Categories
Software development Technology

How to generate a Lets encrypt SSL cert

Reading Time: < 1 minute

I followed the instruction here https://certbot.eff.org to get a free SSL cert for my website: (pretty cool, huh 🙂 (found it here)

To actually do it, I just go to the website: Scroll down a little, select the software and the system my website is running on, and it will generate all the command-lines for me, here is my link 🙂

There is one small glitch after the installation of ssl cert: that is in the wordpress, I need to set the home page from http to https

Categories
Software development Technology

Couple agile tools

Reading Time: < 1 minute

Point Poker: free (accepts donation). A nice pointing tool, click start session, for collaborators: put in name, and join the session.

Fun Retro: there are free and non-free choices. The free ones are public. It’s a bit like Trello. For that matter, if someone likes to keep it private, I think Trello is a good alternative: just put in swimming lanes such as liked, learned, lacked, longed for and action items

scrumpoker-online

Categories
Career Software development Technology

Job search advice amid COVID-19 pandemic

Reading Time: 5 minutes

We are at unprecedented times, in terms of the pandemic, and the economy aftermath. The IT software dev job market is not impacted as much as some of the hard hit ones such as. travel and leisure, but nobody is also insulated when there is a typhoon. For example, locally here in St. Louis, Enterprise rent a car, the largest car rental company in the US and in the world, has laid off more than 2,000 people, IT division included. I recall about 10 years ago I wrote a post about job search, and I like to update it, amid the time change and this specific pandemic change.

Some obvious things

No onsite interviews, remote or video interview only these days. Zoom is the most popular choice, and for developers there are some white-boarding online software. Realtime white boarding is actually quite challenging, from my personal experience, on both ends. It also depends on the friendliness of the interviewer, some interviewers like to be “above the interviewee”, they give the problem, did not like to talk or give hints, and expect a quick answer right away. On the other hand, there are some other interviewers who are more open and friendly, and sometimes they will throw a dog bone to rescue. As interviewer I always try to be the former, as I personally have been in the receiving end of “bad interviewers”, and don’t like the experience. Once at an onsite interview (long time ago), a guy who maybe quite sharp, made this comment: it sounds like you did much better than the other guys came in earlier, they really don’t know what they were talking about. And at least you put up this and that, blah blah blah… is this a compliment? I guess my English is already good enough to appreciate the underlying tone there. On the other hand, I can always appreciate good / friendly interviewers, once (not in coding or white boarding) during an onsite interview, the interviewer saw my schedule and saw that I was stuck in the little room all day, he offered let’s talk a walk, and talk in the company cafeteria. It was year early / winter 2005 as I recall, in middle of New Jersey.

Websites

Below two the most popular websites now.

Indeed: note Indeed.com is No. 1 in terms of the number of jobs. I found my last job and current job via Indeed.com. This is mind boggling when you think about it. I am not sure whether it exists in 2010. It’a an aggregator website. A bit like Google for information search.

LinkedIn: linkedIn became more meaningful too, I got a job offer in my last round job search and the lead is from LinkedIn. Many companies now post jobs at LinkedIn. Besides the number of jobs, we all know LinkedIn is the top 1 place that recruiters congregate. And as I built profile at LinkedIn, I also received more unsolicited messages or requests from mostly recruiters or website SEO people. Most recently I decided to be more discreet on accepting recruiters request. Most recruiters are young enthusiastic people and I bet they send out things blindly. This brings to another point.

Also, stackoverflow has a job portal, and some of the jobs are looking good too.

Recruiters

I think recruiters are still useful, if we are more discreet and we ask what we want. I have some recruiters friends from both ends as well: job search, or candidate technical screen. And I keep in touch with them from time to time, as a part of relationship building. Sometimes this could be a simple “hi” when the recruiter is in the hallway or in the office. I do understand, on linkedIn, or via database, sometime some younger recruiters will cold call (the reason I pick up the reason was probably the call from number is an agency I know). And we need to keep things in perspective that’s a part of their job and paycheck too. Also keep in mind we live in a small world especially in the St. Louis IT job market, and sometimes the table can turn quickly. I recall seeing a former coworker at two separate places (and I remember he was not being nice to me 🙂 I don’t have grudges against him, but I just know I probably won’t use him as reference, and vice versa.

Code Test

Not white-boarding or pairing either remote or on spot, but something like hacker rank, or filtered.ai. Those are okay as they are usually not overly difficult, they are fair test in other words. There is some random ones, which is usually some problem a tech lead, an architect came up with. And some of those can be nasty. Once I spent 24 hours on a problem, and could not solve it. I solved it a day later. Also noted the behavior type questions on filtered.ai or company recruiting website. Those are easy ones to score points, so don’t waste the opportunities. Usually they let you re-do if the first recording does not look good. The coding test, if done properly, you can run the unit test on the editor and you know it’s failed or passed.

(Update 05-19-2020) There are a lot of online code playground or white boarding tools for code testing on the spot. Those are mostly collaboration tools, with some syntax highlighting. But it’s usually not as powerful as the hacker rank or filterer.ai as the latter ones usually have the build-tests, so basically you will know your code is good enough or not by passing those tests (tests are usually hidden though). Tools such as code labstack are still pretty useful. One thing I am not sure is how they manage the sessions. From interviewer (hiring side) point of view, it maybe helpful to give a heads up if a quick code test is expected so that the candidate is aware. I have seen candidate just bail out without even trying. I have been on the receiving end of this kind of test as well. Again the interviewers friendliness (more precisely helpfulness, do they just want to see the candidate fail, or they want to be as human as possible) varies. (sample java code question here). Also JavaScript code playground such as codepen.io and jsbin.com .

My javascript code samples.

Last but not least, problem solving questions. One example: Suppose we have 8 balls: one is heavier than the other 7, the other 7 are identical. Now we have one balance (or scale), and we can put balls on two sides to weigh and compare. Use as few attempts as possible, to find the heavy ball? A follow up question is, if we have 2 or 3 attempts, how many balls can we handle (again one heavy ball with many identical lighter balls). 

About me. Also you may read about my other post on related topic.

Also, please note this guide on job search. I haven’t read the whole thing but it appears good. Much longer than this blog. Last but not least, this post is a good read too (Helen Anderson @helenanders26).

The Science Behind Making Software Engineering Interviews Truly Predictive of Job Performance by Geoff Roberts.

Categories
Software development

GCP Cloud SQL hibernate issue

Reading Time: < 1 minute

It complains the table does not exist when in the data.sql we were trying to insert some data. Turns out the table did exist but the default table name was lower case, while we were using Upper case both in the data.sql and the java hibernate entity. The fix is to add one line in the application.properties file. Note this is a spring boot app. Also note the data.sql was used to load initial data in spring boot.

spring.jpa.hibernate.naming.physical-strategy=org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl

I found out about it as I first work around the issue by doing something like shown in this article. But I was thinking this was not right. I was able to find out once I connect to the cloud sql db via proxy. Also refer to this stackoverflow discussion. 

DROP TABLE IF EXISTS employee;

CREATE TABLE employee (
  empId VARCHAR(10) NOT NULL,
  empName VARCHAR(100) NOT NULL
);

Also Spring Data

Spring data REST reference: this is by default will be shown in the root of the website.

the key seems to be adding this in pom:

<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-data-rest</artifactId> </dependency>

Last but not least, to disable the end points or to show the available ends points for spring boot app, we can use actuator.

management.endpoints.web.exposure.include=mappings

We can show the end points at:

/actuator/mappings

Categories
Software development Technology

Java thread and interview questions

Reading Time: < 1 minute(Update 05-19-2020) There are a lot of online code playground or white boarding tools for code testing on the spot.

(Original ) Hibernate map one to many (Vlad Mihalcea)

A collection of the posts I saw recently.

Java World
Introduction to Java threads

Java 101: Understanding Java threads, Part 1: Introducing threads and runnables

Others
Java Callable Future Example

Java – Multithreading

Java Thread Tutorial: Creating Threads and Multithreading in Java

Vaadin chat example
It needs multi session (thread) support when we need to use tabs to chat back and forth. The app description is here.

The annotation to support this: @VaadinSessionScope

Java interview questions
Placeholder: I still need to clean up the list below (to incorporate my recent interview experience).

aop
dependency injection
refactor
agile
test driven
code review (what to look)
static vs. final
interface
spring
hibernate

java generics

tree set vs hash set

tree map vs linked hash map
https://dzone.com/articles/hashmap-vs-treemap-vs

.equals() vs ==

Java String equals()

Elasticsearch 

Digitalocean installation

Get started

Categories
Software development

Spring, Spring Boot, React and OAuth

Reading Time: 3 minutesBaeldung : A Comparison Between Spring and Spring Boot

Tutorials from Okta
Working in progress

Identity, Claims, Tokens – An OpenID Connect Primer, Part 1 of 3 (Micah Silverman, below 2 and 3, are also by Micah)

OIDC in Action – An OpenID Connect Primer, Part 2 of 3

What’s in a Token? – An OpenID Connect Primer, Part 3 of 3

Secure Service-to-Service Spring Microservices with HTTPS and OAuth 2.0 (Matt Raible) : some errors due to java certs

Completed

Secure a Spring Boot REST API with JSON Web Token Plus references to Angular integration (Nouhoun Y. Diarra) : a small typo: the health check URL should be http://localhost:8080/actuator/healthTutorial:

Develop Apps with Secure WebSockets in Java (Jimena Garbarino): 

Secure Reactive Microservices with Spring Cloud Gateway (Matt Raible) link to my github

A Quick Guide to Spring Boot Login Options (Andrew Hughes)

Easy Single Sign-On with Spring Boot and OAuth 2.0 (Micah Silverman): note the need for JDK 11 (I used Amazon JDK 11), and please remove the double quotes around claim name and re-type (copy paste does not work well from blog post to okta dev console)

Build Spring Microservices and Dockerize Them for Production by Raphael do Vale. As I was finishing up the regular part (the exercise before docker), the service discovery reminded me of Hashicorp Consul tutorial I followed along a while ago. Note this tutorial used Netflix Eureka which is a bit more cool than pure command lines from Consul / Vagrant 🙂 Note this for Docker (quote the tutorial): You must store the file school-ui.properties in the same folder specified on the volume mapping (in the example above, the relative folder ./config-data). This is also my first complete tutorial on Docker container running java web apps (on my local MacBook and Windows 10). In the past I followed tutorial that runs Chef as well as Tomcat / Jenkins on docker (GCP).

Build a Secure Notes Application with Kotlin, TypeScript, and Okta by Matt Raible. Note the last part also talked about how to push code to Pivotal Cloud Foundry and deploy the apps there. This is interesting as I have done the PCF 15 minutes tutorial in the past (and recently).

Bootiful Development with Spring Boot and React (Matt Raible at Okta): I followed this tutorial until the point that I get the basic beer list (in other words, I made both the basics of Spring Boot and React work). This is my very first venture into React, and I had to install “yarn” as well using brew install. In the process I had to upgrade the Xcode via command line.

Also: Use React and Spring Boot to Build a Simple CRUD App (Matt Raible at Okta): I made small mistake when initiating the project with Spring website: I copied / pasted the dependency frameworks, which seems does not have any effect when the pom.xml was created. So I added the dependencies manually.

			org.springframework.boot
			spring-boot-starter-web
		
		
			org.projectlombok
			lombok
			provided
		
		
			com.h2database
			h2
			runtime
		

Also in my Eclipse, I need to install Lombok manually by following instruction here. Note Matt did mentioned the IDE cannot recognize some of the Lombok things if there is no plugin. In the past I used to install Plugin via the menu inside Eclipse. I noticed “Whitelabel error” when I was hitting the end points: http://localhost:8080/api/groups/ (this is working as expected actually, before I add any JUG meeting to the list, as I don’t have access to the default list).

Last but not least: I need to make a small adjustment in GroupEdit.js sample code

'X-XSRF-TOKEN': this.state.csrfToken, (it was just csrfToken and Yarn did not like it)
Categories
iPhone app Software development Technology

Docker – second take

Reading Time: 2 minutes(Update 02-04-2019) What Is Container Orchestration? (by Isaac Eldridge at New Relic).

I also followed along the Exploring Docker [1] – Getting Started by Traversy Media. I did make the node.js and MongoDB work on my local MacBook, but I could not make them working on my DigitalOcean droplet due to mismatch of Docker versions of “Docker Compose”, the root cause was the Ubuntu on my Droplet was a a bit old (14.0.4). I need to upgrade it to make the versions compatible.

(Update 02-13-2018) So I found out today I have AWS bill of $2.62 (mostly due to EC2 instances) today. This is due to the fact that I did fire up the VM as well as the docker swarm instances (total 9? maybe due to I ran the deploy script multiple times?) Anyway I fired up the instance last night, this evening I looked at the “instances” and looked at the bill, I know what happened. I still did not make the connection from outside to ec2 working though. For the time being, I “terminated” the docker swarm, and stopped AWS VM.

(Update 02-12-2018) I am also following the tutorial at Docker’s official website. I am at step 6 here. And right now, I am stuck in connecting to the AWS vm (was following this Docker guide): step 6 “docker node ls”. I did follow the steps to create docker credentials for AWS.

error during connect: Get https://192.168.99.102:32768/v1.35/nodes: http: server gave HTTP response to HTTPS client

Note this IP address looks like the local default machine: one thing I am not quite sure is how the local connects AWS

(Original 01-31-2018) I installed docker on my mac a while ago and did a simple tutorial. But I never had much chance to play with it until recently. After the training, esp. after I saw use docker container to host Tomcat, and then use Jenkins to startup Tomcat (build and deployment), this whole thing got me interested in docker again. Note I have been learning about docker contain and they seem to be the future deployment model for scalable mobile apps backend: e.g., I know the Robinhood app (the free stock trading app) is container based in the back.

Some resources I used to get started:
1) Youtube docker tutorials (11-18-2018: such as this one Demystify Docker; also noticed this one Docker for GCP. I will see if I can do the training exercise again I mentioned above).
2) Install docker or docker.io on Ubuntu (I have a digitalocean droplet / VM, and its OS is Utuntu);
3) Overcome the error message:
FATA[0000] Get http:///var/run/docker.sock/v1.17/version: dial unix /var/run/docker.sock

The answer is this:

The problem is that your user has not been added to the docker group.

Try:

sudo usermod -a -G docker
If you don’t want to log in/out from your current shell, run:

newgrp docker

Last but not least, install Jenkins on Ubuntu 14.04.

Other error messages (note I am on a Mac)
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? (when I tried to run some docker command)

It seems the solution is
eval “$(docker-machine env default)”

Categories
iPhone app Software development Technology

How to root T-mobile Samsung Galaxy S3 SGH-T999

Reading Time: 2 minutesDid my first root of Android phone. I had two Android phones before, but I never rooted it. This time I had a need for root to add the Chinese language to a Samsung Galaxy S3. The specific model is T-mobile SGH-T999 (shown in the Download or Recovery mode, but the model number on the settings says AT&T model number, which caused some issue for me later down the road).

The main reason for doing this is to add Chinese language support. It looks like by reading the article we can only get it work by rooting. I also looked at another article on the language support that suggested both MoreLocale2 and Language Enabler. Tried MoreLocale2 first but it seems needing root. So I started looked at the root tutorial. Because of the “wrong” model number, initially I thought this is an at&t device (model number at&t samsung galaxy s3 i9300, and here is an tutorial for that). Note the two tutorials are similar (t-mobile root tutorial here), the main difference is the at&t one is more verbose, and it has a link to the mod5 file for the at&t model. The odin program did not work for me initially because I was using the latter mod5 file (mismatch between hardware and mod5).

After that mistake the device was stuck in the Download mode (link to get into the Download mode), and could not reboot. I googled I have to download a Samsung software to get it restored. There were other hiccup too, one being the device cannot connect to my Windows 7 laptop (a bit old HP elite book), even after I install the driver. Had to reboot to make sure they connect. Back to topic, I was able to root after I switched to the mod5 file for t-mobile device. And it worked like a charm. After that I installed the rootCheck and SuperSu app from the Play store.

After the root, reboot I installed the Language Enabler app by Wanam from Google Play store (again refer to the language article above).

Final impression: the Samsung s3 is a relatively old device by today’s standard, but it works as a basic smartphone and adding the Chinese language to it, in my specific case, could potentially save an iPhone purchase (SE starts at about $400 in the states). It just takes some work to get it work, from enabling the developer mode/USB debugging on the device, to the odin software root.

Happy rooting 🙂

Categories
Software development Technology Web

Production, production, production

Reading Time: 3 minutesI first learned the “production environment” in 2010, when I worked as contractor for a major railway company. Before that I was mostly in CAD software development and consulting environment the word “production” did not come often. To be precise at Siemens PLM/UGS as developers, we did have access to various production releases and did validation for bug and bug fixes from time to time. Our code goes to release per year or per quarter. But production is not as significant as the maintenance releases, so this is the world of shrink wrap (engineering) software world.

Came to the world of business applications, or web. The first thing I learned is it’s not a good idea for newbies to touch production data. Or for that matter, not good idea for devs to touch that either. Very few people has production access, besides admins (database, web), the few people have access are usually product owner, business analysts, or product support people. And fast forward 5, 6 years, I became one of the latter. This is a privilege. Something I learned over past year:

1) Start from baby steps: e. g., if we want to update 1000 records: start from one or two records, do the update, validate and if everything looks good, do the mass update. This goes th way of divide/conquer too: so for example, if I need to delete 3 or 4 million records in one script (one run), I know it will be a long operation, and I don’t want the operation hang or fail in the middle. So what do I do? I divide the deleting operation into a few, each operation deletes half a million, much more manageable, and I will get the it complete much faster or get feedback much faster.

Categories
401k and Personal Finance Software development Technology

Contractor or employee ?

Reading Time: 2 minutesA common question for software developer is to be an employee (full time, perm) or be an contractor (W-2, or 1099). Strictly speaking the 1099 is more like a small business, and I have not done it personally. I heard some experienced people did the 1099; I will share if I have that exp. down the road.

I spent most of my career so far being an employee (8 years for Siemens PLM/UGS was the longest); I also spent some time being an contractor (total 3 places, about 28 months). Each option has pros and cons. A few things I learned from my own exp.

1) People have all kinds of expectations for contractors, usually the higher pay, the higher the expectation. For employee, they are a bit more patient.

2) Contract to hire. I found this is usually promised or at least suggested at the beginning, as personally I still prefer to be employee long time. But in two cases, I found they were not the case. All types things happen at client, but in one case looking back I felt the client may never had intention to convert. So this is something to keep in mind as for some people the longevity/conversion is important factor.