Categories
Software development

GitHub 2FA and personal access token

Reading Time: < 1 minute

Even since I enabled the 2 factor authentication on GitHub, I am using the developer personal access token (PAT) for pushing the code.

The normal steps (please ignore the numbers in the beginning of each line):

  514  git remote remove origin
  515  git remote add origin https://my_developer_personal_access_token@github.com/major1xu/myNestEgg.git/
  516  git remote -v
  517  git push
  518  git push --set-upstream origin master

This works for both the public and private repo. I’m thinking another way to do it is when using “git clone” to begin with, we use the PAT. I am going to try it next time. Note I created the repo in the GitHub website first.

Categories
Career Software development Technology

Hiring Right

Reading Time: 2 minutes

In a little over last year or so, I was involved in many technical interviews, and sometimes hiring decisions (one vote only, but a No vote is usually a No for the candidate). This is quite different from normal technical contributor’s job. But I learn something from this process too. I think overall I had two bad “Yes”, meaning I should have said “No”, but I said “Yes”. In one instance it was purely my unforced error, in another case the process went haywire.

Let me recall my mistake first. I was talking to candidate, and I noticed something unusual in the resume. Basically it appears the resume has some contradiction with what’s been said by the candidate. I have two colleagues on the phone, not sure if they saw it on video (likely not as I may not have video camera for the laptop then). But basically at that moment the candidate grabbed the resume back from me. I was stunned to say the least. I told my two colleagues No. But they somehow asked me to re-think. And they talked me into “give him an opportunity”. Things did not work out eventually, as the manager eventually let that person go as he has some personality issue.

The second bad “Yes”, was process oriented. Basically after we made “hire” decision after interview, I recall I have seen the resume. I searched email and found out that candidate was “no show twice” in last September (sept 2019). No show is a red flag. No show without explanation is even worse. Not matter how talented someone is, it’s very hard to overcome this kind of issues. My regret there is we did not have a process to flag a candidate in our system. I recall at my former workplace, due to some back and forth, one hiring manager said “enough”, let’s flag this person on our system. So basically we are unlikely to see this person again. In a way it’s a good thing, because as minimum it gives some warning: one can always over-ride computer, but computer has better memory than human beings in many occasions. This process would have helped, if we had one.

Last but not least, some interview advice from Joel Spolsky. Quote: You should always try to have at least six people interview each candidate that gets hired, including at least five who would be peers of that candidate (that is, other programmers, not managers). || (more quote) So: don’t listen to recruiters; don’t ask around about the person before you interview them; and never, ever talk to the other interviewers about the candidate until you’ve both made your decisions independently. That’s the scientific method. || I spend about 30 seconds telling the person who I am and how the interview will work. I always reassure candidates that we are interested in how they go about solving problems, not the actual answer.

Categories
Software development Technology

Java keytool

Reading Time: < 1 minuteKeytool

The Most Common Java Keytool Keystore Commands

import

  • keytool -import -trustcacerts -alias root -file Thawte.crt -keystore keystore.jks (or cacerts)
    
    (keytool -keystore $CACERTS_STORE -storepass changeit -importcert -alias jfrog.root -file jfrog.root.cer -noprompt)
    
    

list

  • keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts

Install Spring STS on Mac

Drag the STS to the Application may not necessary, as it could not find the vFabric server (need to open the folder to let base_instance know)

Other setup for Maven (3.0.5)
home brew maven30 (stackoverflow thread)

Last but not least

Java dev blogs at Okta

Categories
Software development Technology

GCP Data Fusion

Reading Time: < 1 minute

(Update 12-10-2020) Ran the DataFusionQuickstart from Data Fusion Hub. Need to make sure the compute@developer service account have the following roles:

BigQuery Admin
Cloud Data Fusion Runner
Dataproc Worker
Service Account User
Storage Admin

then the datafusion user service account still has “Service Account User” role (this is same as below). The big query and storage roles are needed because the pipeline uses both. When it runs successfully, at the end we will see “Pipeline ‘DataFusionQuickstart’ succeeded.”

(Original 10-26-2020) Tried running couple more pre-set pipelines from google. It took a while to run (don’t know why). More on permissions (IAMs): need to add “Dataproc Worker” role to “Compute Engine default service account”. Continue added Service Account User to “Cloud Data Fusion Service Account / Cloud Data Fusion API Service Agent”

Couple tutorials

Targeting campaign pipeline

Creating a reusable pipeline

Permission issue (note the exact error will depends on the setup of network as well, for example, this DF service account needs to have network access to run the pipeline, and it needs that role if applicable).

Cost: the developer edition for data fusion instance costs 35 cents per hour. The basic edition is 1.80 per hour but comes with first 120 hours free, this is 5 days free usage and recommended. Also, there is ways in GCP to set up budgets and alerts.

Categories
Software development Technology

Terraform

Reading Time: < 1 minute

Doing

Prepare for Certification

Get Started – AWS : below has some issues, cannot find the image. Note I tried to find correct ami image id too (ami-032930428bf1abbff, via AWS console), but it appears there is another issue when a correct ami image id was used.

resource "aws_instance" "example" {
  ami           = "ami-830c94e3"
  instance_type = "t2.micro"
}

Error: Error launching source instance: VPCResourceNotSpecified: The specified instance type can only be used in a VPC. A subnet ID or network interface ID is required to carry out the request.
	status code: 400, request id: c8d85874-93fb-4e48-b515-97b50172826b

  on example.tf line 15, in resource "aws_instance" "example":
  15: resource "aws_instance" "example" {

*Amazon Linux AMI 2018.03.0 (HVM), SSD Volume Type – ami-032930428bf1abbff (from aws console)

Done

Get Started – Google Cloud

Get Started – Azure : one interesting part is it seems the user name and password for Azure in TF script is not checked (or in other words they are stateless?). Not sure why. Was using admin_username=plankton later while it was setup it was Password1234!

Two more comments on Azure: the Store Remote State part did not work perfectly. I believe Azure free tier has one year limit: it shows 6 cents so far for my infrastructure experiment. Also: the detailed cost.

Get Started – Terraform Cloud

Categories
Life Tips Software development Technology

hosts file for productivity

Reading Time: < 1 minute

Sometimes we need to get something done without the distraction of facebook, twitter or for that matter, linkedin (or some other sites you want to stay away). Here is a tip for how to do it on Mac.

sudo vi /etc/hosts
(note you don’t have to use vi, feel free to use nano or other editor of your choice)


referene entries below
====
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost

127.0.0.1 facebook.com
127.0.0.1 www.facebook.com

#127.0.0.1 linkedin.com
#127.0.0.1 www.linkedin.com

127.0.0.1 twitter.com
127.0.0.1 www.twitter.com
====

Then do this in command line.
sudo dscacheutil -flushcache

Reference articles:

How to Edit the Hosts File in Mac OS X with Terminal

How To Edit Hosts File In Linux, Windows, Or Mac

Categories
Software development Technology Web

API Gateway

Reading Time: < 1 minute

Kong

Kong is a cloud-native, fast, scalable, and distributed Microservice Abstraction Layer (also known as an API Gateway or API Middleware). Made available as an open-source project in 2015, its core values are high performance and extensibility.

Actively maintained, Kong is widely used in production at companies ranging from startups to Global 5000 as well as government organizations.

CA Layer 7 / API Gateway: was owned by CA Technology, formerly Computer Associates. Sold it to Broadcom the chip company in recent years. It used slightly older technology as Kong, apigee and Okta.

documentation:

architecture:

Categories
Java Software development Technology

Spring batch, Spring Scheduler, PCF

Reading Time: < 1 minute

Was experimenting running scheduled job on PCF. One natural choice is PCF scheduler, which comes with the Pivotal Web Services (PAAS). Googled around and found this example on DZone. The spring batch code is here. There was a small typo in the manifest.yaml,

path: build/libs/payment-processing-spring-batch-0.0.1-SNAPSHOT.jar
Note the snapshot.jar file name does not match what’s specified in the build.gradle file.

The correct file name is

spring-batch-job-0.0.1-SNAPSHOT.jar

The rest of the manifest.yml looks good, in fact I used the following options for my spring scheduler app manifest.

no-hostname: true
no-route: true
health-check-type: none

But PCF scheduler is not available in our environment. The Spring Scheduler is used instead. I followed this Get Started Guide from Spring. In my case I need to use Cron Expression, here is the code sample and here is the guide to cron expression.

Last but not least, in my case I need to send out email notification for the cron job conditionally. I used the java email code sample here.

======

Some PCF references

pivotal web serivce

cf login -a https://api.run.pivotal.io/

https://console.run.pivotal.io/tools

https://docs.pivotal.io/pcf-dev/index.html

cf login -a api.local.pcfdev.io --skip-ssl-validation

https://tanzu.vmware.com/tutorials/getting-started/local/deploy-the-sample-app

Categories
Software development Technology

How to generate a Lets encrypt SSL cert

Reading Time: < 1 minute

I followed the instruction here https://certbot.eff.org to get a free SSL cert for my website: (pretty cool, huh 🙂 (found it here)

To actually do it, I just go to the website: Scroll down a little, select the software and the system my website is running on, and it will generate all the command-lines for me, here is my link 🙂

There is one small glitch after the installation of ssl cert: that is in the wordpress, I need to set the home page from http to https

Also, an older post Move WordPress from Share Hosting to DigitalOcean

Earlier: I summarized it on twitter.

Categories
Software development Technology

Couple agile tools

Reading Time: < 1 minute

Point Poker: free (accepts donation). A nice pointing tool, click start session, for collaborators: put in name, and join the session.

Fun Retro: there are free and non-free choices. The free ones are public. It’s a bit like Trello. For that matter, if someone likes to keep it private, I think Trello is a good alternative: just put in swimming lanes such as liked, learned, lacked, longed for and action items

scrumpoker-online