to be able to then make an argument to import the artifacts in where my team can make use of them.

My work-around hack in the meantime: from another OS, ssh tunnel my web app’s port across and through, so I can run Chrome from the supported OS and hit my not-yet publicly accessible web application.

None of the above are things you ever get exposed to in college, etc – you figure our your own hacks to get your job done once you hit the field.  That’s what makes you an engineer, rather than just a code monkey…

by ·0 Comments

Doing AngularJS development for work.  Relatively new, but getting things done.  Have learned the angular.element($0).scope() command to let me poke around in FireBug, but find it, well, lacking.  Batarang appears to be the thing to practically use…

Batarang is a Chrome extension.  The machines at work are CentOS.  CentOS apparently doesn’t just nicely have Chrome.  It could have Chromium, which would apparently support Batarang, but our yum repos don’t have such nice artifacts within them.

Geek hack of the day: ssh tunnel into my CentOS machine from another machine which does have Chrome.  Install Batarang on that other machine.  Invoke my web app in the remote machine, over ssh tunneling, as if it were localhost.  Bada-bing.  Final note: add to the dev wiki at work to help the next guy/gal out, rather than have them beat their heads against the same wall.  Software developer productivity win.

by ·0 Comments

Is this a programming blog? There’s a discussion going on on the devchix Google group about building a list of programmer blogs  by women.  This is a blog by a woman who often talks about programming.  But it’s not dedicated to programming.  It’s definitely not dedicated to women programming, as the topics that that could cover are relatively narrow (meaning, the topics that are exclusive to women in programming) and my interest in them doesn’t stretch far enough to fill many blog postings.  Yep, there are too few women.  Yep, I like to help women be more visible to help encourage both other women to enter the field / stay in the field, and to make it clear that women belong.  But part of demonstrating that women belong is just, well, belonging.  Not necessarily standing out for being a woman.  Standing out for being good at what I do and standing out for always getting better, for always putting in the effort for what the team’s promised to deliver.

I’ll happily talk to women in the field.  Heck, I organize a regular meetup for women to get together and swap stories.  But, as you often see on this blog, there’s lots more to talk about in lots of venues.  So, if you’re here because you like encouraging women programmers to blog, great!  Just sit through or skip through the rest of the stuff.  Because like (I hope) most people, I’m not so easily labeled as a single category.

 

by ·0 Comments

Found a way to “justify” my recent splurge on a Raspberry Pi 2. Truth be told, I was enticed by an deal I saw on Lifehacker. I was drawn in by the idea of applying IoT on a new platform. Last year’s Arduino is sitting up in my closet, alongside its Furby friend, awaiting a visit with a soldering iron.

Lo and behold – one of my DevChix fellow email listers posted that Strange Loop’s Call For Proposals is open. Hmmm – if I can submit a talk, surely that justifies the dollars spent, yes? And heck, if it’s accepted, then I’ve further advanced a personal agenda of making women more visible in technology by showing how this ordinary woman becomes more visible in technology.

The trick: figuring out a topic that’s interesting enough _to me_ to justify the hours I’m going to spend building out the talk. For a technology talk, something just isn’t going to work out as originally planned, and there’ll be hours spent debugging and revising your original approach. Unless, of course, you already have the talk written, and where’s the fun in that? No, in my case, I want to see enough of the connect-the-dots to assure me it’s doable to get there, but not so many that there isn’t still a ‘reach’ and a ‘stretch’.

This go-round, I’m revisiting the Furby. It’s an easy attention-getter in an abstract. This time, though, I’m interested in playing with a new robotics kit called Gobot. I’ve been working with Go at work a bit, and getting a chance to see that skill used in a less practical form sounds like a lot of fun. Raspberry Pi is one of the platforms it supports, though it looks like I may need to contribute either an example or even possibly some driver code to help deal with sound… Knowing the hurdles I hit before with my Arduino/Furby talk and where I’d have liked to go farther, I’m really interested to see where a Raspberry Pi 2 + Gobot solution goes…

I’ll apparently find out by May 29th, and then the conference itself is at the end of September.  Looking forward to seeing what happens!

by ·0 Comments

In some coding recently, I thought I saw an opportunity to explore Java8’s support for lambda expressions. I basically had a function I needed to call, once with one set of data, and once with another. I could repeat the logic (hey, it’s only 2 calls), I could write a method, or, maybe this is a candidate for a lambda expression.

In the below code, pre method or lambdas, the basic logic is that I’m examining a string to see if it’s wrapped in ‘/*’ ‘*/’. If it is, I’m stripping those off and returning that it was wrapped.

boolean isWrapped1 = false, isWrapped2 = false;
    
// first, strip off any comment wrappers, so we can appropriately parse
if (response2.endsWith("*/")) {
  response2 = response2.substring(0, response2.length() - 2);
  if (response2.startsWith("/*")) {
    response2 = response2.substring(2);
  }
  isWrapped2 = true;
}
  
if (response1.endsWith("*/")) {
  response1 = response1.substring(0, response1.length() - 2);
  if (response1.startsWith("/*")) {
    response1 = response1.substring(2);
  }
  isWrapped1 = true;
}

Written in lambda style…
boolean isWrapped1 = false, isWrapped2 = false;

Function&lt;String, Boolean&gt; isWrapped = s -&gt; {
 if (s.endsWith("*/")) {
    s = s.substring(0, s.length() - 2);
    if (s.startsWith("/*")) {
      s = s.substring(2);
      return true;
    }
 }
 return false;
};

isWrapped1 = isWrapped.apply(response1);
isWrapped2 = isWrapped.apply(response2);

Now, the rub… and one which I realize would bite me in a method implementation, as well… I’m relying in my first implementation on the side effect that the string gets stripped of the ‘/*’. There’s no side-effects for strings when dealt with in a function. The original string goes in, you can muck with it all you want inside, and the original string is _still_ the one there on the outside.

Thinking it through, what I need to do is consider writing a 2nd lambda, so the code would look something more like this:

Function isWrapped {..
};

Function unwrap {..
};

isWrapped1 = isWrapped.apply(response1);
if (isWrapped1) {
  response1 = unwrap(response1);
}
isWrapped2 = isWrapped.apply(response2);
if (isWrapped2) {
  response2 = unwrap(response2);
}

Using strings clearly helped enforce no side-effect programming here… which, practically, makes for a better functional approach, at least per my understanding. Since I don’t intend to make those functions visible in any other place than within the invoking method, it appears to be a decently good pattern for DRY, without necessarily adding to the interface footprint of my class. Almost creates an approach of something even more private than private…

by ·0 Comments

Occasionally I write posts just to let me hold onto a thought process, moreso than to help someone else find a solution.  The below fits that profile – feel free to ignore, unless you’re really interested in poking around DropWizard.

Goal: wrap JSON responses with /* */.  This is to support a hacky version of CSRF.  Bleah.

Starting point: DropWizard 0.7.1, which used Jersey 1.18

Attempts:

  • JacksonMessageBodyProvider: just couldn’t get it to hook in correctly
  • Jersey ContainerResponseFilter: Hook in via DropWizard’s environment.jersey().getResourceConfig().getContainerResponseFilters().add( … do guice injection here ).  No ready way to rewrite response.  Can append headers.  Could apparently adjust request information going in.  But not JSON formatted result coming out
  • Servlet Filter: can append /* foo */ (haven’t yet grabbed JSON), but that’s added to { “foo”: “bar”, “bar”: “foo”}/* foo */, rather than wrapping.  Did have to turn off gzip in DropWizard, else the stream was already closed.  (Couldn’t figure out a way to inject my filter in ahead of the Gzip actions…)  In this case, though, httpResponse.resetBuffer() doesn’t succeed, as the stream is already committed.

Final solution: use WriteInterceptor: https://jersey.java.net/documentation/latest/filters-and-interceptors.html#d0e9712 – but those exist in Jersey 2, which isn’t supported until DropWizard 0.8.0…   Note: Jersey 2 changes its dependency injection approach to use HK2 instead of its previous own approach, which meant that my nifty wiring in of Spring security had to be redone / reworked.

Outcome: Whoever decided to protect from JSON execution through wrapping the JSON with comment blocks, you threw me a number of curve balls.  But I did in fact prevail, and now have an interceptor which wraps my responses appropriately, _if_ there’s not a certain flag and the user making the request isn’t a privileged user.  Ugh.  All nicely unit-tested, using Mockito to let me cover the conditions for the request, etc.  This is code I need to hang onto….