24 Feb 2016, 09:30

Around the Web - February 2016 - MySQL, Docker, Security & Webapps/API

MySQL

Docker

  • Official images are to move from Ubuntu to Alpine : main arguements are about disk space saving (and so bandwith and time to launch a container) and security (lower surface of attack).
    • "Alpine Linux is a security-oriented, lightweight Linux distribution based on musl libc and busybox" according to the site
    • First, I was sceptical as it requires the whole ecosystem to move from ubuntu to alpine ; indeed, wether you like it or not, people are used to ubuntu/debian and other mainstream distribution and all packages we are used to have are not yet available in alpinelinux also. To be honest, main packages are available.
    • Then, a debian or whatever base image will still exist, be safe with that ; however, if you want to "hack" / inherit from a docker base image, you'll have to switch to Alpine.
    • Third, we could consider that once your docker host has the base image in cache, the ~180M size of base image is not an issue. But starting from 5M may be a good argument however.
    • Starting testing it on ARM device and especially Raspberry Pi, I'm quite pleased with its reactivity and packages available.
  • Some tips to reduce the size of your docker image and also understand how size and layers impacts your docker image. Following the instructions, I could reduce my influxdb-chronograf docker image by 70M approx (from 360 to 290M if I'm correct)

Security & API/Web App

 

27 May 2015, 09:30

Around the Web - May 2015

API

Misc

  • A day at Devoxx France (in French) : a summary from Xebia about the Devoxx France conference (Java based but not only) and their findings.
  • Mix-IT Web was in Lyon in April, and the M6 Web tech team wrote a feedback in French - Day 1 - Day 2 ; it deals both with tech and agile topics.

Browsers

PHP

UX

  • The Apple Watch: User-Experience Appraisal : a review on how you app should behave (or not behave) on the new Apple IWatch ; transition with iPhone is also managed and the way to dealt with content and how you should manage your interactions.

Web performance

NoSQL, ElasticSearch

  • Elastic released a new (commercial) plugin for ElasticSearch caled "Watcher" and which aims to raise "alerts" when some events occured and according to some conditions, it may generate an action (email being sent, interaction with another system, etc).
  • M6 Web Tech team published a video (in French) about an introduction to Cassandra.

Geolocation

  • Indoor geolocation technology : article (in French) about indoor geolocation technology, describing and comparing Wifi vs NFC vs Beacon vs Magnetic field to provide geolocation.

25 Mar 2015, 09:30

Around the Web - March 2015

Browser

Responsive Web Design (RWD)

HTML5/CSS/Javascript

  • This API is so Fetching : fetch API is to be used for asynchronous actions and is to be more resilient than a XHR (ie ajax) call. Some exemples are given in the blog post ; it can be used from Firefox 39 and Chrome 42 (currently in dev status) but a Fetch Polyfill exists to start using this API from now.
  • CSS Reference which introduces itself as an extensive CSS reference with all the important properties and info to learn CSS from the basics ; this article gives a more introduction on its purpose and how to use it.
  • Meteor, develop faster than a rocket (in French) : an introduction to Meteor  a full stack and isomorphic javascript framework in which you use Javascript both on client and server side. It also uses MongoDB (NoSQL Document Oriented database & schemaless) to store data and it's based on Node.JS. A second article will show how you can create a mobile app easily.

Thoughts

  • Your job is not to write code : Engineers' job is not to write code, Project Managers' job is not to manage project and so on. Our job is to make a better product.
  • A Bug Hero to fight against bug invasion (in French): in an agile team, in each sprint, a developper is commited to do the 1st level support, fix bug and manage incident to avoid disturbing the whole team and sacrifice the sprint. If no bugs, developer is aimed to fix small tasks that are not on the critical path for the sprint dlivery. Interesting both for the disturbing management effect and as it enforces developpers to have a global knowledge of the system, not only his own part.  

SQL

  • Understanding SQL's null : because querying null is not as easy as it may be and also null may not mean null in the way you expect.
  • PoWa (Postgresql Workload Analyser), released as a 2.0 version, provides a better (from what it is said, not tested) monitoring and performance tools on your Postgres 9.4 cluster.

Virtualisation

Compose is a way of defining and running multi-container distributed applications with Docker. Back in December we opened up its design to the community. Based on the feedback from that, Compose will be based on Fig, a tool for running development environments with Docker.

Machine takes you from “zero-to-Docker” with a single command. It lets you easily deploy Docker Engines on your computer, on cloud providers, and in your own data center

Swarm is native clustering for Docker containers. It pools together several Docker Engines into a single, virtual host. Point a Docker client or third party tool (e.g., Compose, Dokku, Shipyard, Jenkins, the Docker client, etc.) at Swarm and it will transparently scale to multiple hosts. A beta version of Swarm is now available, and we’re working on integrations with Amazon Web Services, IBM Bluemix, Joyent, Kubernetes, Mesos, and Microsoft Azure.

  • so now you can orchestrate all your process from zero to production using docker (based) solutions. Even if some products are still in beta so far, a very interesting move !

 

25 Feb 2015, 09:30

Around the Web - February 2015

UX

  • The Fold manifesto : why the page fold still matters ; even if we get used to scroll, we need to be encourage to do it. Thus the fold is strategic to convince the user to make the effort to go beyond this limit ; whatever the size of the device is (RWD included).

API

Javascript

  • OCTO was at DotJS and try to sum up what is the status of frontend frameworks (in French) mentionning Web Components, Isomorphic javascript (ie both in frontend and backend side) and some ideas around the announcement of the AngularJS 2.0 which generated a lot of noise.

CoreOS, Docker & co

  • Discover Docker; another blog from OCTO, about CoreOS. So if you don't know about CoreOS, Etcd and Fleet, the article is for you so that you have an overview of what is CoreOS.
  • Nuxeo made a summary of their use of CoreOS (including Fleet & Etcd), Docker and the tools they build for Nuxeo.io platform. Very interesting summary.
  • If you are interested in minimalist OS, this post on Docker blog mentions "of course" CoreOS but also Ubuntu Snappy Core (Ubuntu based) or Project Atomic (closed to RedHat/CentOS/Fedora system).

Responsive Webdesign

ReactJS, Flux

HTML5

  • Making a complete polyfill for the HTML5 details element : if you were to bridge the gap by providing a feature a browser does not include, it is very interesting to see the how it is done from a methodological point of view.
  • Improve your lists with style ! Now that counters are "stylable", you can do a lot of things to improve the rendering of your lists (no more bullet points but some shiny icon ?, manage padding, etc). HAve a look at the demo (requires a modern browser)

19 Mar 2014, 09:30

Misc - 19/3

UI

  • Brick is a bundle of reusable UI components based on HTML5 and made by Mozilla ; you can read an introduction about it. Seems minimalist to some extend (limited in numbers even if growing) but also very powerful at a qualitative point of view.

DevOps

  • If you are interested in Chef or more widely about IT automation, you can read 3 articles in French on how to run Chef from scratch and cook your first recipes.

Postgres

  • PostgreSQL 9.3.3, 9.2.7, 9.1.12, 9.0.16 and 8.4.20 released! It contains fixes for multiple security issues, as well as several fixes for replication and data integrity issues. It also contains many improvements.
  • Barman seems a very powerful backup and recovery manager for Postgres. Develop by the 2nd Quadrant team which are in the main commiters on Postgres code.
  • Postgresql Studio : a web app to manage your postgres database in a Java container (tomcat, etc). Seems a modern alternative to phpPgAdmin.
  • Postgresql Exercies : to discover Postgres world and train yourself to build SQL queries.

Development

  • Some best practices (in French) about POST vs PUT to use them correctly in your API.
  • The AngularJS team wrote a blog post about what would be in AngularJS 2.0 ; seems very promising both on the improvements part but also what they aim to ease. It's also interesting to see that they inspire from ES6 which is the next version of Javascript (not yet implemented in your browser)
  • Opquast is reviewing their best practices around mobile development til end of March, with a public review. Then final recommendation will be released. If you don't know Opquast (for Open Quality Standards), they released a lot of checklists to asses/review your site.
  • The truth about multiple h1 tags in the HTML5 era : with the change of structure allowed with html5, it's now safe to implement multiple h1 tags.
  • Wonder when/why you should use Node.js for your next project : read this article which explains the paradigm behind Node.js and where it fits best for projects.

16 Oct 2013, 09:30

Paris Web 2013

I had the opportunity to attend Paris Web last week. For those who don't know Paris Web, it's a conference about webdesign, accessibility and quality, but not only/strictly and 2013 was the 8th edition, gathering 600 people in Palais Brongnart and almost 600 online too with the live. All the conferences were recorded, so if you are interested, you'll be able to watch them online later.

For me, It was 2 days with a lot of insights, values and beliefs on what the web should be and how we should work and somehow live with the Web.

Below a summary of the talks I attended.

Day 1:
  • "La folle journée ou la fourberie d'un projet" : a funny introduction with a story with all the "clichés" about a web project : use of trainee, lack of specs, lack of organisation, etc.
  • "API Best practices" by Eric Daspet (slides) : Eric provides some feedbacks about his own exprience on builind API ; a few lessions he learnt and shared :
    • Dates are ambigous, especially when you deal with timezones ; be the most defensive as you can against date (don't assume lazy people will provide UTC based date for example but more a local date with timezone)
    • Plan additional langues to avoid breaking your JSON object and more globally your API when adding a new languages
    • Pagination : your collection can change between two requests ; so implement a strict filter and some before/after pagination than using offset and limits/quantity
    • Enforce pagination and limits to avoid a client making a query on the whole collection
    • Versioning : be compatible but not that much. You will fail to some extend, assume you will have to redesign your API and have a v1, v2, etc
    • Structure : be predictible with your URI schema ; don't have more than 3 levels (collection / item / link)
    • Encoding : avoid special characters to avoid some double encoding in some code (yours or the one of your client)
    • Security : never implement your own system, rely on standards like HTTP-Baisc and oAuth ; provide a mandatory SSL/TLS channel.
    • Make your API simple to start with but the most flexible/opened also to be easily extended later
    • Mix a bunch of state of the art, standards and pragmatism to have the right balance to build your API
  • "I code so I test" :
    • Remember that Ariane 5 rocket exploded for a cost of 370 millions $ for a code from Ariane 4 which was not tested and for a test estimation about 300.000$
    • Review of the main tools for testing (unit / integration / functionnal / UI / validity / compatibility testing)
    • Aim is not to improve code quality by the test ifself but the process it requires
    • Imrprove code resilience, maintenance and evolutivity
    • Imrpove the trust you have in the code, even if you are not the one who developed it
    • There is a learning curve which is not that much about the tools but about the experience on how/what to test
    • Be realistic/pragmatic in your tests but always tests
    • Start better with a wrong test than with none. Never wait for the perfect test and you will improve them over time.
  • HTML5 accessibility (slides) :
    • There is still a long way to go even if browsers do mostly their job. It's because of the WIP status of HTML5 but also the fact that browser are not always connected to the "Assistant tools" to which they should provide information. Even if not up to date, you can check HTML5Accessibility.com.
    • Overuse of "section" tag in HTML5 is what we had with "div" tag in HTML4, whereas "section" are visible in audio system (and not always div, creating too much noise but at least being visible)
    • Aria is to make the bridge for accessibility when native tags are not sufficient. It will use shadow dom
    • Tip 1 : if you use a "section", provide a heading to make your section meaningful for audio/screen reader devices
    • Tip 2 : if you try to enhance some native html tags (like input) to make it looks fine for non paired people, think about accessiblity
    • Tip 3 : Use native html tag instead of Aria components when possible
    • Tip 4 : Do not change/alter native HTML semantics
    • Tip 5 : all interactive ARIA controls must be able to use with keyboard
  • Subtile accessibility :
    • On mobile, you have no keyboard nor short description ("infobulle"). So you need to find alternatives to make your content accessible.
    • Some patterns (navigation, links management, etc) are reviewed with a few tips to improve the accessibility. Some tips can be used also to improve UX for non paired users.
  • Learning to love : crash course in emotional ux design
    • Starts with reminding that design is not just about how it looks like but also how it works (cf Steve Jobs quote)
    • Impaired people have difficulties to choose because of this lack of "emotion".
    • Before an application can create an emational relation with user, it must meet basic needs first.
    • It's not because a product is useful that a product is usable.
    • When for email you use the "no-reply@domain.com", you just say you users you don"t care about them ; you should better use a please-reply@domain.com
    • Introduce emotional design smoothly with a progressive adoption, starting by fixing an issue so that you have a first rolling point for emotional design.
  • A small step for "em", a big step for the Web by Nicolas Hoizey (slides)
    • Start with a reminder that we should allow user to set his own preferences (font size, etc) to adapt the site to its needs, and thus we need to give them control on the site but with keeping the control on main layout.
    • For these need, please enter "em"  (and "rem") units both for font-size but also for vertical and horizontal grid. Idea is to adopt proportional/relative size and adopt the elastic rendering (which is not the same as fluid which was more a fixed side but set in percentage)
    • If you also mix an "em" approach with responsive web design, you should both offer a good accessibility and user experience with an adaptated rendering.
    • Promotion of the Future Friendly movement, which I'm also really fan about and share the vision of the web.
  • Impactful user experience user strategy : thoughts about UX based on a delivery issue use cases, making think about the whole process and the vision of each participants and how it impacted the whole user experience.
  • HTML5 Javascript API : based on a memo game html/js/css based, the author introduced some CSS/JS/HTML5 - I did not find it that interesting but maybe because it was end of the 1st day.

Day 2 :

  • Adaptive images for responsive webdesign : a review of some techniques to make adaptive images and for each of them a review in termes of performance, complexity (use of dependencies, etc). We can conclude so far that there is no obvious solution and that so far you need to find the solution adpated for your needs. So it's still a nightmare to some extend for a frontend developer and the fact that CMS would also have to manage it for end contributors, is another challenge.
  • Integration, the "it depends" universe (slides) : Frontend devs needs to know from day 1 the requirements and the constraints of the project to make the right assumptions on how they will integrate the site at a HTML/CSS/JS point of view and choose the right solutions. The latter you provide information/constraints to him, the more impacts it can have.
  • Retroactions loops or how to customise your application :
  • Think Mobile UX (slides) : a very interesting talk on mobile UX by focusing on "degrated" moments (when waiting, when out of connection, etc)
    • Challenge : need to think about interruption and breaks, with a requirement of efficiency, on a short and narrow screen
    • Work on the waiting time the user felt and not the real waiting time to allow him keeping focus on his task and without making him angry about your app. like trying to provide an app skeleton to make feel the app is loading, or provide first local features or assume your connection and transaction will succeed and provides an immediate feedback and do the transaction asynchronously (like when the like is displayed in instragram)
    • Focus on the main task of the app to make it damend simple and fask. Secondary task can then be sub-optimised
  • Rusy web (slides) : a "philosophical" talk about data resilience, what should be kept/deleted, who should do that, etc. More open questions than anything else but an interesting talk as the web is only 20 years. What may seem useless now may be useful later for historians but you also have the privacy issues and your digital legacy.
  • Designing with sensors, creating adaptive experience
    • Not really related with web topics but was very interesting especially for the issue it raised about use of data, if robots could make human dumb, etc.
    • Adaptive design is to make a user experience dependant on context and user (so it's not responsive design)
    • Sensors and related intelligence start to be everywhere from Google Now to your Heating system sensors or if you enter a shop, your device would awake, open the app of the shop and become a personnal shoping assistant.
  • Mobile and accessibilty, a trojan game (slides) :
    • Accessibility aspect of projects were often neglected making the assumption impaired people were not using your website.
    • When you look closely to mobile web, it makes us feel as impaired people. So web mobile is a great opportunity to make site accessible by meeting the mobile requirement
    • Tip : if you allow transaction on mobile, increase session and use local storage to allow people to go through their transaction even if they are disturbed or punctually disconnected
  • Paradox of choice :
    • The more choice you have, the more disappointed you will be. Indeed the right choice seems impossible to make. For e-commerce, you need then to filter/sort/narrow user's choices to make him chose the right solution for his needs.
    • Tip : instead of suggesting similar products for which you can create a higher deception, better suggest additional products.
    • Focus on the end of the transaction process to provide a feeling of satisfaction ; what happens before does not matter that much
  • Lighning talks session (people to present 1 topic in 4 minutes)
    • Two devs from Microsoft made two live coding talks with the BabylonJS framework, one to show how to implement a tetris game in HTML/JS/CSS and one about building a first version of the solar system. It was really impressive !
    • I stopped to save the world : what happens when you stop being a hero in all your projects and that even if it may explode to some extent, gains are higher than keeping being a hero both for you and your firm and projects.
    • Others were nice but not that worth to be mentionned :)


What I liked by attending Paris Web :

  • It makes you think about your job, your values/beliefs, your vision of the Web. I should definitely have attended earlier and I need to find how to stay close to these microcosm/universe to sustain skills/values/beliefs.
  • Some topics seems very far away from my current challenges but who knows...
  • It confirms/extend your knowledge on some topics but also let you discover new ones

Videos of each conferences should be available soon - I strongly encourage you to watch them and attend the 2014 edition.

Extra resources :

04 Sep 2013, 09:30

Web Roundup 4/9
  • Great Responsive Web Design is a Matter of Process - Design for Content not for Devices : the web was originally fluid and adaptive until the box and table model came. A good reminder and the promotion of the best practice that you should think about content and not about devices.You have to focus on two axes :
    •  Visual design : ie not focusing on the global layout but ,on a component perspective and think on how your content will be presented.
    • Content hierarchy : your mockups will no longer be based on the layout but on the hierachy of the content ; indeed, on mobile, due to the narrower screen, you will organise your content based on their importance (most importent content on the top and the rest below)
  • An event apart : The long web : notes from a conference with a lot of best practices and food for thoughts ; a few one I would highlight :
    • Importance of the URL schema you will develop as URL is the base to access information. URL is the API of your site.
    • Mobile first is to prioritise content / tasks
    • Mobile first is content first, navigation second
    • Have a component approach from which you will build your HTML pages
    • ...
  • Javascript design patterns : where the author reminds why patterns are important and introduce each of them with an example and additional resources.
  • CSS units you should be using now : we all know the "px" and "em" units on CSS but there are a few more like "rem" and "vh"/"vw" ones. The article will remind the issue with em based approach and introduce why "rem" based approach is better. It also introdue the vh/vw units which are based on the viewport (~ size resolution) of the screen.
  • Testing your frontend javascript with mocha, chai and sinon : introduction to unit test your javascript code with the 3 tools.

17 Jan 2013, 09:43

What if your next backend application would be only an API ?

Web site and application used to be built as following :

  • On the server side, you had all the data, all the logic (what to display and when) and at the end, the server push the answer
  • On the client side (ie in a browser mainly), you only have the rendering of the data and the layout (HTML/CSS/Javascript) - client side allows just to interact with the server side and get/do what you expect. If you go offline but keep your browser open, you cannot do anything with your website or app.

So we all know client/server apps.

Now, for a few years, we have a rise :

  • SaaS services (Flickr, Delicious, Salesforce, etc)
  • Web 2.0 and the mashups effect : you want to retrieve on one page your latest photos, aside your latest marks or latest custom requests, all coming from differents places

That's only feasible thanks to API, which allows interactions between some services/softwares over the net and retrieve data you will aggregate and use as you like.With an API, you can get / create / update / delete data in a system.

Going a little bit further over the years, we got mobile apps, HTML5 and Javascript :

  • Mobile apps, which are on the client side and are able to get data from somewhere over internet and display what you expect and of course manage some offline features so thar you app may work even if you have no connections.
  • HTML5 and its ability to provide especially some local storage and offline management, with a consequence that you can do more on client side, as for mobile.
  • Javascript :
    • Note : if for you Javascript means some crappy visual effects from the early 2000s, just forget this vision. Javascript evolves a lot on the last years, is far more robust than you exepct (but still hase some drawbacks as any language) and can now work both on client and server side. I will not enter into detals here but consider it as a real language as you do for Java, PHP, etc.
    • So Javascript will still provide you all the interaction you need on client side to interact with your application.
    • Have a look at AngularJS or BackboneJS which are HTML/JS framework to build web apps, on client side. See the AngularJS demo app you will build during the tutorial. Everything is done on client side, including search / sort, getting phone list and displaying phone details. For data, there are a few JSON files to provide data in a structured way.

The consequence of this shift is that you can move all or part of the logic on the client side. You only need to be able to fetch/retrieve your data over the network, then apply the logic and render the content & layout to the user on client side, whatever it is a browser, a mobile phone.

So let's imagine you plan to build a new application and know that you will have several devices to support, you could change the architecture as follows :

  • On backend side, just define an API to expose your data as you will use them, with some authentication & authorisation of course
  • On client side (web / mobile / ...), build an app/web app that will connect to your API and consume the data and render it as expected.

In a article in French called "From mobile to web" where the same principe is used (API on one side to provide data and a web app on client side), it even goes one step further by imaginting a single app that will autodetect if you use a mobile or desktop browser and then render the appropriate display. I'm not convinced it's the best solution as it could make your code quite messy.

28 Nov 2012, 10:32

Offline first, a better (html5) user experience

Interesting blog post about offline management in web apps and why it becomes now a required feature and how to make your app "offline" compliant: Offline first, a better (html5) user experience

Summary:

  1. Decouple your app from the server
    1. Make sure client side app is not reliant on server side code to produce the minimum viable experience. It should be able to at least render something to say that no data is available.
    2. Communicate using JSON
  2. Create an API wrapper object in client side code
    1. Abstract JSON API into an object
    2. Don’t litter your app code with direct AJAX calls and callbacks
  3. Decouple data updates from data storage
    1. Use a data controller object to store and schedule updates
    2. Make all requests for data via this proxy object

What I find relevant from this article :

  • HTML5, especially with the localStorage and Application Cache and Local Storage can improve web apps and the way we develop them
  • Web developers needs to change their paradigm from "always connected" to integrate offline mode (where as app dev are more used to offline mode and think in a 2nd mode to online mode ;-) )
  • Paradigm shift where server provides only a API and that logic will no longer be on server side but on client side. It also explains the recent rise of Javascript and especially MVC Framework in Javascript like AngularJS or BackboneJS.

Any experience or feedback to share on this?