2 Cents on Rails Update, MacOS Monterey and CircleCI

I have recently started updating Rails from 5 to 6, and it went well. The next iteration meant – it’s time to start updating dependencies.

I’ve had a dependency on libv8-node gem that jumped from 7.x to 16.10. The thing was that the neither version would compile on an older intel mac with Monterey OS, so I’ve ended up finding a hack that turns an older platform binary into the new one.

Then I got an M1 Mac, and new version compiled in a breeze, so it was time to release it.

Then CircleCI kicked in. bundle install took forever, and Re-Run with SSH revealed that poor container was trying to build the library, and 10min limit would kill it every time. Clearly, even though it’s probably possible to compile the library with each build by increasing time limit or CPU power on the CI container, it definitely isn’t a right thing to do.

Then I’ve googled for a way to persuade bundler to use binary version of a gem, and surprisingly – no one had an easy solution.

After quite some trial and error – I’ve realized that adding an explicit dependency in Gemfile would result in platform-specific (and therefore binary install eligible) Gemfile.lock entry
libv8-node (16.10.0.0-x86_64-linux) which did exactly what I’ve wanted – pull the binary rather than trigger unnecessary build.

Next run also triggered the compiler, but that was easier – I’ve had to replace gem 'sass-rails' with gem 'sassc-rails', but that was much more obvious.

Result: bundle install completed under 3min. Yay!

Related Gems (depending on libv8-node include but are not limited to:

  • mini_racer
  • activeadmin-searchable_select
  • websocket-driver

Or perhaps – is it happening that install hangs on a random package while build is in progress – due to multi-threaded install process? I think the three above are all actually depending on a build.

Posted in CI/CD, Mac | Tagged , | Leave a comment

Code Formatting

Looking into Dart programming language, and I just want to record some of my thoughts.

Dart language comes with dartfmt tool that does not bug you about any incompliances you’ve committed. No – it will fix them for you.

When joining a team, no matter the language the code is written in – I regularly get requests to comply with this or that code standard rule(set).

A question for those in charge of code quality: If it is so important – why isn’t it automated already (like Dart suggests)?

In such situations I usually create IntelliJ Code Style ruleset – only to find that whenever I apply the required style to a moderately large file I’ve just modified – there are too many changes unrelated to my work, and normally – nobody will want to review all of them 🙂

Properly formatted code ensures ultimate readability (Clean Code), but no one ever said that one has to make an effort towards properly formatting the code while writing it (which obviously requires time to actively learn about the coding style instead of e.g. business logic).

My own standard is – whatever comes out of (IntelliJ’s) box. Life is to short to have opinions on spaces vs. tabs or brace on the same vs. next line of function definition.

Posted in Clean Code, Software Development, Tools | Tagged , | Leave a comment

MAMP apache freezing

I’ve switched to MacBook Pro Retina in November after repeating frustrations with different WiFi adapters in an HP ProBook 450 G1 on Ubuntu.

I always read that MAMP/WAMP/XAMP is for ‘less experienced’ developers, while native installation (via homebrew on Mac) of software is for ‘mature’ ones. Honestly, I don’t think it matters – it’s the same software after all. It just comes preconfigured differently, and I don’t really see why experienced people wouldn’t take advantage of (for example) switching a PHP version with couple of clicks, as long they are capable of modifying configurations appropriately.

So, a Joomla site, requiring PHP 5.2 for historical reasons worked and debugged perfectly out of the box.

However, with a rather heavy Symfony2 application and Xdebug turned on, browser just gets caught loading a page forever, in matter of minutes. This was never an issue on Ubuntu.

Googling for possible issues with mac, I found that .local tld is not favorable due to Bonjour conflict, so I’ve switched to .dev, with no luck. Also, I’ve decided to move the virtual host name resolution from /etc/hosts to dnsmasq (thanks to http://passingcuriosity.com/2013/dnsmasq-dev-osx/) – no luck again, despite both of hints being quite useful.

Finally, since the processor was idle during these mishaps, I’ve decided that it must have been apache that for some reason had become unable to process the requests.

I’ve decided to look into Ubuntu default apache configuration, and spotted 2 major differences right at the top. KeepAlive is never mentioned, and mpm_prefork_module (extra/httpd-mpm.conf) was commented out in MAMP apache configuration.

I’ve turned these on, and there we go! As I’m writing this, the page is loaded, and hits the server with a request each minute and everything still works 🙂

However, Xdebug is also confirmed to make a difference – when turned off, the benchmarked requests take below 1 second consistently. With Xdebug turned on, they take somewhere between 1.5 and 20 seconds. No breakpoints.

Posted in Infrastructure, Linux, Mac, Tools | Tagged , , , , | 2 Comments

Heartbleed OpenSSL bug and how to protect against it

The heartbleed bug was introduced in OpenSSL 1.0.1 and is present in

  • 1.0.1
  • 1.0.1a
  • 1.0.1b
  • 1.0.1c
  • 1.0.1d
  • 1.0.1e
  • 1.0.1f

The bug is not present in 1.0.1g, nor is it present in the 1.0.0 branch nor the 0.9.8 branch of OpenSSL some sources report 1.0.2-beta is also affected by this bug at the time of writing, however it is a beta product and I would really recommend not to use beta quality releases for something as fundamentally important as OpenSSL in production.

The bug itself is within the heartbeat extension of OpenSSL (RFC6520). The bug allows an attacker to leak the memory in up to 64k chunks, this is not to say the data being leaked is limited to 64k as the attacker can continually abuse this bug to leak data, until they are satisfied with what has been recovered.

At worst the attacker can retrieve the private keys, the implications for which is that the attacker now has the keys to decrypt the encrypted data, as such the only way to be 100% certain of protection against this bug is to first update OpenSSL (>= 1.0.1g) and then revoke and regenerate new keys and certificates, expect to see a tirade of revocations and re-issuing of CA certs and the like in the coming days.

You can find your version easily via your package manager for example:

  • rpm -q openssl
  • dpkg-query -W openssl

If you’re running a vulnerable installation of OpenSSL an update will be required.

  • update OpenSSL >= 1.0.1g
  1. 1.0.1e-2+deb7u5 is reported as patched on debian,
  2. 1.0.1e-16.el6_5.7 is reported as patched in RedHat and CentOS
  3. 1.0.1e-37.66 changelogs note this has been patched on Amazon AMI

You can read more about the heartbleed bug at heartbleed.com Redhat Bugzilla Mitre CVE filing Ubuntu Security Notice

 

Posted in Linux, Open Source | Tagged , , , , | Leave a comment

Poor sound from headphones on hp dock

Just a quick one on hardware. I got a super-cool EliteBook 8570p i7/SSD at work… I normally take it home in the evening, so I really prefer to keep the headphones @work attached to the dock. I was so disappointed to realize that the sound was totally unacceptable.

Tried reinstalling different drivers – no luck.

The ultimate solution was to go to SRS Audio Settings, and uncheck “Audio Enhancement” on “listening experience” tab.

Posted in Hardware | Leave a comment

Git – setup tracking properly

OK, there are a number of ways to setup tracking remote branches with git. We need that so we can use push and pull commands without long explaining what to push/pull where… I’d say that normally all we mortals need is to assume that the remote branch will be called the same as the local one, so with this assumption it really can be all easy and clean.

So we have 2 cases:

  1. Push new local branch to remote, and setup tracking:
    git push -u origin branchname
  2. Pull new remote branch, and setup tracking
    git checkout -b branchname --track origin/branchname
Posted in Software Development, Tools | Tagged | Leave a comment

Things that Meld doesn’t do

I took a minute to see if there is a viable Linux alternative to WinDiff. Surprisingly, the search results have shown that WinDiff 3 will have its Linux version, being built on Qt.

Also, Meld is repeatedly quoted to outsmart WinDiff. I knew I’ve installed it some time ago,  but couldn’t remember why it just didn’t stick.

Continue reading

Posted in Tools | Tagged , , , | 1 Comment

Digitalocean review

Being a web developer with clear lamp preference, I believe it was a trivial task for ad servers to target digitalocean.com ads at me. Those ads are just all over the net. In my gmail, on my basecamp account, my facebook wall… If I had a display on my fridge, I guess the ad would have been there, too.

Clearly, I think that $13.99 for .com domain and $107.88 for year worth of shared hosting account is, well, a bit more than I used to pay for the same thing couple of years ago. And yes, with so many new (software) platforms and tools to play with, it’s quite cool to have a VPS of my own.

I’ve tried partnering a colleague with a server, but I shortly found out that our expectations from a VPS were a bit different. I mean – besides all the cool stuff I could try on such VPS, I still believe that hosting this blog (with all the uptime in the world) shouldn’t be at risk.

That’s when the ads mentioned above started tickling my imagination. Imagine that! 512MB RAM 20GB SSD VPS for $5/month! First of all, I wanted to know if it’s just another fraud that just tries to steal your cc or whatever. I thought that result from http://www.scamadviser.com/is-digitalocean.com-safe.html was good enough to give it a try.

Continue reading

Posted in Hardware, Infrastructure, Software Development, Tools | 1 Comment

How to disable automatic upgrades on Ubuntu server?

One of the common arguments against using open source software in production is that it’s always changing, and you never know when an upgrade will break some feature or dependency. Despite the fact that Ubuntu people are trying to keep the stuff as stable as possible, this argument unfortunately holds.

That’s exactly why I decided to never run apt-get update followed by apt-get upgrade on this particular ubuntu server machine. It serves an intranet, and it’s hardly ever expected to be compromised by a security issue, either.

Unfortunately, this was not enough, and of course I’ve learned it when my Redmine started crashing with Internal Server Error 500. I just wanted a system that works. Not a system that I must continuously work on in order to keep it up and running. A quick research proved that a Ruby-related upgrade happened, and the only at the moment available workaround of restarting apache until Redmine works again was not good enough. Continue reading

Posted in Free Software, Infrastructure | Tagged , , , , | Leave a comment

Thread was being aborted / IIS Application Pool Idle Time-out (minutes) Setting

Idle Time-out (minutes)

[idleTimeout] Amount of time (in minutes) a worker process will remain idle before it shuts down. A worker process is idle if it is not processing requests and no new requests are received.

So, if you are after an architecture that collects and queues requests in order to process them in a separate thread, make sure this thread is not running past this setting.

Otherwise, you might get Thread was being aborted. error.

Solution: set Idle Time-out to zero (0), which disables feature that kills w3wp.exe process due to lack of web requests, or make sure that long running threads are kept at safe distance from IIS. The latter would also significantly improve the performance.

Posted in Infrastructure, Software Architecture, Software Development | Tagged , , | 2 Comments