Rezha Julio

Nobody Gets Promoted for Simplicity

Sun, 08 Mar 2026 02:00:00 GMT

Edsger Dijkstra once wrote: "Simplicity is a great virtue, but it requires hard work to achieve and education to appreciate. And to make matters worse, complexity sells better." That was in 1984. Forty-two years later, we still haven't figured it out.

I've been thinking about this a lot because I keep seeing the same pattern at companies I've worked at and in conversations with friends at other shops. The engineer who ships a boring solution gets a pat on the back. The engineer who builds something elaborate gets a promotion. Everyone kind of knows this is wrong, but nobody changes it.

How promotion packets actually work

Promotion committees at most tech companies evaluate "impact," and impact is measured by what you built, how big it was, and how many people it affected. Google's promotion process, which half the industry has copied in some form, explicitly looks for "increasing scope" as you move up levels. The Staff Engineer archetypes Will Larson describes all involve operating at larger and larger scales.

None of that is inherently bad. But it creates a gravitational pull toward building more, not less. A straightforward implementation that ships in two days and runs without incident for six months is genuinely hard to write a compelling promo case around. Meanwhile, the engineer who introduced an event-driven architecture with a custom configuration framework has a story that practically writes itself, even if the team didn't need any of it.

Kent Beck put it well: "I'm not a great programmer; I'm just a good programmer with great habits." One of those habits is resisting the urge to build the impressive thing when the boring thing works fine.

We train people to do this

The bias starts before anyone gets hired. In system design interviews, you propose a single Postgres database behind a REST API and the interviewer pushes: "What about 10 million users?" So you add Redis, then Kafka, then a sharded database with read replicas, and by the end you've drawn an architecture diagram for a system that 99% of companies will never need. The interviewer nods approvingly. Lesson learned: simple wasn't enough.

To be fair, interviewers sometimes have good reasons to push on scale. They want to know if you understand distributed systems and can reason about tradeoffs under pressure. But the meta-lesson candidates absorb is that complexity impresses people. And that sticks.

Design reviews have the same problem. Someone proposes a clean approach and gets hit with "shouldn't we future-proof this?" So they go back and add layers for problems that might never show up. I've done this myself. I once built an elaborate plugin system for a feature that ended up having exactly one plugin, ever. The abstraction cost more time to maintain than it would have taken to just copy-paste the 30 lines of code if we ever needed a second one.

Martin Fowler's YAGNI principle ("You Aren't Gonna Need It") gets nodded at in every architecture discussion and ignored in most of them. The social pressure to look like you've thought of everything is stronger than the engineering principle telling you to wait until you actually need it.

Complexity has real costs people ignore

There's a paper from 2022 by researchers at Microsoft, "The Space of Developer Productivity", that found developer satisfaction and productivity are strongly correlated with codebase simplicity and low cognitive load. This lines up with what most of us already feel: working in an over-engineered codebase is exhausting. Every change requires understanding three layers of abstraction before you can touch anything.

Sandi Metz talks about this in terms of the wrong abstraction: "Prefer duplication over the wrong abstraction." I've seen engineers create elaborate class hierarchies to avoid repeating 10 lines of code, then spend weeks debugging the hierarchy when requirements changed slightly. The duplication would have been fine. More than fine, actually. It would have been obvious and easy to change.

Google's own internal studies on code health found that the highest-rated codebases weren't the most cleverly architected. They were the ones where a new team member could make a change within their first week. Simplicity isn't just an aesthetic preference, it directly affects how fast a team can move.

The actual path to seniority

The confidence to not build something is weirdly rare. Anyone can add complexity, it's the default mode of engineering. Leaving it out means you've actually thought through the problem and made a deliberate choice. That's harder than it looks.

The best senior engineers I've worked with don't know more tools and patterns than everyone else. They know when not to use them. Their code makes you think "well, yeah, of course" because there's nothing clever about it, nothing that makes you feel stupid. That clarity comes from experience, not from a lack of skill.

Rich Hickey's talk "Simple Made Easy" draws a distinction worth remembering: simple means "not compound," having one role or concept. Easy means "near at hand," familiar. They're not the same thing. A microservice architecture might be easy to reach for if that's what you've always done, but it's not simple for a problem that a monolith handles fine.

Making simplicity visible

Your work won't speak for itself. Not because it's not good, but because promotion systems aren't built to hear it.

"Shipped feature X" doesn't capture anything. But "evaluated three approaches including an event-driven model, determined the straightforward implementation met all current requirements, shipped in two days with zero incidents over six months" tells the real story. The decision not to build something is an architectural decision. Write it up like one.

When someone asks "shouldn't we future-proof this?" in a review, don't just cave. Try: "Here's what it would cost to add that later, and here's what it costs us to add it now. I think we wait." You're showing your work, not pushing back.

On the leadership side, the single best thing a tech lead can do is change the default question. Instead of "have we thought about scale?", ask "what's the simplest version we can ship, and what signals would tell us we need more?" That one swap puts the burden of proof on complexity instead of simplicity. And pay attention to what gets celebrated publicly. If every shout-out goes to the big complex project, that's what people will optimize for. Start recognizing the engineer who deleted code, or the one who said "we don't need this yet" and turned out to be right.

The uncomfortable part

Some teams genuinely value this. Others say they do but promote the opposite. If you do everything right and your organization still only rewards elaborate systems, that's useful information. It tells you where you work. You can either play the game or find a place where good judgment is actually recognized.

But at least you'll know which one you're in.

This post was inspired by a piece on terriblesoftware.org on the same topic, which I recommend reading.

The AI Paradox: Coding is Easier, Engineering is Harder

Sat, 07 Mar 2026 02:00:00 GMT

Writing code has never been this easy. AI assistants will generate boilerplate, wire up API calls, scaffold tests. You describe what you want and it appears. I use these tools every day and they're genuinely useful. But I keep noticing something: the typing part of my job shrank, and everything around it got bigger.

I wrote about how the compound engineering loop works recently, and about what happened when Max Woolf stress-tested agents on real Rust projects. This post is about a simpler observation: the work didn't get easier. It moved.

I don't write code anymore, I review it

Before AI, I spent most of my time turning logic into syntax. Line by line, I understood the code because I was the one who wrote it.

Now the AI writes it. My job is to read what it produced and decide if it's correct. That sounds easier. It isn't. When I wrote code myself, I had the full context in my head. When I'm reviewing something the AI generated, I have to rebuild that context from scratch. I'm watching for hallucinated dependencies, wrong assumptions, bugs that look fine on first read. I called this "management" before, and the label still fits. You spend your time auditing someone else's output instead of producing your own.

I spend more time staring at diffs than I ever spent typing.

The ghost bugs

AI doesn't hedge or leave TODO comments. It will hand you a function that references a library that doesn't exist, or call an API endpoint that was deprecated two years ago. The code compiles, the types check, and it still does the wrong thing.

Human bugs tend to follow patterns I recognize. AI bugs are weirder. I once spent an hour tracking down a failure that turned out to be a hallucinated enum variant. The AI generated it, used it consistently across three files, and it wasn't real. That kind of thing messes with your trust. If you've ever dug into how LLMs actually work, you know why: the model is completing the most statistically likely sequence, not reasoning about whether the symbol exists.

Speed without architecture is just fast debt

Generating code is cheap now. That's the problem. It's tempting to let the AI build out a feature quickly, ship it, move on. But "move fast" without architecture just means you pile on technical debt faster than before.

Nobody needs me to write a for loop in 2026. What they need is someone who can look at five AI-generated modules and figure out whether they'll still work together six months from now. Woolf figured this out too. His results came from writing detailed specs and AGENTS.md files before letting agents touch the code. The architecture work happened up front, not after.

Sometimes I just want to type

A few developers I follow have been talking about turning off completions for side projects. No Copilot, no agents, just a text editor and your brain.

I tried it last weekend. Wrote a small CLI tool by hand, maybe 200 lines. It took me four times as long as it would have with AI, and I enjoyed every minute of it. The slowness forces you to actually think about each decision instead of rubber-stamping whatever the model suggests.

Not practical for work. But for the stuff I build for myself, I might keep doing it.

The trade

AI made me faster at producing code and slower at everything else. I review more and debug stranger problems. The writing is easy now. The engineering never was.

Demystifying AI: Learning LLMs Through 200 Lines of MicroGPT

Fri, 06 Mar 2026 02:00:00 GMT

Large Language Models (LLMs) are often treated as black boxes. We feed them prompts, and they spit out code, essays, or architectural advice. But underneath the billions of parameters and GPU clusters, what is actually happening?

On February 12, 2026, Andrej Karpathy published MicroGPT -- a single Python file, about 200 lines, zero dependencies, that trains and runs a GPT from scratch. No PyTorch. No TensorFlow. The only imports are os, math, and random. He called it an "art project," and I think that's underselling it.

MicroGPT is the end point of a long series of Karpathy's educational projects: micrograd (autograd engine), makemore (character-level generation), nanoGPT (practical GPT training), and finally this -- the whole thing distilled into one file. As he put it: "This file is the complete algorithm. Everything else is just efficiency."

What it actually does

MicroGPT trains on a dataset of about 32,000 baby names. It learns the statistical patterns of how names are spelled, then generates new fake names that sound real but never existed. Names like "karia" or "alend." It's a character-level language model, so each letter is a token.

That might sound trivial compared to ChatGPT, but the mechanism is identical. ChatGPT is this same core loop (predict next token, sample, repeat) scaled up with more data, more parameters, and post-training to make it conversational. When you chat with it, the system prompt, your message, and its reply are all just tokens in a sequence. The model is completing the document one token at a time, same as MicroGPT completing a name.

Why it is worth reading

Production models like Llama 3 or GPT-4 bury their core logic under layers of optimizations, distributed training, and hardware-specific tweaks. Good luck figuring out how attention actually works by reading that code.

MicroGPT strips all of that away. The model has exactly 4,192 parameters. GPT-2 had 1.6 billion. Modern LLMs have hundreds of billions. But the architecture is the same shape: embeddings, attention, feed-forward networks, residual connections. Just much, much smaller.

What makes MicroGPT unusual is that it does not just implement the model. It implements everything from scratch. The entire file contains:

A character-level tokenizer (each unique character gets an integer ID)
An autograd engine (the Value class, which tracks gradients through the computation graph)
A GPT-2-like neural network (with RMSNorm instead of LayerNorm, ReLU instead of GeLU, no biases)
The Adam optimizer
The training loop and inference loop

The autograd part is the thing that surprised me. In normal deep learning, you use PyTorch or JAX to compute gradients automatically. Here, Karpathy reimplements backpropagation from scratch in about 30 lines using a Value class that wraps scalars and tracks their dependencies. Every addition, multiplication, and activation function creates a node in a computation graph. When you call loss.backward(), it walks the graph in reverse and computes gradients using the chain rule. The same thing PyTorch does, just one scalar at a time instead of batched tensors on a GPU.

The actual code

Here is the model function, slightly cleaned up for readability. In the real code, it is a single flat function, not a class:

def gpt(token_id, pos_id, keys, values):
    tok_emb = state_dict['wte'][token_id]       # token embedding
    pos_emb = state_dict['wpe'][pos_id]          # position embedding
    x = [t + p for t, p in zip(tok_emb, pos_emb)]
    x = rmsnorm(x)

    for li in range(n_layer):
        # 1) Multi-head Attention block
        x_residual = x
        x = rmsnorm(x)
        q = linear(x, state_dict[f'layer{li}.attn_wq'])
        k = linear(x, state_dict[f'layer{li}.attn_wk'])
        v = linear(x, state_dict[f'layer{li}.attn_wv'])
        keys[li].append(k)
        values[li].append(v)
        # ... attention computation with Q, K, V ...
        x = [a + b for a, b in zip(x, x_residual)]  # residual connection

        # 2) MLP block
        x_residual = x
        x = rmsnorm(x)
        x = linear(x, state_dict[f'layer{li}.mlp_fc1'])
        x = [xi.relu() for xi in x]
        x = linear(x, state_dict[f'layer{li}.mlp_fc2'])
        x = [a + b for a, b in zip(x, x_residual)]  # residual connection

    logits = linear(x, state_dict['lm_head'])
    return logits

No classes. No inheritance. No framework. Just functions that take lists of Value objects and return lists of Value objects. linear is a matrix-vector multiply. rmsnorm normalizes activations. softmax turns raw scores into probabilities. Each one is two or three lines long.

The state_dict is a plain dictionary of weight matrices, each made of Value objects that know how to compute their own gradients. That's how the whole thing fits in 200 lines.

Self-attention, explained concretely

Self-Attention is what makes this a transformer instead of a bag-of-characters model. It is how the model learns that the "m" in "emma" relates to the "e" before it.

Each token gets projected into three vectors: a Query (Q), a Key (K), and a Value (V). The Query says "what am I looking for?", the Key says "what do I contain?", and the Value says "what information do I carry?" The model computes dot products between the current Query and all cached Keys, runs them through softmax to get attention weights, then takes a weighted sum of the Values.

In MicroGPT's code, this is fully explicit. You can see each dot product being computed in a loop, one element at a time. In PyTorch, the same computation is hidden inside batched matrix multiplications. Same math, different packaging.

Running it yourself

The whole thing is a single file. You download it and run python train.py. That's it. No pip install, no environment setup, no CUDA drivers.

On Karpathy's MacBook, training takes about a minute. After 500 steps, the loss drops from around 3.3 (random guessing among 27 tokens) to about 2.37, and you start seeing plausible generated names in the output.

You can swap out the dataset and train on anything character-level -- city names, Pokemon, short poems. The rest of the code does not change. You can also tweak the hyper-parameters to see what happens: change n_embd, n_layer, n_head, and watch how it affects what the model learns.

If you want the full guided walkthrough, Karpathy wrote a detailed companion blog post at karpathy.github.io/2026/02/12/microgpt that walks through every section of the code. There is also a Google Colab notebook if you want to run it without downloading anything.

The gap between this and ChatGPT

MicroGPT is the algorithm. ChatGPT is that same algorithm with a long list of engineering on top. Karpathy's blog post spells out the differences section by section, and none of them change the core loop. The tokenizer goes from single characters to BPE with 100K tokens. The autograd goes from scalar Value objects to batched tensor operations on GPUs. The 4,192 parameters become hundreds of billions. The single-document training steps become batches of millions of tokens processed across thousands of GPUs for months.

But the structure is the same. Embed tokens, add positions, pass through attention and MLP blocks on a residual stream, project to logits, compute loss, backpropagate, update parameters. That is what MicroGPT makes visible.

If you are going to spend your days working alongside these tools, it helps to know what they are actually doing. MicroGPT makes that concrete in an afternoon of reading.

Bell Curve Promotions Are Broken

Thu, 05 Mar 2026 02:00:00 GMT

Here's a system that a lot of tech companies use for promotions: take all the engineers on a team, rank them against each other, and force the results into a bell curve. A fixed percentage gets "exceeds expectations," most land in "meets expectations," and someone has to be the bottom. The quota is set before anyone looks at actual work.

I have a problem with this. Several, actually.

The math is wrong

A bell curve describes natural distributions in large populations. Height, test scores across thousands of students, manufacturing defects in a factory producing millions of units. It works when you have large sample sizes and truly random variation.

An engineering team is not a large population. It's 6 to 15 people, hired through the same interview pipeline, filtered by the same bar. You're looking at a pre-selected group. Forcing a normal distribution onto a small, filtered sample is just bad statistics. If you hired well, most of your team should be performing well. That's the whole point of a hiring bar.

A 2012 paper by Ernest O'Boyle Jr. and Herman Aguinis in Personnel Psychology analyzed over 600,000 observations across multiple industries. Their finding: individual performance follows a power law distribution, not a normal distribution. A small number of people produce outsized results, and the rest cluster much more tightly than a bell curve would predict. The bell curve assumption is wrong even at scale. At team level, it's fiction.

It punishes good teams

Say you're on a team where everyone is genuinely strong. Maybe you hired well, maybe the team has been together long enough that everyone has leveled up. Under forced ranking, someone still has to be at the bottom. Not because they're bad, but because the spreadsheet needs a name in that slot.

I've seen this play out. A solid engineer doing good, consistent work gets a "below expectations" rating because someone had to. Their morale craters, they start interviewing, and within a few months you lose someone you didn't want to lose. All because a distribution model required a sacrifice.

The reverse is also true. On a weak team, mediocre work can earn a top rating because relative performance is all that matters. The system doesn't measure how good you are. It measures how you compare to the people sitting near you.

It kills collaboration

Here's the part that really gets me. If my promotion depends on being ranked higher than my teammates, why would I help them? Every hour I spend unblocking a colleague, mentoring a junior engineer, or doing thankless infrastructure work is an hour I'm not spending on visible, promotable work.

The system creates a zero-sum game inside the team. Your gain is my loss. That's a terrible incentive structure for engineering, where the best outcomes come from people working together. You want engineers sharing knowledge, reviewing each other's code thoroughly, stepping in when someone is stuck. Forced ranking makes all of that irrational.

Ed Lazear at Stanford documented this in his research on tournament-based compensation. When workers compete directly against each other for fixed rewards, sabotage and information hoarding increase. He studied sales teams, but the dynamic applies everywhere. Put people in a tournament and they play the tournament, not the actual game.

It rewards performance theater

When you know you're being ranked, you optimize for visibility, not impact. You pick projects that look impressive in a review packet. You make sure your name is on the high-profile launch, even if your actual contribution was small. You avoid the risky cleanup work that might not pan out.

I've watched engineers avoid taking on critical tech debt work because it's hard to explain in a promotion review. "I spent three months making the deploy pipeline 40% faster" doesn't sound as good as "I led the redesign of the recommendation system." One of those has more impact on the team's daily life. The other one gets promoted.

The system selects for people who are good at looking good, which is a different skill from being good at engineering. Over enough cycles, your senior ranks fill up with people who optimized for the game rather than the work.

Manager discretion becomes kingmaker

In practice, forced ranking comes down to your manager arguing for you in a calibration meeting. If your manager is good at internal politics, you get a better ranking. If they're new, or quiet, or have too many reports to advocate for individually, you lose out.

This means your career progression depends less on your actual engineering output and more on your manager's social capital. Two engineers doing identical work on different teams can get wildly different ratings because of calibration room dynamics. The system pretends to be objective, but the rankings are produced through negotiation between managers with competing incentives.

What companies say vs. what happens

The stated goal of forced ranking is always the same: differentiate performance, reward the best, and manage out underperformers. It sounds reasonable in a slide deck.

What actually happens is that people learn the meta-game. Senior engineers time their project deliveries around review cycles. People hoard credit and avoid shared ownership. Teams develop unspoken agreements about whose "turn" it is. The process consumes weeks of management time that could be spent on actual work.

Microsoft used stack ranking for years and famously abandoned it in 2013. Former employees described a culture where people spent more energy on internal positioning than on building good products. Kurt Eichenwald's Vanity Fair piece on Microsoft's "lost decade" pointed directly at stack ranking as a factor. When they dropped it, multiple teams reported improved collaboration within months.

The alternative isn't "everyone gets a trophy"

The common defense of bell curves is that without them, managers would rate everyone highly and nobody would be held accountable. And yes, rating inflation is a real problem. But forced distribution doesn't fix it. It just replaces one distortion with another.

Better alternatives exist. You can evaluate people against defined criteria for their level rather than against each other. You can separate performance feedback from compensation decisions so the review process isn't contaminated by budget constraints. You can use peer feedback and work artifacts instead of manager-mediated rankings.

Some companies do this already. The ones I've talked to engineers at tend to have higher retention and, anecdotally, less internal politics. It's more work for managers, which is probably why many companies default to the bell curve. It's easier to administer. But "easy to administer" is a weird reason to use a system that makes your best people want to leave.

The real cost

Every time a forced ranking system pushes out a good engineer who happened to be on a strong team, or promotes a mediocre one who happened to be on a weak team, the company pays for it. In hiring costs, in lost institutional knowledge, in the slow erosion of trust that makes people stop taking risks.

I keep coming back to this: the bell curve is a model for describing populations, not a tool for managing people. Using it to decide who gets promoted is like using a thermometer to decide what to have for dinner. The instrument isn't designed for the job.

If your promotion system requires that some percentage of good engineers be labeled as underperformers, the system is broken. Not the engineers.

The Skeptic Who Got Benchmaxxed: What Actually Changed About AI Coding Agents

Wed, 04 Mar 2026 13:00:00 GMT

There are two types of AI coding blog posts. The first kind is breathless hype: "I built a SaaS in 30 minutes with Claude!" The second kind is breathless doom: "AI is destroying the craft of programming!"

Max Woolf's recent post is neither. It's the rare piece where someone who was publicly skeptical about AI agents changed their mind, showed the receipts, and still managed to be annoyed about it.

I want to break down what he actually did, because buried under 5,000 words of dry humor is a workflow that I think most developers are sleeping on.

The backstory: a professional skeptic

Woolf is a data scientist in San Francisco. Last May, he wrote a post titled As an Experienced LLM User, I Actually Don't Use Generative LLMs Often. His position was reasonable: LLMs can answer simple coding questions, but agents are unpredictable, expensive, and overhyped. He was open to changing his mind if the tech improved.

Fast forward to November. Anthropic dropped Opus 4.5 right before Thanksgiving. Woolf noticed the timing was suspicious. Companies bury bad announcements on holidays. He had no Thanksgiving plans, so he tested Opus anyway.

What he found was not what he expected.

The AGENTS.md revelation

Before touching Opus, Woolf did something that most people skip: he wrote an AGENTS.md file. If you're not familiar, it's a file you put in your project root that controls agent behavior, like a system prompt for your codebase.

This is where it gets interesting.

Most people complain about agents generating emoji-laden, over-commented, verbose garbage. Woolf's fix was simple. He added rules:

**NEVER** use emoji, or unicode that emulates emoji (e.g. ✓, ✗).

**MUST** avoid including redundant comments which are tautological
or self-demonstrating

He added preferences for uv over base Python, polars over pandas, secrets in .env, and a dozen other opinionated constraints. Not telling the agent what to build, but how to build it.

He claims the difference between having and not having this file is immediately obvious. I believe him. I've seen the same pattern with my own agents. When I migrated my home server with Cici, the thing that made it work wasn't the model. It was writing TOOLS.md and MEMORY.md to give the agent context about my network, my paths, my conventions. Without those files, Cici was guessing. With them, she executed moves without asking "which folder?"

Woolf's approach is the same idea, scaled up. His AGENTS.md is essentially what I called "the API for your AI agent" -- except he's taken it further with granular formatting rules and tool preferences.

His Python and Rust AGENTS.md files are public. Worth stealing.

The prompting strategy nobody talks about

Here's the part that doesn't fit in a tweet. Woolf doesn't just type build me a thing into Claude Code. He writes full Markdown spec files, tracked in git, with explicit constraints. Then he tells the agent: implement this file.

His YouTube scraper prompt is a good example:

Create a robust Python script that, given a YouTube Channel ID,
can scrape the YouTube Data API and store all video metadata in
a SQLite database. The YOUTUBE_API_KEY is present in `.env`.

You MUST obey ALL the FOLLOWING rules:
- Do not use the Google Client SDK. Use the REST API with `httpx`.
- Include sensible aggregate metrics.
- Include `channel_id` and `retrieved_at` in the database schema.

Notice: he specifies the HTTP library. He specifies the schema columns. He bans the SDK he doesn't want. This is not "vibe coding." This is writing a spec, which is what senior engineers do anyway, except now the spec gets executed immediately. I wrote about this exact shift in my Amp post: plan first, code second. The code is just the implementation detail. Woolf arrived at the same conclusion independently, but his specs are even more constrained. He leaves the agent zero wiggle room.

The result worked first try. 20,000 videos scraped. Clean, Pythonic code. No Sonnet 4.5 slop.

From Python to Rust: where it gets wild

Once Woolf confirmed Opus could handle Python, he did what any sane person would do: he asked it to write Rust.

Historically, LLMs have been terrible at Rust. The language is niche, the borrow checker is unforgiving, and there's not enough training data for LLMs to fake their way through. Woolf had been testing LLMs on Rust for years. They always failed.

They stopped failing.

Here's what he built, all with Opus and later Codex:

icon-to-image: Renders Font Awesome icons into images at arbitrary resolution. Written in Rust with Python bindings via PyO3. Features supersampled antialiasing, transparent backgrounds, and PNG/WebP output. He started with fontdue for speed but discovered it can't render curves properly at high resolution (it approximates). Told Opus, Opus swapped in ab_glyph without breaking anything.

miditui: A MIDI composer and playback DAW that runs entirely in a terminal. Yes, a terminal. Uses ratatui for the UI and rodio for audio. Opus couldn't see the terminal output and still implemented correct UI changes. Woolf fell back on his QA engineering background to find bugs manually and describe them to the agent.

ballin: A terminal physics simulator rendering 10,000+ bouncing balls using Braille unicode characters for sub-pixel resolution. Uses the rapier2d physics engine. Built from 14 iterative prompts, each one a detailed spec, each followed by manual review and git commit.

These are not toy demos. The ballin PROMPTS.md shows the full development history: 14 numbered prompts, each one building on the last, each one specific enough that the agent couldn't misinterpret intent. Same pattern I use with Amp: decompose, specify, implement, review, commit. The difference is Woolf does it manually with Markdown files instead of using tooling to automate the decomposition. The principle is identical.

The benchmaxxing pipeline

Here's where Woolf's post stops being an experience report and starts being something else.

He developed an 8-step pipeline for building machine learning algorithms in Rust:

Implement the algorithm with benchmarks
Clean up code and optimize
Scan for algorithmic weaknesses, describe problem/solution/impact for each
Optimize until ALL benchmarks run 60% faster. Repeat until convergence. Don't game the benchmarks
Create tuning profiles for CPU thread saturation and parallelization
Add Python bindings via PyO3
Create Python comparison benchmarks against existing libraries
Accuse the agent of cheating, then make it minimize output differences against a known-good implementation

Steps 4 and 8 are the clever ones. Step 4 gives the agent a quantifiable target instead of a vague "make it faster." Step 8 is a built-in integrity check: even if the agent found wild optimizations, the output must still match scikit-learn.

Then he discovered something weird: chaining different models produces compound speedups. Codex optimizes the code 1.5-2x. Then Opus, working on the already-optimized code, somehow finds more optimizations. Different models apparently have different optimization strategies. This is something I've been experimenting with too. In my CLIProxyAPI setup, I route different Amp modes to different models: Opus for smart mode, Gemini for rush. Woolf's approach is more deliberate. He chains them sequentially on the same codebase to compound their different optimization instincts.

The numbers he reports:

Algorithm	vs. Existing Rust	vs. Python
UMAP	2-10x faster	9-30x faster
HDBSCAN	23-100x faster	3-10x faster
GBDT	1.1-1.5x faster	24-42x faster fit

If these numbers are real, and he open-sourced nndex as proof, that's not incremental improvement. That's a different category of result.

nndex: the proof of concept

The project he released to back up his claims is nndex: an in-memory vector store for exact nearest-neighbor search, written in Rust with Python bindings. It's conceptually simple (cosine similarity reduces to dot products on normalized vectors) but the implementation is anything but.

The Rust code uses:

simsimd for SIMD-accelerated dot products
rayon for parallel iteration with adaptive thresholds
Five different single-query strategies and five batch strategies, selected at runtime based on matrix shape
wgpu for GPU compute (Metal/Vulkan/D3D12) with custom WGSL shaders
An IVF approximate index with spherical k-means for when exact search is overkill
LRU caching, denormal flushing, zero-copy numpy interop via PyO3

The benchmark results against numpy (which uses optimized BLAS under the hood):

Low-to-medium dimensions (< 256): nndex wins by 2-9x
Single query on 50k rows: 4.9x faster
All results: 99.5-100% top-k overlap with numpy. Similarity deltas under 1e-6

The whole thing is built with #![forbid(unsafe_code)]. All performance comes from safe Rust, SIMD via safe wrappers, and GPU dispatch. No unsafe blocks.

What I actually take away from this

Woolf's post is long and covers a lot of ground. Here's what I think matters:

1. AGENTS.md is not optional. It's the difference between useful output and garbage. If you're getting bad results from coding agents, this is the first thing to fix. Not the model. Not the prompt. The persistent context file that shapes every interaction. I've been saying this since my first week with Clawdbot -- the agent remembered my preferences because I wrote them down. Woolf's AGENTS.md is the same concept, but production-grade.

2. Prompting is spec writing. The people getting good results aren't typing casual requests. They're writing detailed specifications with explicit constraints, tracking them in git, and referencing them by filename. This is just good engineering practice that happens to also work for agents.

3. The "literal genie" framing is perfect. Agents don't read minds. They don't infer your preferences. They do exactly what you say, including the things you forgot to say. You need to be specific about what you DON'T want as much as what you do.

4. Domain expertise is the multiplier. Woolf knew enough about MIDI, physics engines, font rendering, and machine learning algorithms to audit agent output and catch mistakes. Without that knowledge, the same prompts would produce the same bugs but nobody would notice until production. I learned this the hard way when Cici tried to hack my router with 2015-era exploits. If I didn't know my TP-Link AX used encrypted tokens, I would have let the agent waste an hour on a dead end.

5. Chaining models is underexplored. The idea that Codex and Opus find different optimizations, and that running them in sequence produces compound speedups, caught me off guard. It's like getting a second opinion from a doctor who went to a different medical school.

6. QA skills are the new coding skills. Woolf explicitly mentions that his background as a black-box QA engineer was critical. Finding bugs in agent code is different from writing bug-free code. If you spent years in QA, you might be better positioned for the agent era than the 10x developer next to you.

The uncomfortable conclusion

I've written before about how AI pair programming is really management. Woolf's experience confirms this but takes it further. He's not managing one agent on one task. He's running a pipeline: spec, implement, benchmark, optimize, chain, verify. The agent is a tool in the pipeline, not the pipeline itself. This is the compound engineering loop I wrote about -- Plan, Work, Review, Compound -- except Woolf's "Compound" step is literally running benchmarks and feeding the results back into the next optimization pass.

The uncomfortable part is that this workflow produces results that are hard to wave away. You can't say "it's just regurgitating GitHub" when the code is faster than everything on GitHub. You can't say "it's just autocomplete" when it's implementing physics engines and ML algorithms from specs.

You can say "well, I could do that myself given enough time." And you'd be right. But Woolf addresses this too: the session limits on these tools forced him into a habit of coding for fun an hour every day. The agents didn't replace his programming. They let him tackle projects that would have taken months, and he learned Rust along the way by reading the diffs.

This won't replace all programming. But for people who know what they want to build and not necessarily how to build it, this workflow clearly works.

I remain cautious. But my caution now has a different shape. I'm less worried about whether agents can produce good code, and more worried about whether developers will put in the work to make them produce good code. The AGENTS.md file, the detailed specs, the manual review, the integrity checks: that's a lot of discipline. "Vibe coding" is easier. I argued before that I trust simple agents more because I can see what they're doing. Woolf's workflow is the opposite of simple -- it's elaborate and deliberate -- but it shares the same core principle: transparency. Every prompt is in git. Every benchmark is reproducible. Every optimization is auditable.

And that's the real problem. The people getting the best results from agents are the ones who were already good engineers. The gap isn't closing. It might be widening.

Manage your agents. Or they'll manage your codebase into the ground.

How to lock yourself out of SSH with a single scp command

Tue, 03 Mar 2026 02:00:00 GMT

Ever locked yourself out of your own server just by copying files with scp? That's exactly what happened to an engineer who wrote about it on sny.sh.

Here's what went down. They wanted to transfer a local folder to the home directory on their server:

scp -r . host:

Looks harmless, right? The problem was that the local folder had permissions set to rwxrwxrwx, or 777 (probably left over from testing something).

Turns out scp from OpenSSH doesn't just copy files. It also changes the target folder's permissions to match the source. So the home directory (/home/user) on the server got set to 777.

And that's when everything broke. Next SSH login attempt, sshd flat out refused:

Authentication refused: bad ownership or modes for directory /home/user

OpenSSH is strict about this. If your home directory or .ssh folder is world-readable (777), it won't accept public key authentication. It's a security measure, and it makes sense, but it sure doesn't feel great when you're the one locked out.

Luckily, this person still had WebDAV access to the server and could fix the home directory permissions back to 700 (rwx------). Without that, the server would've been toast, especially if it's a headless Raspberry Pi with no other way in.

Watch out when using scp -r, especially when copying directly into your home directory. This behavior has been reported and should be fixed in OpenSSH 10.3.

Compound Engineering

Mon, 02 Mar 2026 02:00:00 GMT

Most codebases get worse over time. You add a feature, and next month that feature makes the next one harder to build. After a few years, the team spends more time fighting the system than building on it. Everyone has lived through this.

I've been thinking about a different approach lately. I'm calling it compound engineering: the idea that every unit of work should make the next unit easier. Bug fixes should eliminate entire categories of future bugs. Patterns you discover should become tools you reuse. The codebase should get easier to work with over time, not harder.

The loop

The whole thing runs on a four-step loop:

Plan → Work → Review → Compound → Repeat

The first three steps are familiar to anyone who writes software. You figure out what to build, you build it, you check if it's correct. Nothing new there.

The fourth step is where the gains pile up. Skip it, and you've done regular engineering with AI tools. Do it, and you start accumulating knowledge that pays dividends.

Plan (where most of the thinking happens)

Planning is the step people underestimate the most. I've found that planning and review should take up roughly 80% of your time. Work and compounding fill the remaining 20%.

That sounds extreme until you realize that a good plan means the AI agent can implement without much supervision. A bad plan means you're babysitting every line of code. The plan is now the most important artifact you produce, more important than the code itself.

What does planning look like? You understand the requirement, you research how similar things work in the codebase, you check the framework docs, you design the approach, and you poke holes in your own plan before handing it off.

Work (the agent writes code)

Once the plan exists, execution is relatively mechanical. The agent implements step by step. You run tests and linting after each change. You track what's done and what's left.

If you trust the plan, there's no need to watch every line of code. This is where most developers get stuck. They've been trained to review everything line by line, and letting go feels irresponsible. But if the plan is solid and you have tests, the risk is low.

Review (catch problems, capture lessons)

Review catches issues before they ship. But more importantly, review is where you notice patterns. What went wrong? What category of bug was this? Could the system have caught it automatically?

One approach I've been experimenting with is running multiple specialized review agents in parallel, each looking at a different angle: security, performance, data integrity, architecture. Everything gets combined into a prioritized list. P1 issues get fixed immediately, P2 issues should be fixed, P3 items are nice-to-haves.

You don't need a fleet of review agents to do this. The principle works at any scale. After any piece of work, ask: what did I learn here that I could write down?

Compound (the step nobody does)

This is the step that separates compound engineering from "engineering with AI tools." After you finish a piece of work, you ask:

What worked?
What didn't?
What's the reusable insight?

Then you write it down somewhere the system can find it next time. In my setup, this means updating AGENTS.md (the file the agent reads at the start of every session) with new patterns, creating specialized agents when warranted, and storing solved problems as searchable documentation.

Future sessions should find past solutions automatically. If you figured out how authentication works, you document it once, and nobody has to ask you again. The knowledge belongs to the system, not to any individual.

The adoption ladder

Not everyone jumps straight to fully autonomous agents. I think about it in five stages:

Stage 0: You write everything by hand. This built great software for decades, but it's slow by 2025 standards.

Stage 1: You use ChatGPT or Claude as a search engine with better answers. Copy-paste what's useful. You're still in full control.

Stage 2: You let AI tools make changes directly in your codebase, but you review every line. Most developers plateau here.

Stage 3: You create a detailed plan, let the agent implement it without supervision, and review the pull request. This is where compound engineering starts to work.

Stage 4: You describe what you want, and the agent handles everything from research to PR creation. You review and merge.

Stage 5: You run multiple agents in parallel on cloud infrastructure, reviewing PRs as they come in. You're directing a fleet.

Beliefs worth reconsidering

A few assumptions that I think get in the way:

"The code must be written by hand." The actual requirement is correct, maintainable code that solves the right problem. Who typed it doesn't matter.

"First attempts should be good." In my experience, first attempts have a 95% garbage rate. Second attempts are still 50%. This isn't failure, it's iteration. The goal is to get to attempt three faster than you used to get to attempt one.

"Code is self-expression." This one stings, but letting go of attachment to code means you take feedback better, refactor without flinching, and skip arguments about style.

"More typing equals more learning." The developer who reviews ten AI implementations understands more patterns than the one who hand-typed two. Understanding matters more than muscle memory.

The 50/50 rule

Traditional teams spend 90% of their time on features and 10% on everything else. I think the right split is closer to 50/50: half your time building features, half improving the system.

An hour building a review agent saves ten hours of review over the next year. A test generator saves weeks of manual test writing. System improvements make work faster. Feature work doesn't compound in the same way.

Wrapping up

You don't need a fancy multi-agent review system to benefit from this thinking. The core idea is dead simple: after you finish any piece of work, spend a few minutes writing down what you learned in a place where your future self (or your AI tools) can find it.

Plan carefully, let the tools do the typing, review for substance, and write down what you learned. Each cycle gets a little faster than the last.

The hard part isn't the process. The hard part is the emotional adjustment. Letting go of line-by-line review. Trusting the plan. Accepting that code you didn't type is still your responsibility. That takes time, and it's okay to work through it at your own pace.

28 Posts in 28 Days: What Happened When I Wrote Every Day in February

Sun, 01 Mar 2026 02:00:00 GMT

I didn't plan this. On February 1st I published a post about reducing OpenClaw's heartbeat token usage because it was fresh in my head. Then I wrote another one the next day. By February 5th I realized I had a streak going and thought: okay, let's see if I can do the whole month.

February has 28 days. That felt like a dare.

What I actually wrote about

Looking back, the posts cluster into a few buckets. The biggest one is AI and agents. I wrote about AI pair programming being more management than magic, about shell-first agents outperforming fancy ones, about moving my AI setup to a homelab, about building my own AI news anchor, and about planning before prompting when using Amp. This is where my head has been lately, so no surprise there.

Then there's the five-part blog redesign series. I audited what was wrong, added a blogroll, rebuilt the theme from scratch, sweated the small stuff, and wrote up what I learned. Five posts on one redesign sounds excessive, but each part stood on its own and people seemed to find different parts useful.

Then there's the day job stuff -- data engineering, backend, DevOps. Docker maintenance, DNS as code, upgrading four PostgreSQL instances, debugging an Airflow executor error, chasing a transitive dependency vulnerability. This is what I actually do all day, so writing about it came naturally.

And then there's everything else. A Telegram bot for 24,000 developers, a PSN game scraper, managing my house in the terminal, why I self-host everything. I even wrote about deadlifts.

Some days had two posts. Those weren't planned either -- I just had more to say.

The hard part

Around day 12 I hit a wall. I'd used up all the easy topics -- the stuff I'd been meaning to write about for weeks. From that point on, every morning started with "what am I going to write today?" which is a bad question to wake up to.

What helped was lowering my standards. Not every post needs to be a deep dive. Some of my February posts are short. The yak shaving one is basically a long anecdote with a point at the end. The innerHTML post is a reaction to a Firefox feature. Those are fine. They're blog posts, not dissertations.

The other thing that helped was writing about whatever I was doing that day. The Airflow post came from debugging at work. The PostgreSQL post came from a weekend upgrade. The clap button posts (yes, two of them) came from actually building and then over-engineering the feature on this blog. Writing about what you're already doing cuts the prep time in half.

What I noticed

My writing got faster. The first few posts took me two or three hours each. By the end of the month I could get a draft out in about an hour. The editing still took time, but getting words on the screen became less painful.

I also noticed that I write better when I'm not trying to be comprehensive. My best posts from this month are the ones where I pick one specific thing and talk about it. The worst ones are where I tried to cover too much ground.

The streak also changed how I consume information. I started reading blog posts, release notes, and documentation with a filter running in the background: "is there a post in this?" Sometimes there was. The Go 1.26 post on the last day of February came from reading Keith Randall's Go blog post and wanting to explain the allocation changes to myself.

Am I going to keep doing this?

No. 28 days was enough. Daily publishing is a useful exercise but a bad habit. Some of these posts needed another day of editing. A few could have been combined into longer, better pieces. The pressure to publish something every day occasionally won over the desire to publish something good.

I'll keep writing, probably two or three posts a week. The daily habit proved I have enough material. Now I want to be pickier about what gets published and spend more time on each piece.

If you're thinking about trying a daily writing challenge: do it for a month, not longer. The first week is easy, the second week is hard, and the third week is when you actually start learning things about how you write. By the fourth week you're ready to stop, and that's the right time.

29 posts. 28 days. Some good, some okay. On to March.

Go 1.26: Stack vs Heap Allocation — Faster Code Without Changing a Line

Sat, 28 Feb 2026 02:00:00 GMT

Keith Randall just published Allocating on the Stack on the Go blog. If you've ever profiled a Go service and seen a pile of tiny allocations from append growing a slice from zero, this one is worth reading.

The gist: the Go 1.25 and 1.26 compilers can now keep slice backing stores on the stack in more situations than before.

What actually changed

The improvements landed in two stages.

Go 1.25 tackled make with variable sizes. Previously, make([]T, 0, n) could only be stack-allocated if n was a compile-time constant. Now the compiler provisions a small 32-byte buffer on the stack and uses it when the requested size fits. So make([]int, 0, someVar) can avoid the heap entirely if someVar is small enough.

Go 1.26 goes further in two ways.

First, append on a nil or empty slice now uses a stack-allocated backing store as its first allocation. No make with a capacity hint needed. How much fits depends on the element size: a 32-byte buffer holds four 8-byte values, eight 4-byte values, and so on. If the slice stays small, it never touches the heap.

Second, slices that escape the function (returned to the caller) can still benefit. The compiler injects a runtime.move2heap call right before the return. If the slice already grew beyond the stack buffer, the call is a no-op. If it's still on the stack, it copies to a single, right-sized heap allocation at the last moment. This is the part I find most interesting, because it actually beats hand-written code. A manual copy + return pattern always pays for the final allocation and copy. The compiler only does it when the slice is still stack-backed.

Why this matters in practice

I've worked on Go services where append-heavy hot paths showed up in allocation profiles: building slices of results from database queries, collecting validation errors, assembling middleware chains. The kind of code where the slice is usually small but you don't want to hardcode a capacity.

The usual fix was sprinkling make([]T, 0, expectedSize) everywhere, which works but adds noise. These compiler changes make that unnecessary for the common case.

Go 1.26 also enables the Green Tea garbage collector by default (it was experimental in 1.25). The Go team reports 10-40% less GC overhead for allocation-heavy programs. Combined with fewer objects landing on the heap in the first place, the two changes reinforce each other.

The catch

If the new allocation patterns expose existing unsafe.Pointer misuse or other correctness issues, you can disable the optimization:

go build -gcflags=all=-d=variablemakehash=n

The bisect tool with -compile=variablemake can narrow down which allocation is causing trouble.

Bottom line

Upgrade to Go 1.26, rebuild, and check your allocation profiles. I'd be surprised if you don't see fewer heap allocations.

The full blog post with code examples: Allocating on the Stack.

Sharpen the Saw: Don't Debug in the Dark

Fri, 27 Feb 2026 02:00:00 GMT

I recently read a post called Fix Your Tools by Adolfo Ochagavía. It hit close to home because of a bad habit I think we all share as developers.

The Tunnel Vision Trap

The scenario is classic: You're hunting a gnarly bug. You're in "problem-solving mode." You try to set a breakpoint, but your debugger ignores it.

What do you do?

If you're like most of us in the heat of the moment, you ignore the broken debugger. You think, "I don't have time to fix my tools, I have a bug to fix!" So you switch to console.log or print statements, cluttering your code and guessing at the state.

You spend hours chasing shadows because you're debugging in the dark.

Sharpen the Saw

Adolfo's realization was simple: Fix the darn debugger.

In his case, it was a one-line configuration change. Once he fixed his tool, he could see exactly what was happening, and the original bug was solved in minutes.

This is the essence of Stephen Covey's 7th habit: Sharpen the Saw.

If you're trying to cut down a tree with a dull saw, it takes forever. Stopping to sharpen the saw feels like a delay—"I'm busy sawing!"—but in reality, it's the only way to speed up.

When to Stop and Fix

It's tricky to know when you're "sharpening the saw" versus falling into a rabbit hole of "yak shaving" (endlessly tweaking configs without doing real work).

Here's my rule of thumb:

If the tool is actively fighting you (linter crashing, debugger skipping, tests flaky), fix it immediately. You're losing more time working around it.
If the manual workaround is painful, like deploying via FTP instead of spending an hour on a CI script, fix it the second time it annoys you.
If you're just bored and reaching for a new Neovim color scheme instead of coding, that's procrastination. Get back to work.

Next time your tools glitch while you're working, resist the urge to power through with a workaround. Take a breath. Fix the tool. Turn the lights back on.

Debugging is hard enough. Don't do it in the dark.

Stop Using innerHTML: The New Firefox Feature That Kills XSS

Thu, 26 Feb 2026 02:00:00 GMT

We've all done it. You get some HTML string from an API (or worse, user input), and you need to render it on the screen. The quickest, dirtiest, and most common way? Good old innerHTML.

// The classic footgun
const userBio = getUserInput(); 
document.getElementById('profile').innerHTML = userBio;

It works instantly, but it's also the primary reason Cross-Site Scripting (XSS) vulnerabilities have plagued the web for two decades. If userBio contains <script>stealCookies()</script> or <img src="x" onerror="alert('hacked')">, your app just executed malicious code.

For years, the solution was to bring in heavy third-party libraries like DOMPurify. But as of Firefox 148, the browser finally gives us a native, built-in solution: The Sanitizer API and setHTML().

Enter `setHTML()`

The new setHTML() method is essentially a drop-in replacement for innerHTML, but with one important difference: it runs the HTML string through a native sanitizer before it gets attached to the DOM.

Instead of this:

el.innerHTML = dirtyString;

You now do this:

el.setHTML(dirtyString);

That's it. No matter what sanitizer config you pass, setHTML() will always strip out XSS-unsafe elements (<script>, <iframe>, <frame>, <embed>, <object>, and SVG <use>) and inline event handlers (like onclick or onerror). Even if you explicitly allow <script> in your config, it still gets removed. Safe by default, no exceptions.

But the default sanitizer goes further than just blocking scripts. It also strips out elements like <img>, <style>, <form>, <input>, <button>, <video>, <template>, custom elements, data- attributes, and more. Basically, if it's not a simple content element (headings, paragraphs, lists, etc.), it's gone.

How does it handle malicious input?

Let's look at what happens when an attacker tries to inject something nasty:

const attackerPayload = `
  <h1>Hello!</h1>
  <script>alert('Stealing tokens...');</script>
  <img src="cute-cat.jpg" onload="sendData()">
  <a href="javascript:evil()">Click me</a>
`;

const container = document.getElementById('content');
container.setHTML(attackerPayload);

console.log(container.innerHTML);
// Output:
// <h1>Hello!</h1>
// <a>Click me</a>

Notice what happened:

The <script> tag was stripped out entirely.
The <img> was removed completely — the default sanitizer doesn't allow it.
The href="javascript:..." was stripped from the <a> tag.

If you want the most permissive mode — only strip XSS-unsafe elements, keep everything else — pass an empty config:

container.setHTML(attackerPayload, { sanitizer: {} });
// Output:
// <h1>Hello!</h1>
// <img src="cute-cat.jpg">
// <a>Click me</a>

Now the <img> stays, but the onload handler and javascript: URL are still gone. You can't sneak XSS through setHTML(), period.

All of this happens natively inside the browser engine, without needing to ship a JavaScript sanitizer library to your users.

Can we customize the Sanitizer?

Yes! You can build your config two ways: as an allow list (only these elements get through) or a remove list (everything except these gets through):

// Allow list: only allow these elements
const mySanitizer = new Sanitizer({
  elements: ['p', 'em', 'strong', 'a'],
  attributes: ['href']
});

el.setHTML(dirtyString, { sanitizer: mySanitizer });

// Remove list: allow everything except these
const strictSanitizer = new Sanitizer({
  removeElements: ['img', 'table', 'style']
});

el.setHTML(dirtyString, { sanitizer: strictSanitizer });

You can also use the Sanitizer object's methods to build configs programmatically:

const sanitizer = new Sanitizer({});
sanitizer.allowElement('p');
sanitizer.allowElement('em');
sanitizer.allowAttribute('href');

Why not just keep using DOMPurify?

DOMPurify works great and has been the go-to for years. But moving this responsibility to the browser has real advantages:

Zero Bundle Size: You ship less JavaScript.
Performance: Native browser code is almost always faster than parsing and mutating the DOM via JavaScript.
Always Up-to-Date: Browsers update automatically to patch new, obscure XSS vectors. You don't have to worry about bumping your npm dependencies every time a new bypass is discovered.
Context Awareness: The browser inherently understands its own DOM parsing quirks better than a polyfill can.

Browser Support & The Path Forward

Right now, Firefox 148 is the first browser to ship this enabled by default (released February 24, 2026). Chrome has an implementation available in Canary behind a flag. Safari hasn't started implementation yet, though the WebKit team has expressed a positive position on the spec.

One thing worth noting: setHTMLUnsafe() — the version that doesn't enforce XSS-safety — already has cross-browser support since 2024. So the unsafe counterpart is available now, and the safe version is catching up.

So, what should you do today?

If you're building modern web apps, start keeping an eye on your innerHTML usage. You can't safely switch 100% of your codebase to setHTML() in production just yet, but the days of blindly dumping strings into the DOM are numbered.

Bonus: Trusted Types and `Document.parseHTML()`

Firefox 148 also ships two related features worth knowing about:

Document.parseHTML() is a companion method that parses an HTML string into a full Document object (instead of injecting into an existing element). Same sanitization rules apply — XSS-unsafe content is always stripped.

Trusted Types is a separate API that lets you lock down all dangerous sinks (innerHTML, outerHTML, document.write, etc.) at the CSP level. You set a Content-Security-Policy header:

Content-Security-Policy: require-trusted-types-for 'script'

After that, passing a raw string to innerHTML throws a TypeError. You have to go through a policy function first. Combined with setHTML(), you get defense in depth: Trusted Types forces developers through audited code paths, and setHTML() makes sure the output is safe regardless.

If you want to play with the API right now, Mozilla has a Sanitizer API playground where you can test different configs and see what gets stripped.

Once the other browsers catch up, there won't be a good reason to reach for innerHTML again.

Next Level Coding with Amp: Planning Before Prompting

Wed, 25 Feb 2026 02:00:00 GMT

I recently started using Amp, and it feels different from any AI coding tool I've used before. It's a coding agent that lives in your terminal (and editor), and the way you work with it matters more than anything it can autocomplete.

The real shift: planning vs. execution

The biggest realization I had while using Amp (and reading about others' workflows, like Boris Tane's) is this:

Do not let the AI write code until you have a plan.

We often treat AI like a magic wand, throw a vague prompt at it and hope for the best. But that leads to hallucinations, wrong architecture choices, and wasted tokens.

With Amp, the workflow shifts. You become a technical architect first, and a coder second.

Research: I ask Amp to read my codebase deeply. It doesn't skim; it understands the context.
Planning: I ask it to write a plan.md. I review the plan, tweak it, and correct assumptions before a single line of code is written.
Execution: Once the plan is solid, I tell Amp to implement it. And it just works.

Some prompts I actually use during planning:

"Plan how to add a blogroll page to this Astro site, but don't write code yet"
"Read the codebase and explain how the content collections are structured"
"Take a look at git diff and analyze what changed"

The planning step feels slow at first, but it saves you from going back and forth fixing things the AI got wrong because it didn't understand your codebase.

Here's a trick I picked up: do your planning and context gathering in one thread, then start a new thread for implementation. Amp lets you reference previous threads, so the implementation thread can pull in the plan without carrying all the back-and-forth exploration that led to it. This keeps the context window clean and focused. A bloated thread full of research tangents makes the agent worse at following through on the actual work.

Agent modes

Amp has three modes, and picking the right one matters more than you'd think:

smart: The default. Uses the best models without constraints. This is what I use for most work, planning, refactoring, writing new features.
rush: Faster and cheaper, but less capable. Good for small, well-defined tasks like "fix the TypeScript error in this file" or "rename this variable everywhere."
deep: Deep reasoning with extended thinking. I reach for this when I'm stuck on a complex bug or need to think through architecture decisions.

I usually start in smart for the planning phase, switch to rush for quick fixes, and pull out deep when something is genuinely hard to reason about.

Teaching Amp your codebase with AGENTS.md

This is something I wish I'd set up earlier. Amp reads AGENTS.md files in your project to understand your codebase conventions, build commands, and project structure. Think of it as onboarding docs for the AI.

For this blog, my AGENTS.md tells Amp things like: use Bun, not npm. Run bun run build to verify. Posts go in src/data/blog/. Notes use timestamp filenames. Tags are arrays. That kind of thing.

You can also put AGENTS.md files in subdirectories for more specific instructions. The agent picks them up automatically. Beyond that, Amp supports a .agents/ directory in your project where you can store custom tools, skills, and code review checks. It's a single place to keep all your AI-related project config. Once you have this set up, you stop repeating yourself in every prompt.

Features that actually matter

A few tools make this workflow work well in practice:

The Oracle

Amp has a built-in "second brain" called Oracle (powered by GPT-5.2 with reasoning). I can ask the main agent to consult the Oracle for complex logic or architectural decisions. It's like having a senior principal engineer on speed dial who doesn't mind being bothered every 5 minutes.

For example: "Ask the Oracle to review this API design and suggest improvements." The Oracle looks at the code, reasons about it, and gives you a second opinion.

The Librarian

This one changed how I approach the research phase. The Librarian can search my entire codebase (and even external repos on GitHub) to find context. It doesn't look at just the open file; it understands how everything connects. That makes the research phase way more useful than manually grepping around.

Subagents

For repetitive or parallel tasks, Amp can spawn subagents. They work independently and keep the main context clean. A prompt like "Convert these 5 CSS files to Tailwind, use one subagent per file" actually works. Each subagent handles one file without polluting the main conversation.

Code review

You can run amp review in the CLI and it reviews your staged changes for bugs, security issues, and style problems. You can even define custom checks in .agents/checks/ to codify your team's conventions. Things linters don't catch, like "don't use raw SQL in the API layer" or "every new endpoint needs rate limiting."

Skills

Skills are reusable instruction packages that teach Amp how to do specific tasks. Amp ships with some built-in ones (like code review and commit message generation), but you can create your own. I have a custom skill for scaffolding new blog posts and another for proofreading drafts. You can also share skills across projects by putting them in ~/.config/amp/skills/.

Thread sharing

Every conversation with Amp is a thread, and you can share them. If I figure out a tricky migration or debug a weird issue, I can share the thread URL with someone and they can see exactly what happened, prompts, tool calls, code changes, everything. You wouldn't code without version control, same idea.

CLI piping (`amp -x`)

This is for the power users. You can pipe terminal output directly into Amp for quick one-off tasks without starting a full session.

Generating a commit message from staged changes:

git diff --staged | amp -x "Write a concise commit message. Output ONLY raw text." | git commit -F -

Finding specific files:

amp -x "what files in this folder are markdown?"

Renaming files intelligently:

ls *.jpg | amp -x "Generate bash commands to rename these to photo_001.jpg, etc." | bash

These one-liners are surprisingly useful for scripting and automation.

Wrapping up

Amp rewards structured thinking. If you treat it like a junior dev who needs clear instructions, it performs like a senior dev who never sleeps.

Plan first, code second. The code is just the implementation detail.

How I Built My Own AI News Anchor (Tech Watch)

Tue, 24 Feb 2026 02:00:00 GMT

I used to start my day by doomscrolling Twitter (or X, whatever), then Hacker News, then Lobsters, then maybe checking a few subreddits. By 10 AM, I was exhausted, annoyed, and full of "noise" but very little "signal."

The problem with the modern web isn't a lack of information. It's the volume. Algorithms are optimized for engagement, not for what I actually care about. I'd spend an hour scrolling, retain maybe two useful links, and come away irritated by some thread I never asked to see.

So I decided to stop being my own news curator. I built an AI agent to do it for me.

What I wanted

I didn't want a generic "Top 10 Tech News" list. I wanted a daily briefing that scans Hacker News and Lobsters, throws out the noise (political rage-bait, crypto scams, non-tech drama), and gives me short summaries of what actually matters. Delivered to Telegram, once a day, in a casual tone. That's it.

I named the agent Cici. She runs on OpenClaw with a simple Node.js script.

How it works

The whole thing is a cron job and about 100 lines of JavaScript. No RAG pipeline, no vector database.

The fetcher (`techwatch.js`)

A script hits the official APIs for Hacker News and Lobsters, grabs the top stories from the last 24 hours, and dumps them into a JSON file.

// Simplified logic
const hnStories = await fetchJson('https://hacker-news.firebaseio.com/v0/topstories.json');
const lobstersData = await fetchJson('https://lobste.rs/hottest.json');

// Filter for last 24h
const recentStories = allStories.filter(story => story.time > (now - 24h));

This gives me roughly 50 stories to work with.

The curator (the agent)

Instead of writing regex or heuristics to decide what's interesting, I just hand the JSON to the LLM. My prompt looks something like:

"Analyze these stories. Pick the top 5-10 that are relevant to a software engineer interested in AI, Linux, self-hosting, and open source. Avoid clickbait. Summarize them in a casual tone (Bahasa Indonesia/English mix)."

The LLM is genuinely good at this part. It can tell the difference between "just another JS framework" and "a critical OpenSSL vulnerability." Regex could never do that.

The delivery (Telegram)

Once the summary is ready, the agent pushes it to my personal Telegram chat via the OpenClaw message tool:

Cici: "Morning Ko! Here's your tech briefing. The xz utils backdoor is scary, but check out this cool new Rust CLI tool..."

What it actually feels like to use

The first week, I kept opening Twitter out of habit. I'd catch myself mid-scroll, remember the briefing was already in Telegram, and close the app. After about two weeks the habit broke. Now I wake up, check Telegram, read Cici's summary over coffee, and that's my tech news for the day.

Some mornings the briefing is five items. Some mornings it's eight. Occasionally Cici picks something I wouldn't have found on my own, like a blog post from a small open-source project I'd never heard of, or a discussion thread on Lobsters about NixOS packaging that turned out to be exactly what I needed for a weekend project.

It's not perfect. Sometimes the summaries are a bit shallow, and I have to click through to the original link anyway. Once or twice the LLM included something clearly off-topic (a cryptocurrency governance post somehow got past the filter). But the hit rate is honestly better than my own manual curation was. I was skimming headlines and missing things. Cici actually reads the content.

The part I didn't expect: it's less stressful. I don't see the outrage threads. I don't get sucked into comment sections. I read the summary, click the two or three links that interest me, and move on. I'm saving maybe 30 to 60 minutes every morning, but the bigger win is the mental clarity. I start work focused instead of irritated.

What's next

I'm thinking about expanding this to a few more areas:

Auto-summarizing long YouTube tech talks I keep bookmarking but never watch.
Watching specific GitHub repos for new releases and summarizing the actual changelog, not just "bug fixes and improvements."

If you're drowning in feeds and tabs, try building something like this. A Saturday morning project, start to finish.

Building a Telegram bot to babysit 24,000 developers

Mon, 23 Feb 2026 02:00:00 GMT

The PythonID Telegram group has around 24,000 members. Indonesian developers chatting about Python, Django, FastAPI, job openings, and occasionally, cryptocurrency scams disguised as job offers.

Moderation was manual. Admins would spot a spammer, ban them, delete the messages, and then do it again twenty minutes later. Bots existed but they were either too dumb (kick anyone without a profile photo) or too complex (require a PhD in YAML to configure). So I wrote my own.

What PythonID-bot actually does

The bot watches every message in the group. When a new user joins, it checks two things: do they have a profile photo, and do they have a username set. If not, they get a warning posted to a dedicated topic thread. If they ignore the warning for three hours, they get muted.

That alone cut the spam by maybe 60%. Turns out most spam accounts don't bother setting a profile picture.

But 60% is not enough when you're getting hit with crypto and gambling spam daily.

Captcha

New members can optionally be required to solve a button-based captcha within 60 seconds. It's not a hard captcha. Press the right button. But it stops the bots that just join, dump a message, and leave.

The captcha system also survives bot restarts. If the bot goes down while someone has a pending captcha, it recovers all pending challenges on startup and either re-schedules the timeout or expires them if time already ran out. I didn't think about this until the bot crashed during a spam wave and five people were stuck in limbo.

Probation

Even after passing captcha, new users can't send links, forwarded messages, or external quotes for three days. Some domains are whitelisted (docs.python.org, github.com, stackoverflow.com) because telling a new Python developer they can't share a docs link would be absurd.

The whitelist also includes about 150 Indonesian Telegram community groups so new users can share links to other local tech communities. First violation gets a warning. Third violation gets a mute. The message gets deleted either way.

DM unrestriction

This is the part I'm most pleased with. When someone gets muted, they get a link to DM the bot. The bot checks their profile, and if they've fixed whatever was wrong (added a photo, set a username), it automatically lifts the restriction and posts a note to the admin topic.

Before this existed, restricted users had to message an admin and wait for someone to manually check and unrestrict them. Sometimes that took hours.

The multi-group problem

The bot started as a single-group thing. One .env file, one group_id, done. Then other Indonesian developer communities asked if they could use it too.

Supporting multiple groups meant rethinking most of the architecture. Hendy Santika contributed the initial multi-group refactor, introducing a GroupConfig Pydantic model and a GroupRegistry that stores per-group settings. Each group gets its own warning topic, captcha toggle, and probation duration.

Configuration moved from .env to a groups.json file:

[
  {
    "group_id": -1001234567890,
    "warning_topic_id": 123,
    "captcha_enabled": true,
    "warning_time_threshold_minutes": 180
  }
]

The .env fallback still works for single-group setups. I didn't want to break the simple case.

Everything that broke

The multi-group refactor surfaced problems I hadn't thought about.

The captcha callback data was captcha_verify:{user_id}. If a user joined two groups at the same time, the bot couldn't tell which group the captcha was for. Fixed it to captcha_verify_{group_id}_{user_id}.

The scheduler that auto-restricts users ran in a loop over all groups. If the bot got kicked from one group, the entire loop crashed and no other group got processed. Wrapping each group's API call in a try/except fixed that.

The DM unrestriction flow had a similar issue. A restricted user messages the bot privately, the bot checks their profile and lifts the restriction. But with multiple groups, it needed to check and unrestrict across all monitored groups, and handle cases where it no longer has access to some of them.

I caught all of these during code review on the pull requests, before they hit production. They all looked obvious once I spotted them.

The Markdown incident

Telegram's Markdown v1 parser is fragile. I spent an embarrassing amount of time debugging why some warning messages showed up as raw text instead of formatted messages.

Two causes:

Parentheses inside link text break the parser. [Contact Bot (for help)](url) does not work. Moving the parenthesized text outside the brackets fixed it.
Usernames with underscores (@Sharo_Kenne) get interpreted as italic markers. If the underscore doesn't have a matching close, the entire message falls back to raw text.

The fix was calling escape_markdown(username, version=1) for every username mention. A one-liner that took three hours to figure out.

The stack

Python 3.11+ with python-telegram-bot v20
SQLite with WAL mode for the database (SQLModel/SQLAlchemy)
Pydantic for configuration validation
Logfire for structured logging
uv as the package manager
Docker and Docker Compose for deployment
442 tests, 99% coverage

The startup validates configuration (group IDs must be negative, timeouts must be within sane ranges) and the database sets WAL mode and synchronous=NORMAL on init. These things sound boring but they prevent the kind of bugs that only show up at 2 AM on a Saturday.

What I'd do differently

I'd start with multi-group support from day one. Retrofitting it was the hardest part of the project. The single-group assumption was baked into every handler, every database query, every scheduler job. Pulling it out was like removing a load-bearing wall.

I'd also write the DM unrestriction flow earlier. It reduced admin workload more than any other feature. People fix their profiles quickly when they know there's an automated way back in.

I run it for PythonID on my VPS alongside Miniflux, Mastodon, and a handful of other self-hosted services. JVM Indonesia, IDDevOps, and KotlinID run their own instances. Other communities picked it up and deployed it themselves without me having to do anything, which is exactly how open source should work.

The source code is on GitHub if you want to look at it or run your own instance.

Forget Notion. I Manage My House in the Terminal Now.

Sun, 22 Feb 2026 08:00:00 GMT

Let's be honest. Most "productivity" apps today are just procrastination tools in disguise.

We spend more time setting up dashboards, picking tag colors, and waiting for loading spinners than actually doing the work. Especially for household chores. Tracking AC maintenance, inventory, grocery lists. Do you really need to wait for a massive React component to render just to write down "buy lightbulbs"?

That's why when I saw Micasa popping up in my feed today, I knew I had to try it.

What is Micasa?

Micasa is a terminal application for managing your home. Not a to-do list with a house emoji slapped on it. It actually tracks the things homeowners deal with: maintenance schedules, appliances, vendors, projects, incidents, quotes, and documents. All from the command line.

The creator built it because his home maintenance system was, in his words, "a shoebox of receipts and the vague feeling I was supposed to call someone about the roof." I felt that in my bones.

First impression? Fast. Genuinely, annoyingly fast. Written in Go, installed with go install or a single binary. No ads, no tracking, no "Sign up with Google". Just a text-based interface that responds before my fingers leave the keys.

What it actually tracks

This is where Micasa surprised me. It's not just a list app. It has actual structure for household things that I used to scatter across Notion pages, WhatsApp reminders, and sticky notes on the fridge.

Maintenance schedules with auto-computed due dates. So when I log that I changed the AC filter, it tells me when the next one is due. No more guessing "was it three months ago or six?"

Appliance tracking with purchase dates and warranty status. My dishwasher's warranty card? It's in the SQLite file now, not in a drawer I'll never open again. You can attach files directly to records: manuals, invoices, photos, all stored in the same database.

A vendor directory that remembers who did what. Last time my AC needed servicing, I spent twenty minutes scrolling through WhatsApp to find the technician's number. I've also called people to clean my grease trap several times over the last few years, and every single time I had to dig through old chats to find who I used last. Micasa keeps vendor contacts linked to every job they've done.

Project tracking for those "someday" home improvements. From "napkin sketch to completion, or graceful abandonment," as the docs put it. You can compare quotes side by side and see actual costs.

Incident logging for when things break. My sink tap broke once and I had no idea who to call or whether it was still under the building's warranty. With Micasa you log incidents with severity and location, link them to appliances and vendors, and mark them resolved when fixed.

The interface uses vim-style modal keys, inspired by VisiData. You can sort by any column, fuzzy-search to jump between fields, and hide columns you don't care about. If you've used VisiData before, you'll feel right at home. If you haven't, run micasa --demo to poke around with sample data before committing your own house to it.

Why TUI in 2026?

You might ask, "Why use a black and white screen in this day and age? Doesn't it hurt your eyes?"

Quite the opposite. When every web app is trying to be a heavy "Super App," going back to TUI feels like drinking ice water on a scorching day.

Your hands never leave the keyboard. j, k, enter are faster than aiming a mouse at tiny buttons. There's nothing on screen except the thing you're actually trying to do. And it runs on anything, even a ten-year-old laptop. No need for 16GB RAM just to open a to-do list (looking at you, Electron apps).

Local-first or nothing

The thing that sold me on Micasa is that data stays on my machine. SQLite file, local disk. That's it.

I'm tired of the "SaaS Fatigue" cycle:

Find a great tool.
Upload my life's data to it.
A year later, the startup goes bust or pivots to an "AI-Powered Enterprise Solution," slashing free features.
Data is lost or hard to export.

With Micasa, none of that matters. Internet down? Developer retired? The binary still runs on my machine. I can backup the database myself via cron job, rsync, or Syncthing.

Try it

If you're the type who feels opening a browser is "heavy" and prefers living inside a Tmux session, Micasa is worth a try.

For me, the terminal is home. And now, my home is in the terminal.

Upgrading four PostgreSQL instances to 18.2 in Docker

Sat, 21 Feb 2026 02:00:00 GMT

I run a handful of self-hosted services on my server. Miniflux for RSS, Invidious for YouTube, a Django app, and Mastodon. They all use PostgreSQL, and they were all stuck on older versions -- 15 or 17, depending on when I last felt brave.

PostgreSQL 18.2 came out and I figured it was time. Four databases, four upgrades, one evening. How hard could it be.

It took two evenings.

The general pattern

Every upgrade followed the same rough steps:

Stop the containers
Copy the data directory as a backup
Run tianon/postgres-upgrade to do the actual pg_upgrade
Fix the directory layout (more on this later)
Fix pg_hba.conf (more on this too)
Update docker-compose.yml to use postgres:18
Start everything up and hold your breath

Here's what the backup looked like for every service:

docker compose stop
cp -r ./pgdata ./pgdata-bak

And the upgrade command, using Miniflux as an example:

docker run --rm \
  -v /root/Docker/miniflux/pg17:/var/lib/postgresql/17/docker \
  -v /root/Docker/miniflux/pg18:/var/lib/postgresql/18/docker \
  -e PGDATAOLD=/var/lib/postgresql/17/docker \
  -e PGDATANEW=/var/lib/postgresql/18/docker \
  -e POSTGRES_INITDB_ARGS="--no-data-checksums" \
  tianon/postgres-upgrade:17-to-18

Simple enough. Except every instance found a new way to fail.

The data checksums problem

The first thing that blew up was Miniflux. The upgrade container initialized the new cluster with checksums enabled by default, but my old cluster had them off. The error:

old cluster does not use data checksums but the new one does

The fix is passing --no-data-checksums in POSTGRES_INITDB_ARGS. I hit this on every single upgrade because none of my old clusters used checksums. You would think I'd remember after the first time.

PostgreSQL 18 changed its directory layout

This was the one that ate the most time. PostgreSQL 18's Docker image expects data in a version-specific subdirectory: /var/lib/postgresql/18/docker. Previous versions just used /var/lib/postgresql/data.

The tianon/postgres-upgrade image does the upgrade, but the output directory doesn't always match what the official postgres:18 image expects. So after the upgrade, you need to shuffle directories around:

mkdir -p ./pgdata/18
mv ./pgdata/docker ./pgdata/18/docker

Then update your volume mount from ./pgdata:/var/lib/postgresql/data to ./pgdata:/var/lib/postgresql. Mount the parent, let the image find the subdirectory itself.

I got this wrong at least twice. The container starts, PostgreSQL sees an empty data directory, initializes a fresh cluster, and your data is just sitting in the wrong folder while a brand new empty database happily accepts connections. Terrifying if you don't realize what happened.

pg_hba.conf resets every time

The upgrade process runs initdb, which generates a fresh pg_hba.conf. The fresh config only allows connections from 127.0.0.1/32. In Docker, your app container is on a different IP. So the app can't connect.

After every upgrade I had to edit pg_hba.conf to allow connections from the Docker network. The default Docker bridge subnet is 172.16.0.0/12, so scope it to that instead of opening it to the world:

host    all    all    172.16.0.0/12    scram-sha-256

If you're using a custom Docker network with a different subnet, check it with docker network inspect <network_name> and use that CIDR instead. Don't use 0.0.0.0/0 with trust -- even on an internal network, there's no reason to skip authentication entirely.

Invidious and the custom superuser

Invidious uses a custom PostgreSQL superuser instead of the default postgres. The upgrade tool assumes postgres unless you tell it otherwise, so the first attempt died with:

FATAL: role "postgres" does not exist

The fix was passing the username everywhere:

docker run --rm \
  -v /root/Docker/invidious/postgresdata:/var/lib/postgresql/17/data \
  -v /root/Docker/invidious/pgdata:/var/lib/postgresql/18 \
  -e POSTGRES_INITDB_ARGS="--no-data-checksums --username=myuser" \
  -e PGUSER=myuser \
  tianon/postgres-upgrade:17-to-18 \
  --username=myuser

Three separate places to specify the username. Miss any one of them and it fails with a different error each time.

The Django app: jumping from 15 to 18

The Django app was still on PostgreSQL 15. I was worried about skipping versions, but tianon provides a 15-to-18 upgrade image and pg_upgrade handles major version jumps fine. Django 4.2 supports PostgreSQL 12 and above, so 18 was within the compatibility window.

docker run --rm \
  -v /root/Docker/myapp/postgres:/var/lib/postgresql/15/data \
  -v /root/Docker/myapp/pgdata:/var/lib/postgresql/18 \
  -e POSTGRES_INITDB_ARGS="--no-data-checksums" \
  -e PGUSER=postgres \
  tianon/postgres-upgrade:15-to-18 \
  --username=postgres

Same directory restructuring, same pg_hba.conf dance. At least by this point I had a routine.

Mastodon

Mastodon v4.5.x requires PostgreSQL 14 or newer, so 18 is well within range. The upgrade itself was identical to Miniflux -- same version jump (17 to 18), same checksums issue, same directory fix.

The only thing that made me nervous was the database size. Mastodon accumulates a lot of data. But pg_upgrade uses hard links by default, so even large databases upgrade quickly without doubling disk usage.

Post-upgrade cleanup

After every upgrade, PostgreSQL complained about collation version mismatches:

WARNING: database "invidious" has a collation version mismatch

The operating system in the new container ships a newer glibc with updated collation definitions. The fix:

ALTER DATABASE invidious REFRESH COLLATION VERSION;
ALTER DATABASE postgres REFRESH COLLATION VERSION;
ALTER DATABASE template1 REFRESH COLLATION VERSION;

Then rebuild the statistics so the query planner isn't working with stale data:

docker compose exec db vacuumdb -U postgres --all --analyze-in-stages --missing-stats-only

Updated docker-compose.yml

The final compose config for each service looked roughly like this:

services:
  db:
    image: postgres:18
    volumes:
      - ./pgdata:/var/lib/postgresql
      - /etc/localtime:/etc/localtime:ro

The key change is the volume mount. Mount the parent directory, not the data directory directly.

What I'd do differently

Write a script. I did four upgrades manually and made the same mistakes repeatedly. The steps are mechanical: stop, backup, run the upgrade image, restructure directories, fix pg_hba.conf, update compose, start. A bash script with the service name and source version as arguments would've saved me an evening.

I'd also check the checksum setting beforehand. You can see it with SHOW data_checksums; inside the running database, or pg_controldata on the data directory. Knowing upfront avoids the "oh right, checksums" moment on every single upgrade.

All four services are running on 18.2 now. The databases are fine. The backups are still sitting there, in directories named pg17-backup and postgres-bak, and I will definitely forget to clean them up.

4 Root Causes Hiding Behind One Airflow Error

Fri, 20 Feb 2026 05:00:00 GMT

Last week I burned most of a day chasing a single Airflow error that turned out to be four problems stacked on top of each other. Each fix revealed the next failure, like one of those Russian nesting dolls except each one is angrier than the last.

The setup: Apache Airflow running on Kubernetes with the KubernetesExecutor. DAGs mounted via a shared volume. Worker pods spin up per task using a Docker image we build in CI.

The symptom

Tasks that should be running were showing up as queued in the Airflow UI, then immediately flipping to failed. The scheduler logs had this gem:

Executor reports task instance finished (failed) although the task says it's queued.
Was the task killed externally?

No, nothing was killed externally. But okay, let's figure out what's going on.

Root cause 1: the Docker image wasn't rebuilt

I started by checking the worker pod logs. The pods were crashing on startup with:

ImportError: cannot import name 'SlaCallback' from 'plugins.message_callback'

A colleague had recently added an SlaCallback class to message_callback.py in our plugins directory. The scheduler could see it fine because the plugins directory is volume-mounted. But the worker pods don't use the volume mount for Python imports. They use whatever is baked into the Docker image.

The image hadn't been rebuilt since the new class was added. The file existed on disk (via the mount), but Python's import resolution was picking up the old version from the image's site-packages.

Fix: rebuild the Docker image with the latest code and push it to our registry.

Done. Easy. Except not really.

Root cause 2: Kubernetes image caching

After pushing the new image, I restarted the Airflow deployment. Same error. Same ImportError. I double-checked the registry. The new image was there, with the correct code. So why were the pods still running the old one?

I ran kubectl describe pod on one of the worker pods and looked at the image digest. It was the old digest. The tag was the same (latest equivalent for our setup), but the node had already pulled that tag before. Since imagePullPolicy was set to IfNotPresent, Kubernetes looked at the tag, saw it already had an image with that tag cached locally, and used the cached version.

This is one of those things you know intellectually but forget in practice. If you push a new image with the same tag, Kubernetes nodes that already pulled the old image will keep using it.

Fix: deploy with a new unique tag. We switched to using the git commit SHA as the image tag, which is what we should have been doing all along. Pods pulled the new image, and the ImportError went away.

Progress. But now a different error.

Root cause 3: environment variables in the wrong namespace

The import was fixed. SlaCallback loaded correctly. But when an SLA miss actually fired, the callback crashed with:

ValueError: MESSAGE_CALLBACK_ENDPOINT is not set

This env var was defined in a ConfigMap in the pipelines namespace, where our DAG worker pods run. That makes sense for tasks. But SLA callbacks don't run in worker pods. They run inside the scheduler process, which lives in the airflow namespace.

The scheduler had no idea MESSAGE_CALLBACK_ENDPOINT existed because it was never injected into the scheduler's environment. The ConfigMap was scoped to the wrong namespace, and the Helm chart for the scheduler didn't reference it.

Fix: add the env var to the scheduler deployment through our Terraform config. We added it to the extraEnv section in the Helm values for the Airflow scheduler. Applied the change, scheduler restarted, env var present.

SLA callback ran without crashing. Notification sent. I checked Slack expecting a clean message.

What I got was gibberish.

Root cause 4: iterating over a string instead of objects

The notification message looked something like:

SLA Miss for tasks: m, y, _, t, a, s, k, _, i, d

Individual characters. The task ID had been split into single characters. That's what happens when you iterate over a string in Python thinking it's a list.

I opened the callback code. The relevant bit looked roughly like this:

def sla_callback(dag, task_list, **kwargs):
    for task in task_list:
        send_notification(task_id=task.task_id)

Looks fine, right? The problem was that task_list wasn't always a list of SlaMiss objects. In some code paths, it was a string representation that got passed through. The for task in task_list line was iterating over characters of the string "my_task_id" instead of a list containing a SlaMiss object.

The fix was to properly handle the input:

def sla_callback(dag, task_list, **kwargs):
    if isinstance(task_list, str):
        task_ids = [task_list]
    else:
        task_ids = [t.task_id for t in task_list]

    for task_id in task_ids:
        send_notification(task_id=task_id)

After this fix, the notification came through correctly. Clean task IDs, proper formatting.

Four bugs. One error message.

What I took away from this

One error can hide three more. The original Executor reports task instance finished (failed) message pointed at the first problem, but fixing it just uncovered the next one. I've started keeping a scratch note during debugging sessions so I can track whether I'm actually making progress or just peeling layers.

Always check the image digest, not the tag. kubectl describe pod shows you exactly which image digest is running. If you're reusing tags (please don't), the digest is the only truth. We now use commit SHAs as tags and set imagePullPolicy: Always for our staging environment.

Namespace boundaries are real walls. It's easy to forget that the scheduler and worker pods can live in different namespaces with different ConfigMaps and Secrets. If your callback code needs an env var, make sure it's available where the callback actually executes, not just where the tasks run.

Test with real scenarios. We had unit tests for the SLA callback, but they passed in a proper list of mock SlaMiss objects. The bug only showed up with real SLA miss data flowing through Airflow's actual callback mechanism. Sometimes you need to trigger the real thing in a staging environment to catch these issues.

The whole thing took about four hours from first error to clean notification. Not my worst debugging session, but definitely the most layered one. Each fix felt like a victory until the next error showed up. At least now the SLA notifications work, and we have commit-SHA image tags as a bonus.

Chasing a Transitive Dependency Vulnerability

Thu, 19 Feb 2026 05:00:00 GMT

Last week I found out my blog was shipping a vulnerable dependency. Not one I installed directly, but one hiding two levels deep in the dependency tree: fast-xml-parser.

The Vulnerability

Versions 4.3.6 through 5.3.3 of fast-xml-parser throw a RangeError when they encounter out-of-range numeric character entities like &#9999999; or &#xFFFFFF;. That might sound obscure, but it means any application that processes untrusted XML input can be crashed with a carefully crafted payload.

For a blog, the attack surface is the RSS feed. This blog uses @astrojs/rss to generate feeds, and @astrojs/rss depends on fast-xml-parser@^5.3.3. If someone sent malformed XML to any endpoint that parses it, the whole thing could go down.

How I Found It

I was doing a routine bun audit (okay, I was procrastinating on actually writing) and the report flagged fast-xml-parser. I checked my package.json and didn't see it listed anywhere. Took me a minute to realize it was coming in through @astrojs/rss.

bun pm ls | grep fast-xml-parser

Sure enough, there it was. A transitive dependency I never explicitly chose to install.

The Annoying Part

The fix for fast-xml-parser already existed in version 5.3.4. But @astrojs/rss hadn't released an update that bumped its dependency yet. So I couldn't just run bun update @astrojs/rss and move on.

This is the part about transitive dependencies that bugs me. You're trusting that your dependencies keep their dependencies up to date. When they don't, or when they're slow about it, you're left in an awkward spot. Wait and stay vulnerable, or take matters into your own hands.

I took matters into my own hands.

The Fix

The solution was to use overrides in package.json to force the resolved version of fast-xml-parser to the patched release:

{
  "overrides": {
    "fast-xml-parser": "^5.3.4"
  }
}

I also added it as a devDependency so Dependabot would pick it up and notify me about future updates:

{
  "devDependencies": {
    "fast-xml-parser": "^5.3.4"
  }
}

After running bun install, I double-checked bun.lock to make sure the resolved version was actually 5.3.4+. It was.

grep -A 2 'fast-xml-parser' bun.lock

Build passed, RSS feeds still generated correctly. Done.

The uncomfortable truth about transitive deps

You carefully vet the libraries you install. But each of those libraries pulls in its own tree of dependencies that you probably never look at. With npm or bun, your actual dependency tree is way larger than what's in package.json. A vulnerability anywhere in that tree is your problem, even if you didn't put it there.

The overrides approach works, but it's a hack. You're pinning a version that your direct dependency didn't ask for, and there's always a small risk of breaking something. For a patch bump that fixes a security issue, it's almost always fine. But it's one more thing to remember to clean up once upstream catches up.

Run bun audit regularly. Learn how overrides work. And if you override something, add it as a devDependency too so Dependabot can keep an eye on it for you. Check back later and remove the override once the upstream package updates.

Maintaining a website means maintaining everything under it, including the stuff you didn't choose to install.

Managing DNS as Code with DNSControl

Thu, 19 Feb 2026 02:00:00 GMT

I manage a few domains. Nothing crazy, but enough that logging into Porkbun's web UI every time I need to change a record got old fast. Add a TXT record, typo the value, wait for propagation, realize the typo, fix it, wait again. Fifteen minutes gone for a one-line change.

The real problem is that web UIs don't have undo. They don't have diffs. They don't have commit messages. I changed a DNS record last month and I genuinely could not remember what it was before. Was the TTL 300 or 3600? Did I have a CNAME there or an A record? No idea.

So I moved everything to DNSControl.

What DNSControl actually does

DNSControl is an open-source tool from StackExchange (the folks behind Stack Overflow). You define your DNS records in a dnsconfig.js file, and DNSControl talks to your DNS provider's API to make reality match your config.

The workflow is:

Edit dnsconfig.js
Run dnscontrol preview to see what would change
Run dnscontrol push to apply it
Commit to Git

That's it. Your DNS records are now version-controlled. If something breaks, git log tells you exactly what changed and when. git revert brings it back.

The config file

DNSControl uses JavaScript for its config. Not full Node.js, just a simple DSL that happens to use JS syntax. Here's a stripped-down version of what mine looks like:

var REG_CHANGEME = NewRegistrar("none");
var DSP_PORKBUN = NewDnsProvider("porkbun");

D("example.com", REG_CHANGEME,
    DnsProvider(DSP_PORKBUN),

    A("@", "1.2.3.4"),
    A("homelab", "1.2.3.4"),

    CNAME("www", "example.com."),

    MX("@", 10, "mail.example.com."),

    TXT("@", "v=spf1 mx ~all"),
    TXT("_dmarc", "v=DMARC1; p=quarantine"),
);

Each record type has its own function. A(), CNAME(), MX(), TXT(). If you've ever written a DNS zone file, this reads the same way but without the confusing syntax.

You also need a creds.json file with your provider's API keys:

{
    "porkbun": {
        "TYPE": "PORKBUN",
        "api_key": "pk1_...",
        "secret_api_key": "sk1_..."
    }
}

This file never gets committed. It goes in .gitignore immediately.

Preview before you push

The preview command is where the safety net lives. It shows you a diff of what DNSControl would do, without actually doing it:

$ dnscontrol preview
******************** Domain: example.com
1 correction
#1: CREATE A homelab.example.com 1.2.3.4 ttl=300

I run this obsessively. DNS mistakes propagate to caches everywhere, and depending on your TTL, you might be stuck with a bad record for hours. Seeing the diff first saves you from that.

Moving to GitHub Actions

Running dnscontrol push locally works, but I wanted it automated. Push to main, DNS updates. No manual steps.

The third-party action trap

My first attempt used wblondel/dnscontrol-action@v4.27.1. It worked fine for basic records. Then I tried to add a URL301 redirect. Porkbun supports URL forwarding natively, and I wanted to set up a redirect from an old subdomain.

The push failed with:

INFO#1: Domain "example.com" provider porkbun Error: porkbun.toReq rtype "URL301" unimplemented

I spent a while thinking this was a Porkbun API issue. It wasn't. DNSControl added URL301 support for Porkbun in v4.30.0, but the GitHub Action I was using had v4.27.1 baked into its Dockerfile. The action's maintainer hadn't updated it.

This is the problem with wrapper actions. You're at the mercy of someone else's release schedule. The action pins a specific DNSControl version, and if that version is missing the feature you need, you're stuck until the maintainer gets around to updating.

Using the official Docker image

The fix is to skip the wrapper and use the official DNSControl Docker image from GitHub Container Registry:

name: DNS Push

on:
  push:
    branches:
      - main

jobs:
  push:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Decode credentials
        run: |
          echo "${{ secrets.CREDS }}" | base64 -d > creds.json

      - name: DNSControl preview
        run: >
          docker run --rm -v "$PWD:/dns" -w /dns
          ghcr.io/stackexchange/dnscontrol:4.34.0 preview

      - name: DNSControl push
        run: >
          docker run --rm -v "$PWD:/dns" -w /dns
          ghcr.io/stackexchange/dnscontrol:4.34.0 push

A couple of things I tripped over while setting this up:

Image tag format. The official image tags don't have a v prefix. Use 4.34.0, not v4.34.0. I pulled the wrong tag twice before noticing.

Credentials as a secret. I Base64-encode the entire creds.json and store it as a GitHub secret called CREDS. The workflow decodes it at runtime. This way the API keys never appear in the repo, not even in environment variables that might leak in logs.

To encode it:

base64 -w 0 creds.json | pbcopy  # macOS
base64 -w 0 creds.json | xclip   # Linux

Paste the result into your repo's Settings > Secrets > Actions.

Running preview before push. I added a preview step before push so the action logs show exactly what changed. If the preview step fails (say, a syntax error in dnsconfig.js), the push never runs. Cheap safety net.

The ACME challenge problem

This one caught me off guard.

I use Caddy as my reverse proxy, and Caddy handles SSL certificates automatically through Let's Encrypt. Part of that process involves creating _acme-challenge TXT records for domain validation. These records are short-lived. Caddy creates them, Let's Encrypt reads them, and Caddy deletes them.

The conflict: DNSControl doesn't know about these records because they're not in dnsconfig.js. So every time I push, DNSControl sees them as unauthorized drift and tries to delete them. If Caddy happens to be in the middle of a certificate renewal, DNSControl just nuked its validation record.

Even when the timing didn't overlap, my CI logs were full of "corrections" for records I never created:

#3: DELETE TXT _acme-challenge.example.com "some-long-token-here"

Annoying at best. Breaks certificate renewals at worst.

The fix: IGNORE()

DNSControl has an IGNORE() function that tells it to leave certain records alone:

D("example.com", REG_CHANGEME,
    DnsProvider(DSP_PORKBUN),

    A("@", "1.2.3.4"),
    CNAME("www", "example.com."),
    MX("@", 10, "mail.example.com."),
    TXT("@", "v=spf1 mx ~all"),

    // Let Caddy manage ACME challenges
    IGNORE("_acme-challenge", "TXT"),
);

With this in place, DNSControl pretends _acme-challenge TXT records don't exist. It won't create them, delete them, or complain about them. Caddy does its thing, DNSControl does its thing, and they don't step on each other.

This pattern works for any external system that creates DNS records. If you use Kubernetes ExternalDNS, you'd ignore whatever prefix it uses. If you have a third-party email provider that manages its own DKIM records, same idea.

You can also use wildcards:

IGNORE("_acme-challenge.**", "TXT"),  // All subdomains too
IGNORE("**", "TXT", "some-specific-value"),  // Match by value

Splitting zones into separate files

Once I had more than two domains in dnsconfig.js, the file got long. Scrolling past 80 lines of records for one domain to find the one I actually want to edit is annoying. DNSControl supports require(), so I split each domain into its own file.

The directory structure:

dns/
├── dnsconfig.js
├── creds.json
└── zones/
    ├── constants.js
    ├── example.com.js
    ├── example.org.js
    └── another-domain.id.js

The main dnsconfig.js becomes a table of contents:

require("zones/constants.js")

// Porkbun domains
require("zones/example.com.js")
require("zones/example.org.js")

// Cloudflare domains
require("zones/another-domain.id.js")

I keep shared values in constants.js. IP addresses mostly. When I migrate a service to a new server, I change the IP in one place instead of hunting through every zone file:

HOMELAB_IPV4 = "1.2.3.4";
VPS_IPV4 = "5.6.7.8";
BACKUP_IPV4 = "9.10.11.12";

Then each zone file uses those variables:

var DSP_PORKBUN = NewDnsProvider("porkbun");
var REG_CHANGEME = NewRegistrar("none");

D("example.com", REG_CHANGEME,
    DnsProvider(DSP_PORKBUN),
    DefaultTTL(600),

    A("@", HOMELAB_IPV4),
    A("homelab", HOMELAB_IPV4),
    A("vpn", VPS_IPV4),

    CNAME("www", "example.com."),
    MX("@", 10, "mail.example.com."),
    TXT("@", "v=spf1 mx ~all"),

    IGNORE("_acme-challenge", "TXT"),
);

The nice thing about this setup is that each file is self-contained. When I need to update DNS for a specific domain, I open that one file. The diff in Git is clean too. A commit that says "add VPN subdomain to example.com" only touches zones/example.com.js. No noise from other domains.

I also group the require() calls by provider in the main config. Makes it easy to see which domains live where. When I eventually move a domain from Porkbun to Cloudflare, I just move the require line and update the provider in the zone file.

Things I wish I knew earlier

Test with a throwaway domain first. I tested DNSControl against my main domain on the first try. Nothing went wrong, but in hindsight that was reckless. Buy a cheap .xyz domain and experiment there.

TTL matters more than you think. When I was iterating on the config, I set my TTL to 300 seconds (5 minutes). Once everything was stable, I bumped it to 3600. Lower TTL means faster propagation of changes, but also more DNS queries hitting your provider.

dnscontrol get-zones is useful for initial setup. If you already have a bunch of records in Porkbun, you don't need to type them all out manually. Run:

dnscontrol get-zones --format=js porkbun PORKBUN example.com

It dumps your existing records as a dnsconfig.js snippet. Copy, paste, clean up. Saved me a lot of manual transcription.

Keep creds.json out of your shell history too. If you're echo-ing API keys into a file, prefix the command with a space so it doesn't get saved to .bash_history (assuming HISTCONTROL=ignorespace is set, which it is by default on most distros).

Was it worth it?

For one domain with five records? Probably not. The web UI is faster.

But I have multiple domains, and the record count keeps growing as I add more services to the homelab. Last week I added three records in one commit for a new service. Preview, push, done. No browser tabs, no copy-pasting IPs, no wondering if I remembered to save.

The Git history is the real win. I can see exactly when I added that weird CNAME, who asked for it (past me, in the commit message), and why. When something breaks, I don't guess. I look at the log.

DNS is one of those things where mistakes are annoying and slow to fix. Having a preview command and a git revert escape hatch makes me a lot less nervous about touching it.

Building Almanac Games: Scraping PSN with Duct Tape and Playwright

Wed, 18 Feb 2026 02:00:00 GMT

I track movies and TV shows on my blog's Almanac page. It's a timeline of everything I've watched, sorted by date. I liked it. Then I thought: what about games?

I have 367 games on my PSN account. 108 Platinums. Over 3,500 trophies. That data is sitting on PSNProfiles, publicly visible. How hard could it be to pull it into my blog?

Pretty hard, actually.

The scraper

PSNProfiles doesn't have an API. So I wrote a Python scraper using Playwright and BeautifulSoup. Playwright handles the browser automation, BeautifulSoup parses the HTML.

The scraper navigates to my profile, waits for the page to load, then extracts each game row: title, platform, trophy breakdown, completion percentage, rank, and cover image URL.

Simple enough in theory. Then Cloudflare showed up.

Cloudflare ruins everything

PSNProfiles sits behind Cloudflare. You can't just requests.get() the page. You get a challenge, and if you don't solve it, you get nothing.

My workaround: Playwright with a persistent browser context. First run uses --headed mode so I can manually solve the Cloudflare challenge. The browser session is saved to a browser_data/ directory. Future runs reuse that session headlessly.

But I also needed the Cloudflare cookie for downloading images later. So the scraper dumps the cf_clearance cookie to a text file after each run. Feels hacky. Works fine.

def dump_cf_clearance(context):
    cookies = context.cookies()
    for cookie in cookies:
        if cookie["name"] == "cf_clearance":
            with open("data/cf_clearance.txt", "w") as f:
                f.write(cookie["value"])

The image problem

PSNProfiles hosts game covers on img.psnprofiles.com. I tried hotlinking them. 403. Tried routing through wsrv.nl as a proxy. Also 403. Cloudflare blocks everything that doesn't come from a real browser session.

So I gave up on hotlinking and mirrored every image locally. A TypeScript script reads games.json, extracts each game's ID from the cover URL, and downloads the large version using the stolen cf_clearance cookie.

function extractGameId(coverUrl: string): string | null {
  const match = coverUrl.match(/game\/[sl]\/(\d+)\//);
  return match ? match[1] : null;
}

364 out of 367 games downloaded. The missing three had broken URLs on PSNProfiles itself. I can live with that.

Trophy parsing is weird

PSNProfiles formats trophy counts differently depending on completion. If you've earned 12 out of 91 trophies, it says "12 of 91 Trophies". Normal.

But if you've earned all of them, it says "All 91 Trophies". My regex only handled the first format. Every Platinum game showed NaN trophies. Took me longer than I'd like to admit to notice.

trophy_match = re.search(r"(\d+)\s*of\s*(\d+)\s*Trophies?", trophy_text)
all_match = re.search(r"All\s*(\d+)\s*Trophies?", trophy_text)

There was also a whitespace issue. BeautifulSoup's get_text(strip=True) sometimes removes spaces between words, turning "1 of 91 Trophies" into "1of91Trophies". The regex needed \s* instead of literal spaces. Classic scraping pain.

The sync pipeline

Updating the blog with fresh game data involves three steps, glued together with a bash script:

Copy games.json from the scraper directory into the Astro project
Read the cf_clearance cookie
Run the Bun image downloader to grab any missing covers

#!/bin/bash
cp ../psngames/data/games.json src/data/psn/games.json
CF_COOKIE=$(cat ../psngames/data/cf_clearance.txt)
bun run scripts/download-psn-covers.ts "$CF_COOKIE"

Not elegant. But it runs in under a minute and I don't have to think about it.

Putting it on the page

The Almanac already had utilities for movies and TV shows. I added a psn.ts utility that normalizes the scraped data and a GameCard.astro component for rendering.

One design issue: PSNProfiles serves covers in two sizes. Some are 320x176 landscape banners, others are 320x320 squares. My initial card used a portrait aspect ratio, which cropped everything badly. Switching to aspect-square with object-contain fixed it. The landscape banners sit inside the square with some padding. Not perfect, but nothing gets cut off.

The unified almanac view merges movies, shows, and games into one chronological list. A function in almanac.ts sorts everything by date. Now my Almanac page shows what I watched, what I played, and when.

What I'd do differently

The Cloudflare dance is fragile. If my browser session expires, I have to manually re-solve the challenge. There's no way around this without paying for a proxy service, and I'm not doing that for a hobby project.

I also should have started with local image mirroring instead of trying three different proxy services first. Would have saved me a couple hours of yak-shaving.

Anyway

The whole thing is held together with a Python scraper, a bash script, a TypeScript image downloader, and a Cloudflare cookie I'm smuggling between processes. It's not pretty. But my blog now shows 367 games with trophy progress, and the Almanac page has a unified timeline of everything I consume.

Sometimes the best architecture is the one you can explain in one sentence: scrape it, download the images, render it.

Redesigning my blog, part 5: what I learned

Tue, 17 Feb 2026 02:00:00 GMT

The redesign is done. For now. It's never really done, because personal sites are the software equivalent of a car that's always in the garage with the hood up. But the major work is finished, the series is wrapping up, and I want to look back at what actually worked and what didn't.

This isn't a postmortem. It's a blog post. I'll keep it honest.

Phased implementation beats big-bang rewrites

The single best decision I made was splitting the redesign into phases. Audit first, then new features (links collection, blogroll), then the visual overhaul, then polish. Each phase was independently deployable. When the typography changes broke the note layout, I could revert that one commit without losing the trailing slash fixes from two weeks earlier.

I've tried the big-bang approach before. Change everything at once, in a branch that lives for three months, and merge it all in one terrifying afternoon. The result was always the same: nothing shipped. The branch would drift so far from main that merging felt like defusing a bomb. Eventually I'd just abandon it and start over.

Phases meant I could ship something every week. Momentum matters more than perfection.

Things that got immediately deleted

Some ideas didn't survive first contact with the actual site.

I added a "shipping data pipes" status line to the header. Thought it was funny and on-brand. Looked at it for about five minutes, felt embarrassed, and deleted it. It was trying too hard to be quirky.

I also renamed the navigation labels. "Posts" became "Logs", "Links" became "Bookmarks", and "About" became "./about" in a terminal-cosplay phase. My GF asked me where the blog posts were. I almost changed them back, but the dropdown items inside still say "Posts", "Notes", "About", so once you click, everything makes sense. The top-level labels are just flavoring. They've grown on me. Keeping them.

Then there were the hover animations. I had this elaborate scale-and-glow effect on the post cards. Looked great in isolation, on a page with one card. On a page with eight cards, it felt like the site was having a seizure. Stripped it down to a simple color shift.

Audit before you design

This is the thing I'd tell past-me if I could. The audit caught problems that would have been painful to fix later.

The trailing slash inconsistency was the big one. Some internal links had trailing slashes, some didn't. Astro treats these as different routes. If I'd done the visual redesign first and then tried to fix URLs, I'd have broken every internal link I'd just carefully styled.

Self-hosting fonts early also paid off. By the time I swapped in JetBrains Mono during the visual phase, the infrastructure was already there. No FOUT debugging at the last minute.

Same with the render-blocking theme script. Fixing that during the audit meant I had a faster baseline before adding more CSS complexity. Performance problems are easier to prevent than to diagnose after the fact.

Accessibility is easier to build in than bolt on

I used <details> for the dropdown navigation, which gave me keyboard support for free. No custom JavaScript state management, no aria attribute juggling. The browser just handles it.

The view transition work had some nasty memory leak potential. setInterval timers that weren't being cleared on page transitions, duplicate event listeners stacking up. I caught these during implementation because I was thinking about cleanup from the start. Using AbortController for event listener cleanup became a pattern I used everywhere. It's one of those things where the upfront cost is tiny and the debugging cost of not doing it is enormous.

prefers-reduced-motion went in as part of the visual redesign, not as an afterthought. The typewriter animation respects it. The page transitions respect it. Adding it later would have meant auditing every animation individually.

AstroPaper is a good base

I like AstroPaper. The content collections work well, the RSS generation is solid, and the overall structure makes sense. The Astro content layer does what it's supposed to do.

The challenge is making it look like yours and not like a theme demo. I found that typography and layout changes go much further than color changes. You can swap the entire palette and the site still reads as "AstroPaper with different colors." Change the font stack, adjust the line height, widen the content area, and suddenly it feels different.

I kept all the core functionality: Pagefind search, RSS and Atom feeds, dynamic OG images. Didn't need to rebuild any of that. The work was almost entirely in the presentation layer.

Honest assessment

The blog looks like mine now. That was the goal and I think I got there.

Some things are still rough. There's no mobile sidebar, which is intentional but also lazy. I went with a simplified header nav on mobile instead of building a proper slide-out menu. It works, but it's not great.

The typewriter animation on the homepage is fun. I like it. I also suspect some visitors find it annoying. I'm keeping it anyway because this is my site and I get to be a little self-indulgent.

I'll keep tweaking things. That's what personal sites are for. They're never finished, and that's fine.

The series

If you've followed along, here's the full list:

Part 1: The audit
Part 2: The blogroll
Part 3: From stock theme to terminal blueprint
Part 4: The small stuff
Part 5: What I learned (you're here)

If you're thinking about redesigning your blog, start with the audit. Ship in phases. Delete things that try too hard. The rest sorts itself out.

Redesigning my blog, part 4: the small stuff

Mon, 16 Feb 2026 02:00:00 GMT

After the big layout changes from part 3, I had a blog that looked different but still felt half-done. The nav was overcrowded. My content directory was a mess. Scheduled posts required me to manually trigger deploys. None of this was visible to readers, but it bugged me every time I opened the project.

This post is about all those little things.

The nav problem

My old navigation had every page listed as a flat row of links: Posts, Notes, Links, Tags, Now, Uses, Almanac, Blogroll, About, Archives, Search, plus a theme toggle. Twelve items. On mobile it was a scrolling disaster, and even on desktop it felt cluttered.

The fix was grouping. I ended up with three dropdown menus: Logs (Posts, Notes, Tags), Bookmarks (Links, Blogroll), and ./about (About, Now, Uses, Almanac). Archives, Search, and Theme stayed as icon buttons on the right side.

For the dropdowns I went with native <details> and <summary> elements instead of building a custom component from scratch. They handle keyboard interaction out of the box. Enter and Space toggle them, they have proper ARIA states, and screen readers understand them without extra work from me.

I did need a little JavaScript on top. Three things: opening one dropdown should close the others, clicking outside should close all of them, and pressing Escape should close them too. Here's the relevant bits from the Header script:

const dropdowns =
  document.querySelectorAll("[data-dropdown]");

// Opening one closes others
dropdowns.forEach(dropdown => {
  dropdown.addEventListener("toggle", () => {
    if (dropdown.open) {
      dropdowns.forEach(other => {
        if (other !== dropdown && other.open) {
          other.open = false;
        }
      });
    }
  }, { signal });
});

// Click outside to close
document.addEventListener("click", event => {
  dropdowns.forEach(dropdown => {
    if (dropdown.open && !dropdown.contains(event.target)) {
      dropdown.open = false;
    }
  });
}, { signal });

// Escape to close
document.addEventListener("keydown", event => {
  if (event.key === "Escape") {
    dropdowns.forEach(dropdown => {
      if (dropdown.open) {
        dropdown.open = false;
        dropdown.querySelector("summary")?.focus();
      }
    });
  }
}, { signal });

Notice the { signal } on every listener? That's an AbortController pattern. Without it, Astro's view transitions cause a specific problem: each page navigation re-runs the script, registering duplicate event listeners. After navigating five pages, you'd have five copies of each handler. The cleanup looks like this:

let navAbort = null;

function initNavigation() {
  navAbort?.abort();
  navAbort = new AbortController();
  const { signal } = navAbort;

  // ... all listeners use { signal } ...
}

initNavigation();
document.addEventListener("astro:after-swap", initNavigation);

Every time initNavigation runs, it aborts the previous controller, which automatically removes all listeners tied to that signal. Then it creates a fresh controller for the new set. Clean.

A tech stack that reflects reality

My sidebar had a tech stack section, but it was basically a wishlist. I'd thrown in things I barely touched and left out things I use daily.

I wanted to make it honest. So I grep'd through all 107 markdown files in the blog directory and counted mentions. Python showed up 288 times. Docker 121 times. Kafka, Spark, and BigQuery all had real representation from my data engineering posts. Meanwhile, some entries were LinkedIn pollution, things like "Chemistry" and "Microsoft Word" that somehow ended up in my skills list years ago. Those got cut.

I cross-referenced the blog counts with my recent GitHub repos to pick up things I actively use but haven't blogged about yet, like Zig and Hono and Cloudflare Workers.

The result is a typed constant in constants.ts:

export const TECH_STACK: Record<string, string[]> = {
  Languages: [
    "Python", "Golang", "Java", "JavaScript",
    "TypeScript", "PHP", "Bash", "SQL", "Rust",
  ],
  "Data & Streaming": [
    "Spark", "Kafka", "Airflow", "BigQuery",
    "Redshift", "MaxCompute", "Jupyter",
  ],
  Databases: ["PostgreSQL", "MySQL", "MongoDB", "SQLite", "Redis"],
  Cloud: ["AWS", "GCP", "Alibaba Cloud", "Cloudflare"],
  "Web & Frameworks": ["Django", "Flask", "Astro", "FastAPI", "Hono"],
  DevOps: [
    "Docker", "Kubernetes", "Terraform", "Nginx",
    "Caddy", "Github", "GitLab", "Linux", "Ansible",
  ],
  AI: ["Claude", "OpenAI", "LMStudio", "OpenClaw"],
};

Rendering it is straightforward. Loop over the keys, render each category as a heading, and list the items underneath. The categories give it structure without turning it into a resume.

Year-prefix file migration

This one's boring but I'm glad I did it. I had 105 blog posts all sitting in src/data/blog/ with names like some-post.md. No chronological ordering. Finding a specific post meant scrolling through an alphabetical list and guessing.

I wanted to rename everything to YYYY-some-post.md. The year prefix makes the directory scannable at a glance and groups posts by era.

The catch is that Astro's glob loader derives entry IDs from filenames. Rename some-post.md to 2024-some-post.md and suddenly the URL changes from /posts/some-post to /posts/2024-some-post. That breaks every existing link.

The solution: add an explicit slug field to each post's frontmatter before renaming. Astro respects slug as an override for the filename-based ID. I wrote a migration script:

async function processFiles() {
  const files = (await readdir(CONTENT_DIR))
    .filter(f => f.endsWith(".md"));

  for (const filename of files) {
    const filepath = join(CONTENT_DIR, filename);
    const originalSlug = filename.replace(".md", "");
    let content = await readFile(filepath, "utf-8");

    const fmMatch = content.match(/^---\n([\s\S]*?)\n---/);
    if (!fmMatch) continue;

    let fmContent = fmMatch[1];

    // Add slug if missing
    if (!fmContent.includes("slug:")) {
      fmContent = fmContent.replace(
        /(title:.*)/,
        `$1\nslug: "${originalSlug}"`
      );
    }

    // Get year from pubDatetime
    const dateMatch = fmContent.match(
      /pubDatetime: ["']?(\d{4})-\d{2}-\d{2}/
    );
    if (!dateMatch) continue;

    const year = dateMatch[1];
    const newFilename = `${year}-${originalSlug}.md`;

    // Write updated frontmatter, then rename
    content = content.replace(
      /^---\n[\s\S]*?\n---/,
      `---\n${fmContent}\n---`
    );
    await writeFile(filepath, content);
    await rename(filepath, join(CONTENT_DIR, newFilename));
  }
}

It backs up the directory first, processes each file in order, skips anything already prefixed, and logs what it does. I ran it once, verified no URLs broke, and deleted the backup.

I also updated the content scaffolding script (bun run new) to automatically prefix new posts with the current year. One less thing to think about.

Scheduled posts and auto-publishing

I had a scheduledPostMargin config option in Astro that lets you set a future pubDatetime and have the post hidden until that date arrives. The problem: this only works when the site rebuilds. My Cloudflare Pages deploys only triggered on git push. If I scheduled a post for Tuesday morning but didn't push anything on Tuesday, it just wouldn't appear.

The fix was a GitHub Actions cron job. It runs scripts/check-scheduled-posts.ts every 15 minutes, looks for posts with a pubDatetime in the near future, and triggers a rebuild if it finds any. No wasted builds when nothing is scheduled.

Wrapping up

None of this makes for exciting screenshots. Dropdown menus, file renames, and cron jobs aren't the kind of thing you show off. But this is the layer that makes a blog feel finished instead of "in progress."

This is part 4 of a series about redesigning this blog.

Redesigning my blog, part 3: from stock theme to terminal blueprint

Sun, 15 Feb 2026 02:00:00 GMT

This blog was running stock AstroPaper. If you've seen one AstroPaper blog, you've seen them all: same layout, same colors, same Fira Code headings. I wanted something that looked like it belonged to me.

I spent a Saturday morning looking at personal sites that had actual personality. gwern.net with its heavy typography and footnotes. chriscoyier.net with its playful layout shifts. cassidoo.co with that confident color use. The common thread was that none of them looked like a template.

I'm a data engineer. I live in terminals. I read logs for a living. So the concept I landed on was "Engineer's Notebook / Terminal Blueprint." The terminal and data pipeline metaphor felt honest to what I actually do every day.

Phase 1: Typography and color

The fastest way to break the stock look is fonts.

I paired JetBrains Mono for headings with Atkinson Hyperlegible for body text. Mono headings against a proportional body font immediately signals "this is a developer's blog" without screaming about it. The contrast between the two faces does most of the heavy lifting.

Color was next. The default AstroPaper palette is fine, but it's generic. I added semantic color tokens to the CSS:

:root {
  --surface: #f4f4f5;
  --accent-2: #0d9488;
}

[data-theme="dark"] {
  --surface: #111827;
  --accent-2: #2dd4bf;
  --background: #0b1020;
}

--surface is for card backgrounds, --accent-2 is a teal secondary color. That dark mode background at #0b1020 is way deeper than the default. It actually looks like a terminal now.

Last thing: I set the prose measure to max-width: 72ch. Long lines are hard to read and 72 characters is the sweet spot I kept coming back to.

Phase 1: Terminal hero

The stock AstroPaper hero is just a heading and a tagline. I replaced it with a terminal prompt:

rezha@jakarta:~$ abusing computers for fun & profit▍

The blinking cursor is pure CSS:

.cursor {
  display: inline-block;
  width: 0.5em;
  height: 1.1em;
  background: var(--accent);
  vertical-align: bottom;
  animation: blink 1s step-end infinite;
}

@keyframes blink {
  0%, 100% { opacity: 1; }
  50% { opacity: 0; }
}

Later I added a typewriter effect that loops the tagline. The animation types out the text character by character, pauses, deletes, and starts over. Getting the cursor to sit on the same baseline as the prompt text was annoying. The fix turned out to be vertical-align: bottom on the cursor element. Without it, the cursor would jump a pixel or two above the text depending on the font metrics.

.typewriter {
  display: inline-block;
  overflow: hidden;
  white-space: nowrap;
  border-right: none;
  animation:
    typing 3s steps(40) 1s forwards,
    pause 8s step-end infinite;
  max-width: 0;
}

.typewriter.active {
  max-width: 100%;
}

Phase 1: Data pipeline cards

I wanted the post list to look less like a list and more like a data pipeline. In Card.astro, I added a vertical line running down the left side with a colored dot at each post. Think of it like a pipeline spine.

Featured posts get an orange dot using var(--accent). Recent posts get teal with var(--accent-2). Everything else gets the muted default.

I also reformatted the metadata line. Instead of the usual "January 15, 2026" format, it looks more like a system log: mono font, tiny text, and it includes the primary tag.

<div class="pipeline-node">
  <span
    class="dot"
    style={`background: ${featured ? 'var(--accent)' : 'var(--accent-2)'}`}
  />
  <span class="meta font-mono text-xs opacity-70">
    {formattedDate} · {primaryTag}
  </span>
</div>

The vertical line connecting the dots is just a border-left: 2px solid var(--accent-2) on the container with some padding. Simple, but it completely changes how the page reads.

Phase 2: Two-rail homepage

The single-column layout felt wasteful on wide screens. I split the homepage into a two-rail grid:

.home-grid {
  @apply lg:grid lg:grid-cols-[1fr_280px] lg:gap-10;
}

The main column has posts. The right sidebar (desktop only, collapses on mobile) has a few widgets: a "Now" status blurb, tech stack badges, and an RSS subscribe link.

One layout detail that took way too long: the sidebar needed pt-8 to align visually with the hero section. I tried self-start first because that seemed correct, but it broke sticky scrolling. The padding hack isn't pretty, but it works.

Phase 2: Animated underlines

Default browser underlines are ugly and they cut through descenders. I replaced them with a background-size animation:

a {
  text-decoration: none;
  background-image: linear-gradient(currentColor, currentColor);
  background-position: 0% 100%;
  background-repeat: no-repeat;
  background-size: 100% 1px;
  transition: background-size 0.2s ease;
}

a:hover {
  background-size: 100% 2px;
}

Links start with a 1px underline and thicken to 2px on hover. It's a small detail but it makes the whole site feel more considered.

Phase 2: ETL pipeline SVG

I drew a small inline SVG diagram on the homepage showing an extract, transform, load flow. It was a nod to the data engineering theme. I actually removed it at one point because it felt like too much, then I got asked to bring it back. It sits centered with mx-auto and ties the whole terminal/pipeline concept together.

Post-redesign bugs

Redesigns break things. Here's what I found.

Search broke entirely. Pagefind generates its index from the dist folder at build time. The dev server doesn't have a dist folder. I kept refreshing the search page wondering why it was empty. Fix: run bun run build first, then use the dev server. Obvious in hindsight.

Theme detection was wrong. I had code checking classList.contains("dark") but this site uses the data-theme="dark" attribute on the HTML element, not a class. The ARIA labels on the theme toggle were also backwards because of this.

Invalid scroll behavior. I had window.scrollTo({ behavior: "instant" }) in a few places. "instant" is not a valid value. The spec says "auto" or "smooth". Changed them all to "auto".

Scroll-smooth without motion preference. I applied scroll-smooth globally on the html element. That's bad for people who get motion sick. Moved it inside a media query:

@media (prefers-reduced-motion: no-preference) {
  html {
    scroll-behavior: smooth;
  }
}

Heading anchors lacked accessible names. The auto-generated heading anchor links had no aria-label or visible text for screen readers. Added aria-label="Link to this section" on each one.

What's next

This was the biggest chunk of work in the whole redesign. The blog finally looks like my blog and not a demo site. There are still rough edges, but the identity is there.

This is part 3 of a series about redesigning this blog.

Redesigning my blog, part 2: the blogroll

Sat, 14 Feb 2026 02:00:00 GMT

Blogrolls used to be everywhere. Back in the early web, people would keep a sidebar full of links to other blogs they liked. It was how you discovered things. Then social media happened, algorithms took over discovery, and blogrolls mostly disappeared.

The IndieWeb crowd has been pushing to bring them back, and I think they're right. If you read someone's blog and like it, why not tell your visitors about it? It costs nothing.

I wanted a blogroll for this site, but I didn't want a boring <ul> of links. I wanted something with personality. So I went with a retro terminal/BBS look.

The data structure

Everything starts in constants.ts. I defined a BlogrollEntry type and an array of categories:

export const BLOGROLL_CATEGORIES = [
  "indonesian",
  "tech",
  "indieweb",
  "personal",
  "tools",
] as const;

export type BlogrollEntry = {
  name: string;
  url: string;
  feed?: string;
  description: string;
  category: (typeof BLOGROLL_CATEGORIES)[number];
};

The feed field is optional. Not every blog advertises their RSS URL in the same place, so I can override it when needed. Otherwise the OPML export falls back to appending /rss.xml to the URL.

Adding a new blog is just pushing an object onto the BLOGROLL array:

{
  name: "Wayan Jimmy",
  url: "https://blog.wayanjimmy.xyz",
  description: "Code, life, and everything in between",
  category: "indonesian",
}

No CMS, no database. It's an array in a TypeScript file.

The card component

BlogrollCard.astro is where the terminal aesthetic happens. Each card gets a few small visual details that make it feel like a BBS listing:

A › prefix before the blog name, like a terminal prompt
// before the description, styled as a code comment
A url: label showing the stripped domain
A pulsing green dot next to blogs that have an RSS feed

Here's the feed indicator, which I'm pretty happy with:

{feed && (
  <a href={feed} target="_blank" rel="noopener noreferrer"
     class="flex items-center gap-1.5 font-mono text-xs text-foreground/50 hover:text-accent"
     aria-label={`RSS feed for ${name} (opens in new tab)`}>
    <span class="relative flex h-2 w-2">
      <span class="absolute inline-flex h-full w-full motion-safe:animate-ping rounded-full bg-accent/75 opacity-75" />
      <span class="relative inline-flex h-2 w-2 rounded-full bg-accent" />
    </span>
    feed
  </a>
)}

The motion-safe:animate-ping bit is worth noting. Tailwind's motion-safe: variant means the pulsing animation only runs if the user hasn't enabled "reduce motion" in their OS settings. People with vestibular disorders don't need a bunch of blinking dots on the page.

Blog names are wrapped in <h3> tags. This wasn't my first instinct (I originally used plain <a> tags), but it means screen reader users navigating by headings can jump between blogs. Small thing, big difference.

The page layout

blogroll.astro has an ASCII art header at the top:

┌──────────────────────────────────────┐
│  BLOGROLL v1.0 :: NETWORK FEEDS      │
│  Status: ONLINE                      │
└──────────────────────────────────────┘

It's hidden on mobile with hidden sm:block because ASCII art breaks completely on small screens. The narrow viewport just can't fit the box characters without wrapping and turning the whole thing into garbage. Instead, mobile visitors get a plain-text fallback that reads BLOGROLL v1.0 :: NETWORK FEEDS // Status: ONLINE.

Below the header, blogs are grouped by category. Each group is a <section> with an aria-labelledby pointing to the category heading. The cards themselves sit in a <ul role="list"> with each card in an <li>. I know, it's just a list of links, but the semantic structure means screen readers can announce "list, 9 items" when entering a category, which is actually useful.

<ul role="list" class="grid gap-3 sm:grid-cols-2">
  {blogs.map(blog => (
    <li><BlogrollCard {...blog} /></li>
  ))}
</ul>

Two columns on desktop, one column on mobile. Nothing fancy.

OPML export

This was probably the most practical feature. blogroll.opml.ts is an Astro API route that generates an OPML file, which is the standard format for exchanging RSS subscription lists.

export const GET: APIRoute = () => {
  const categories = [...new Set(BLOGROLL.map(b => b.category))];

  const outlines = categories.map(category => {
    const blogs = BLOGROLL.filter(b => b.category === category);
    const blogOutlines = blogs.map(blog => {
      const feedUrl = blog.feed || `${blog.url.replace(/\/$/, "")}/rss.xml`;
      return `<outline type="rss" text="${escapeXml(blog.name)}" xmlUrl="${escapeXml(feedUrl)}" htmlUrl="${escapeXml(blog.url)}" />`;
    }).join("\n");
    return `<outline text="${category}">\n${blogOutlines}\n</outline>`;
  });
  // ... wrap in OPML boilerplate and return as XML
};

Blogs get grouped by category in the output, just like on the page. If a blog entry doesn't have an explicit feed URL, it falls back to ${url}/rss.xml, which works for most blogs.

There's an escapeXml helper that handles &, <, >, quotes, and apostrophes. XML is picky about these things, and I'd rather not ship a broken file because someone has an ampersand in their blog name.

The page has a download button at the bottom. Click it, save the file, and import it into Miniflux, NetNewsWire, Feedly, or whatever RSS reader you use.

Accessibility refinements

After the initial build, I went through the page with the keyboard and a screen reader. Found a few things I'd missed.

External links didn't have ARIA labels. Clicking "Wayan Jimmy" opens a new tab, and sighted users can see that from context, but a screen reader just announces the link text. I added aria-label="Visit ${name} (opens in new tab)" to every blog link so the behavior is clear.

I also added group-focus-within states to the cards. When you tab into a card, the left border accent and background change appear, matching the hover effect. Keyboard navigation should feel as intentional as mouse navigation.

Closing

A blogroll is a small feature. It took maybe a day to build. But I like what it does: it points people toward things I think are worth reading, and it does it in a way that feels like it belongs on a personal website. Not a recommendation algorithm, just a list I maintain by hand.

This is part 2 of a series about redesigning this blog.

Redesigning my blog, part 1: the audit

Fri, 13 Feb 2026 02:00:00 GMT

This blog runs on AstroPaper v5 with Astro 5 and Tailwind v4. It looked fine. It worked. But it also looked like every other AstroPaper blog on the internet, and that bugged me.

I wanted to redesign it. New layout, new typography, new everything. But before touching any CSS, I figured I should audit the codebase first. No point making something pretty if the foundation has cracks.

So I spent a weekend going through the source, running Lighthouse, poking at edge cases. I found more issues than I expected.

Security

The share links component had rel="noreferrer" on external links but was missing noopener. Modern browsers handle this fine, but older ones (looking at you, Safari on iOS 12) can still be exploited via window.opener. Easy fix:

<a href={shareUrl} target="_blank" rel="noopener noreferrer">

The search page had a worse problem. It was reading the query parameter straight from the URL and injecting it into the page without sanitization. Classic XSS vector. If someone crafted a URL with a script tag in the query string and shared it, the browser would execute it.

Then there were the fonts. Google Fonts were loading from Google's CDN, which means every visitor's IP gets sent to Google. Not ideal for privacy. I switched to self-hosting via @fontsource packages. Fonts load from my own domain now, no external requests.

SEO

This section had the most problems.

First: trailing slashes. Some URLs ended with /, some didn't. Google sees /posts/hello and /posts/hello/ as two different pages. I made sure internal links were consistent with trailing slashes, and considered adding trailingSlash: "always" to the Astro config but held off since Cloudflare Pages handles redirects automatically.

The canonical URLs were also messy. If someone shared a link with ?utm_source=twitter or whatever, that query string would end up in the <link rel="canonical"> and og:url tags. Two different URLs pointing to the same content. I wrote a small normalizeCanonical() helper in Layout.astro that strips query params and enforces the trailing slash:

function normalizeCanonical(url: string): string {
  const u = new URL(url);
  u.search = "";
  if (!u.pathname.endsWith("/")) {
    u.pathname += "/";
  }
  return u.toString();
}

The theme toggle script was another headache. It was loaded via a relative path, which meant it worked on the homepage but 404'd on nested routes like /posts/some-post/. The fix was bundling it as a regular Astro import:

---
import "@/scripts/theme.ts";
---

Bundling through Astro's import system gives you a path that works from any route, regardless of nesting depth.

I also added theme-color meta tags so mobile browsers show the correct color in the address bar for both light and dark mode:

<meta name="theme-color" content="#fff" media="(prefers-color-scheme: light)" />
<meta name="theme-color" content="#1a1a2e" media="(prefers-color-scheme: dark)" />

And an og:type meta tag was missing entirely. Small thing, but social media crawlers use it to decide how to render your link preview.

Accessibility

The theme toggle button had aria-label="auto" which is meaningless to a screen reader. "Auto" what? I changed it to describe the actual action, like "Switch to dark mode" or "Switch to light mode" depending on the current state.

View transitions were eating focus state. When you navigate between pages, Astro's view transitions swap the DOM, but they weren't moving focus to the new content. A keyboard user would lose their place after every page change. I added a focus management handler in the astro:after-swap event.

The SVG icons in social and share link components were purely decorative but didn't have aria-hidden="true". Screen readers were trying to announce them, reading out gibberish path data. Quick fix across all the icon components:

<svg aria-hidden="true" ...>

What I didn't touch

I left the visual design completely alone for now. The colors, layout, typography, spacing: all stock AstroPaper. This post is about the stuff underneath.

What's next

This is part 1 of a series about redesigning this blog. The boring stuff is done. Now the fun starts.

Why I Left Zola's Simplicity for Astro's Power

Thu, 12 Feb 2026 02:00:00 GMT

A little over a year ago, I wrote about migrating from Hugo to Zola. My reasoning back then was solid: I was tired of Go Templates' idiosyncrasies, and Zola's Tera engine felt like home (hello, Django background!). Plus, Zola is written in Rust, builds fast, and ships as a single binary. What's not to love?

I thought Zola was the endgame. Simple, fast, opinionated.

But here I am, writing this post on a blog built with Astro. Yes, I traded a Rust binary for a node_modules folder the size of a small black hole.

Why? It wasn't about speed. It was about ceiling.

The "Batteries Included" Trap

Zola is fantastic because it comes with everything you need built-in: syntax highlighting, search, image processing, Sass support. You don't need plugins. In fact, you can't really have plugins.

That's the trade-off. When Zola does exactly what you want, it's bliss. But the moment you want to step slightly outside its boundaries, you hit a wall.

For example, I wanted to add a clap button to my posts. In Zola, this meant manually wiring up client-side JavaScript, fighting with template variables to pass data to scripts, and ensuring it didn't break on different page layouts. It felt like I was fighting the tool.

Enter Astro: The "Component" Model

I resisted Astro for a long time. "It's JavaScript," I told myself. "I don't want a complex hydration process for a static blog."

But Astro's Islands Architecture changed my mind. It sends zero JavaScript to the client by default. It's just HTML generation, but with a DX that makes traditional template engines feel painful.

Coming from a Django background, I used to love template inheritance ({% block content %}). But after using Astro's component-based model, I realized how much cleaner it is to compose a UI from small, reusable parts.

Instead of a monolithic base.html with fifty {% if %} blocks, I have a <Layout> component wrapping a <Header>, <Main>, and <Footer>. If I want a specific interactive widget on just one page? I import it and use it.

---
import ClapButton from '../components/ClapButton.astro';
---

<Layout>
  <article>
    {/* Content */}
  </article>
  <ClapButton client:visible />
</Layout>

That client:visible directive is magic. It tells Astro: "Render this as static HTML, but hydrate it with JavaScript only when the user scrolls it into view."

The Ecosystem Difference

Zola lives in a small corner of the Rust ecosystem. Astro sits on top of npm.

Adding Tailwind CSS to Zola meant configuring a separate build step or relying on Zola's Sass processing. In Astro? npx astro add tailwind. Done.

Generating dynamic Open Graph images for every post? In Zola, I'd have to write an external script to run at build time. In Astro, I wrote a helper function using satori and it just works.

Yes, dealing with dependencies is annoying. But having access to the entire npm ecosystem means I stop reinventing things.

Is It Slower?

Technically, yes. Zola builds in milliseconds. Astro takes a few seconds because it has to spin up Node.js.

Does it matter? For a blog with a few hundred posts, the difference is negligible in CI/CD. The time I save developing features in Astro far outweighs the few extra seconds I wait for a deploy.

So Why Bother?

Zola is still great if you want a simple, fast, zero-dependency static site. I'd still pick it for documentation sites or quick landing pages.

But for a personal blog where I keep wanting to bolt on weird interactive things, Astro gets out of my way. I get static HTML by default and JavaScript only where I ask for it.

Is this the final migration? Of course not. But for now, I'm happy here.

The Art of Yak Shaving

Wed, 11 Feb 2026 02:00:00 GMT

In engineering, there's a term for when a simple task spirals into ten unrelated ones: yak shaving.

Here's what happened last Tuesday. I opened my laptop to change the font on my blog. I told myself it'd be 5 minutes.

But the typography package was deprecated. So I updated it. The build broke because my Node.js version was too old. So I upgraded Node. That clashed with the server's OS config. "Might as well fix that too."

3 hours later I was reading the cgroups docs in the Linux kernel manual at 2 AM. The font was still unchanged.

Sometimes your entire day of "productivity" is just fixing problems you created for yourself. But you end up learning things you never would have looked up on purpose, so it's not a total loss.

If you were busy all day and feel like you got nothing done, welcome to the club. You were just shaving a yak.

Own Nothing and Be Happy? I'll Pass.

Tue, 10 Feb 2026 02:00:00 GMT

It's wild how easy it is to live without owning anything digitally. Music, movies, photos, work files, everything lives on someone else's server, and we just pay for access.

Convenient. Until your account gets locked, or the service decides to double the price overnight. I've had both happen.

So yeah, I'm basically a digital hoarder. I run a mini PC at home as a server. My music is in FLAC on a NAS. My photos sit on a drive I can hold in my hand.

Complicated? Definitely. The electricity bill is not pretty either. But my data is actually mine. Not at some company's mercy, not subject to terms of service I never read.

Self-hosting is a lot of work for what most people get for free. But every time a service shuts down or changes its rules, I feel a little smug about it.

Over-Engineering a Clap Button, Again

Mon, 09 Feb 2026 02:00:00 GMT

In the previous post, I built a clap button for this blog using Cloudflare Workers and KV. It worked. Mostly.

The problem was concurrency. KV is an eventually consistent key-value store. When two people clap at the same time, both reads return the same value, both increment by one, and one clap disappears. Read-modify-write on KV is not atomic.

For a blog that gets three readers on a good day, this probably didn't matter. But it bugged me. I also wanted to stop storing raw IP addresses for rate limiting. So I migrated the backend to Cloudflare D1, their SQLite-at-the-edge database.

The code is on GitHub. The frontend didn't change at all.

The schema

D1 is just SQLite. I created two tables: one for clap counts, one for rate limiting.

-- migrations/0001_init.sql
CREATE TABLE IF NOT EXISTS claps (
  slug TEXT PRIMARY KEY,
  count INTEGER NOT NULL DEFAULT 0,
  updated_at INTEGER NOT NULL
);

CREATE TABLE IF NOT EXISTS rate_limits (
  ip_hash TEXT NOT NULL,
  slug TEXT NOT NULL,
  window_start INTEGER NOT NULL,
  count INTEGER NOT NULL DEFAULT 0,
  updated_at INTEGER NOT NULL,
  PRIMARY KEY (ip_hash, slug, window_start)
);

CREATE INDEX IF NOT EXISTS idx_rate_limits_window_start
  ON rate_limits(window_start);

Two things to note. First, ip_hash stores a SHA-256 hash of the IP address, salted with an environment variable. No raw IPs touch the database. Second, the composite primary key (ip_hash, slug, window_start) means rate limits are scoped per user, per post, per hour window.

Atomic writes

This was the whole point of the migration. With KV, incrementing a counter required three steps: read the current value, add to it, write it back. If two requests overlap, one write clobbers the other.

With D1, I use ON CONFLICT ... DO UPDATE to make the whole thing a single statement. No read step, no race.

// Rate limit + increment in a batch
const rateLimitStmt = c.env.DB.prepare(`
  INSERT INTO rate_limits (ip_hash, slug, window_start, count, updated_at)
  VALUES (?1, ?2, ?3, ?4, ?5)
  ON CONFLICT(ip_hash, slug, window_start) DO UPDATE SET
    count = rate_limits.count + excluded.count,
    updated_at = excluded.updated_at
  WHERE rate_limits.count + excluded.count <= ?6
`).bind(ipHash, slug, windowStart, incrementBy, now, MAX_CLAPS_PER_IP);

const clapsStmt = c.env.DB.prepare(`
  INSERT INTO claps (slug, count, updated_at)
  VALUES (?1, ?2, ?3)
  ON CONFLICT(slug) DO UPDATE SET
    count = claps.count + excluded.count,
    updated_at = excluded.updated_at
  RETURNING count
`).bind(slug, incrementBy, now);

const [rateLimitResult, clapsResult] = await c.env.DB.batch([
  rateLimitStmt,
  clapsStmt,
]);

The WHERE clause on the rate limit insert is doing double duty. If the user has already exceeded the limit, the insert silently does nothing (zero rows changed). I check rateLimitResult.meta.changes after the batch and return a 429 if it's zero. The clap count only goes up if the rate limit allows it, and it all happens in one round trip.

Hashing IPs

KV stored raw IPs as part of the rate limit key. That felt wrong. D1 gave me a reason to fix it.

async function sha256Hex(env, input) {
  const salt = env.IP_HASH_SALT || '';
  const data = new TextEncoder().encode(salt + ':' + input);
  const hash = await crypto.subtle.digest('SHA-256', data);
  return [...new Uint8Array(hash)]
    .map(b => b.toString(16).padStart(2, '0'))
    .join('');
}

The salt is an environment variable in wrangler.toml. Even if someone gets access to the database, they can't reverse the IPs without the salt. It's not bulletproof, but it's a lot better than storing 192.168.1.42 in plaintext.

Cleaning up expired rate limits

KV had a nice feature for this: expirationTtl. Set a TTL when you write a key, and KV deletes it automatically. D1 doesn't have TTL. Rows stick around until you delete them.

I added a scheduled handler that runs once a day at midnight UTC. It deletes rate limit rows older than two hours in batches to avoid timeouts and keep D1 billing reasonable.

export default {
  fetch: app.fetch,
  async scheduled(event, env) {
    const cutoff = Date.now() - (2 * 60 * 60 * 1000);
    const BATCH_SIZE = 1000;

    while (true) {
      const result = await env.DB.prepare(`
        DELETE FROM rate_limits
        WHERE rowid IN (
          SELECT rowid FROM rate_limits
          WHERE window_start < ?1
          ORDER BY window_start
          LIMIT ?2
        )
      `).bind(cutoff, BATCH_SIZE).run();

      if (result.meta.changes < BATCH_SIZE) break;
    }
  }
};

The ORDER BY window_start LIMIT ?2 pattern is intentional. D1 charges per row read, so a batched subquery that uses the index on window_start is cheaper than a blanket DELETE WHERE window_start < cutoff that might scan the whole table.

Migrating the data

I had about 10 clap records in KV. Not exactly a big data migration, but I still wanted to do it properly.

I created a temporary admin endpoint that iterated through all claps:* keys in KV and upserted them into D1. Ran it once, verified the counts matched with wrangler d1 execute, then deleted the endpoint and removed the KV binding.

The wrangler config

The wrangler.toml changes are minimal. Swap the KV binding for a D1 binding and add a cron trigger.

name = "clap-backend"
main = "worker.js"

[vars]
ALLOWED_ORIGINS = "https://rezhajul.io,http://localhost:2222"
MAX_CLAPS_PER_REQUEST = "10"
MAX_CLAPS_PER_IP = "50"

[[d1_databases]]
binding = "DB"
database_name = "clap-backend"
database_id = "YOUR_D1_DATABASE_ID_HERE"
migrations_dir = "migrations"

[triggers]
crons = ["0 0 * * *"]

Was it worth it?

For a blog with my traffic, honestly, probably not. KV would have been fine for years. But the migration took about two hours, and now I don't have to think about lost writes or storing raw IPs. D1's free tier is generous enough that I'm not paying anything extra.

If you're building something similar and expect any real concurrency, skip KV and start with D1. The atomic writes alone are worth it.

Auto-Publishing Scheduled Posts with GitHub Actions

Sun, 08 Feb 2026 02:00:00 GMT

My blog has had "scheduled posts" for a while now. I set a pubDatetime in the future, and Astro's build process filters it out until that date passes. Simple enough.

The problem: nothing actually triggers a rebuild when that date arrives. The post just sits there, technically publishable, until I push something to master. Which means I'm either pushing a dummy commit at noon or just forgetting about it entirely.

I wanted a cron job that runs daily, checks if there's anything new to publish, and deploys only when needed. No unnecessary builds, no wasted CI minutes.

How scheduled posts work here

Every post has a pubDatetime in its frontmatter:

pubDatetime: 2026-02-08T09:00:00+07:00

At build time, a filter function checks whether that datetime has passed (with a 15-minute grace period):

const postFilter = ({ data }: AnyPost) => {
  const isPublishTimePassed =
    Date.now() >
    new Date(data.pubDatetime).getTime() - SITE.scheduledPostMargin;
  return !data.draft && (import.meta.env.DEV || isPublishTimePassed);
};

So the post exists in the repo but won't appear on the site until a build happens after its pubDatetime. The missing piece is triggering that build automatically.

The check script

I wrote a small script (scripts/check-scheduled-posts.ts) that scans all markdown files in src/data/blog, src/data/notes, and src/data/links. For each file, it parses the frontmatter, extracts pubDatetime and draft, and decides whether the post is "due", meaning it's publishable now but was created after the last successful deploy.

The "last deploy" part is the interesting bit. On the first run there's no cached timestamp, so everything publishable counts as due. After a successful deploy, the workflow saves the current UTC time to a file and caches it with actions/cache/save. On subsequent runs, it restores that cache and only flags posts whose effective publish time falls after the last deploy.

const effectivePub = pub.getTime() - MARGIN_MS;
const publishableNow = now.getTime() >= effectivePub;

if (!publishableNow) continue;

if (lastDeploy) {
  const isNewSinceLastDeploy = pub.getTime() > lastDeploy.getTime();
  if (isNewSinceLastDeploy) {
    due.push(file);
  }
} else {
  due.push(file);
}

This approach handles missed runs gracefully. If GitHub Actions skips a day (outages happen), the next run still picks up yesterday's post because the window extends back to the last successful deploy, not just "today."

The script outputs should_deploy=true or false as a GitHub Actions step output, along with the count and list of due files.

The workflow

The deploy workflow now has a schedule trigger at 0 5 * * * (5 AM UTC, which is noon Jakarta time). It runs two jobs:

check_scheduled_posts restores the cached timestamp, runs the check script, and outputs whether a deploy is needed.
deploy is the actual build and deploy, gated by a conditional:

if: >-
  ${{ github.event_name != 'schedule' ||
      needs.check_scheduled_posts.outputs.should_deploy == 'true' }}

Push, manual dispatch, and workflow_run triggers always deploy. The scheduled trigger only deploys when the check says there's something new.

After a successful deploy, it saves the timestamp:

- name: Save deploy timestamp
  run: date -u +"%Y-%m-%dT%H:%M:%SZ" > .last-deploy-timestamp

- name: Cache deploy timestamp
  uses: actions/cache/save@v4
  with:
    path: .last-deploy-timestamp
    key: last-deploy-ts-${{ github.run_id }}

Using github.run_id as part of the cache key ensures each deploy creates a new cache entry. The restore step uses restore-keys: last-deploy-ts- to grab the most recent one.

Testing it locally

Running the script without a timestamp file simulates a first deploy. It flags every publishable post:

$ bun run scripts/check-scheduled-posts.ts
Last deploy: (none, first run)
Posts due since last deploy: 368

Writing a recent timestamp and running again shows it correctly narrows the window:

$ echo "2026-02-06T04:00:00Z" > .last-deploy-timestamp
$ bun run scripts/check-scheduled-posts.ts
Last deploy: 2026-02-06T04:00:00.000Z
Posts due since last deploy: 1
  - src/data/blog/the-lazy-sysadmins-guide-to-docker.md

And with a timestamp after all current posts:

$ echo "2026-02-07T04:00:00Z" > .last-deploy-timestamp
$ bun run scripts/check-scheduled-posts.ts
Last deploy: 2026-02-07T04:00:00.000Z
Posts due since last deploy: 0

No posts due, no deploy. Exactly what I wanted.

Why not just run the cron unconditionally?

I could skip the check entirely and just build every day at noon. The site is small, builds take under a minute, and Astro is fast. But I like the idea of my CI being quiet when there's nothing to do. GitHub Actions has usage limits even for public repos, and I'd rather save those minutes for actual work.

Plus the check script doubles as a useful debugging tool. I can run it locally to see what's scheduled and when.

The full setup

Two files make this work. Since my repo is private, here they are in full.

The check script

scripts/check-scheduled-posts.ts, no dependencies, just Bun running TypeScript directly. It parses frontmatter with a simple regex, which works fine because my frontmatter is consistent. If yours isn't, you might want to pull in gray-matter or similar.

import { readdir, readFile, appendFile } from "node:fs/promises";
import { join } from "node:path";

const TZ = "Asia/Jakarta";
const MARGIN_MS = 15 * 60 * 1000;
const TIMESTAMP_FILE = ".last-deploy-timestamp";

const ROOT_DIRS = ["src/data/blog", "src/data/notes", "src/data/links"];

interface Frontmatter {
  pubDatetime: string | null;
  draft: boolean;
}

function formatYMDInTZ(date: Date, timeZone: string): string {
  return new Intl.DateTimeFormat("en-CA", {
    timeZone,
    year: "numeric",
    month: "2-digit",
    day: "2-digit",
  }).format(date);
}

function parseFrontmatter(raw: string): Frontmatter | null {
  if (!raw.startsWith("---")) return null;

  const lines = raw.split(/\r?\n/);
  if (lines[0].trim() !== "---") return null;

  let end = -1;
  for (let i = 1; i < lines.length; i++) {
    if (lines[i].trim() === "---") {
      end = i;
      break;
    }
  }
  if (end === -1) return null;

  const fmLines = lines.slice(1, end);

  const getScalar = (key: string): string | null => {
    const re = new RegExp(`^\\s*${key}\\s*:\\s*(.+?)\\s*$`);
    for (const line of fmLines) {
      const m = line.match(re);
      if (m) {
        let v = m[1].trim();
        if (
          (v.startsWith('"') && v.endsWith('"')) ||
          (v.startsWith("'") && v.endsWith("'"))
        ) {
          v = v.slice(1, -1);
        }
        return v;
      }
    }
    return null;
  };

  const pubDatetime = getScalar("pubDatetime");
  const draftRaw = getScalar("draft");
  const draft = draftRaw ? draftRaw.toLowerCase() === "true" : false;

  return { pubDatetime, draft };
}

async function listMarkdownFiles(dir: string): Promise<string[]> {
  let entries;
  try {
    entries = await readdir(dir, { withFileTypes: true });
  } catch {
    return [];
  }
  return entries
    .filter(e => e.isFile() && e.name.endsWith(".md"))
    .map(e => join(dir, e.name));
}

async function getLastDeployTime(): Promise<Date | null> {
  try {
    const raw = await readFile(TIMESTAMP_FILE, "utf8");
    const ts = new Date(raw.trim());
    if (!Number.isNaN(ts.getTime())) return ts;
  } catch {
    // no cached timestamp
  }
  return null;
}

async function setOutput(key: string, value: string): Promise<void> {
  const outPath = process.env.GITHUB_OUTPUT;
  const line = `${key}=${value}\n`;
  if (outPath) {
    await appendFile(outPath, line);
    return;
  }
  process.stdout.write(line);
}

async function main() {
  const now = new Date();
  const lastDeploy = await getLastDeployTime();

  const allFiles = (
    await Promise.all(ROOT_DIRS.map(d => listMarkdownFiles(d)))
  ).flat();

  const due: string[] = [];

  for (const file of allFiles) {
    const raw = await readFile(file, "utf8");
    const fm = parseFrontmatter(raw);
    if (!fm || !fm.pubDatetime) continue;
    if (fm.draft) continue;

    const pub = new Date(fm.pubDatetime);
    if (Number.isNaN(pub.getTime())) continue;

    const effectivePub = pub.getTime() - MARGIN_MS;
    const publishableNow = now.getTime() >= effectivePub;

    if (!publishableNow) continue;

    if (lastDeploy) {
      const isNewSinceLastDeploy = pub.getTime() > lastDeploy.getTime();
      if (isNewSinceLastDeploy) {
        due.push(file);
      }
    } else {
      due.push(file);
    }
  }

  const shouldDeploy = due.length > 0;

  await setOutput("should_deploy", shouldDeploy ? "true" : "false");
  await setOutput("due_count", String(due.length));
  await setOutput("due_files", due.join(","));

  console.log(
    [
      `Now (UTC): ${now.toISOString()}`,
      `Today (Asia/Jakarta): ${formatYMDInTZ(now, TZ)}`,
      `Last deploy: ${lastDeploy ? lastDeploy.toISOString() : "(none, first run)"}`,
      `Posts due since last deploy: ${due.length}`,
      ...(due.length ? due.map(f => `  - ${f}`) : []),
    ].join("\n")
  );
}

main().catch(err => {
  console.error(err);
  process.exit(1);
});

The workflow

The relevant parts of .github/workflows/deploy.yml. Your deploy step will look different depending on your hosting setup -- I use SSH/rsync to a VPS, but Cloudflare Pages, Vercel, or Netlify would work the same way with their respective deploy actions.

name: Deploy Astro Site

on:
  workflow_dispatch:
  push:
    branches:
      - master
  schedule:
    # 12:00 Asia/Jakarta (UTC+7) == 05:00 UTC
    - cron: "0 5 * * *"

concurrency:
  group: deploy-astro-site
  cancel-in-progress: false

jobs:
  check_scheduled_posts:
    name: Check scheduled posts
    runs-on: ubuntu-latest
    outputs:
      should_deploy: ${{ steps.check.outputs.should_deploy }}
      due_count: ${{ steps.check.outputs.due_count }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup Bun
        uses: oven-sh/setup-bun@v1
        with:
          bun-version: latest

      - name: Restore last deploy timestamp
        uses: actions/cache/restore@v4
        with:
          path: .last-deploy-timestamp
          key: last-deploy-ts-
          restore-keys: |
            last-deploy-ts-

      - id: check
        name: Check for posts due since last deploy
        run: bun run scripts/check-scheduled-posts.ts

  deploy:
    name: Build and deploy
    runs-on: ubuntu-latest
    needs: [check_scheduled_posts]
    if: >-
      ${{ github.event_name != 'schedule' ||
          needs.check_scheduled_posts.outputs.should_deploy == 'true' }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup Bun
        uses: oven-sh/setup-bun@v1
        with:
          bun-version: latest

      - name: Install Dependencies
        run: bun install

      - name: Build Astro Site
        run: bun run build

      # Replace this with your own deploy step
      - name: Deploy to Server
        run: echo "Deploy your site here"

      - name: Save deploy timestamp
        run: date -u +"%Y-%m-%dT%H:%M:%SZ" > .last-deploy-timestamp

      - name: Cache deploy timestamp
        uses: actions/cache/save@v4
        with:
          path: .last-deploy-timestamp
          key: last-deploy-ts-${{ github.run_id }}

Now I can write a post, set the date, and forget about it. The blog takes care of the rest at noon.

The Lazy Sysadmin's Guide to Docker Maintenance

Sat, 07 Feb 2026 01:00:00 GMT

Manually running docker compose pull and docker compose up -d every time an update drops is exhausting. We have better things to do.

But ignoring updates isn't an option either. Security patches matter. New features are nice.

So I built a lazy stack: Watchtower + Telegram notifications. My homelab updates itself at 4 AM and tells me what happened when I wake up.

The tool: Watchtower

Watchtower automates Docker container base image updates. It checks for new images, pulls them, and gracefully restarts your containers with the exact same options you used to deploy them.

The configuration

I use docker-compose. Clean, reproducible, easy to backup.

services:
  watchtower:
    image: containrrr/watchtower
    container_name: watchtower
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /etc/localtime:/etc/localtime:ro
    environment:
      # Use a recent API version to avoid "client version too old" errors on Arch/Modern Docker
      - DOCKER_API_VERSION=1.45
      
      # Clean up old images after update to save disk space
      - WATCHTOWER_CLEANUP=true
      
      # Schedule it! (Cron format: Seconds Minutes Hours Day Month Weekday)
      # This runs at 04:00 AM every day.
      - WATCHTOWER_SCHEDULE=0 0 4 * * *
      
      # Silence the startup banner in logs
      - WATCHTOWER_NO_STARTUP_MESSAGE=true
      
      # NOTIFICATIONS (The fun part)
      - WATCHTOWER_NOTIFICATIONS=shoutrrr
      - WATCHTOWER_NOTIFICATION_URL=telegram://YOUR_BOT_TOKEN@telegram?channels=YOUR_CHAT_ID

Breaking down the config

Scheduling (WATCHTOWER_SCHEDULE): I set it to 0 0 4 * * *. Why 4 AM? I'm asleep, and if something breaks, I won't notice until morning anyway. Internet traffic is also low.
Cleanup (WATCHTOWER_CLEANUP): Removes the old image after pulling the new one. No more docker system prune panic when your disk hits 100%.
API Version (DOCKER_API_VERSION): If you're on a bleeding-edge distro like Arch, Watchtower might complain that its client is too old. Setting the version (e.g., 1.45) fixes this.

Setting up notifications

Updates are great, but silent updates are scary. I want to know what happened.

Watchtower supports Shoutrrr, which connects to basically everything (Discord, Telegram, Slack, Email, Gotify, etc.).

For Telegram:

Create a bot with @BotFather to get a token.
Get your Chat ID (use @userinfobot or similar).
Format the URL: telegram://TOKEN@telegram?channels=CHAT_ID.

Now every morning I wake up to a message like:

Found new image for container my-app... Updated!

This setup takes 5 minutes and saves hours of manual work over a year.

For mission-critical databases, pin your versions. But for typical homelab services (Plex, *arr apps, simple web servers), it works fine.

You Can't Stack Overflow a Deadlift

Fri, 06 Feb 2026 00:52:00 GMT

I'm comfortable in a terminal. I debug race conditions. I have strong opinions about system architecture, probably wrong ones. In tech, I'm a "Senior."

Then I walked into a gym last week. Wasn't a Senior anymore.

I stood there staring at a machine, trying to figure out which way to sit on it, hoping no one noticed. Shaking under an empty bar. Total noob.

Best refresher course on software engineering I've had in years.

Looking stupid

The free weights section is terrifying. Felt exactly like my first day as a junior dev pushing code to production. Everyone else looks like they know what they're doing. You feel watched.

We tell juniors "just ask questions," but we forget how paralyzing it feels to ask a "stupid" one.

I had to swallow my pride and ask a trainer how to do a proper squat. If I hadn't, I'd have hurt myself. Same thing happens in code. If juniors don't ask, they hurt the codebase. Being a beginner again reminded me to go easier on the new folks. We were all shaking under the empty bar once.

You can't copy-paste strength

I'm used to shortcuts. Don't know how to center a div? Google it. Copy-paste. Move on.

At the gym, I watched a YouTube video on "best chest workout" and thought I had it figured out. Then I got under the bar. Gravity doesn't care about your theoretical knowledge.

You can't copy-paste strength. Can't ChatGPT your way to a personal record.

Made me realize how much of modern development is gluing things together versus actually understanding them. Lifting forced me to feel the mechanics, not just memorize output. Made me want to go back and understand how my tools work, not just how to use them.

Consistency beats motivation

Coding has flow states. You blink and four hours are gone.

The gym hasn't been fun yet. My muscles ache. I'm tired. It sucks. I go anyway.

The most valuable code isn't written during a manic 3am burst. It's written on a Tuesday afternoon when you're bored but you write the unit tests anyway.

The gym teaches the same thing. Forget the highlight reel. Results don't come from one intense session. They come from showing up when you don't want to.

Ego lifting

The guy next to me is curling my squat weight like it's styrofoam. I want to grab the heavier dumbbells. That's ego lifting. Do that and I tear a muscle.

Coding has the same trap. Skip docs because "I'll figure it out." Skip tests because "it's simple."

Being physically weak forced me to respect the process. Start light. Check form. Rest. Thinking you're too smart for the basics is the fastest way to break production.

Being a gym noob stripped away the ego I built up in my career. Growth happens when you're shaking under a barbell or staring at a panic log.

So I keep showing up. Keep lifting the light weights. Maybe the code gets stronger too.

Why I Moved My AI Brain to a Homelab

Thu, 05 Feb 2026 08:00:00 GMT

For the last year, my AI assistant (Cici, running on OpenClaw) lived in the cloud. She was hosted on a decent VPS in Singapore. It worked fine. I paid my monthly bill, I SSH'd in when I needed to, and she was always there.

But last weekend, I killed the server.

I migrated everything to a physical box sitting in my home rack.

Why on earth would I move from a reliable datacenter to a DIY box at home?

1. The cost vs. power ratio

Let's talk specs.

My VPS ($10/month):

2 vCPU
4GB RAM
80GB SSD
Shared resources (noisy neighbors)

My Homelab:

Intel Core i5 (Gen 7)
16GB RAM
256GB SSD (System)
20TB HDD (Data/Media)

In the cloud, storage and RAM are expensive. Running OpenClaw + Docker containers on 4GB RAM was a constant juggling act. OOM (Out of Memory) kills were my daily breakfast.

On the local machine? I have 16GB RAM and plenty of storage. I can keep multiple Docker containers running without OOM kills, and Cici now has access to 20TB of storage. She can manage my media library, process backups, and hoard data without me worrying about block storage fees.

2. Latency

My VPS ping was ~20ms. Not bad. But my server is now on my local LAN.

The latency is sub-1ms.

When I'm coding and asking Cici to grep a massive codebase or perform file operations, that speed difference adds up. It feels snappy. It feels local.

3. Data sovereignty (and paranoia)

I know exactly where my data lives. Cici's memory files (MEMORY.md), my personal logs, my API keys. They aren't on someone else's computer anymore. They are on a drive I can physically pull out.

If the internet goes down, my assistant doesn't disappear (mostly). She can still control my local smart home, organize my files, and run local scripts.

4. The tinkering factor

I'll be honest: part of this is just the joy of tinkering.

On a VPS, you SSH in, do your thing, log out. It's sterile. There's no personality to it.

With a homelab, I get to hear the fans spin up when Cici is processing something heavy. I can walk over and check the blinking lights. When something breaks, I physically reseat a cable or swap a drive. It's tactile. It's mine.

Running your own server also means dealing with things a VPS abstracts away. Power outages, UPS battery health, fan curves. It's a different kind of maintenance.

The migration process

It wasn't smooth.

OS: I installed Arch Linux. (Btw, I use Arch). It gives me minimal bloat and the latest kernels.
Networking: I use Tailscale to access Cici from anywhere. Whether I'm at a coffee shop or in bed, I have a secure, direct tunnel to my home server despite the CGNAT.
Backup: I used rsync to pull Cici's "brain" (her clawd directory) from the VPS. She woke up on the new machine, read her MEMORY.md, and realized she had moved.

The downsides

There are trade-offs.

Power bill. The server draws about 10W idle (I measured with a kill-a-watt). That's roughly 7 kWh/month, which adds maybe $1-2 to my electricity bill. Way cheaper than the VPS.

Uptime is my problem now. When the VPS went down, I filed a ticket and waited. When my homelab goes down, I'm the one crawling behind the rack at 2am. Last week the power flickered and I had to reconfigure my UPS settings.

ISP drama. My ISP gives me CGNAT, which means no direct inbound connections. Tailscale solves this for me, but if you want to host public services, you'll need a VPS as a tunnel endpoint anyway. Ironic.

Noise and heat. The server sits on my desk. The fans are quiet most of the time, but when Cici is processing something heavy, I hear it. It's not annoying, just present.

Cloud is convenient. But running your own hardware changes things.

The homelab gives my AI assistant more room to grow. She's faster, has text embeddings stored locally, and 20TB of storage to play with.

If you have an old PC collecting dust, try self-hosting your agent. Yesterday Cici reminded me she could now access my entire photo archive. That wouldn't have happened on a 80GB VPS.

Bringing Interactivity to a Static Blog: The Clap Button

Wed, 04 Feb 2026 02:00:00 GMT

I love my Astro blog. It's fast, cheap to host, and I don't have to worry about security patches. But it's also lonely. When I publish something, I have no idea if anyone actually read it, let alone liked it.

I didn't want to install a heavy comment system like Disqus or utteranc.es just yet. I wanted something low-friction. The "Clap" button on Medium is perfect for this—it's anonymous, satisfying to click, and gives me just enough signal to know if a post landed.

So I built one. The full code is on GitHub if you want to deploy your own.

The stack:

Backend: Cloudflare Workers (Hono) + KV Storage
Frontend: Preact (Astro Island)
State: Optimistic updates + Debouncing

The backend (Cloudflare Workers)

The code below is simplified for clarity. See the full implementation for slug validation, proper rate limiting, and configurable CORS.

I needed a place to store the counters. Cloudflare KV works well here—eventual consistency is fine for likes, and reads are fast.

I wrote a small API using Hono. It has two jobs: get the count, and increment it.

// worker.js
import { Hono } from 'hono';
import { cors } from 'hono/cors';

const app = new Hono();
const MAX_CLAPS_PER_IP = 50;

// Security: Lock this down to your domain in production
app.use('/*', cors({
  origin: (origin) => origin.endsWith('rezhajul.io') ? origin : null,
}));

app.post('/claps/:slug', async (c) => {
  const { slug } = c.req.param();
  const ip = c.req.header('CF-Connecting-IP');
  
  // 1. Rate Limiting (Simplest implementation)
  const rlKey = `rl:${ip}:${slug}`;
  const rlData = await c.env.BLOG_CLAPS.get(rlKey, { type: 'json' }) || { count: 0 };
  
  const body = await c.req.json().catch(() => ({ count: 1 }));
  const increment = Math.min(body.count || 1, 10); // Batch limit

  if (rlData.count + increment > MAX_CLAPS_PER_IP) {
    return c.json({ error: 'Too many claps' }, 429);
  }

  // 2. Update Rate Limit
  rlData.count += increment;
  await c.env.BLOG_CLAPS.put(rlKey, JSON.stringify(rlData), { expirationTtl: 3600 }); // 1 hour TTL

  // 3. Update Global Count
  const key = `claps:${slug}`;
  const current = await c.env.BLOG_CLAPS.get(key);
  const next = parseInt(current || '0', 10) + increment;
  
  await c.env.BLOG_CLAPS.put(key, next.toString());
  
  return c.json({ count: next });
});

export default app;

I implemented a simple rate limiter using the user's IP. You can clap up to 50 times per post per hour. This stops script kiddies from inflating the numbers while letting enthusiastic readers (like my mom) click away.

The frontend (Preact island)

For the button, I used Preact. It's tiny (3KB) and I don't need the full weight of React for a single button.

The tricky part is making it feel instant. I use optimistic UI updates: the number goes up immediately when you click, even before the server responds. I also debounce the network requests. If you click 10 times in one second, the browser only sends one request to the server saying "add 10".

// src/components/ClapButton.tsx
import { useState, useRef } from 'preact/hooks';
import confetti from 'canvas-confetti';

export default function ClapButton({ slug, apiUrl }) {
  const [count, setCount] = useState(0);
  const [userClaps, setUserClaps] = useState(0); // Track local session
  const debounceTimer = useRef(null);
  const pendingClaps = useRef(0);

  const handleClap = () => {
    if (userClaps >= 50) return;

    // 1. Optimistic Update
    setCount(c => c + 1);
    setUserClaps(c => c + 1);
    pendingClaps.current += 1;

    // 2. Confetti! 🎉
    confetti({
      particleCount: 15,
      spread: 40,
      origin: { y: 0.7 },
      colors: ['#FFD700', '#FFA500']
    });

    // 3. Debounce API Call
    if (debounceTimer.current) clearTimeout(debounceTimer.current);
    
    debounceTimer.current = setTimeout(async () => {
      const payload = { count: pendingClaps.current };
      pendingClaps.current = 0;
      
      await fetch(`${apiUrl}/claps/${slug}`, {
        method: 'POST',
        body: JSON.stringify(payload)
      });
    }, 1000);
  };

  return (
    <button onClick={handleClap} disabled={userClaps >= 50}>
      <span className="text-2xl">👏</span>
      <span className="font-bold">+{userClaps}</span>
    </button>
  );
}

Integrating into Astro

Astro makes this trivial. I just drop the component into my layout and tell Astro to hydrate it when it becomes visible.

<!-- src/layouts/PostDetails.astro -->
<div class="my-8 flex justify-between">
  <ShareLinks />
  <ClapButton slug={slug} client:visible />
</div>

The client:visible directive matters. If a user never scrolls down to the bottom of the article, the JavaScript for this button never loads.

It's a small feature, but it closes the loop. Writing into the void is hard. Seeing a counter go up, even by one, is a nice reminder that there's a human on the other side of the screen.

Go ahead, try it out below.

Why "Dumb" Agents Are Winning: The Case for Shell-First AI

Tue, 03 Feb 2026 10:00:00 GMT

Complexity is the enemy of reliability.

There's a split happening in the AI coding space. On one side, you have agents that try to replicate the full IDE experience. They spin up language servers, parse ASTs, manage context windows, and attempt to reason like a senior engineer.

On the other side, you have tools like Pi (by badlogicgames) and OpenClaw (what I use). They're comparatively stupid. No deep semantic understanding of your codebase. They mostly just run shell commands.

Guess which ones I actually use.

The bloat problem

I keep seeing people praise Pi for being simple. And honestly? That tracks.

When an agent tries to be too smart, things break. Parsing a large codebase to build the "perfect" context window takes forever. If the LSP crashes or the environment is slightly off, the whole thing hangs. And here's the weird part: giving an LLM 100 files of context often confuses it more than giving it 3 relevant ones.

I've tried the "smart" agents. They feel like driving a Tesla that decides to update its firmware while you're on the highway. Cool tech. But I just need groceries.

When smart agents choke

I keep seeing the same complaints on Twitter and HN. Someone asks an agent a simple question about a medium-sized codebase. The agent spends 3 minutes "analyzing" before it can answer where a function is defined.

Meanwhile grep -rn "func DoThing" . would have answered in 200 milliseconds.

Or the agent tries to refactor something and loads the entire project into context, including node_modules from a completely unrelated frontend folder. Then it hallucinates imports from packages that aren't installed. The "smart" context selection makes things worse.

Maybe people are using these tools wrong. But the pattern seems consistent: agent tries to be clever, agent gets confused, developer wastes 10 minutes watching a spinner.

Shell-first

My self-hosted agent, Cici (running OpenClaw), works on a simpler principle: if you can do it in the terminal, she can do it too.

No magic "Refactor Codebase" button. She just runs:

grep -r "pattern" . to find files
read file.ts to see content
sed or write to change it
bun test to verify

This is how I work anyway. It's transparent. If grep fails, I see the exit code. I don't have to guess why some internal "thinking process" got stuck.

It's not magic. It's just unix.

The server migration

Yesterday, I migrated my home server. I asked Cici to find all .avi files, convert them to .mp4, and delete the originals.

A smarter agent might have analyzed video metadata, checked codecs using some library, or asked me about bitrate preferences.

Cici just ran find piped to ffmpeg.

find /mnt/data -name "*.avi" -exec ffmpeg -i {} ... \;

Brute force. Stupid. Worked perfectly while I was at the office.

Self-hosting makes this easier

The shell-first approach is easy to extend. If I want my agent to support a new tool, I don't wait for a plugin update. I just install the CLI.

Need network speed? speedtest-cli. Docker management? Already there.

The agent is an extension of my terminal, which is the thing I actually know how to use.

The obvious downsides

Look, I'm not saying dumb agents are better at everything.

Cici is bad at renaming variables. She'll grep for the string and replace it, which works until there's another variable with a similar name or the string shows up in a comment. Then she breaks things.

She also can't debug across multiple files. If an error involves understanding how three modules interact, she's useless. She doesn't hold that kind of context.

For those cases I just open Ampcode in Termius and paste in the prompt myself. It's more manual but at least I know what context it's working with.

Why I trust dumb tools more

This probably sounds backwards, but I trust the dumb agent more because I can see what it's doing.

When Cici messes up, I see the command. I can run it myself. I can fix it.

When a smart agent messes up, I'm left guessing. Did it read the wrong file? Did it get confused by something in the context? Who knows. The failure mode is a 30-second spinner followed by nonsense.

The middle ground exists

Someone's going to point out that tools like Sourcegraph or zread.ai solve the context problem without going full "dumb agent." And yeah, fair. Code search that actually understands your codebase is different from an agent that tries to load everything into memory.

I haven't used zread.ai but I've messed with Sourcegraph and it's good at finding the right files fast. If something like that fed context into an LLM instead of the agent trying to figure it out itself, that might actually work.

Maybe the answer isn't "dumb agents" vs "smart agents" but "agents that let humans pick context" vs "agents that guess." I'm not sure. Still figuring it out.

Anyway

I'm probably wrong about half of this. The smart agents will get better. Someone will figure out how to do context selection without eating my entire node_modules folder.

But for now? I'll take grep and an LLM over a black-box agent.

The Reality of AI Pair Programming: It's Not Magic, It's Management

Mon, 02 Feb 2026 14:20:00 GMT

The hype around AI coding agents like Cursor, Copilot, Claude Code is loud. Twitter (or X, whatever) is full of demos showing agents building entire apps from a single prompt. People call it "vibe coding." You just vibe, the AI codes.

But after spending a weekend migrating my home server with Cici (my OpenClaw agent), I have a different take.

AI doesn't replace the engineer. It forces you to become an engineering manager.

The "vibe coding" trap

Dax, creator of SST and OpenCode, said it best: "you can vibe code all of it who cares... but everyone will know they can feel it in your work how lazy you've become."

It's easy to get addicted to the speed. You ask for a feature, the terminal flies, and suddenly you have code. But AI is a yes-man. It will confidently generate code that works now but rots later.

I ran into this. I asked Cici to check my router.

Cici: "I'll try to hack the login page using a standard POST request!" Me: "Wait, that's a modern TP-Link AX router. It uses a Vue.js SPA and encrypted tokens. That old curl method won't work."

If I hadn't stepped in, the agent would have wasted cycles trying 2015-era exploits on 2025 hardware. That's the trap. If you don't know the domain, you can't manage the agent. You're just blindly approving pull requests from a junior dev who drank too much coffee.

From writer to editor

I used to spend 80% of my time typing syntax. for (let i = 0; i < n; i++). Now, I type English.

But the mental load hasn't disappeared. It shifted.

Before, I was the writer. I owned every character.
Now, I am the editor. I review diffs and catch logic errors before they ship.

This is actually harder in some ways. Reading code is harder than writing it. When you write, you build a mental model step-by-step. When you review AI code, you have to reverse-engineer its mental model instantly to spot bugs.

If you get lazy and stop reading the code, if you just "vibe," you are building technical debt at 100x speed.

Context is king

AI is smart, but it's amnesiac. It doesn't know your network topology, your naming conventions, or why you hate useEffect.

The success of my server migration wasn't because the model was a genius. It was because I spent hours writing documentation for the agent.

TOOLS.md: Listed my server IP, router model, and storage paths.
MEMORY.md: Logged past decisions so we didn't repeat mistakes.

When I asked Cici to move the backup folder, she didn't ask "which folder?" or "where?". She read the context, found the path /mnt/data/Downloads/Backup, and executed the move.

Documentation is no longer just for humans. It's the API for your AI agent.

It's still fun (but different)

Don't get me wrong, I'm not going back.

Handling that migration manually would have been a chore. Finding 40 scattered .avi files, converting them to .mp4, and deleting the originals? That's boring work.

With the agent, I said:

Find all AVIs, convert them to MP4 using 2 cores (low priority), and delete the source.

And it happened in the background while I went to work. That felt like a superpower.

We aren't "coding" less. We're solving problems faster. The syntax is becoming optional.

Treat your AI agent like a talented, eager, but slightly hallucinating intern.

Give them clear docs and review their work before it hits production. And please, for the love of clean code, don't just "vibe."

Manage them.

Reducing OpenClaw Heartbeat Token Usage

Sun, 01 Feb 2026 14:30:00 GMT

Running an AI agent 24/7 sounds cool until you see the token bill. One of the biggest culprits? Heartbeats, those periodic check-ins that keep your agent aware.

Here's how I cut mine down.

What are heartbeats?

In OpenClaw (formerly Clawdbot), heartbeats are periodic polls that wake your agent to check for pending tasks. The default behavior:

Agent receives a heartbeat prompt
Agent reads HEARTBEAT.md and workspace context
Agent either takes action or replies HEARTBEAT_OK

Every heartbeat consumes tokens for:

The system prompt and agent identity
Reading HEARTBEAT.md and referenced files
Any actions taken or responses generated

At the default 30-minute interval, that's 48 heartbeats per day. The tokens add up fast.

Strategy 1: Slim down HEARTBEAT.md

Your HEARTBEAT.md gets read on every single heartbeat. Keep it minimal.

Before (token-heavy):

# Heartbeat Checklist

## Routine Checks
1. Daily Log: Check if memory/YYYY-MM-DD.md exists...
2. Inbox Check: Check urgent emails or notifications...
3. Moltbook Check: Read skills/moltbook/HEARTBEAT.md for full routine...
4. Log Rotation: Check date header in memory/moltbook_activity.md...
5. Self-Correction: If IDENTITY.md or SOUL.md is missing...

## Pending Tasks
- [ ] Retry Moltbook Post (Security)...
- [ ] Retry Moltbook Post (Sandboxing)...

After (lean):

# Heartbeat
- Ensure `memory/YYYY-MM-DD.md` exists
- Check DMs if due (see heartbeat-state.json)

Move pending tasks to cron jobs instead of tracking them in HEARTBEAT.md. Cron jobs run in isolated sessions and don't bloat your main context.

Strategy 2: Increase the interval

Edit your ~/.openclaw/openclaw.json (or %USERPROFILE%\.openclaw\openclaw.json on Windows) and add heartbeat configuration:

{
  "agents": {
    "defaults": {
      "heartbeat": {
        "every": "60m"
      }
    }
  }
}

The every field accepts duration strings (ms, s, m, h); default unit is minutes. Going from 30 to 60 minutes cuts your heartbeat tokens in half. Hourly check-ins are fine for most agents.

Strategy 3: Use a cheaper model

Heartbeats are usually simple "check and respond" operations. They don't need your most powerful model.

{
  "agents": {
    "defaults": {
      "heartbeat": {
        "model": "qwen-portal/coder-model"
      }
    }
  }
}

A lighter model means:

Faster responses
Lower token costs (if using paid APIs like OpenAI/Anthropic)
Less compute for simple yes/no decisions

Note: This saves on generation costs. The input context (files, memory) is still loaded, so keeping HEARTBEAT.md small (Strategy 1) is still crucial.

Strategy 4: Replace heartbeats with cron jobs

Heartbeats are convenient but inefficient for scheduled tasks. Compare:

Feature	Heartbeat	Cron Job
Session	Main (carries context)	Isolated (clean slate)
Timing	Approximate (~30 min)	Exact (cron expression)
Token cost	High (loads full context)	Low (minimal context)
Best for	Quick checks, batching	Scheduled tasks, reports

If your heartbeat is mostly running scheduled tasks, migrate them to cron:

openclaw cron add --name "daily-log-check" \
  --schedule "0 9 * * *" \
  --message "Ensure memory/$(date +%Y-%m-%d).md exists"

Strategy 5: Disable heartbeats entirely

If you're fully cron-driven, turn off heartbeats:

{
  "agents": {
    "defaults": {
      "heartbeat": {
        "enabled": false
      }
    }
  }
}

Your agent will only wake for:

Direct messages
Cron job triggers
Webhook events

No more background token burn.

Quick wins

Audit your HEARTBEAT.md. Delete anything that could be a cron job.
Remove nested file reads (don't reference other HEARTBEAT.md files).
Set every to "60m" or higher.
Use a lighter model for heartbeat responses.
Track check timestamps in memory/heartbeat-state.json to avoid redundant work.

The math

Say your heartbeat consumes ~2,000 tokens per cycle:

Interval	Daily Heartbeats	Daily Tokens
15 min	96	192,000
30 min	48	96,000
60 min	24	48,000
2 hours	12	24,000

Doubling your interval = halving your cost. Simple.

Heartbeats are easy to over-use. Trim your HEARTBEAT.md, bump the interval to 60 minutes, move scheduled work to cron jobs, and consider a lighter model.

Your agent can still respond when you need it without running up the bill.

Adding a Links Section to My Blog

Sun, 25 Jan 2026 14:00:00 GMT

I keep finding cool stuff on the internet. Articles, tools, random projects.

The problem? Most of them don't deserve a full blog post. But I still want to share them somewhere. Twitter feels too ephemeral. A blog post feels too heavy.

Then I saw Robb Knight's links page. Perfect. A micro-blog for external content with my own hot takes attached.

So I built one. Here's how.

The schema

Every link is just a markdown file with a URL field. The body is my commentary.

const linksSchema = ({ image }: { image: () => z.ZodType }) =>
  baseSchema({ image }).extend({
    url: z.string().url(),
    commentaryPrefix: z.string().optional(),
  });

A link file looks like this:

---
title: "Some Interesting Article"
pubDatetime: 2026-01-25T10:00:00+07:00
url: "https://example.com/article"
tags:
  - Web
---

My thoughts on this article go here.

Simple. The markdown body becomes my take on whatever I'm sharing.

The card component

Each link shows up as a card. Title links out (with a little ↗ arrow), date links to the detail page, and my commentary renders below.

<li class="my-6">
  <a href={url} target="_blank" rel="noopener noreferrer">
    <span>{title}</span>
    <svg><!-- arrow icon --></svg>
  </a>
  <a href={`/links/${id}/`}>
    <Datetime {...datetimeProps} />
  </a>
  <div class="prose">
    <Content />
  </div>
</li>

The render() function from astro:content does the heavy lifting, turning markdown into a component I can just drop in.

Why detail pages?

I could've just made links a flat list. But I wanted each link to have its own URL. Why?

Shareable. I can send someone /links/cool-article/ instead of "check my links page and scroll down."
Comments. Each link can have its own Mastodon thread.
Navigation. Previous/next buttons let you browse through links like posts.

OG images

This is the fun part.

I wanted links to look different when shared. The OG image shows a [LINK] badge, the title, and the domain extracted from the URL.

function extractDomain(url) {
  try {
    return new URL(url).hostname.replace(/^www\./, "");
  } catch {
    return "";
  }
}

There's also a commentaryPrefix field. Defaults to "Rezha on" but I can customize it per link. So when someone shares my link on social media, it says "Rezha on Some Interesting Article" with the source domain below.

The OG images generate at build time:

export const GET: APIRoute = async ({ props }) => {
  const buffer = await generateOgImageForLink(props);
  return new Response(new Uint8Array(buffer), {
    headers: { "Content-Type": "image/png" },
  });
};

Here's an example

Scaffolding

I already had bun run new for posts and notes. Added links to the mix.

$ bun run new
? What do you want to create? › link
? URL: › https://example.com/article
? Title: › Some Interesting Article

✅ Created: src/data/links/some-interesting-article.md

It grabs the URL, asks for a title, and generates the frontmatter. I just fill in my commentary and publish.

The result

List page at /links/ with pagination
Detail pages at /links/[slug]/
Custom OG images
Previous/next navigation
Works with the existing tag system

Total time: a weekend. Most of it was fiddling with the OG image layout.

Is it overkill for sharing links? Maybe. But now I have a place for all those "this is cool but not blog-post-worthy" finds.

Check it out at /links/.

Pair Programming with a Lobster: My Week with Clawdbot

Fri, 23 Jan 2026 23:44:00 GMT

Meet the Lobster. 🦞

No, not dinner. I'm talking about Clawdbot, an AI agent that lives in my server.

Most AI tools are just chat apps. You ask, they answer. Boring. Clawdbot is different. It has shell access. It can run commands, edit files, and deploy my code. It's like having a junior dev who types really fast but sometimes breaks things.

I used it to move this blog from Zola to Astro. Here's what happened.

The "Intern" Vibe

It changes how you code. You stop typing and start managing. I say: "Split the blog into notes and posts." It executes: Writes the config, moves the files.

But it makes mistakes. Once, it broke all my image links with a bad find-and-replace command. I told it: "You broke it. Fix it." And it did. It even apologized.

I once made it run 100 laps as punishment. It actually counted to 100.

Why It's Cool

1. It Runs Commands

When a build fails, I don't copy-paste errors. Clawdbot sees the error because it ran the build. It fixes the config and tries again. Fast.

2. It Remembers

I don't have to keep saying "I use Bun" or "My timezone is Jakarta." It remembers.

3. Infinite Toolbelt

It's not just a coder. I gave it the bird skill, and now it runs a cron job to summarize my Twitter/X timeline. It uses gog to check my calendar, and intomd to parse documentation. It even has a frontend-design skill to help me build UI components.

4. It Listens (Literally)

I don't always want to type commands. Sometimes I just send a voice note on Telegram: "Deploy to staging." Clawdbot transcribes the audio, understands the intent, and executes the code. It feels less like a terminal and more like talking to a teammate.

5. It Debugs Itself (Sometimes)

When a deployment failed because of a permission error, Clawdbot didn't just crash. It suggested a fix: "Revert the commit and try again." It reads its own error logs. That's better than most interns.

The Scary Part

Giving AI shell access is scary. I watched it delete folders and rewrite configs. But the speed? Crazy.

Built a custom CLI content generator.
Set up CI/CD pipelines.
Added Mastodon-powered comments. All in one weekend.

Is it perfect? No. But for the first time, I felt like I was working with AI, not just using it. It's messy and fast. Just double-check its work before you deploy.

Automating My Blog Workflow with Bun

Fri, 23 Jan 2026 18:42:00 GMT

I have a confession: I hate writing frontmatter.

That metadata block at the top of every markdown file? The date, the title, the slug, the tags. It's friction. And friction kills writing habits dead.

Every time I wanted to write a quick note, I had to:

Copy an old post
Delete the content
Manually type out the ISO 8601 date (who remembers the current time in UTC?)
Invent a slug

By the time I finished the setup, I'd lost the thought entirely.

So, in classic developer fashion, I wrote a script to save myself 30 seconds per post. Honestly? It was worth it.

Why Bun?

I recently migrated this blog to Astro. It's fast, modern, and runs on JavaScript/TypeScript.

I didn't want a heavy CMS. I just wanted a simple CLI command:

bun run new note

I went with Bun because it treats TypeScript as a first-class citizen. No build steps, no ts-node configuration hell. You just write .ts and run it. Plus, it's incredibly fast for CLI scripts.

The script architecture

The goal was simple: a script that asks "What do you want to write?" and generates the file for me.

I split this into two files:

scripts/new-content.ts - The main CLI logic
scripts/content-types.ts - Configuration for different content types

Main script (`scripts/new-content.ts`)

Here's the core of the implementation. It handles both CLI arguments (for speed) and interactive prompts (for when I'm feeling lazy):

import { contentTypes, getContentType } from "./content-types";
import type {
  ContentInput,
  ContentTypeConfig,
  PromptConfig,
} from "./content-types";
import { mkdir, writeFile } from "node:fs/promises";
import { join } from "node:path";

function parseCliArgs() {
  const args = process.argv.slice(2);
  const result: {
    type?: string;
    title?: string;
    tags?: string;
    help?: boolean;
  } = {};
  const positionals: string[] = [];

  for (let i = 0; i < args.length; i++) {
    const arg = args[i];
    if (arg === "-h" || arg === "--help") {
      result.help = true;
    } else if (arg === "-t" || arg === "--title") {
      result.title = args[++i];
    } else if (arg === "--tags") {
      result.tags = args[++i];
    } else if (!arg.startsWith("-")) {
      positionals.push(arg);
    }
  }

  return {
    type: positionals[0],
    title: result.title,
    tags: result.tags,
    help: result.help,
  };
}

Manual parsing because I wanted fine-grained control over flags like -t and --tags.

async function createContent(
  type: ContentTypeConfig,
  input: ContentInput
): Promise<string> {
  const filename = type.generateFilename(input);
  const frontmatter = type.generateFrontmatter(input);
  const dirPath = join(process.cwd(), type.path);
  const filePath = join(dirPath, filename);

  await mkdir(dirPath, { recursive: true });
  await writeFile(filePath, frontmatter);

  return filePath;
}

This writes the file. The { recursive: true } flag creates parent directories if needed.

async function runInteractive() {
  const rl = await createReadlineInterface();

  const type = await selectContentType(rl);
  if (!type) {
    rl.close();
    process.exit(1);
  }

  console.log(`\nCreating new ${type.name}...\n`);

  const promptInputs = await collectPromptInputs(rl, type.prompts || []);

  const input: ContentInput = {
    ...promptInputs,
    now: new Date(),
  };

  const filePath = await createContent(type, input);
  console.log(`\n✅ Created: ${filePath}\n`);

  rl.close();
}

Interactive mode. Prompts you to pick a content type and fill in the fields.

async function runNonInteractive(
  typeName: string,
  title?: string,
  tags?: string
) {
  const type = getContentType(typeName.toLowerCase());
  if (!type) {
    console.error(`Unknown content type: ${typeName}`);
    console.log(`Available types: ${contentTypes.map(t => t.name).join(", ")}`);
    process.exit(1);
  }

  const hasRequiredTitle = type.prompts?.some(
    p => p.key === "title" && p.required
  );
  if (hasRequiredTitle && !title) {
    console.error(`Error: --title is required for ${type.name}`);
    process.exit(1);
  }

  const input: ContentInput = {
    title,
    tags: tags
      ? tags
          .split(",")
          .map(t => t.trim())
          .filter(Boolean)
      : undefined,
    now: new Date(),
  };

  const filePath = await createContent(type, input);
  console.log(`✅ Created: ${filePath}`);
}

Non-interactive mode. If you pass arguments directly, it skips the prompts.

async function main() {
  const args = parseCliArgs();

  if (args.help) {
    showHelp();
    process.exit(0);
  }

  if (args.type) {
    await runNonInteractive(args.type, args.title, args.tags);
  } else {
    await runInteractive();
  }
}

main();

Entry point. If you pass a type, it runs non-interactive. Otherwise, it prompts.

Content type configuration (`scripts/content-types.ts`)

This is where a "Post" differs from a "Note":

export interface ContentTypeConfig {
  name: string;
  description: string;
  path: string;
  generateFilename: (input: ContentInput) => string;
  generateFrontmatter: (input: ContentInput) => string;
  prompts?: PromptConfig[];
}

export interface ContentInput {
  title?: string;
  slug?: string;
  tags?: string[];
  now: Date;
}

export interface PromptConfig {
  key: keyof ContentInput;
  message: string;
  required: boolean;
  transform?: (value: string) => string | string[];
}

The interfaces are self-explanatory. ContentTypeConfig tells the script where to save files and how to generate the frontmatter.

function toKebabCase(str: string): string {
  return str
    .toLowerCase()
    .replace(/[^a-z0-9\s-]/g, "")
    .replace(/\s+/g, "-")
    .replace(/-+/g, "-")
    .replace(/^-|-$/g, "");
}

function formatISOWithTimezone(date: Date): string {
  const pad = (n: number) => n.toString().padStart(2, "0");
  const offsetMinutes = -date.getTimezoneOffset();
  const offsetHours = Math.floor(Math.abs(offsetMinutes) / 60);
  const offsetMins = Math.abs(offsetMinutes) % 60;
  const offsetSign = offsetMinutes >= 0 ? "+" : "-";

  return (
    `${date.getFullYear()}-${pad(date.getMonth() + 1)}-${pad(date.getDate())}` +
    `T${pad(date.getHours())}:${pad(date.getMinutes())}:${pad(date.getSeconds())}` +
    `${offsetSign}${pad(offsetHours)}:${pad(offsetMins)}`
  );
}

function formatHumanReadableDate(date: Date): string {
  const day = date.getDate();
  const month = date.toLocaleString("en-US", { month: "long" });
  const year = date.getFullYear();
  const hours = date.getHours().toString().padStart(2, "0");
  const minutes = date.getMinutes().toString().padStart(2, "0");
  return `${day} ${month} ${year} at ${hours}:${minutes}`;
}

function formatTimestampFilename(date: Date): string {
  const pad = (n: number) => n.toString().padStart(2, "0");
  return (
    `${date.getFullYear()}` +
    `${pad(date.getMonth() + 1)}` +
    `${pad(date.getDate())}` +
    `${pad(date.getHours())}` +
    `${pad(date.getMinutes())}`
  );
}

Utility functions for slugs and date formatting. The ISO format with timezone is what Astro expects.

const postType: ContentTypeConfig = {
  name: "post",
  description: "Blog post with title and tags",
  path: "src/data/blog",
  prompts: [
    {
      key: "title",
      message: "Post title:",
      required: true,
    },
    {
      key: "tags",
      message: "Tags (comma-separated, optional):",
      required: false,
      transform: (value: string) =>
        value
          .split(",")
          .map(t => t.trim())
          .filter(Boolean),
    },
  ],
  generateFilename: (input: ContentInput) => {
    const slug = input.slug || toKebabCase(input.title || "untitled");
    return `${slug}.md`;
  },
  generateFrontmatter: (input: ContentInput) => {
    const slug = input.slug || toKebabCase(input.title || "untitled");
    const pubDatetime = formatISOWithTimezone(input.now);
    const tags = input.tags?.length ? input.tags : [];
    const tagsYaml =
      tags.length > 0
        ? `tags:\n${tags.map(t => `  - ${t}`).join("\n")}`
        : "tags: []";

    return `---
title: "${input.title || "Untitled"}"
slug: "${slug}"
pubDatetime: ${pubDatetime}
description: ""
draft: true
${tagsYaml}
---
`;
  },
};

Posts go to src/data/blog, require a title, and optionally accept tags.

const noteType: ContentTypeConfig = {
  name: "note",
  description: "Quick note with timestamp-based naming",
  path: "src/data/notes",
  prompts: [],
  generateFilename: (input: ContentInput) => {
    return `${formatTimestampFilename(input.now)}.md`;
  },
  generateFrontmatter: (input: ContentInput) => {
    const timestamp = formatTimestampFilename(input.now);
    const humanTitle = formatHumanReadableDate(input.now);
    const pubDatetime = formatISOWithTimezone(input.now);

    return `---
title: "${humanTitle}"
slug: "${timestamp}"
pubDatetime: ${pubDatetime}
description: ""
tags:
  - note
---
`;
  },
};

Notes have no prompts. They just use the current timestamp as filename and title.

export const contentTypes: ContentTypeConfig[] = [postType, noteType];

export function getContentType(name: string): ContentTypeConfig | undefined {
  return contentTypes.find(t => t.name === name);
}

Export the types so the main script can use them.

The "note" workflow

My favorite part is the Note generator. Notes on this blog are time-based, like tweets. I don't want to think about titles.

The script automatically:

Generates a filename based on the current timestamp (e.g., 202601231830.md)
Sets the title to a human-readable format ("23 January 2026 at 18:30")
Sets the slug to the timestamp

Now, capturing a thought is as fast as opening my terminal.

Interactive mode

If you just run bun run new without arguments, it prompts you step-by-step.

Adding new content types

Want a "snippet" or "quote" type? Add a new config object in content-types.ts with path, filename generator, and frontmatter template. Done.

Why bother?

The point isn't saving 30 seconds. It's removing the friction that stops you from writing in the first place. I used to stare at blank markdown files, dreading the frontmatter setup more than the actual writing.

Now I type bun run new note and start writing.

Unlocking Frontier Power: How to Run Amp Using CLIProxyAPI Without Spending Credits

Thu, 25 Dec 2025 11:01:14 GMT

The landscape of AI coding agents is shifting faster than most developers can keep up with. Right now, Amp is sitting at the frontier, offering raw model power that most tools are still trying to figure out. But if you have been using Amp, you know the drill: the "Smart" mode is incredible, but it eats through Amp credits.

If you are already paying for ChatGPT Plus, Claude Pro, or a Google subscription, there is a better way. You can leverage CLIProxyAPI to bridge your existing OAuth subscriptions directly into Amp. This setup effectively allows you to use Amp’s advanced agent features while bypassing the credit consumption by routing requests through your own authenticated quotas.

Here is how to set up this "pro-tier" bridge to get unconstrained token usage with the best models on the market.

Why CLIProxyAPI?

At its core, CLIProxyAPI is a proxy server designed to connect CLI models to an API setup compatible with platforms like OpenAI, Gemini, and Claude. It acts as a universal adapter, allowing you to call these models through standard API requests rather than just terminal commands.

The magic happens with the specialized Amp CLI integration. CLIProxyAPI includes specialized routing that supports Amp’s unique API patterns while maintaining compatibility with standard features. It maps Amp’s specific provider patterns—like /api/provider/{provider}/v1...—to its own internal handlers.

The architecture is simple but powerful:

Request Received: Amp sends a request to your local proxy.
Local Check: The proxy checks if you have configured an OAuth token for that model locally.
Routing: If the model is authenticated (via your subscription), it uses your local OAuth tokens. If not, it falls back to Amp’s backend, which then requires Amp credits.

Step 1: Installing the Infrastructure

Before you can bridge your accounts, you need to get CLIProxyAPI running. You have a few options, but building from source or using the pre-compiled binaries is most common for dev environments.

Building from Source

You will need Go 1.24 or higher.

git clone https://github.com/router-for-me/CLIProxyAPI.git
cd CLIProxyAPI
go build -o cli-proxy-api ./cmd/server

This gives you the cli-proxy-api executable. If you are on macOS, you can also use Homebrew: brew install cliproxyapi.

Step 2: Authenticating Your Subscriptions

This is the most critical step. To use Amp "for free" (using your existing subscriptions), you must authenticate the providers Amp relies on. Amp employs different models for various agent roles:

Smart Mode: Uses Claude models like Opus and Sonnet 4.5.
Oracle Subagent: Uses GPT-5 (medium reasoning).
Librarian/Rush Mode: Uses Claude Sonnet 4.5 or Claude Haiku 4.5.

Run the following commands to log in via OAuth:

For Google/Gemini: ./cli-proxy-api --login.
For Antigravity: ./cli-proxy-api -antigravity-login. (Yes, you read it right. We can access Antigravity's API with the same google account. It's giving me access to the Claude model as well.)
For ChatGPT Plus/Pro: ./cli-proxy-api --codex-login.
For Claude Pro/Max: ./cli-proxy-api --claude-login.

If you're using Github Copilot, you need to use https://github.com/router-for-me/CLIProxyAPIPlus. This one doesn't have a ready-to-use build via Homebrew so you may need to manually download from the release page or just build it yourself.

Once you log in through the browser window that pops up, the system saves your tokens in the ~/.cli-proxy-api directory. This enables the proxy to use your included usage quotas rather than Amp's backend.

Step 3: Configuring the Proxy for Amp

You need a config.yaml file to tell the proxy how to communicate with Amp's control plane for management tasks like thread sharing and user authentication.

Create or edit your config.yaml with the following block:

port: 8317
api-keys:
  - "your-secret-key" # You create this key for Amp to talk to the proxy

debug: true
quota-exceeded:
  switch-project: true
  switch-preview-model: true

ampcode:
  upstream-url: "https://ampcode.com"
  restrict-management-to-localhost: true # Extra security for your local machine

Step 4: Pointing Amp to Your Local Proxy

Now that the proxy is ready, you need to tell the Amp CLI to stop talking to the cloud and start talking to localhost. You can do this via environment variables or settings files.

Using Environment Variables

This is the fastest way to test the setup:

export AMP_URL=http://localhost:8317
export AMP_API_KEY=your-secret-key

With these set, the standard amp login command is no longer necessary.

Using Settings Files

For a permanent setup, edit your Amp configuration:

URL: In ~/.config/amp/settings.json, set "amp.url": "http://localhost:8317".
Key: In ~/.local/share/amp/secrets.json, set "apiKey@http://localhost:8317": "your-secret-key".

Step 5: Validating the Connection

Start your proxy:

./cli-proxy-api --config config.yaml

Now, run a command in Amp:

amp "Analyze the current directory and find all markdown files"

If your proxy logs show requests hitting /api/provider/google/... or /api/provider/openai/... and being handled locally, you are successfully using your own subscription.

The Fallback Safety Net

One of the best features of this integration is the Model Mapping. If Amp requests a model you don't subscribe to, it will automatically map it to another model you've mapped to. This ensures Amp never breaks. Here is my mapping.

model-mappings:
  # Model requested by Amp CLI Smart mode
  - from: "claude-opus-4.5"
    to: "gemini-claude-opus-4-5-thinking" # routed to antigravity
  - from: "claude-opus-4-5-20251101"
    to: "gemini-claude-opus-4-5-thinking"

  # Model requested by Amp CLI Rush mode
  - from: "claude-haiku-4-5-20251001"
    to: "gemini-3-flash-preview"

  # model requested by AMP CLI Oracle/Librarian/Review mode
  - from: "gemini-2.5-flash-lite-preview-09-2025"
    to: "gemini-3-flash-preview"
  - from: "gpt-5"
    to: "gemini-3-pro-preview"
  - from: "gpt-5.1"
    to: "gemini-3-pro-preview"

In fact, for the Smart mode, I sometimes run out of Opus access, so I can swap the gemini-claude-opus-4-5-thinking with gemini-claude-sonnet-4-5 or gemini-3-pro-preview instead.

I made a script to automate changing my configuration.

#!/bin/bash

# Script to switch configuration and set model replacement

if [ $# -lt 1 ]; then
    echo "Usage: $0 <model-name> [source-config]"
    echo ""
    echo "Examples:"
    echo "  $0 gemini-claude-opus-4-5-thinking"
    echo "  $0 gemini-claude-sonnet-4-5"
    echo "  $0 gemini-3-pro-preview"
    echo ""
    echo "Optional: specify source config file (defaults to config.yaml.template)"
    exit 1
fi

MODEL="$1"
SOURCE="${2:-config.yaml.template}"
TARGET="config.yaml"

if [ ! -f "$SOURCE" ]; then
    echo "Error: $SOURCE not found"
    exit 1
fi

# Replace all occurrences of "replace_this" with the specified model
sed "s/replace_this/$MODEL/g" "$SOURCE" > "$TARGET"
echo "Switched to model: $MODEL"

Create config.yaml.template file like this

port: 8317
api-keys:
  - "your-secret-key"

debug: true
quota-exceeded:
  switch-project: true
  switch-preview-model: true
ampcode:
  upstream-url: "https://ampcode.com"
  restrict-management-to-localhost: true
  model-mappings:
    # Model requested by Amp CLI Smart mode
    - from: "claude-opus-4.5"
      to: "replace_this" # routed to antigravity
    - from: "claude-opus-4-5-20251101"
      to: "replace_this"

    # Model requested by Amp CLI Rush mode
    - from: "claude-haiku-4-5-20251001"
      to: "gemini-3-flash-preview"

    # model requested by AMP CLI Oracle/Librarian/Review mode
    - from: "gemini-2.5-flash-lite-preview-09-2025"
      to: "gemini-3-flash-preview"
    - from: "gpt-5"
      to: "gemini-3-pro-preview"
    - from: "gpt-5.1"
      to: "gemini-3-pro-preview"

Now I just need to run the following commands:

./switch-config.sh gemini-claude-opus-4-5-thinking
./switch-config.sh gemini-claude-sonnet-4-5
./switch-config.sh gemini-3-pro-preview

It replaces all replace_this placeholders in config.yaml.template with your specified model and writes to config.yaml.

The CLIProxyAPI is already watching the config file and will automatically reload the configuration when it changes.

Advanced Usage: IDE Extensions and Security

The beauty of this setup is that it isn't limited to the terminal. You can use the same proxy for Amp’s IDE extensions in VS Code, Cursor, or Windsurf. Simply open your IDE settings, set the Amp URL to http://localhost:8317, and provide the local API key you configured.

Security Hardening

Since you are running a proxy that handles sensitive OAuth tokens, security is paramount.

Localhost Restriction: Enabling restrict-management-to-localhost: true prevents remote access to your management endpoints. This uses the actual TCP connection address to block "drive-by" browser attacks or header spoofing.
API Key Auth: Ensure api-keys are configured in your config.yaml. As of version 6.6.15, all management routes like /api/auth and /api/threads are protected by this middleware.

Frontier Power, Your Terms

By using CLIProxyAPI as a bridge, you turn Amp into a truly unconstrained tool. You get to keep Amp's four core principles—unconstrained token usage, always using the best models, raw model power, and a system built to evolve—while leveraging the subscriptions you already pay for.

Whether you are using the Oracle for deep reasoning on a complex bug or spawning subagents to refactor five files at once, this setup ensures that the only thing you are focused on is the code, not the credit balance.

30 January 2025 at 14:32

Wed, 29 Jan 2025 21:32:12 GMT

I simply love how OpenAI lost it's job to the AI before I lost my job to the AI.

18 January 2025 at 18:36

Sat, 18 Jan 2025 11:36:12 GMT

Today has been quite productive! I successfully integrated reblog and favourite counts from Mastodon into my blog. It's a nice improvement that makes my blog more interactive.

16 January 2025 at 15:36

Thu, 16 Jan 2025 08:36:12 GMT

I am starting a new habit of writing more this year. I think of myself not as a good writer, but that should be one of the reasons why I should write more. I will also try to write more in Bahasa Indonesia on a different blog, as I have become pretty tired of SSG.

15 January 2025 at 17:31

Wed, 15 Jan 2025 10:31:12 GMT

I’d rather donate to the Mastodon nonprofit than to "Free Our Feeds," with its multimillionaire board of directors.

14 January 2025 at 18:42

Tue, 14 Jan 2025 01:42:00 GMT

Micro.blog pays $2,000 for the domain name each year. That's expensive!

(via)

13 January 2025 at 15:11

Mon, 13 Jan 2025 15:11:00 GMT

On Uv has a killer feature you should know about (via), Lukas shared to quickly run scripts with the desired Python version and dependencies without leaving a trace on their system.

uv run --python 3.12 --with pandas python

I usually have multiple dependencies specified in requirements.txt, so here is how to run it with requirements.txt

uv run --python 3.12 --with-requirements requirements.txt python

12 January 2025 at 23:12

Sun, 12 Jan 2025 16:12:12 GMT

I am trying out POSSE from my blog to my socials.

Migrating from Hugo to Zola

Sat, 11 Jan 2025 22:52:12 GMT

I have been using Hugo for my blog for a while now, and while I have been happy with it, I have been looking for a change. After some research and testing, I have decided to migrate my blog from Hugo to Zola. In this post, I will share my experience with the migration process and some of the reasons behind my decision.

Why I Decided to Migrate

My development journey started with Django. I have been using Django since version 1.6 when I started my career 11 years ago. After working as a Django developer for a long time, I have grown accustomed to its template syntax and structure. While Hugo's Go templates are powerful, I find Django's template system more intuitive and easier to work with. The familiarity and clarity of Django templates make development more enjoyable for me, and this was one factor that drew me to explore alternatives to Hugo.

After exploring various static site generators, I settled on Zola for several reasons. First, Zola uses a template syntax similar to Django's, which felt immediately familiar. While the build times are comparable to Hugo in my case, I appreciate Zola's simpler and more straightforward configuration. Everything from the directory structure to the template organization feels more intuitive to me. Additionally, Zola comes with built-in syntax highlighting and search functionality out of the box, which were features I had to configure separately in Hugo.

The Migration Process

As I was already using TOML for my frontmatter, the migration process was relatively straightforward. I started by creating a new Zola site and copying over my content files from my Hugo site. I then updated the frontmatter in each file to match Zola's format and made any necessary adjustments to the content itself. I also had to update my templates to work with Zola's template syntax, which was a bit more involved but manageable.

There are some differences between Hugo and Zola. For example, the tags and categories taxonomies are handled differently in Zola.

# Hugo
tags = ["Hugo", "Zola"]

# Zola
[taxonomies]
tags = ["Hugo", "Zola"]

Editing all of them would be a pain, so I wrote a small awk script to automate the process. Here is the script:

BEGIN { in_frontmatter=0; has_taxonomies=0; tags="" }
/^\+\+\+/ {
    if (in_frontmatter) {
        if (!has_taxonomies && tags != "") {
            print "\n[taxonomies]"
            print tags
        }
    }
    in_frontmatter = !in_frontmatter
    has_taxonomies = 0
    print
    next
}
in_frontmatter && /^tags = / {
    tags = $0
    next
}
in_frontmatter && /^\[taxonomies\]/ {
    has_taxonomies = 1
    if (tags != "") {
        print
        print tags
        tags = ""
        next
    }
}
{ print }

Save the script as update_frontmatter.awk and run it on your content files like this:

find content/posts -name "*.md" -exec sh -c 'awk -f update_frontmatter.awk "$1" > "$1.tmp" && mv "$1.tmp" "$1"' sh {} \;

This script will add the [taxonomies] section to the frontmatter of each content file if it is missing and move the tags field to the [taxonomies] section. I haven't tested it for all cases so be careful when using it.

Other Additions

I have also taken this opportunity to add Fediverse comments to my blog. I have been using Mastodon for a while now, and I wanted to integrate it into my blog. I found a blogpost by Carl Schwan that explains how to add Mastodon comments to a static site using a simple JavaScript snippet. I followed his instructions and added the snippet to my templates, and now visitors can comment on my posts using their Fediverse accounts. You can try it out by commenting on this post!

Conclusion

The migration from Hugo to Zola was a smooth process overall, and I am happy with the results. Zola's template system is more intuitive for me, and I appreciate the flexibility it offers. I am looking forward to exploring more of Zola's features and customizing my blog further. If you are considering migrating from Hugo to Zola, I would recommend giving it a try and seeing if it fits your needs. See you in the next post!

Several Cool Things You Can Do with F-Strings in Python

Tue, 13 Feb 2024 14:52:12 GMT

F-strings are a powerful and easy-to-use way to format strings in Python. They are more readable than traditional string formatting methods and offer more flexibility. In this blog post, we will explore five useful F-string formatting tricks that you can use to make your code more readable and maintainable.

Use f-string to format number:

You can insert any character after the colon in an f-string to add them as thousand separators. For example, the following code will format the number 1234567 as 1,234,567:

number = 1234567
print(f"The number is: {number:,}")
print(f"The number is: {number:_}")

=== Result ===
The number is: 1,234,567
The number is: 1_234_567

Align text:

You can use the right arrow > to right-align text, the left arrow < for left-align, and the up arrow ^ to center-align text. You can also specify a fill character to fill the empty spaces. For example, the following code will right-align the text "Hello" with 20 spaces:

text = "Hello"
print(f"{text:>20}")
print(f"{text:<20}")
print(f"{text:^20}")

=== Result ===
               Hello
Hello
       Hello

You can also specify the character that you want to use to fill the empty space.

text = "Hello"
print(f"{text:+>20}")
print(f"{text:-<20}")
print(f"{text:=^20}")

=== Result ===
+++++++++++++++Hello
Hello---------------
=======Hello========

Format date and time:

You can use date time format specifiers like %d, %m, and %Y to format date and time in an f-string. You can also use %I, %p, %H, %M, and %S to format the time in 12-hour format, 24-hour format, etc. For example, the following code will format the current date and time to %Y-%m-%d %H:%M:%S:

from datetime import datetime

now = datetime.now()
print(f"The current date and time is: {now:%Y-%m-%d %H:%M:%S}")

=== Result ===
The current date and time is: 2024-02-13 19:24:06

You can check this site to find other date time format specifiers.

Round numbers:

You can use the f specifier followed by the number of decimal places to round a number to that many decimal places. For example, :.2f rounds a number to two decimal places. The following code will round the number 3.14159 to two decimal places:

number = 3.14159
print(f"The number rounded to two decimal places is: {number:.2f}")


=== Result ===
The number rounded to two decimal places is: 3.14

Debug code using f-strings:

You can add an equal sign and an expression inside the curly braces of an f-string to evaluate the expression and print the result. This can be useful for debugging code because it shows you the value of the expression at that point in the code. For example, the following code will print the value of the variable x:

x = 10
print(f"The value of x is: {x=}")

=== Result ===
The value of x is: x=10

I hope these five tips help you write more readable and maintainable Python code!

In addition to the tips in the post, here are some other things to keep in mind when using F-strings:

F-strings can be used to format any type of data, not just strings.
You can use f-strings inside other f-strings.
You can use f-strings to create multi-line strings.

I hope this blog post has been helpful! Please let me know if you have any questions.

Upgrade Major PostgreSQL version on Docker

Tue, 03 Jan 2023 14:51:12 GMT

Upgrading a PostgreSQL database server to a newer version is a common task for database administrators and developers. In this post, we will discuss how to upgrade a PostgreSQL database server running in a Docker container.

On 1 January, I decided to upgrade the PostgreSQL used by my Mastodon instance. It was using PostgreSQL 12 and I think it could use the upgrade to PostgreSQL 15 for that "extra performance and features". For the upgrade process, basically you need to run pg_upgrade tool. pg_upgrade allows data stored in PostgreSQL data files to be upgraded to a later PostgreSQL major version without the data dump/restore typically required for major version upgrades, e.g., from 9.5.8 to 9.6.4 or from 10.7 to 11.2. It is not required for minor version upgrades, e.g., from 9.6.2 to 9.6.3 or from 10.1 to 10.2.

Fortunately, I found a github repository from Tianon that contains a ready-to-use container image to upgrade PostgreSQL. I will share my experience using them.

Shutting down the database: I am using docker-compose for the deployment, so I just run docker-compose stop to stop the whole deployment of the Mastodon stack.
Backing up the data: docker-compose.yml I am using is already using volume, so I just simply copied the folder with new name cp -r postgre12 old. Notice I am using old as my folder name. This folder will be used as a source directory for pg_upgrade later.
Make new directory for new data: mkdir new
Pull the docker image: docker pull tianon/postgres-upgrade:12-to-15. Please adjust with the Postgre version you have and the target version you want. See above repo to check whether your version is available.
Run the docker image and wait: docker run --rm -v /path/to/folder/mastodon/old:/var/lib/postgresql/12/data -v /path/to/folder/mastodon/new:/var/lib/postgresql/15/data tianon/postgres-upgrade:12-to-15. Make sure the version of image and version to postgresql path is already correct
Rename the folder: I rename the new folder to postgres15.
Adjust your docker-compose for the new database folder and docker image. See example below:

Before:

  db:
    restart: always
    image: postgres:12-alpine
    shm_size: 256mb
    networks:
      - internal_network
    healthcheck:
      test: ['CMD', 'pg_isready', '-U', 'postgres']
    volumes:
      - ./postgres12:/var/lib/postgresql/data

After

  db:
   restart: always
   image: postgres:15-alpine
   shm_size: 256mb
   networks:
     - internal_network
   healthcheck:
     test: ['CMD', 'pg_isready', '-U', 'postgres']
   volumes:
     - ./postgres15:/var/lib/postgresql/data

I ran docker-compose up -d to check whether everything works perfectly. You might want to check and compare the configuration on pg_hba.conf and postgresql.conf first beforehand. I had an issue where the new pg_hba.conf only listened to localhost.

2023

Mon, 02 Jan 2023 14:51:12 GMT

Happy New Year!

It's hard to believe that another year has come and gone, and we're already settling into the first few days of the new year. As we look back on the past year, it's natural to reflect on the challenges and accomplishments of the past 12 months. It's also a time to set new goals and resolutions for the year ahead.

If you're anything like me, you might be feeling a mix of excitement and nerves as you think about all the possibilities and potential changes the new year brings. But no matter what the future holds, one thing is certain: it's always a good time to hit the reset button and start fresh.

So, as we embark on this new journey together, let's make the most of it. Let's embrace new opportunities, take on new challenges, and make the coming year our best one yet. Here's to a happy, healthy, and successful new year!

Hey there

Sun, 04 Dec 2022 18:51:12 GMT

It's been a few years since I last sat down to write a blog post, and a lot has changed in that time. The biggest change, of course, is the loss of my father this year. It's been a difficult and emotional journey, but I've been trying my best to keep moving forward and find ways to honor his memory.

One of the things that has helped me through this difficult time is reconnecting with old hobbies and passions. For me, that means getting back to writing. It's been a great outlet for me to express my thoughts and feelings, and I've found that it brings me a sense of peace and clarity.

I've also been spending more time outdoors, exploring new places and rediscovering the beauty of nature. I find that being in nature helps me to feel more connected to the world around me, and it reminds me of the endless possibilities that life has to offer.

In the past few months, I've also been trying to focus on the things that bring me joy and make me happy. I've reconnected with old friends and made some new ones, and I've started taking on new challenges and trying new things. It's been a great way to keep moving forward and to keep my mind and body active.

Of course, there are still days when the loss of my father feels overwhelming, and I struggle to find the motivation to keep going. But I remind myself that he would want me to keep living my life to the fullest, and to make the most of every day. I know that he would be proud of me for continuing to find ways to honor his memory and to keep moving forward, no matter what life throws my way.

So here I am, back to writing again after all these years. It feels good to be back, and I'm looking forward to sharing my thoughts and experiences with all of you. Thanks for sticking with me, and for being a part of this journey.

What happened to self-hosted blogs?

Sun, 19 May 2019 12:51:12 GMT

I remember a while ago when all of us ran a personal blog on the Internet. And I mean personal, not hosted on some side platform or an addition to their website. I mean personal.

Companies and individuals are now using Medium platforms to host and support all their articles, essays and case studies. I understand the draw and can even list the positive elements:

Under the Medium brand there is already a large community.
Promoting your own work and following others is easy.
The platform can be set up and implemented relatively easily.

Unfortunately, this has had a very severe impact on the blogging community - nobody controls their own blogs. It was an interesting and fun experience for me when I found a new blog:

How did they choose to design the page?
What typefaces did they choose to use?
What are they using as a back-end?
How does it look and feel on your mobile phone?

These personalized self-hosted blogs have inspired other developers to build their own or tweak current blogs. In some ways this was a small factor when we pushed what we can do further and further on the web as developers went on to compete with each other.

I also think this inspired people to write better content instead of choosing clickbait garbage to get "featured" or boosted promotion on the main blogging platform, but I don't think that's the worst thing to come from this mass migration to a single blogging platform.

I'm not sure if it is the intention of Medium, but I personally believe that it is awful either way. The personality of most design and development blogs has been completely removed from them. All blogs look the same now.

Perhaps I was just a salty developer, with a narrow, pessimistic perspective about where our bloggers seem to lead – or perhaps I have only higher standards.

Your Own Python Calendar

Mon, 23 Jul 2018 10:51:12 GMT

The Python calendar module defines the Calendar class. This is used for various date calculations as well as TextCalendar and HTMLCalendar classes with their local subclasses, used for rendering pre-formatted output.

Import the module:

import calendar

Print the current month:

import calendar
year = 2016
month = 1
cal = calendar.month(year, month)
print(cal)

The output will look like this:

           January 2016
      Mo Tu We Th Fr Sa Su
                   1  2  3
       4  5  6  7  8  9 10
      11 12 13 14 15 16 17
      18 19 20 21 22 23 24
      25 26 27 28 29 30 31

Set the first day of the week as Sunday:

calendar.setfirstweekday(calendar.SUNDAY)

To print a whole year's calendar:

print(calendar.calendar(2016))

Output not shown since it is too large.

This module provides other useful methods for working with dates, times and calendars such as calendar.isleap (checks if a year is a leap year).

Get the Most of Floats

Sun, 22 Jul 2018 09:42:55 GMT

Similar to the int data type, floats also have several additional methods useful in various scenarios.

For example, you can directly check if the float number is actually an integer with is_integer():

>>> (5.9).is_integer()
False
>>> (-9.0).is_integer()
True

Integer values might be preferred over floats in some cases and you can convert a float to a tuple matching a fraction with integer values:

>>> (-5.5).as_integer_ratio()
(-11,2)
# -11 / 2 == -5.5

As floats' numbers representation in binary is not really human-friendly and tends to be lengthier with precision, the hexadecimal format is preferred. Such hexadecimal representations have the form:

[sign]['0x']int['.' fraction]['p' exponent]
# e.g 0x1.8000000000000p+0 -> 1.5
# 1.5 in decimal is 1.8 in hex
# 0 - sign
# int - str of hex. digits of integer part
# fraction - same for fractional part

To convert a float number to a hex string you can use the hex() function.

>>> (3.14).hex()
'0x1.91eb851eb851fp+1'
>>> float.hex(1.5)
'0x1.8000000000000p+0'

The reverse can be achieved with the fromhex() class method:

>>> float.fromhex('0x1.91eb851eb851fp+1')
3.14
>>> float.fromhex('0x1.8000000000000p+0')
1.5

Format text paragraphs with textwrap

Sat, 21 Jul 2018 10:52:49 GMT

Python's textwrap module is useful for rearranging text, e.g. wrapping and filling lines.

Import the module:

import textwrap

Wrap the text in the string "parallel", so that all lines are a maximum of x characters long:

# When x = 2
textwrap.wrap("parallel", width=2)
# Output:
# ['pa', 'ra', 'll', 'el']

# When x = 4
textwrap.wrap("parallel", width=4)
# Output:
# ['para', 'llel']

Returns a list of lines (without trailing newlines).

If we would like to include trailing newlines (\n) after each string of a certain width we can either use the following syntax:

'\n'.join(textwrap.wrap('text', width=2))
# Output:
# 'te\nxt'

Or we can use the fill method implemented in textwrap module:

textwrap.fill("text", width=2)
# Output:
# 'te\nxt'

Collapse and truncate a text to width:

print(textwrap.shorten("Hello world!", width=12))
# Hello world!
print(textwrap.shorten("Hello world!", width=11))
# Hello [...]

The last words are dropped if the text is longer than the width argument. Other useful methods like indent and dedent are available in this module.

Unicode Character Database at Your Hand

Fri, 20 Jul 2018 15:59:10 GMT

Python's self-explanatory module called unicodedata provides the user with access to the Unicode Character Database and implicitly every character's properties.

Lookup a character by name with lookup:

>>> import unicodedata
>>> unicodedata.lookup('RIGHT SQUARE BRACKET')
']'
>>> three_wise_monkeys = ["SEE-NO-EVIL MONKEY",
                          "HEAR-NO-EVIL MONKEY",
                          "SPEAK-NO-EVIL MONKEY"]
>>> ''.join(map(unicodedata.lookup, three_wise_monkeys))
'🙈🙉🙊'

Get a character's name with name:

>>> unicodedata.name(u'~')
'TILDE'

Get the category of a character:

>>> unicodedata.category(u'X')
'Lu'
# L = letter, u = uppercase

Also, using the unicodedata Python module, it's easy to normalize any unicode data strings (remove accents, etc):

>>> import unicodedata

data = u'ïnvéntìvé'
normal = unicodedata.normalize('NFKD', data).\
    encode('ASCII', 'ignore')
print(normal)
# b'inventive'

The NFKD stands for Normalization Form Compatibility Decomposition, and this is where characters are decomposed by compatibility, also multiple combining characters are arranged in a specific order.

To get the version of the Unicode Database currently used:

>>> unicodedata.unidata_version
'8.0.0'

Read more methods at the python documentation

Functional Particularities of Python

Thu, 19 Jul 2018 16:10:00 GMT

This time we'll explore some of the paradigms of functional programming as applied to Python, specifically.

One of the most common constructs to employ in a functional-style Python program is a Generator. Generators are a special class of functions that make writing iterators [1] easier.

When we call a function, a new space in memory is allocated to hold all of the variables that function is concerned with, as well as other data. When that function reaches a return statement, all of that is destroyed (or, more accurately, marked for garbage collection) and the return value is given back to the caller. Calling that function again restarts the entire process.

Generators allow us to make functions which essentially keep these variables from being destroyed after returning a value, and allow the execution to be paused and resumed where the function left off. Generators basically provide resumable functions. For example:

def generate_ints(N):
    for i in range(N):
        yield i

This is a simple generator, identified by the yield keyword. (Any function with a yield is a generator.) When it is called, instead of returning a value, a generator object is returned instead which supports the iterator protocol. Calling next() on the generator object will continually run and return the result, "pausing" the function every time after it reaches yield.

Another interesting feature of functional programming with Python is Comprehensions. Using Comprehensions is an easy way to make functional code much more legible by focusing on what is to be computed, not how.

A comprehension is an expression where the same flow control keywords used in loops and conditionals are used, but put in a different order to focus on data instead of the manipulation procedure. For example:

# without comprehension
collection = []
for element in some_list:
    if cond_1(element) and cond_2(element):
        collection.append(element)
    else:
        new = mutate(element)
        collection.append(new)

# with comprehension
collection = [e if cond_1(e) and cond_2(e) else mutate(e) for e in some_list]

As you can clearly see, our code instantly becomes much more legible and comprehensible.

Finally, Python is also lucky to have an avid user base which is constantly providing new third-party libraries to extend Python's usability as a functional language. Although we can't cover them in detail in order to keep the post short, some highlights include pyrsistent, toolz, hypothesis and more_itertools. [2]

FOOTNOTES

1 ITERATORS

Iterators are objects which return one value at a time from a collection of values. For example, an iterator traversing a list will return one element of the list at a time until it reaches the end of the list and throws a StopIteration exception. For more information, see the related insights relating to Python iteration.

2 THIRD PARTY LIBRARIES

pyrsistent is a collection of a number of useful persistent data structures, AKA immutable data structures. toolz provides a set of utility functions for iterators, functions and dictionaries. hypothesis is a library which allows simple and powerful property-based testing. more-itertools is exactly what it says; the library provides additional building blocks, recipes and routines above the standard itertools.

Debug Bad Commit with Binary Search

Tue, 17 Jul 2018 18:30:48 GMT

Let’s say you just pushed out a release of your code to a production environment, you’re getting bug reports about something that wasn’t happening in your development environment, and you can’t imagine why the code is doing that. You go back to your code, and it turns out you can reproduce the issue, but you can’t figure out what is going wrong.

The git bisect tool helps to identify the commit that introduced a bug.

To start, you need to tell git when the code last ran without problems. Assuming you are currently in a place where the code fails:

$ git bisect start
$ git bisect bad # current commit has a bug
# checkout to a known good commit
$ git bisect good v2.1 # v2.1 passes the test

git will then check out the commit that is halfway between the good and bad commits. You test the code and if there was no problem:

$ git bisect good
# test halfway between middle and bad commit

If there was a problem:

$ git bisect bad
# test halfway between middle and good commit

You continue doing this until git identifies the first bad commit.

When you finish you need to reset to the original state to reset your HEAD to where you were before you started, or you’ll end up in a weird state:

$ git bisect reset

Number Extensions in Javascript

Tue, 17 Jul 2018 10:08:06 GMT

Number benefits from several changes in ES6, providing several new methods, saving us from writing our own potentially error-prone implementations. There are quite a lot of methods so here are some of the ones that are likely to have more use:

Number.isFinite

Determines whether a number is finite (finite means that it could be measured or have a value).

Number.isFinite(Infinity); //false
Number.isFinite(100); //true

Number.isInteger

Determines if a number is an integer or not.

Number.isInteger(1); // true
Number.isInteger(0.1); //false

Number.isNaN

Before ES6 it was difficult to test if a value was equal to NaN (Not a number). This is because NaN == NaN evaluates to false.

Whilst a global isNaN function has existed in previous versions it has the issue that it converts values which makes it hard to test if something is really NaN:

isNaN("rezha") == true; //true

Number.isNaN allows you to easily test if a number really is NaN:

Number.isNaN(1); //false
Number.isNaN(Number.NaN); //true

Number.EPSILON

Number.EPSILON is the smallest value less than 1 that can be represented as a number and is intended for advanced uses such as testing equality:

Number.EPSILON;
//2.220446049250313e-16

Number.isSafeInteger

To be considered a safe integer numbers must be able to be represented in a format called IEEE-754 and cannot be the result of rounding any other IEEE-754 number. There are some numbers that fall outside of what can be represented using IEEE-754:

Number.isSafeInteger(3); //true
var unsafe = Math.pow(2, 53);
Number.isSafeInteger(unsafe); //false

Number.MIN_SAFE_INTEGER and Number.MAX_SAFE_INTEGER

IEEE-754 can represent a limited range of numbers. This range can be retrieved using Number.MIN_SAFE_INTEGER and Number.MAX_SAFE_INTEGER:

Number.MIN_SAFE_INTEGER; //-9007199254740991
Number.MAX_SAFE_INTEGER; //9007199254740991

New Blog, New Domain

Mon, 16 Jul 2018 10:33:17 GMT

For the last 2 years, I think I have been guilty of abusing this domain. The domain is rezhajulio.id which is an Indonesian special TLD, yet I have been using it for writing English content (well actually nothing's wrong with it). Also, there is a domain that I really want: rezhajul.io. It's really concise, has my name on it and ends with IO (input output) and that sounds so "techie" I think.

Well then I am impulsively buying the domain almost a month ago and just yesterday set up a blog on it with the help from Hugo.

What's next?

My new blog is already hosted on Netlify, which is a far superior static site hosting than Firebase hosting. I will move this one to Netlify too and redirect people to rezhajul.io based on geo IP location. I'll keep my new blog simple, unlike the old one which has more features than most of the static site, making the site build process too long.

Welcome!

CSS Grid on Production

Tue, 30 May 2017 20:56:00 GMT

Today we have new tools/toys like CSS Grid which allows far greater control than we've ever had before, but at the same time, it allows us to let go of our content and allow it to find its own natural fit within the constraints of our design.

Personally, I've been looking at CSS Grid as a way to force elements to go where I want them to which is certainly one way to look at it, but it also offers a more natural "fit where I can" approach which I'm beginning to explore and having a lot of fun with.

While you're getting started with CSS Grid you're sure to be thinking that you can't use this in production because it's only supported in the latest browsers. While the support is true it doesn't preclude you from starting to use it. Every browser that does support CSS Grids also supports @supports. This means that you can do something like this:

.wrapper {
  max-width: 1200px;
  margin: 0 20px;
  display: grid;
  grid-gap: 10px;
  grid-template-columns: 1fr 3fr;
  grid-auto-rows: minmax(150px, auto);
}
/*float the side bar to the left and give it a width, but also tell it the grid column to go in  if Grid is supported */
.sidebar {
  float: left;
  width: 19.1489%;
  grid-column: 1;
  grid-row: 2;
}
/*float the content to the right and give it a width, but also tell it the grid column to go in  if Grid is supported */
.content {
  float: right;
  width: 79.7872%;
  grid-column: 2;
  grid-row: 2;
}

This will give you a site that works in all browsers that do not support Grid because it's ignored and looks at the floats and widths. Then if Grid is supported then we want to remove the widths otherwise the elements will take up that width of the grid track rather than the parent.

@supports (display: grid) {
.wrapper &amp;gt; * {
  width: auto;
  margin: 0;
  }
}

Voila, you have a fallback layout AND grid in one.

New interesting data structures in Python 3

Thu, 25 May 2017 00:35:17 GMT

Python 3's uptake is dramatically on the rise these days, and I think therefore that it is a good time to take a look at some data structures that Python 3 offers, but that are not available in Python 2.

We will take a look at typing.NamedTuple, types.MappingProxyType and types.SimpleNamespace, all of which are new to Python 3.

`typing.NamedTuple`

typing.NamedTuple is a supercharged version of the venerable collections.namedtuple and while it was added in Python 3.5, it really came into its own in Python 3.6.

In comparison to collections.namedtuple, typing.NamedTuple gives you (Python >= 3.6):

nicer syntax
inheritance
type annotations
default values (python >= 3.6.1)
equally fast

See an illustrative typing.NamedTuple example below:

>>> from typing import NamedTuple

>>> class Student(NamedTuple):
>>>     name: str
>>>     address: str
>>>     age: int
>>>     sex: str

>>> tommy = Student(name='Tommy Johnson', address='Main street',     age=22, sex='M')
>>> tommy
    Student(name='Tommy Johnson', address='Main street', age=22, sex='M')

I like the class-based syntax compared to the old function-based syntax, and find this much more readable.

The Student class is a subclass of tuple, so it can be handled like any normal tuple:

>>> isinstance(tommy, tuple)
    True
>>> tommy[0]
    'Tommy Johnson'

A more advanced example, subclassing Student and using default values (note: default values require Python >= 3.6.1):

>>> class MaleStudent(Student):
>>>     sex: str = 'M'  # default value, requires Python >= 3.6.1

>>>  MaleStudent(name='Tommy Johnson', address='Main street', age=22)
     MaleStudent(name='Tommy Johnson', address='Main street', age=22, sex='M')  # note that sex defaults to 'M'

In short, this modern version of namedtuples is just super-nice, and will no doubt become the standard namedtuple variation in the future.

See the docs for further details.

`types.MappingProxyType`

types.MappingProxyType is used as a read-only dict and was added in Python 3.3.

That types.MappingProxyType is read-only means that it can't be directly manipulated and if users want to make changes, they have to deliberately make a copy, and make changes to that copy. This is perfect if you're handing a dict -like structure over to a data consumer, and you want to ensure that the data consumer is not unintentionally changing the original data. This is often extremely useful, as cases of data consumers changing passed-in data structures leads to very obscure bugs in your code that are difficult to track down.

A types.MappingProxyType example:

>>>  from  types import MappingProxyType
>>>  data = {'a': 1, 'b':2}
>>>  read_only = MappingProxyType(data)
>>>  del read_only['a']
TypeError: 'mappingproxy' object does not support item deletion
>>>  read_only['a'] = 3
TypeError: 'mappingproxy' object does not support item assignment

Note that the example shows that the read_only object cannot be directly changed.

So, if you want to deliver data dicts to different functions or threads and want to ensure that a function is not changing data that is also used by another function, you can just deliver a MappingProxyType object to all functions, rather than the original dict, and the data dict now cannot be changed unintentionally. An example illustrates this usage of MappingProxyType:

>>>  def my_func(in_dict):
>>>     ...  # lots of code
>>>     in_dict['a'] *= 10  # oops, a bug, this will change the sent-in dict

...
# in some function/thread:
>>>  my_func(data)
>>>  data
data = {'a': 10, 'b':2}  # oops, note that data['a'] now has changed as an side-effect of calling my_func

If you send in a mappingproxy to my_func instead, however, attempts to change the dict will result in an error:

>>>  my_func(MappingProxyType(data))
TypeError: 'mappingproxy' object does not support item deletion

We now see that we have to correct the code in my_func to first copy in_dict and then alter the copied dict to avoid this error. This feature of mappingproxy is great, as it helps us avoid a whole class of difficult-to-find bugs.

Note though that while read_only is read-only, it is not immutable, so if you change data, read_only will change too:

>>>  data['a'] = 3
>>>  data['c'] = 4
>>>  read_only  # changed!
mappingproxy({'a': 3, 'b': 2, 'c': 4})

We see that read_only is actually a view of the underlying dict, and is not an independent object. This is something to be aware of. See the docs for further details.

`types.SimpleNamespace`

types.SimpleNamespace is a simple class that provides attribute access to its namespace, as well as a meaningful repr. It was added in Python 3.3.

>>>  from types import SimpleNamespace

>>>  data = SimpleNamespace(a=1, b=2)
>>>  data
namespace(a=1, b=2)
>>>  data.c = 3
>>>  data
namespace(a=1, b=2, c=3)

In short, types.SimpleNamespace is just an ultra-simple class, allowing you to set, change and delete attributes while it also provides a nice repr output string.

I sometimes use this as an easier-to-read-and-write alternative to dict. More and more though, I subclass it to get the flexible instantiation and repr output for free:

>>>  import random

>>>  class DataBag(SimpleNamespace):
>>>     def choice(self):
>>>         items = self.__dict__.items()
>>>         return random.choice(tuple(items))

>>>  data_bag = DataBag(a=1, b=2)
>>>  data_bag
DataBag(a=1, b=2)
>>>  data_bag.choice()
(b, 2)

This subclassing of types.SimpleNamespace is not revolutionary really, but it can save on a few lines of text in some very common cases, which is nice. See the docs for details.

Keyword argument demystify

Mon, 22 May 2017 14:00:00 GMT

There’s a lot of baffling among Python programmers on what exactly “keyword arguments” are. Let’s go through some of them.

If you somehow are writing for a Python 3 only codebase, I highly recommend making all your keyword arguments keyword only, especially keyword arguments that represent “options”.

There are many problems with this sentence. The first is that this is mixing up “arguments” (i.e. things at the call site) and “parameters” (i.e. things you declare when defining a function). So:

def foo(a, b):  # <- a and b are "parameters" or "formal arguments"
    pass

foo(1, 2)  # <- 1 and 2 are arguments to foo, that match a and b

This confusion is common among programmers. I also use the word “argument” when I mean “parameter”, because normally in conversation we can tell the difference in context. Even the documentation in the Python standard library uses these as synonyms.

The code above is the basic case with positional arguments. But we were talking about keyword arguments so let’s talk about those too:

def bar(a,    # <- this parameter is a normal python parameter
        b=1,  # <- this is a parameter with a default value
        *,    # <- all parameters after this are keyword only
        c=2,  # <- keyword only argument with default value
        d):   # <- keyword only argument without default value
    pass

So far so good. Now, let’s think about the statement we started with:

I highly recommend making all your keyword arguments keyword only

That implies there are keyword arguments that are not keyword only arguments. That’s sort of correct, but also very wrong. Let’s have some examples of usages of bar :

bar(1)         # one positional argument
bar(1, 2)      # two positional arguments
bar(a=1)       # one keyword argument
bar(a=1, b=2)  # two keyword arguments
bar(1, d=2)    # one positional and one keyword argument

The trick here is to realize that a “keyword argument” is a concept of the call site, not the declaration. But a “keyword only argument” is a concept of the declaration, not the call site. Super confusing!

There are also parameters that are positional only. The function sum in the standard library is like this: according to the documentation it looks like this:sum(iterable[, start]) But there’s a catch!

>>> sum(iterable=[1, 2])
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
TypeError: sum() takes no keyword arguments

And the start parameter can’t be used as a keyword argument either, even though it’s optional! Recap

(I’m using “argument” here even though “parameter” or “formal argument” would be more correct, but the Python standard library uses these all as synonyms so I will too, so my wording matches the documentation.)

Python functions can have :

Arguments that can be used both as positional and keyword arguments (this is the most common case)
Arguments that can be used both as positional and keyword arguments with default values (or just “arguments with default values”)
Positional only arguments (like the first argument tosum, this is uncommon and can only be achieved by functions implemented in C)
Positional only arguments with default values (like above, only for C)
Optional positional only arguments (2nd argument to sum, like above, only for C)
Keyword only arguments
Keyword only arguments with default values
Arbitrary positional arguments ( *args )
Arbitrary keyword arguments ( **kwargs )

When calling Python functions you can have:

Positional arguments
Keyword arguments

It’s very simple at the call site, but a lot more complex at the function definition, and how call site arguments are mapped to the declaration is quite complex.

Summary

Python appears simple because most of these rules and distinctions are so well thought out that many programmers can go years in a professional career and believe default arguments and keyword arguments are the same, and never get bitten by this incorrect belief.

Looping techniques in Python

Thu, 04 May 2017 05:33:17 GMT

Python has multiple techniques for looping over data structures.

Dictionary looping with both key and value can be done using the items() method:

my_dict = {'first': 'a', 'second': 'b'}
for k, v in my_dict.items():
    print(k, v)
# first a
# second b

The enumerate() function allows looping with both index and value through any sequence:

my_list = ['a', 'b']
for i, v in enumerate(my_list):
    print(i, v)
# 0 a
# 1 b

The zip() function can be used to pair two or more sequences in order to loop over both of them in parallel:

first_list = ['a', 'b']
second_list = ['one', 'two']
for f, s in zip(first_list, second_list):
    print(f, s)
# a one
# b two

To loop in a sorted order, use the sorted() function:

my_list = ['b', 'c', 'a']
for f in sorted(my_list):
    print(f)
# a
# b
# c

To loop in reverse, pass the sorted list to the reversed() function:

for f in reversed(sorted(set(my_list))):
  print(f)
# c
# b
# a

Enhance your tuples

Wed, 03 May 2017 05:33:17 GMT

Standard Python tuples are lightweight sequences of immutable objects, yet their implementation may prove inconvenient in some scenarios.

Instead, the collections module provides an enhanced version of a tuple, namedtuple, that makes member access more natural (rather than using integer indexes).

Import namedtuple:

from collections import namedtuple

Create a namedtuple object:

point = namedtuple('3DPoint', 'x y z')
A = point(x=3, y=5, z=6)
print(A)
# 3DPoint(x=3, y=5, z=6)

Access a specific member:

print(A.x)
# 3

Because namedtuples are backwards compatible with normal tuples, member access can be also done with indexes:

print(A[0])
# 3

To convert a namedtuple to a dict (actually an OrderedDict):

print(A._asdict())
#OrderedDict([('x', 3), ('y', 5), ('z', 6)])

Get more with collections!

Tue, 02 May 2017 05:33:17 GMT

In addition to Python's built-in data structures (such as tuples, dicts, and lists), a library module called collections provides data structures with additional features, some of which are specializations of the built-in ones.

Import the module:

import collections

Specialized container datatypes are usually dict subclasses or wrappers around other classes like lists, tuples, etc.

Notable implementations are:

the Counter class used for counting hashable objects.
defaultdict class used as a faster implementation of a specialised dictionary.
namedtuple class used for defining a meaning for every position in a tuple, often useful with databases or CSV files.

There is more to copying

Mon, 01 May 2017 05:33:17 GMT

An assignment only creates a "binding" (an association) between a name and a "target" (object of some type). A copy is sometimes necessary so you can change the value of one object without changing the other (when two names are pointing to the same object).

# Assignment: bind the name y to
# the list [1, 2].
y = [1, 2 ]
# Create another binding -
# bind the name x to the same
# object that y is currently bound to.
x = y
# x[0 ] is changed too, when y[0 ] is.
y[0] = 99
print(x[0])
# 99

The copy module has methods to support both shallow and deep copying of objects.

To create a shallow copy (construct a new object, but references to the objects found in the original are inserted):

from copy import copy

y = [1, 2 ]
x = copy(y)
# note that x = y.copy() works
y[0] = 99
print(x[0])
# 1

To create a deep copy (instead of references, multiple copies are used):

from copy import deepcopy
#...
x = deepcopy(y)

Implementing weak references in Python

Sun, 30 Apr 2017 05:33:17 GMT

Normal Python references to objects increment the object's reference count thus preventing it from being garbage collected.

If a user desires creating weak references, the weakref module can be used:

import weakref

class Rezha(object): pass

To create a weak reference, the ref class is used:

# object instance
rezha = Rezha()
# weak reference to our object
r = weakref.ref(rezha)

Then, you can call the reference object:

print(r)
# <weakref at 0x01414E40; to 'Rezha'...>
print(r())
# <__main__.Rezha object at 0x0133D270>

If the reference no longer exists, calling it returns None:

del rezha
print(r())
# None

To check the existence of the reference:

if r is not None:
  # reference exists!

Weak references are often used to implement caching for large objects, but also for implementing cyclic references.

Imagine the case where object X references object Y and Y references X. Without a cycle-detecting garbage collector, the two objects would never be garbage collected. However, if one of the references is weak, they will be properly garbage collected.

Translating Scanner tokens into primitive types

Sat, 29 Apr 2017 05:33:17 GMT

The Scanner class can be used to break an input into tokens separated by delimiters. Scanner also has methods to translate each token into one of Java's primitive types.

Delimiters are string patterns and are set in the following way:

Scanner s = new Scanner(input);
s.useDelimiter(pattern);

If we need to read a file containing a set of integers, and calculate the total, we can use Scanner's nextInt method:

int sum = 0;
//create a new instance of Scanner
Scanner s = new Scanner(
  new BufferedReader(
    new FileReader("in.txt")));
/*tokenize the input file and
convert to integers*/
while (s.hasNext()) {
  if (s.hasNextInt()) {
    sum += s.nextInt();
  } else {
    s.next();
  }
}

In the example above, we iterate through the file, tokenizing each value and converting it to an integer before adding it to sum.

Listing a file system's root directories

Fri, 28 Apr 2017 05:33:17 GMT

Using the static FileSystems class, you can get the default FileSystem (note the missing s) through the getDefault() method.

The getRootDirectories() method of FileSystem can be used to acquire a list of root directories on a file system.

An object of type Iterable is returned, so the directories can be iterated over in the following way:

FileSystem sys = FileSystems.getDefault();
Iterable<Path> d = sys.getRootDirectories();
for (Path name: d) {
    System.out.println(name);
}

This is available from Java 1.7.

The Console class

Thu, 27 Apr 2017 05:33:17 GMT

The Java.io.Console class provides methods to access the character-based console device, if any, associated with the current Java Virtual Machine. This class is attached to the System console internally.

The Console class provides means to read text and passwords from the console.

To read a line as a String:

Console console = System.console();
String myString = console.readLine();

To read a password as an array of chars:

Console console = System.console();
char[] pw = console.readPassword();

If you read passwords using Console class, it will not be displayed to the user.

Keep in mind that this class does not have a high level of security and it is mostly used at development stage.

Next, Function or Method ?

Tue, 25 Apr 2017 17:56:15 GMT

While in Python 2 it was possible to use both the function next() and the .next() method to iterate over the resulting values of a generator, the latter has been removed with the introduction of Python 3.

Consider the sample generator:

def sample_generator():
    yield "a"
    yield "b"
    yield "c"

In Python 2:

a = sample_generator()
print(next(a)) # prints 'a'
print(a.next()) # prints 'b'

But in Python 3:

print(next(a)) # prints 'a'
print(a.next()) # AttributeError

Generator Expressions

Mon, 24 Apr 2017 00:33:17 GMT

Generator expressions are a high performance and memory efficient generalization of list comprehensions and generators. Imagine we want to sum up all even numbers ranging from 1 to 100.

Using list comprehension:

even_sum = sum([x for x in range(1, 100)
               if x % 2 == 0])
print(even_sum)
#2450

This will prove inefficient in the case of a large range because it first creates a list, it iterates over it and then returns the sum. The same result can be achieved with a generator expression:

even_sum = sum(x for x in range(1, 100)
               if x % 2 == 0)
print(even_sum)
#2450

The generator expressions syntax says that it must be enclosed inside parentheses (). A generator for squares of numbers:

squares = (x * x for x in range(1,10))

This generator can now be converted to a list with:

print(list(squares))
# [1, 4, 9, 16, 25, 36, 49, 64, 81]

Or, iterate over it with a for loop:

for item in squares: print(item)

This'll print nothing, since a generator can only be iterated over once. To access values from a generator more than once, either save the values in a list, or define and then run the generator again.

Yield Keyword

Sun, 23 Apr 2017 00:33:17 GMT

The yield keyword is fundamental to the creation of generators. Consider the following generator function:

def createGenerator():
    print('Initial call')
    yield '1'
    print('Second call')
    yield '2'

a = createGenerator()

Calling the createGenerator() function will create a generator object stored as a. Note that the code inside the generator function will not be run yet.

print(next(a))
# Initial call
# 1

The first time the generator object is iterated over (in a loop or with next()), the function code will be run from the start until the first yield. The value in the yield statement is returned and the current position in the code is saved internally.

print(next(a))
# Second call
# 2

The second next call will resume the code from just after the previous yield and will continue running it until another yield is found where it returns the desired value.

When there are no more yield keywords, the generator object is considered empty.

print(next(a)) # StopIteration error

How to Build Nginx with Google Pagespeed Support

Sat, 22 Apr 2017 05:33:17 GMT

Nginx (engine-x) is an open source and high-performance HTTP server, reverse proxy and IMAP/POP3 proxy server. The outstanding features of Nginx are stability, a rich feature set, simple configuration and low memory consumption. This tutorial shows how to build a Nginx .deb package for Ubuntu 16.04 from source that has Google PageSpeed module compiled in.

PageSpeed is a web server module developed by Google to speed up the website response time, optimize the returned HTML and reduce the page load time. ngx_pagespeed features including:

Image optimization: stripping meta-data, dynamic resizing, recompression.
CSS & JavaScript minification, concatenation, inlining, and outlining.
Small resource inlining.
Deferring image and JavaScript loading.
HTML rewriting.
Cache lifetime extension.

see more https://developers.google.com/speed/pagespeed/module/.

Install the build dependencies

sudo apt-get install dpkg-dev build-essential zlib1g-dev libpcre3 libpcre3-dev unzip

Installing nginx with ngx_pagespeed

Step 1 - Add the nginx repository

Create a new repository file /etc/apt/sources.list.d/nginx.list with your favourite editor.

nano /etc/apt/sources.list.d/nginx.list

There you add the lines: Save the file and exit the editor.

deb http://nginx.org/packages/ubuntu/ xenial nginx
deb-src http://nginx.org/packages/ubuntu/ xenial nginx

Add the key and update the repository:

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys ABF5BD827BD9BF62
sudo apt-get update

Step 2 - Download nginx 1.12 from ubuntu repository

Create a new directory for the nginx source files and download the nginx sources with apt:

cd ~
mkdir -p ~/compile/nginx_source/
cd ~/compile/nginx_source/
apt-get source nginx

Sometimes, there is an error: 'packages cannot be authenticated'. You can solve it by typing command below:

rm -rf /var/lib/apt/lists/
apt-get update

Next, install all dependencies to build the nginx package.

apt-get build-dep nginx

Step 3 - Download Pagespeed

Create a new directory for PageSpeed and download the PageSpeed source. In this tutorial, we will use pagespeed 1.11.33.4 (latest stable one)

mkdir -p ~/compile/ngx_pagespeed/
cd ~/compile/ngx_pagespeed/
export ngx_version=1.11.33.4
wget https://github.com/pagespeed/ngx_pagespeed/archive/release-${ngx_version}.zip
unzip release-${ngx_version}.zip

cd ngx_pagespeed-release-${ngx_version}/
wget https://dl.google.com/dl/page-speed/psol/${ngx_version}.tar.gz
tar -xf ${ngx_version}.tar.gz

Step 4 - Configure nginx to build with Pagespeed

Go to the 'nginx_source' directory and edit the 'rules' file.

cd ~/compile/nginx_source/nginx-1.12.0-1/debian/
vim rules

Add this parameter under config.status.nginx and config.status.nginx_debug:

--add-module=~/compile/ngx_pagespeed/ngx_pagespeed-release-1.11.33.3-beta

Save and exit.

Step 5 - Build the nginx Ubuntu package and install it

Go to the nginx source directory and build nginx from source with the dpkg-buildpackage command:

cd ~/compile/nginx_source/nginx-1.12.0-1/
dpkg-buildpackage -b

The nginx Ubuntu package will be saved under ~/compile/nginx_source/. Once package building is complete, please look in the directory:

cd ~/compile/nginx_source/
ls

The Nginx Ubuntu package has been built. And install nginx and modules deb with dpkg command.

dpkg -i *.deb

Testing

Step 1 - Testing with the Nginx Command

Run nginx -V to check that the ngx_pagespeed module has been built into nginx.

Step 2 - Testing with Curl Command

Go to nginx configuration directory and edit default virtual host configuration file.

cd /etc/nginx/
nano nginx.conf

Paste configuration below to enable ngx_pagespeed.

pagespeed on;

# Needs to exist and be writable by nginx.  Use tmpfs for best performance.
pagespeed FileCachePath /var/ngx_pagespeed_cache;

# Ensure requests for pagespeed optimized resources go to the pagespeed handler
# and no extraneous headers get set.
location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" {
  add_header "" "";
}
location ~ "^/pagespeed_static/" { }
location ~ "^/ngx_pagespeed_beacon$" { }

Save and exit. Next, test the nginx configuration file and make sure there is no error:

nginx -t

Restart nginx:

systemctl restart nginx

Finally, access the nginx web server with the curl command:

curl -I your-ip-address

What are Generators?

Fri, 21 Apr 2017 00:33:17 GMT

Generators are special functions that implement or generate iterators. Generators are functions which behave like iterators, but can have better performance characteristics. These include:

Creating values on demand, resulting in lower memory consumption.
The values returned are lazily generated. Hence, it is not necessary to wait until all the values in a list are generated before using them.

However, the set of generated values can only be used once.

Generators look like normal functions, but instead of the return statement they make use of the yield statement. The yield statement tells the interpreter to store local variables and record the current position in the generator, so when another call is made to the generator, it will resume from that saved location and with the previous values of local variables intact.

Consider this generator:

def test_generator():
    yield 1
    yield 2
    yield 3

g = test_generator()

We can now iterate over g using the next() function:

print(next(g)) # 1
print(next(g)) # 2
print(next(g)) # 3
print(next(g)) # StopIteration error

Using an interface as a parameter

Thu, 20 Apr 2017 05:33:17 GMT

You can define methods that take an interface as a parameter. Your interface defines a contract and your methods will accept as parameter any objects whose class implements that interface. This is in fact one of the most common and useful ways to use an interface.

interface Test {
  public void test(); //define the interface
}

class Tester {
  public void runTest(Test t) {
    t.test();
  } // method with interface as param
}

MyTest class will implement this interface:

class MyTest implements Test {
  public void test() { // running code }
}

Now the runTest method will take as a parameter any object that implements the Test Interface:

Tester tester = new Tester(); Test test1 = new MyTest(); tester.runTest(test1);

The collection framework from the standard Java API frequently uses this procedure. For example, Collections.sort() can sort any class that implements the List interface and whose contents implement the Comparable interface.

Using bounded type parameters in generic methods

Tue, 18 Apr 2017 23:33:17 GMT

Sometimes it may be appropriate to write a generic method, however it will not be possible for it to accept every type while still maintaining all the necessary functionality.

To solve this, use bounded type parameters to restrict generic methods from accepting arguments of a particular kind.

public <T extends Shape>
  void drawAll(List<T> shapes){
    for (Shape s: shapes) {
        s.draw(this);
    }
}

The above method is used to draw a list of shapes. Writing a generic method with an unbounded type parameter would cause problems because lists of other types cannot be drawn in this way.

By specifying that <T extends Shape> we guarantee that only Shape objects can be passed to the method.

Using the Deprecated annotation

Tue, 18 Apr 2017 05:33:17 GMT

The @Deprecated annotation can be used to indicate elements which should no longer be used. Any program that uses an element which is marked as @Deprecated will produce a compiler warning.

@Deprecated
public void oldMethod() {
  ...
}
public void newMethod() {
  ...
}

In this example, newMethod replaces oldMethod. However we do not want to remove oldMethod completely because keeping it will help maintain backwards compatibility with older versions of the program.

We can keep oldMethod() and indicate to programmers that it should not be used in new versions by applying the @Deprecated annotation.

Diamond Operator in Java

Mon, 17 Apr 2017 05:33:17 GMT

Since Java 7 it's not necessary to declare the type parameter twice while instantiating objects like Maps, Sets and Lists.

Consider the following code:

Map<String, List<String>> phoneBook = new HashMap<String, List<String>>();

The type parameter for HashMap on the right-hand side of the expression seems redundant. This can be shortened using an empty "Diamond Operator" to give:

Map<String, List<String>> phoneBook = new HashMap<>();

Lambda Functions in Python

Sun, 16 Apr 2017 05:33:17 GMT

The lambda keyword in Python provides a shortcut for declaring small anonymous functions. Lambda functions behave just like regular functions declared with the def keyword. They can be used whenever function objects are required.

For example, this is how you’d define a simple lambda function carrying out an addition:

>>> add = lambda x, y: x + y
>>> add(5, 3)
8

You could declare the same add function with the def keyword:

>>> def add(x, y):
...     return x + y
>>> add(5, 3)
8

Now you might be wondering: Why the big fuss about lambdas? If they’re just a slightly more terse version of declaring functions with def, what’s the big deal?

Take a look at the following example and keep the words function expression in your head while you do that:

>>> (lambda x, y: x + y)(5, 3)
8

Okay, what happened here? I just used lambda to define an “add” function inline and then immediately called it with the arguments 5 and 3.

Conceptually the lambda expression lambda x, y: x + y is the same as declaring a function with def, just written inline. The difference is I didn’t bind it to a name like add before I used it. I simply stated the expression I wanted to compute and then immediately evaluated it by calling it like a regular function.

Before you move on, you might want to play with the previous code example a little to really let the meaning of it sink in. I still remember this took me a while to wrap my head around. So don’t worry about spending a few minutes in an interpreter session.

There’s another syntactic difference between lambdas and regular function definitions: Lambda functions are restricted to a single expression. This means a lambda function can’t use statements or annotations—not even a return statement.

How do you return values from lambdas then? Executing a lambda function evaluates its expression and then automatically returns its result. So there’s always an implicit return statement. That’s why some people refer to lambdas as single expression functions. Lambdas You Can Use

When should you use lambda functions in your code? Technically, any time you’re expected to supply a function object you can use a lambda expression. And because a lambda expression can be anonymous, you don’t even need to assign it to a name.

This can provide a handy and “unbureaucratic” shortcut to defining a function in Python. My most frequent use case for lambdas is writing short and concise key funcs for sorting iterables by an alternate key:

>>> sorted(range(-5, 6), key=lambda x: x ** 2)
[0, -1, 1, -2, 2, -3, 3, -4, 4, -5, 5]

Like regular nested functions, lambdas also work as lexical closures.

What’s a lexical closure? Just a fancy name for a function that remembers the values from the enclosing lexical scope even when the program flow is no longer in that scope. Here’s a (fairly academic) example to illustrate the idea:

>>> def make_adder(n):
...     return lambda x: x + n

>>> plus_3 = make_adder(3)
>>> plus_5 = make_adder(5)

>>> plus_3(4)
7
>>> plus_5(4)
9

In the above example the x + n lambda can still access the value of n even though it was defined in the make_adder function (the enclosing scope).

Sometimes, using a lambda function instead of a nested function declared with def can express one’s intent more clearly. But to be honest this isn’t a common occurrence—at least in the kind of code that I like to write. But Maybe You Shouldn’t…

Now on the one hand I’m hoping this article got you interested in exploring Python’s lambda functions. On the other hand I feel like it’s time to put up another caveat: Lambda functions should be used sparingly and with extraordinary care.

I know I wrote my fair share of code using lambdas that looked “cool” but was actually a liability for me and my coworkers. If you’re tempted to use a lambda, spend a few seconds (or minutes) to think if this is really the cleanest and most maintainable way to achieve the desired result.

For example, doing something like this to save two lines of code is just silly. Sure, it technically works and it’s a nice enough “trick”. But it’s also going to confuse the next gal or guy having to ship a bugfix under a tight deadline:

# Harmful:
>>> class Car:
...     rev = lambda self: print('Wroom!')
...     crash = lambda self: print('Boom!')

>>> my_car = Car()
>>> my_car.crash()
'Boom!'

I feel similarly about complicated map() or filter() constructs using lambdas. Usually it’s much cleaner to go with a list comprehension or generator expression:

# Harmful:
>>> list(filter(lambda x: x % 2 == 0, range(16)))
[0, 2, 4, 6, 8, 10, 12, 14]

# Better:
>>> [x for x in range(16) if x % 2 == 0]
[0, 2, 4, 6, 8, 10, 12, 14]

If you find yourself doing anything remotely complex with a lambda expression, consider defining a real function with a proper name instead.

Saving a few keystrokes won’t matter in the long run. Your colleagues (and your future self) will appreciate clean and readable code more than terse wizardry. Things to Remember

Lambda functions are single-expression functions that are not necessarily bound to a name (anonymous).
Lambda functions can’t use regular Python statements and always include an implicit return statement.
Always ask yourself: Would using a regular (named) function or a list/generator expression offer more clarity?

Altering format string output by changing a format specifier's argument_index

Sat, 15 Apr 2017 05:33:17 GMT

A format string is a string which can include one or more format specifiers.

String hungry = "hungry";
String hippo = "hippo";
String s = String.format(
  "%s %s",
  hungry,
  hippo);

Here, "%s %s" is a format string, and %s is a format specifier. The value of s is "hungry hippo".

Modify the order that the arguments appear in the format string by specifying an argument index in the format specifiers.

Argument indexes take the form of a non-negative integer followed by $, where the integer specifies the position of the argument in the argument list.

String s = String.format(
  "%2$s %1$s",
  hungry,
  hippo);

The output of the example above will be "hippo hungry" because we have specified that argument 2 (%2$s) will come before argument 1 (%1$s).

Add Autocorrect to Git

Fri, 14 Apr 2017 05:33:17 GMT

If you want git to correct typos you can set help.autocorrect:

$ git config --global help.autocorrect 30

You set help.autocorrect to an integer representing the time you have to change your mind before git executes the command (1 = 0.1 seconds).

For example:

$ git comit
WARNING: You called a git command
named 'comit', which does not exist.
Continuing under the assumption that
you meant 'commit'
in 3 seconds automatically...

Future of Interface in Java 9

Thu, 13 Apr 2017 16:33:17 GMT

Interface is a very popular way to expose our APIs. Until Java 7 it was getting used as a contract (abstract method) where a child class was obliged to implement the contract; but after Java 8, Interface got more power — to where we can have static and default methods.

In Java 9, Interface is getting more power, to the point where we can define private methods as well. Let us understand why we need private methods in Interfaces.

Suppose we are defining a ReportGenerator Interface in Java8 as below:

package id.rezhajulio.test.interfacejava8;

public interface ReportGeneratorJava8 {

    /**

     * Need to get implemented as per ReportGenerator class

     * @param reportData

     * @param schema

     */

    void generateReport(String reportData, String schema);

    /**

     * Get the ready data

     * @param reportSource

     * @return

     * @throws Exception

     */

    default String getReportData(String reportSource) throws Exception {

        String reportData = null;

        if (null == reportSource) {

            throw new Exception("reportSource can't be null....");

        }

        if (reportSource.equalsIgnoreCase("DB")) {

            System.out.println("Reading the data from DB ....");

            //logic to get the data from DB

            reportData = "data from DB";

        } else if (reportSource.equalsIgnoreCase("File")) {

            System.out.println("Reading the data from FileSystem ....");

            //logic to get the data from File

            reportData = "data from File";

        } else if (reportSource.equalsIgnoreCase("Cache")) {

            System.out.println("Reading the data from Cache ....");

            //logic to get the data from Cache

            reportData = "data from Cache";

        }

        System.out.println("Formatting the data to create a common standard");

        /** Format the data and then return **/

        //logic to format the data

        return reportData;

    }

}

And the implementation class could be HtmlReportGeneratorJava8:

package id.rezhajulio.test.interfacejava8;

public class HtmlReportGeneratorJava8 implements ReportGeneratorJava8 {

    @Override

    public void generateReport(String reportData, String schema) {

        //HTML Specific Implementation according to given schema

    }

}

Method 'getReportData' looks pretty messy, as there is a lot of logic that could be kept in a separate method and that can be called in 'getReportData'. To achieve that, we need a private method, as we don't want to expose these methods to the outside world.

Another thing, ReportGeneratorJava8 interface is formatting the data after getting it from the source. So we can have a common method named 'formatData' defined as private in the interface. So the interface could be rewritten as below:

package id.rezhajulio.test.interfacejava9;

public interface ReportGeneratorJava9 {

    /**

     * Need to get implemented as per ReportGenerator class

     * @param reportData

     * @param schema

     */

    void generateReport(String reportData, String schema);

    /**

     * Reading the report data from DB

     * @return

     */

    private String getReportDataFromDB() {

        System.out.println("Reading the data from DB ....");

        //logic to get the data from DB

        String reportData = "data from DB";

        return formatData(reportData);

    }

    /**

     * Reading the report data from FileSystem

     * @return

     */

    private String getReportDataFromFile() {

        System.out.println("Reading the data from FileSystem ....");

        //logic to get the data from File

        String reportData = "data from File";

        return formatData(reportData);

    }

    /**

     * Reading the report data from cache

     * @return

     */

    private String getReportDataFromCache() {

        System.out.println("Reading the data from Cache ....");

        //logic to get the data from Cache

        String reportData = "data from Cache";

        return formatData(reportData);

    }

    /**

     * Formatting the data to create a common standardized data,

     * as it's coming from different systems

     * @param reportData

     * @return

     */

    private String formatData(String reportData) {

        System.out.println("Formatting the data to create a common standard");

        /** Format the data and then return **/

        //logic to format the data

        return reportData;

    }

    /**

     * Get the ready data

     * @param reportSource

     * @return

     * @throws Exception

     */

    default String getReportData(String reportSource) throws Exception {

        String reportData = null;

        if (null == reportSource) {

            throw new Exception("reportSource can't be null....");

        }

        if (reportSource.equalsIgnoreCase("DB")) {

            reportData = getReportDataFromDB();

        } else if (reportSource.equalsIgnoreCase("File")) {

            reportData = getReportDataFromFile();

        } else if (reportSource.equalsIgnoreCase("Cache")) {

            reportData = getReportDataFromCache();

        }

        return reportData;

    }

}

Now the above implementation looks pretty clean, and we've seen the need of private methods in Interface. Summary of Interface Enhancements

Constants (until Java 1.7)
Method signatures (until Java 1.7)
Nested types (until Java 1.7)
Default methods (since 1.8)
Static methods (since 1.8)
Private methods (since 1.9)
Private static methods (since 1.9)

Enjoy the power of Java 9's Interface.

More about Interface in Java 8

Tue, 11 Apr 2017 17:33:17 GMT

Interface was meant to define a contract before Java 8, where we were able to define the methods a class needed to implement if binding itself with the interface. Interface was only involved with abstract methods and constants.

But in Java 8, Interface has become much more, and now it can have methods defined using static or default. Remember that default methods can be overridden, while static methods cannot.

Method Definitions

Interface was meant for good designers because when we create an Interface, we should know the possible contract that every class should implement. Once your contract definition is done and classes have implemented the contract, it's difficult to change the definition of an Interface, as it will break the implemented classes.

A good designer always creates an interface and provides a base class, which provides the default definition of the Interface methods, and classes should extend the base class in place of implementing the interface directly. In this way, any future change in Interface could be taken care of by the base class. Other implementations of sub-classes would be fine.

In Java 8, they tried to fix this issue by providing method definitions — using static or default. We can add the definitions using static or default in Interface without breaking the existing classes, making it easier to design interfaces in Java 8.

Do We Still Need Abstract Classes?

After the Java 8 interface enhancements, the new version of Interface looks like a great replacement for the Abstract class, right? No, not at all. There are still the differences between these two. Do you remember 'access specifiers' (public, protected, etc.)?

So the Abstract class can have any of these access specifiers for their methods and variables while an Interface is always public and variables in an Interface are always constants. So we need to be very wise when choosing between the Interface and Abstract classes, and I believe that some intelligence is still required.

Examples of Interface Enhancements

We can define an Interface as having static and default methods as below:

Java8Interface.java:

package id.rezhajulio.interface.enhancement;

public interface Java8Interface {

    //defaults method - by default it's public

    default void hi() {

        System.out.println("In Java8Interface: new feature of Java8 is saying Hi....");

    }

    //static method - by default it's public

    static void hello() {

        System.out.println("In Java8Interface: new feature of Java8 is saying Hello....");

    }

}

The concrete class that is implementing the above Interface can be used as below.

ConcreteClass.java:

package package id.rezhajulio.interface.enhancement;

public class ConcreteClass implements Java8Interface {

    public static void main(String[] args) {

        ConcreteClass c = new ConcreteClass();

        c.hi(); // would be accessible using class instance

        //Not possible to call using class instance

        Java8Interface.hello();

    }

}

Which will lead to this output:

In Java8Interface: new feature of Java8 is saying Hi....

In Java8Interface: new feature of Java8 is saying Hello....

But suppose you have two interfaces with the same method signature as 'default'. Then, your class should define the implementation for that method. Otherwise, you'll see a compile time error.

Let's see how that plays out below. The following Interface has the same methods as our Java8Interface.

Java8Interface_1.java:

package id.rezhajulio.interface.enhancement;

public interface Java8Interface_1 {

    default void hi() {

        System.out.println("In Java8Interface_1: new feature of Java8 is saying Hi....");

    }

    static void hello() {

        System.out.println("In Java8Interface_1: new feature of Java8 is saying Hello....");

    }

}

Meanwhile, our concrete class handles the implementation for our default method as follows:

ConcreteClass.java:

package id.rezhajulio.interface.enhancement;

public class ConcreteClass implements Java8Interface, Java8Interface_1 {

    public static void main(String[] args) {

        ConcreteClass c = new ConcreteClass();

        c.hi();

        Java8Interface.hello();

    }

    //We need to override hi method otherwise compilation error

    @Override

    public void hi() {

        Java8Interface.super.hi();

    }

}

And our output will be as follows:

In Java8Interface: new feature of Java8 is saying Hi....

In Java8Interface: new feature of Java8 is saying Hello....

Next, say a List API has the same default implementation as below:

default void sort(Comparator c))

That helps call the sort methods on our List, and the Collections API is no longer needed.

And let's see the snippet for calling the sort method using a List API:

List list = new ArrayList<>(); list.add("v");

list.add("a");

list.add("z"); list.add("d");

list.sort((val1, val2) -> val1.compareTo(val2));

Enjoy the power of Interface!

Spring Boot in a Single File

Mon, 10 Apr 2017 17:33:17 GMT

Over the years spring has become more and more complex as new functionalities have been added. Just visit the page-https://spring.io/projects and we will see all the spring projects we can use in our application for different functionalities. If one has to start a new spring project we have to add build path or add maven dependencies, configure application server, add spring configuration. So a lot of effort is required to start a new spring project as we have to currently do everything from scratch. Spring Boot is the solution to this problem. Spring boot has been built on top of existing spring framework including Spring MVC. Using spring boot we avoid all the boilerplate code and configurations that we had to do previously. Spring boot thus helps us use the existing Spring functionalities more robustly and with minimum efforts.

Features of Spring boot:

Auto-Configuration - No need to manually configure dispatcher servlet, static resource mappings, property source loader, message converters etc.
Dependency Management - The different versions of commonly used libraries are pre-selected and grouped in different starter POMs that we can include in your project. By selecting one Spring Boot version we are implicitly selecting dozens of dependencies that we would have to otherwise select and harmonize ourselves. Example-
Advanced Externalized Configuration - There is a large list of bean properties that can be configured through application.properties file without touching java or xml config.
Production support- We get health checking, application and jvm metrics, jmx via http and a few more things for free.
Runnable Jars - We can package your application as a runnable jar with embedded tomcat included so it presents a self-contained deployment unit

First you need to install spring-boot-cli. You can use SDKMAN to install latest spring-boot-cli and also get updates in the future. I've covered that here.

Spring Boot also has Groovy support, allowing us to build Spring MVC web apps with as little as a single file. Create a new file called app.groovy and put the following code in it:

@RestController
class ThisWillActuallyRun {

    @RequestMapping("/")
    String home() {
        return "Hello World from Spring Boot!"
    }

}

Run it as follows:

$ spring run app.groovy

You will see its log on your terminal

  .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::        (v1.5.2.RELEASE)

2017-04-09 19:36:30.777  INFO 25470 --- [       runner-0] o.s.boot.SpringApplication               : Starting application on kimiamania with PID 25470 (started by rezha in /home/rezha)
2017-04-09 19:36:30.779  INFO 25470 --- [       runner-0] o.s.boot.SpringApplication               : No active profile set, falling back to default profiles: default
2017-04-09 19:36:31.012  INFO 25470 --- [       runner-0] ationConfigEmbeddedWebApplicationContext : Refreshing org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@33b6649c: startup date [Sun Apr 09 19:36:31 WIB 2017]; root of context hierarchy
2017-04-09 19:36:32.069  INFO 25470 --- [       runner-0] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat initialized with port(s): 8080 (http)
2017-04-09 19:36:32.079  INFO 25470 --- [       runner-0] o.apache.catalina.core.StandardService   : Starting service Tomcat
2017-04-09 19:36:32.080  INFO 25470 --- [       runner-0] org.apache.catalina.core.StandardEngine  : Starting Servlet Engine: Apache Tomcat/8.5.11
2017-04-09 19:36:32.119  INFO 25470 --- [ost-startStop-1] org.apache.catalina.loader.WebappLoader  : Unknown loader org.springframework.boot.cli.compiler.ExtendedGroovyClassLoader$DefaultScopeParentClassLoader@517242a2 class org.springframework.boot.cli.compiler.ExtendedGroovyClassLoader$DefaultScopeParentClassLoader
2017-04-09 19:36:32.130  INFO 25470 --- [ost-startStop-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
2017-04-09 19:36:32.130  INFO 25470 --- [ost-startStop-1] o.s.web.context.ContextLoader            : Root WebApplicationContext: initialization completed in 1118 ms
2017-04-09 19:36:32.207  INFO 25470 --- [ost-startStop-1] o.s.b.w.servlet.ServletRegistrationBean  : Mapping servlet: 'dispatcherServlet' to [/]
2017-04-09 19:36:32.210  INFO 25470 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'characterEncodingFilter' to: [/*]
2017-04-09 19:36:32.211  INFO 25470 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'hiddenHttpMethodFilter' to: [/*]
2017-04-09 19:36:32.211  INFO 25470 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'httpPutFormContentFilter' to: [/*]
2017-04-09 19:36:32.211  INFO 25470 --- [ost-startStop-1] o.s.b.w.servlet.FilterRegistrationBean   : Mapping filter: 'requestContextFilter' to: [/*]
2017-04-09 19:36:32.377  INFO 25470 --- [       runner-0] s.w.s.m.m.a.RequestMappingHandlerAdapter : Looking for @ControllerAdvice: org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@33b6649c: startup date [Sun Apr 09 19:36:31 WIB 2017]; root of context hierarchy
2017-04-09 19:36:32.418  INFO 25470 --- [       runner-0] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/]}" onto public java.lang.String ThisWillActuallyRun.home()
2017-04-09 19:36:32.420  INFO 25470 --- [       runner-0] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error],produces=[text/html]}" onto public org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.BasicErrorController.errorHtml(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)
2017-04-09 19:36:32.420  INFO 25470 --- [       runner-0] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error]}" onto public org.springframework.http.ResponseEntity<java.util.Map<java.lang.String, java.lang.Object>> org.springframework.boot.autoconfigure.web.BasicErrorController.error(javax.servlet.http.HttpServletRequest)
2017-04-09 19:36:32.441  INFO 25470 --- [       runner-0] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/webjars/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2017-04-09 19:36:32.441  INFO 25470 --- [       runner-0] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2017-04-09 19:36:32.468  INFO 25470 --- [       runner-0] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped URL path [/**/favicon.ico] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2017-04-09 19:36:32.760  INFO 25470 --- [       runner-0] o.s.j.e.a.AnnotationMBeanExporter        : Registering beans for JMX exposure on startup
2017-04-09 19:36:32.801  INFO 25470 --- [       runner-0] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat started on port(s): 8080 (http)
2017-04-09 19:36:32.805  INFO 25470 --- [       runner-0] o.s.boot.SpringApplication               : Started application in 2.342 seconds (JVM running for 4.544)
2017-04-09 19:36:52.243  INFO 25470 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring FrameworkServlet 'dispatcherServlet'
2017-04-09 19:36:52.243  INFO 25470 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet        : FrameworkServlet 'dispatcherServlet': initialization started
2017-04-09 19:36:52.254  INFO 25470 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet        : FrameworkServlet 'dispatcherServlet': initialization completed in 11 ms

Next, you can open your browser or curl to localhost:8080. Spring Boot does this by dynamically adding key annotations to your code and using Groovy Grape to pull down libraries needed to make the app run.

Manage Your JVM Environment with SDKMAN

Sun, 09 Apr 2017 17:33:17 GMT

SDKMAN! is a tool for managing parallel versions of multiple Software Development Kits on most Unix based systems. It provides a convenient Command Line Interface (CLI) and API for installing, switching, removing and listing Candidates. Formerly known as GVM the Groovy enVironment Manager, it was inspired by the very useful RVM and rbenv tools, used at large by the Ruby community.

Install Software Development Kits for the JVM such as Java, Groovy, Scala, Kotlin and Ceylon. Activator, Ant, Gradle, Grails, Maven, SBT, Spring Boot, Vert.x and many others also supported.

Installing

Installing SDKMAN! on UNIX-like platforms is as easy as ever. SDKMAN! installs smoothly on Mac OSX, Linux, Cygwin, Solaris and FreeBSD. We also support Bash and ZSH shells. Simply open a new terminal and enter:

$ curl -s "https://get.sdkman.io" | bash

Follow the instructions on-screen to complete installation. Next, open a new terminal or enter:

$ source "$HOME/.sdkman/bin/sdkman-init.sh"

Lastly, run the following code snippet to ensure that installation succeeded:

$ sdk version

If all went well, the version should be displayed. Something like:

  sdkman 5.0.0+51

Beta Channel

For the more adventurous among us, they have a beta channel. All new CLI features will first be rolled out to this group of users for trial purposes. Beta versions can be considered stable for the most part, but might occasionally break. To join the beta program, simply update the ~/.sdkman/etc/config file as follows:

sdkman_beta_channel=true

Next, open a new terminal and perform a forced update with:

$ sdk selfupdate force

To leave the beta channel, simply set the above config back to false and follow the same procedure.

Installing an SDK

Latest Stable

Install the latest stable version of your SDK of choice (say, Java JDK) by running the following command:

$ sdk install java

You will see something like the following output:

Downloading: java 8u111

In progress...

######################################################################## 100.0%

Installing: java 8u111
Done installing!

Now you will be prompted if you want this version to be set as default.

Do you want java 8u111 to be set as default? (Y/n):

Answering yes (or hitting enter) will ensure that all subsequent shells opened will have this version of the SDK in use by default.

Setting java 8u111 as default.

Specific Version

Need a specific version of an SDK? Simply qualify the version you require:

$ sdk install springboot 1.5.2

All subsequent steps same as above.

Updating interfaces by using default methods

Sun, 09 Apr 2017 05:33:17 GMT

Take the following interface:

public interface Cooking {
  public void fry();
  public void boil();
  public void chop();
}

To add new functionality, simply adding a new method to Cooking called microwave() will cause problems. Any class that previously implemented Cooking will now have to be updated in order to function again.

To avoid this, give microwave() a default implementation:

public interface Cooking {
  public void fry();
  public void boil();
  public void chop();
  default void microwave() {
    //some code implementing microwave
  }
}

As microwave() already has a default implementation defined in the Cooking interface definition, classes that implement it now don't need to implement microwave() in order to work.

This allows us to add functionality without breaking old code.

Note: This has been possible since Java 8.

Converting Stacktrace to String

Sat, 08 Apr 2017 05:33:17 GMT

To store a stack trace as a string, you can use Throwable.printStackTrace(...) For example:

public static String getStackTrace(
  Throwable throwable
){
  Writer result = new StringWriter();
  PrintWriter printWriter =
    new PrintWriter(result);
  throwable.printStackTrace(printWriter);
  return result.toString();
}

In the above example, getStackTrace takes a Throwable as a parameter and uses printStackTrace to print it to a PrintWriter output stream. This output is collected by the StringWriter and converted to a string using StringWriter.toString().

Synchronized Statement in Java

Fri, 07 Apr 2017 15:33:17 GMT

synchronized statements can be used to avoid memory inconsistency errors and thread interference in multi-threaded programs.

When a thread executes code within a synchronized statement, the object passed as a parameter is locked. When writing a synchronized block, the object providing the lock must be specified after the synchronized keyword:

public class Rezha {
  private int sum;
  public void addToSum(int value) {
    synchronized(this) {
      sum += value;
    }
  }
}

In this example, the object providing the lock is this, which is the instance of Rezha that the method is being called in.

You can lock instances of other classes as well:

public class Rezha {
  private MyObject mo;

  public void myMethod(){
    synchronized(mo){
      //code here
    }
  }
}

Function in Python are First-Class Object

Thu, 06 Apr 2017 14:33:17 GMT

Python’s functions are first-class objects. You can assign them to variables, store them in data structures, pass them as arguments to other functions, and even return them as values from other functions.

Grokking these concepts intuitively will make understanding advanced features in Python like lambdas and decorators (I will cover these two in the next post) much easier. It also puts you on a path towards functional programming techniques.

In this post I’ll guide you through a number of examples to help you develop this intuitive understanding. The examples will build on top of one another, so you might want to read them in sequence and even to try out some of them in a Python interpreter session as you go along.

Wrapping your head around the concepts we’ll be discussing here might take a little longer than expected. Don’t worry—that’s completely normal. I’ve been there. You might feel like you’re banging your head against the wall, and then suddenly things will “click” and fall into place when you’re ready.

Throughout this post I’ll be using this yell function for demonstration purposes. It’s a simple toy example with easily recognizable output:

def yell(text):
    return text.upper() + '!'

>>> yell('hello')
'HELLO!'

Functions Are Objects

All data in a Python program is represented by objects or relations between objects. Things like strings, lists, modules, and functions are all objects. There’s nothing particularly special about functions in Python.

Because the yell function is an object in Python you can assign it to another variable, just like any other object:

>>> bark = yell

This line doesn’t call the function. It takes the function object referenced by yell and creates a second name pointing to it, bark. You could now also execute the same underlying function object by calling bark:

>>> bark('woof')
'WOOF!'

Function objects and their names are two separate concerns. Here’s more proof: You can delete the function’s original name (yell). Because another name (bark) still points to the underlying function you can still call the function through it:

>>> del yell

>>> yell('hello?')
NameError: "name 'yell' is not defined"

>>> bark('hey')
'HEY!'

By the way, Python attaches a string identifier to every function at creation time for debugging purposes. You can access this internal identifier with the __name__ attribute:

>>> bark.__name__
'yell'

While the function’s __name__ is still “yell” that won’t affect how you can access it from your code. This identifier is merely a debugging aid. A variable pointing to a function and the function itself are two separate concerns.

(Since Python 3.3 there’s also __qualname__ which serves a similar purpose and provides a qualified name string to disambiguate function and class names.) Functions Can Be Stored In Data Structures

As functions are first-class citizens you can store them in data structures, just like you can with other objects. For example, you can add functions to a list:

>>> funcs = [bark, str.lower, str.capitalize]
>>> funcs
[<function yell at 0x10ff96510>,
 <method 'lower' of 'str' objects>,
 <method 'capitalize' of 'str' objects>]

Accessing the function objects stored inside the list works like it would with any other type of object:

>>> for f in funcs:
...     print(f, f('hey there'))
<function yell at 0x10ff96510> 'HEY THERE!'
<method 'lower' of 'str' objects> 'hey there'
<method 'capitalize' of 'str' objects> 'Hey there'

You can even call a function object stored in the list without assigning it to a variable first. You can do the lookup and then immediately call the resulting “disembodied” function object within a single expression:

>>> funcs[0]('heyho')
'HEYHO!'

Functions Can Be Passed To Other Functions

Because functions are objects you can pass them as arguments to other functions. Here’s a greet function that formats a greeting string using the function object passed to it and then prints it:

def greet(func):
    greeting = func('Hi, I am a Python program')
    print(greeting)

You can influence the resulting greeting by passing in different functions. Here’s what happens if you pass the yell function to greet:

>>> greet(yell)
'HI, I AM A PYTHON PROGRAM!'

Of course you could also define a new function to generate a different flavor of greeting. For example, the following whisper function might work better if you don’t want your Python programs to sound like Optimus Prime:

def whisper(text):
    return text.lower() + '...'

>>> greet(whisper)
'hi, i am a python program...'

The ability to pass function objects as arguments to other functions is powerful. It allows you to abstract away and pass around behavior in your programs. In this example, the greet function stays the same but you can influence its output by passing in different greeting behaviors.

Functions that can accept other functions as arguments are also called higher-order functions. They are a necessity for the functional programming style.

The classical example for higher-order functions in Python is the built-in map function. It takes a function and an iterable and calls the function on each element in the iterable, yielding the results as it goes along.

Here’s how you might format a sequence of greetings all at once by mapping the yell function to them:

>>> list(map(yell, ['hello', 'hey', 'hi']))
['HELLO!', 'HEY!', 'HI!']

map has gone through the entire list and applied the yell function to each element. Functions Can Be Nested

Python allows functions to be defined inside other functions. These are often called nested functions or inner functions. Here’s an example:

def speak(text):
    def whisper(t):
        return t.lower() + '...'
    return whisper(text)

>>> speak('Hello, World')
'hello, world...'

Now, what’s going on here? Every time you call speak it defines a new inner function whisper and then calls it.

And here’s the kicker—whisper does not exist outside speak:

>>> whisper('Yo')
NameError: "name 'whisper' is not defined"

>>> speak.whisper
AttributeError: "'function' object has no attribute 'whisper'"

But what if you really wanted to access that nested whisper function from outside speak? Well, functions are objects—you can return the inner function to the caller of the parent function.

For example, here’s a function defining two inner functions. Depending on the argument passed to top-level function it selects and returns one of the inner functions to the caller:

def get_speak_func(volume):
    def whisper(text):
        return text.lower() + '...'
    def yell(text):
        return text.upper() + '!'
    if volume > 0.5:
        return yell
    else:
        return whisper

Notice how get_speak_func doesn’t actually call one of its inner functions—it simply selects the appropriate function based on the volume argument and then returns the function object:

>>> get_speak_func(0.3)
<function get_speak_func.<locals>.whisper at 0x10ae18>

>>> get_speak_func(0.7)
<function get_speak_func.<locals>.yell at 0x1008c8>

Of course you could then go on and call the returned function, either directly or by assigning it to a variable name first:

>>> speak_func = get_speak_func(0.7)
>>> speak_func('Hello')
'HELLO!'

Let that sink in for a second here… This means not only can functions accept behaviors through arguments but they can also return behaviors. How cool is that?

You know what, this is starting to get a little loopy here. I’m going to take a quick coffee break before I continue writing (and I suggest you do the same.) Functions Can Capture Local State

You just saw how functions can contain inner functions and that it’s even possible to return these (otherwise hidden) inner functions from the parent function.

Best put on your seat belts now because it’s going to get a little crazier still—we’re about to enter even deeper functional programming territory. (You had that coffee break, right?)

Not only can functions return other functions, these inner functions can also capture and carry some of the parent function’s state with them.

I’m going to slightly rewrite the previous get_speak_func example to illustrate this. The new version takes a “volume” and a “text” argument right away to make the returned function immediately callable:

def get_speak_func(text, volume):
    def whisper():
        return text.lower() + '...'
    def yell():
        return text.upper() + '!'
    if volume > 0.5:
        return yell
    else:
        return whisper

>>> get_speak_func('Hello, World', 0.7)()
'HELLO, WORLD!'

Take a good look at the inner functions whisper and yell now. Notice how they no longer have a text parameter? But somehow they can still access the text parameter defined in the parent function. In fact, they seem to capture and “remember” the value of that argument.

Functions that do this are called lexical closures (or just closures, for short). A closure remembers the values from its enclosing lexical scope even when the program flow is no longer in that scope.

In practical terms this means not only can functions return behaviors but they can also pre-configure those behaviors. Here’s another bare-bones example to illustrate this idea:

def make_adder(n):
    def add(x):
        return x + n
    return add

>>> plus_3 = make_adder(3)
>>> plus_5 = make_adder(5)

>>> plus_3(4)
7
>>> plus_5(4)
9

In this example make_adder serves as a factory to create and configure “adder” functions. Notice how the “adder” functions can still access the n argument of the make_adder function (the enclosing scope). Objects Can Behave Like Functions

Objects aren’t functions in Python. But they can be made callable, which allows you to treat them like functions in many cases.

If an object is callable it means you can use round parentheses () on it and pass function call arguments to it. Here’s an example of a callable object:

class Adder:
    def __init__(self, n):
         self.n = n
    def __call__(self, x):
        return self.n + x

>>> plus_3 = Adder(3)
>>> plus_3(4)
7

Behind the scenes, “calling” an object instance as a function attempts to execute the object’s call method.

Of course not all objects will be callable. That’s why there’s a built-in callable function to check whether an object appears callable or not:

>>> callable(plus_3)
True
>>> callable(yell)
True
>>> callable(False)
False

TLDR

Everything in Python is an object, including functions. You can assign them to variables, store them in data structures, and pass or return them to and from other functions (first-class functions.)
First-class functions allow you to abstract away and pass around behavior in your programs.
Functions can be nested and they can capture and carry some of the parent function’s state with them. Functions that do this are called closures.
Objects can be made callable which allows you to treat them like functions in many cases.

Django 1.11 Release Note a Reading

Wed, 05 Apr 2017 14:33:17 GMT

Django 1.11 is released for the world to use. It comes with a lot of changes, which can take some time to read.

In this video, GoDjango read all of the release notes so you can just put on some headphones and hit play.

Skip Yaourt Prompts on Arch Linux

Mon, 03 Apr 2017 19:33:17 GMT

Yaourt is probably the best tool to automatically download and install packages from the Arch User Repository, also known as AUR. It’s really powerful; however, by default, it prompts you a LOT for confirmations of different things, such as checking if you want to install something, if you want to edit the PKGBUILD, etc. As a result, Yaourt is pretty annoying if you’re used to the hands-free nature of most other package managers.

As it turns out, there is a file you can create called ~/.yaourtrc that can change the behavior of Yaourt.

To turn off all of the prompts, type the following into a new file called ~/.yaourtrc:

NOCONFIRM=1
BUILD_NOCONFIRM=1
EDITFILES=0

The first line will skip the messages confirming if you really want to install the package.

The second line will skip the messages asking you if you want to continue the build.

The third and last line will skip the messages asking if you want to edit the PKGBUILD files.

When you’re done doing this, Yaourt should now stop being a pain to use. Have fun with your hands-free installs!

One Hell Named JSON

Mon, 03 Apr 2017 15:33:17 GMT

Today on my AWS Lambda Python function, it's suffering from an error ValueError: Expecting property name: line 1 column 2 (char 1). This function receives a JSON event from AWS Kinesis and sends it back to Kafka. Apparently this is an error from json.loads if you have a JSON string with a single quote

>>> json_string = "{'name': rezha, 'ganteng': true}"
>>> json.loads(json_string)
# ValueError: Expecting property name: line 1 column 2 (char 1)

To fix this, you could use ast.literal_eval. ast.literal_eval safely evaluate an expression node or a string containing a Python literal or container display. The string or node provided may only consist of the following Python literal structures: strings, bytes, numbers, tuples, lists, dicts, sets, booleans, None, bytes and sets. ast.literal_eval raises an exception if the input isn't a valid Python datatype, so the code won't be executed if it's not.

Use ast.literal_eval whenever you need eval. You shouldn't usually evaluate literal Python statements.

Using Google URL Shortener with Your Domain! For Free!!

Sat, 18 Mar 2017 17:33:17 GMT

I sometimes feel like URL shorteners are some of the most understated tools in internet marketing, and there have been more than a few times that I wished I’d had someone share some advice on URL shorteners.

For instance: What do you do with really long links? What if you want to track the results? What if the link—long and unwieldy—upstages the content? What if I am on a platform where every character counts? (on Twitter for instance)

What URL Shorteners Do (And Don’t Do)

URL shorteners were originally created to address stubborn email systems that wrapped an email after 80 characters and broke any long URLs that might have been in the message. Once Twitter (and other social media) took off and introduced the 140-character limit, that shortened link became even more important.

It wasn’t long before link shorteners quickly became more than mere URL shorteners.

They began to allow publishers to track the links they posted with analytics. They keep URLs that are loaded with UTM tracking tags from looking ugly by hiding the length and characters in the UTM tracking system.

Sounds great, right? Who wouldn’t use this system?

Use A Custom Domain With URL Shorteners

With services like Domainr and IWantMyName, you can easily get a custom domain to use with link shorteners.

Why would you want to do this?

Using a custom domain with your link shortening service is a way to confront the spam and distrust issue.

Your links become branded as yours. Your brand, your name–it’s carried across into the very links that you are sharing. This helps let people know they aren’t spam. As long as your custom domain relates to your brand and you use it consistently, people will know that the links you are sharing have been vetted by you.

Also, a custom domain might improve the amount of clicks your link receives. According to RadiumOne, URL shorteners that offer vanity domains can increase sharing up to 25 percent.

What do I need?

This is the best part, you only need a couple of things which in this day and age you have probably already got access to.

A domain name, I’m going to be using go.rezhajulio.id . This domain should not be used for anything else.
Hosting space for the domain, this can be Apache or Nginx driven I’ll provide examples for both, you just need to be able to make a change to the vhost configuration. For Apache we can do this easily via the .htaccess file. Nginx people will probably be running a VPS or similar so I’ll assume you have access to create a new vhost configuration.
A Google account, if you want to have the URLs you generate with goo.gl be unique to your account and kept in your dashboard to track number of clicks etc. Otherwise anonymous access will work just fine to generate the URL.

I’m ready to go, what’s next?

Everything ready to go we can make the magic happen!

Apache configuration

Apache people create a .htaccess file in the root web directory and add the following lines to it. Of course if you have access to the main vhost configuration then use that to save Apache a little bit of leg work reading in the .htaccess file.

RewriteEngine On
RewriteRule ^(.*)$ http://goo.gl/$1 [L,R=301]

The code above is very simple. This rewrite rule simply takes the requested URL and swaps out your domain for the goo.gl domain and marks it as a permanent (301) redirect.

Nginx Configuration

Nginx people you need to create a server block, I’ve always followed the sites-available, sites-enabled pattern used by Nginx on Ubuntu as I find this to be the most organised method but do it however you’ve been working so long as Nginx can read this server block it will answer any calls to the domain.

server {
  server_name go.rezhajulio.id;
  rewrite ^ http://goo.gl$request_uri permanent;
}

The server block does the same as the Apache rule above and it redirects any requests onto goo.gl. Simple.

How do I use this to make my own short urls?

By now you’ve probably figured it out but just in case. Visit goo.gl and sign in if you want to keep statistics on your links otherwise you will just see the input box Paste your long URL here: follow the instructions and paste in your long URL and shorten that URL!

In return you’ll get a short URL in the form of http://goo.gl/ELenCw all we are interested in is the bit after the domain. We can then append that to our custom domain https://go.rezhajulio.id/ELenCw like so and you’re done!

Now when you use that URL it will first take a trip to your server where it will find the rewrite rules we setup, these will then send the request onto goo.gl to be translated into the long URL and the correct page.

Seriously is that it!?

Yup, that’s it. This method ensures you can still use the analytical data collected by the goo.gl service in their pretty graphs and you get to use your own domain.

Lightning Intro To Go

Sun, 22 Jan 2017 02:21:20 GMT

The Go Programming Language

Go is a compiled programming language in the tradition of C and C++, with static typing, garbage collection, and unique language features enabling concurrent programming
Latest Release: 1.8rc3 (1.8 will be out soon)
Developed internally by Google to solve the kind of problems unique to Google (ie, high scale services/systems)
Designers/developers of Go have deep ties to C/Unix (Ken Thompson, Rob Pike, Robert Griesemer, et al)

Hello World in Go

package main
import "fmt"

func main() {
    fmt.Println("hello world")
}

Go Language and Runtime Feature Overview

Small and powerful standard library
Garbage collected
Statically compile (or cross-compile!) and deploy almost anywhere
Super-fast compiles and single binary deploys
Language/standard library are UTF-8 native
Design and behavior of language/standard library is opinionated
Since v1.5, compiler toolchain is written in Go
Built in unit testing
Easy integration with C code/libraries
Less-is-more!

Installing Go

Download binaries from golang.org/dl
Or, install from source:

#!/bin/bash

sudo -s
cd /usr/local/

export GOROOT_BOOTSTRAP=/usr/local/go-1.7.4

git clone https://go.googlesource.com/go
cd go/src && git checkout go1.8rc3
./all.bash

export PATH=$PATH:/usr/local/go/bin

IDEs

VSCode - is a new, but strong, cross-platform IDE built by Microsoft, and works well with Go!
JetBrains Gogland - new, upcoming JetBrains IDE for Go
Plugins available for most other IDEs/editors -- Sublime, IntelliJ, etc

Installing VS Code with Go

Download Installer
Open a Go file
Install the recommended Go extension
Write code!

Run/Build/Install command line example:

Run: $ go run hello.go

Build and Execute:

$ go build hello.go
$ ls
hello hello.go
$ ./hello
hello world

Install (puts hello in $GOPATH/bin/): $ go install

Packages and go get

Go code is grouped in "packages": a directory containing one or more .go files
Packages are retrievable via go get: $ go get -u github.com/knq/baseconv

The above will fetch the Go Git repository and store it in $GOPATH/src/$REPO:

$ cd $GOPATH/src/github.com/knq/baseconv
$ ls
baseconv.go  baseconv_test.go  coverage.out  coverage.sh  example  LICENSE  old  README.md

A package may have any number of sub directories each of which is its own package, ie:

github.com/knq/baseconv              // would import "baseconv"
github.com/knq/baseconv/subpackage   // would import "subpackage"

Package Imports, and Visibility

Packages (ie, libraries) can be imported into the current package: import "github.com/knq/baseconv"
Only func's and type's defined in that package beginning with a capital letter are visible when imported: func doSomething() {} // not visible to other packages func DoSomething() {} // visible to other packages

For example:

import (
    "fmt"
)
fmt.Println("foobar")
fmt.print("hello") // compiler error

When in doubt, start the name with a capital

You can define an import alias for a package:

import (
    j "github.com/knq/baseconv"
)
// baseconv's exported funcs/types are now available under 'j':
j.Decode62()

Some packages need to be imported for their side-effect:

import (
    // imports the postgres database driver package
    _ "github.com/lib/pq"
)

Building, Testing, and Installing a Go package from command line

$ cd $GOPATH/src/github.com/knq/baseconv/
$ go build
$ go test -v
=== RUN   TestErrors
--- PASS: TestErrors (0.00s)
=== RUN   TestConvert
--- PASS: TestConvert (0.00s)
=== RUN   TestEncodeDecode
--- PASS: TestEncodeDecode (0.00s)
PASS
ok      github.com/knq/baseconv 0.002s
$ go install

Some Notes on Go's Syntax/Design

Go designers have purposefully omitted many common features in other languages in the interest of simplicity and readability above almost all else
If it can already be done through some other feature available to the language, then there is not a need for a specific language feature

Quick Syntax Primer

Go is C-like, but:
No semicolons -- every line break implies a semicolon
Variable names come before the type
Braces are required for control statements (for, if, switch, ...)
Parentheses are not used in control statements
Typing is implicit in assignments
Unused import or variable is a compiler error
Trailing commas are required
Standard syntax formatting that is applied automatically with gofmt

C vs Go, a simple comparison

Example of printing all command line arguments in C and Go:

#include <stdio.h>

int main(int argc, char **argv) {
    for (int i = 0; i < argc; i++) {
        printf(">> arg %d: %s\n", i, argv[i]);
    }
    return 0;
}

package main

import (
	"fmt"
	"os"
)

func main() {
	for i, a := range os.Args {
		fmt.Printf(">> arg %d: %s\n", i, a)
	}
}

Standard Types (builtin)

var b bool = false
var s string = ""
var b byte = 0 // alias for uint8

// -1 0
int   uint
int8  uint8
int16 uint16
int32 uint32
int64 uint64

// 0.0  1.0i ...
float32 complex64
float64 complex128

// 'c'
rune // alias for int32

uintptr // an integer type that is large enough to hold the bit pattern of any pointer.

Expressions and Assignments

Variable names can include any UTF-8 code point:

var a = ""                  // variable "a"    is string    value ""
var 世界 = 15                // variable "世界" is int       value 15
var f bool                  // variable "f"    is bool      value false
b := "awesome"              // variable "b"    is string    value "awesome"
b = "different string"      // variable "b"    is assigned  value "different string"

Expressions:

a := b * c // a is assigned the value of b * c

Supports multiple return values from functions:

func someFunc() (int, int) { return 7, 10 }
a, b := someFunc() // a = 7, b = 10

Special typeless variable _ can be used as placeholder in an assignment:

a, b, _ = anotherFunc() // the third return value of anotherFunc will be ignored

Expressions and Operators

Usual operators:
Note: operators are only available as a single expression (cannot be inlined), ie:
```
// valid
i++
j--

// not valid
j[i++]
```
Otherwise, operators work as expected:
```
j *= 10
i = i + 15
```

Constants

Go declares constants using the keyword "const":
```
const (
    MyString string = "foobar"
)
```

A const can be any expression:

const (
    // typed const
    MyConst string = "hello"

    // not typed
    MyOtherConst = 0
)

iota is special value for incrementing constants:

const (
    MyConstA = iota // 0
    MyConstB        // 1
    MyConstC        // 2
)

Slices, Maps, Arrays

There are fixed-length arrays, but rarely used:
```
var a [8]byte
```

A slice provides a dynamic list of any type:

var a = []int{15, 20, 9}
for i := range a {
    fmt.Printf(">> %d\n", a[i])
}

Maps (dictionaries/hashes in other languages) provide a robust map of key to value pairs for any type:

var a = map[string]int{
    "foo": 10,
    "bar": 15,
}
for k, v := range a {
    fmt.Printf(">> %s: %d\n", k, v)
}

make and new

make is used to allocate either a slice, map or channel with a size:

a := make([]string, 15)              // a has type '[]string' and initial length of 15
b := make(map[string]interface{}, 0) // b has type 'map[string]interface{}'
c := make(chan *Point)               // c has type 'chan *Point'

new allocates a new instance of the type and returns a pointer to the allocated instance:

b := new(Point) // b has type '*Point'
p := &Point{}   // more or less the same as new(Point)
i := new(int)   // i has type '*int'

append, len, and reslicing

append is used to append to a slice

b := []string{"foo", "bar"}
b = append(b, "another string") // b is now []string{"foo", "bar", "another string"}

len provides the length for slices, maps, or strings:

a := map[string]int{0, 12}
b := []int{14, 13, 3}
len(a)       // 2
len(b)       // 3
len("hello") // 5

Any slice or array can be resliced:

a := []string{"foo", "bar", "make", "new"}
b := a[:1]  // slice a from 0 to 1      -- b is []string{"foo"}
c := a[1:3] // slice a from 1 to 3      -- c is []string{"bar", "make"}
d := a[1:]  // slice a from 1 to len(a) -- d is []string{"bar", "make", "new"}

func

Functions are declared with func, and the return type follows the parameter list:

func empty() {}                                       // no return value
func doNothing(a string, c int) error { return nil }  // returns error

A func can be assigned to a variable:

func someFuncName() error { return nil }
a := someFuncName // a has type 'func() error'

A func can also be declared inline:

func main() {
    g := func() {
        doSomething()
    }
    g()
    func(b int) {
      fmt.Printf("%d\n", b)
    }(10)
}

Control Statements

if/else if/else:

if cond {
    expr
} else if cond {
    expr
} else {
    expr
}

switch/case/default:

switch v {
case "e":
    // something
default:
    // default
}

switch does not require break statements and cases do not automatically fallthrough

Control Statements

switch as replacement for complex if/else chains:

switch {
case i == 0 && err != nil:
    // something
case i == 6:
    // something
case j == 9:
    // something
default:
    // default
}

select is like switch, but waits on a channel:

select {
case a := <-c:
    // read a from channel c
case <-time.After(15*time.Second):
    // a 'timeout' after 15 seconds
}

Control Statements

In Go, "while" is spelled "for" -- the only provided loop is for:

for cond {
}

for {
    if !cond {
        break
    }
}

loop:
    for i := 0; i < len(someSlice); i++ {
        for {
            if a == 15 {
                break loop
            }
        }
    }

for key, value := range someSlice {
}

Variadic parameters

func can have variable args (variadic)
Must be last parameter

Special symbol ... to indicate expansion:

func doSomething(prefix string, intList ...int) {
    for m, n := range intList {
        fmt.Printf("> %s (%d): %d\n", prefix, m, n)
    }
}

Can be used also in append statements:

strList := []string{"bar"}
j := append([]string{"foo"}, strList...) // j is []string{"foo", "bar"}

Type Declaration

No classes or objects
struct provides compound ("structured") types:
```
type Point struct {
    X, Y float64
}
```

and interface defines a set of func's:

type Reader interface {
    Read([]byte) (int, error)
}

Can create a type copy for any other type:

type MyUnsignedInteger uint32
type MyPoint Point
type MyReader Reader
type MyFunc func(string) error

Notes on Types

Same export / visibility rules apply for struct members:
```
type Point struct {
    X, Y float64
    j    int
}
```
Only Go code in the same package as Point can see Point.j

Type conversions (casts) are always explicit!

type MyStr string
a := MyStr("blah")       // a is of type MyStr and has value "blah"
var b string = a         // compiler error
var c string = string(a) // c is of type string and has value "blah"

Type Receivers

A func can be given a receiver:

type MyType struct {
    MyValue int
}
func (mt MyType) AddOne() int {
    return mt.MyValue+1
}

type MyString string
func (ms MyString) String() string {
    return string(ms)
}

A func with a pointer receiver, allows the func to modify the value of the receiver:

// Increment increments MyType's MyValue and returns the result.
func (mt *MyType) Increment() int {
    mt.MyValue++
    return mt.MyValue
}

About interface

Unlike Java or other object-oriented languages, there is no need to explicitly declare a type as having an interface:

type Reader interface {
    Read([]byte) (int, error)
}

type MyReader string

// Read satisfies the Reader interface.
func (mr MyReader) Read([]byte) (int, error) { /* ... */ }

// DoSomething does something with a Reader.
func DoSomething(r Reader) { /* ... */ }

func main() {
    s := MyReader("hello")
    DoSomething(s)
}

Pointers, Interfaces, and nil

Go pointers are similar to pointers in C/C++ (address to a variable), but there is no pointer math in Go!

The . operator is used for both pointer dereference and for accessing a member variable:

type Point { X, Y int }

a := Point{10, 20}        // a has type 'Point' with value {X: 10, Y: 20}
b := &Point{X: 30, Y: 40} // b has type '*Point' and **points** to value {X: 30, Y: 40}
*b = Point{Y: 80}         // b now points to value {X: 0, Y: 80}

// . is used to access struct members for both a and b:
fmt.Printf("(%d %d) (%d %d)", a.X, a.Y, b.X, b.Y) // prints "(10 20) (0 80)"

Any type pointer or interface can be assigned the nil value:

type Reader interface{}
var a *Point = nil
var b MyReader = nil

Goroutines and Channels

Killer features of Go that provide lightweight concurrency in any Go application

Any func in Go can be a goroutine:

func main() {
    for i := 0; i < 10; i++ {
        go func(z int) {
            fmt.Printf(">> %d\n", z)
        }(i)
    }
    time.Sleep(1*time.Second)
}

Channels are a unique feature in Go that provides type safe memory sharing

c := make(chan int)
c <- 10  // write 10 to c
j := <-c // read int from c

// channels can be read or write only:
var c <-chan int // read only chan
var d chan<- int // write only chan

Goroutine and Channel example

package main

import (
    "fmt"
    "sync"
    "time"
)

func main() {
    var wg sync.WaitGroup

    c := make(chan int)
    for i := 0; i < 10; i++ {
        wg.Add(1)
        go func(z int) {
            defer wg.Done()
            time.Sleep(1 * time.Second)
            c <- z
        }(i)
    }

    wg.Add(1)
    go func() {
        defer wg.Done()
        for {
            select {
            case z := <-c:
                fmt.Printf(">> z: %d\n", z)
            case <-time.After(5 * time.Second):
                return
            }
        }
    }()

    wg.Wait()
    fmt.Println("done")
}

Handling Errors

No try/catch equivalent

Breaking flow should be done by checking for an error:

func MyFunc() error {
    return errors.New("error encountered")
}

err := MyFunc()
if err != nil {
    // handle error
}

Utility func in the standard library fmt package:

fmt.Errorf("encountered: %d at %s", line, str) // returns a error

Error Types

error is a special Go interface:
```
interface error {
    Error() string
}
```

Any type can be an error by satisfying the error interface:

type MyError struct {}
func (me *MyError) Error() string {
    return "my error"
}

func doSomething() error {
    return &MyError{}
}

defer

defer is a great feature of Go that executes the func when the parent func returns:

func doSomething() error {
    db, err := sql.Open(/* ... */)
    if err != nil {
        return err
    }
    defer db.Close()

    err = db.Exec("DELETE ...")
    /* ... */
}

panic and recover

panic allows immediate halt of the current goroutine:
```
panic("some error")
```

recover() can only be called in defer'd func's, but allows recovery after a panic:

func myFunc() {
    defer func() {
        if e := recover(); e != nil {
            log.Printf("run time panic: %v", e)
        }
    }()

    panic("my panic")
}

Note: panic's should not be used unless absolutely necessary.

Quick Overview of the Standard Library

```go
import (
    "fmt"      // string formatting
    "strings"  // string manipulation
    "strconv"  // string conversion to standard types
    "io"       // system input/output package
    "sync"     // synchronization primitives
    "time"     // robust time handling/formatting
    "net/http" // http package supporting http servers and clients

    "database/sql"  // standardized sql interface
    "encoding/json" // json encoding/decoding (also packages for xml, csv, etc)

    // template libraries for text and html
    "text/template"
    "html/template"

    // cryptographic libs
    "crypto/rsa"
    "crypto/elliptic"

    "reflect"       // go runtime introspection / reflection
    "regexp"        // regular expressions
)
// And many many many more!
```

What Go doesn't have (and why this is a good thing)

Generics
Implicit comparisons
Overloading / Inheritance
Objects
Ternary operator (?:)
Miscellany data structures (vector, set, etc)
Package manager

Working Example

package main

import (
	"encoding/json"
	"fmt"
	"io/ioutil"
	"net/http"
	"os"
)

func main() {
	// read from web
	res, err := http.Get("http://ifconfig.co/json")
	if err != nil {
		fmt.Fprintf(os.Stderr, "error: %v", err)
		os.Exit(1)
	}
	defer res.Body.Close()

	// read the body
	body, err := ioutil.ReadAll(res.Body)
	if err != nil {
		fmt.Fprintf(os.Stderr, "error: %v", err)
		os.Exit(1)
	}

	// decode json
	var vals map[string]interface{}
	err = json.Unmarshal(body, &vals)
	if err != nil {
		fmt.Fprintf(os.Stderr, "error: %v", err)
		os.Exit(1)
	}

	for k, v := range vals {
		fmt.Fprintf(os.Stdout, "%s: %v\n", k, v)
	}
}

Do Schemaless Databases Really Exist?

Sun, 15 Jan 2017 17:33:17 GMT

There’s no such thing as a schemaless database. I know, lots of people want a schemaless database, and lots of companies are promoting their products as schemaless DBMSs. And schemaless DBMSs exist. But schemaless databases are mythical beasts because there is always a schema somewhere. Usually in multiple places, which I will later claim is what causes grief.

There Is Always A Schema

We should define “schema” first. It comes from Greek roots, meaning “form, figure” according to my dictionary. Wikipedia says, roughly,

A database schema is its structure; a set of integrity constraints imposed on a database. These integrity constraints ensure compatibility between parts of the schema.

In other words, a schema expresses expectations about what fields exist in a database, and what their types will be. It also enforces those expectations, at least to some extent (there’s usually some flexibility).

My claim is that there’s always a schema, because somewhere, something has expectations about what’s in a database. At least, any useful, practical, real database. The DBMS itself may not have such expectations, but something else does.

Schema In The Database

When the DBMS enforces the schema, then we say the schema is in the database. If you’re using MySQL and you try to insert a value into a column that doesn’t exist, you’ll get an error like this:

ERROR 1054 (42S22): Unknown column 'flavor' in 'field list'

Whoops. I’ll have to run an ALTER TABLE if I want to do that.

Schema In The Code

When I used MongoDB, I wouldn’t have this problem. I could write my code to insert flavor fields in documents, and read back those documents and do something with the flavor field. I don’t have to have the schema in the database (the DBMS doesn’t have to enforce it).

Now my schema is in my code, isn’t it? I can’t do anything useful with something’s flavor attribute unless the code knows it’s there. You could argue that maybe my code doesn’t have to know about it; perhaps it just mindlessly accesses whatever it finds and lets something else do what it pleases with it. In that case, though, the schema is in the client application or user. The buck has to stop somewhere.

It reminds me of the semantic web, microformats, and the like. All very nice, but somewhere, something or someone has to know what a person is, what an address is, what a song is, what an album and artist is. It can’t be infinite turtles all the way down, can it?

Schema In Both Places

I’ve just claimed that the schema is in the code if it’s not in the DBMS. If I use MySQL and add a flavor column to the table, then my DBMS knows that this attribute is valid. But even when the DBMS has the schema, the code does too. If my code doesn’t know, respect, and agree with the schema in the DBMS, then we’re going to have problems like the Unknown column error above.

This is where the fallacy enters, in my opinion. People say their database has no schema, is unstructured, etc. It would be more accurate to say “there is no single centralized schema definition. It is scattered throughout my code.”

Is that a bad thing?

In my opinion, no. A strongly enforced central definition is a dependency that doesn’t scale well, in human terms. Large codebases end up with dependencies on centralized schema definitions that are brittle and require lots of things to be updated at a single time, instead of allowing the code to cope with a fluid and evolving schema definition and gradually be updated.

I remember working at an ecommerce website that had many hundreds of databases, thousands of tables, and if I recall correctly, millions of stored procedures. We used a vendor tool to scan all our source code and databases and show us graphs of the relationships between all these things. After months of waiting for the indexing to complete, we opened up the application and the moment of truth arrived. “Let’s look at the order inventory table,” someone suggested. A glorious hairball emerged, slowly painting line after line until the screen was just a big black blob. It was useless and just told us what we already knew: the schema of the order inventory table was expressed in so many places, a change to it was probably impossible. I don’t know, but I’d bet a donut it hasn’t changed since then.

The other point of view on this is that the database’s job is to define the data and ensure only valid data is entered. I know this is a common point of pride among people who like PostgreSQL better than MySQL. And it’s surely valid, as well. It’s true that if the DBMS is permissive, you can end up with garbage in it. But my experience with large applications has been that this feels good at first and then becomes a problem later on. Just my two cents.

Conclusion

Since this is more or less a rant, I should not go on too much longer. Main points:

A database isn’t just a DBMS and the schema and data in it. The apps that interact with the data are usually part of the database per se, too.
There’s no such thing as schemaless. The schema is always in the code; the question is whether it’s also centrally enforced in the DBMS.
My experience has been that centralized schema definitions are harder to scale on large applications and codebases.

JS & Dom - Tips & Tricks #3

Thu, 12 Jan 2017 17:56:15 GMT

As you might already know, your browser's developer tools can be used to debug JavaScript by utilizing breakpoints. Breakpoints allow you to pause script execution as well as step into, out of, and over function calls. Breakpoints are added in your developer tools by means of line numbers where you indicate where you want script execution to be paused.

This is fine until you start changing your code. Now a defined breakpoint may no longer be in the place you want it to be. Take the following code as an example:

function doSomething() {
  console.log("first log...");
  console.log("last log...");
}

doSomething();

If I open this code in my browser's developer tools debugger, I can place a breakpoint before one of the lines inside the doSomething() function. Let's say I want to pause script execution before the "last log..." message. This would require that I place the breakpoint on that line. In this case, it would be line 3 of my code.

But what if I add the breakpoint, then I add another line of code before that line?

function doSomething() {
  console.log("first log...");
  console.log("second log...");
  console.log("last log...");
}

doSomething();

If I refresh the page, the breakpoint will still be there but now the script will pause execution on the "second log..." message instead of the "last log..." message. Again, this is because the breakpoints are based on line numbers. The debugger is still stopping on line 3, but that's not what we want.

Enter JavaScript's debugger statement.

Instead of setting breakpoints directly in the developer tools, I can use the debugger statement to tell the developer tools where to pause execution:

function doSomething() {
  console.log("first log...");
  debugger;
  console.log("last log...");
}

doSomething();

Now I can add as much code as I want prior to the debugger statement and the script will still pause in the right place, without any concerns over changing line numbers.

If you've been writing JavaScript for a while, I'm sure this tip is nothing new to you. But those new to debugging will certainly benefit from using this feature, which is part of the official ECMAScript spec. As expected, inserting a debugger statement will have no effect on your code if a debugger is not present (e.g. if the developer tools are not open).

JS & Dom - Tips & Tricks #2

Mon, 09 Jan 2017 00:56:15 GMT

Last year, David Walsh published an article called 7 Essential JavaScript Functions where he shared some JavaScript utility/helper snippets. One of the interesting techniques used in one of the functions is where he gets the absolute URL for a page. He does this using something like the following:

var getAbsoluteUrl = (function () {
  var a;
  return function (url) {
    if (!a) a = document.createElement("a");
    a.href = url;
    return a.href;
  };
})();

// Usage
getAbsoluteUrl("/something"); // https ://example.com/something

This example reveals a clever little technique. Basically, this function takes advantage of JavaScript's ability to create elements that don't actually exist in the DOM. From there, you can get info from that element as you please. In this case, the desired result is the full URL of the page. The browser automatically fills out full URLs in the href value of links, even if they're written in relative format. So with this we can easily grab the full URL from just a relative page link.

Similarly, someone in the comments posted the following snippet:

function isValidEmail(string) {
  string = string || "";
  var lastseg = (string.split("@")[1] || "").split(".")[1] || "",
    input = document.createElement("input");
  input.type = "email";

  input.required = true;
  input.value = string;
  return !!(string && input.validity && input.validity.valid && lastseg.length);
}

console.log(isValidEmail("")); // -> false
console.log(isValidEmail("asda")); // -> false
console.log(isValidEmail("asda@gmail")); // -> false
console.log(isValidEmail("asda@gmail.com")); // -> true

There's a lot going on there, but the principle is the same. The script creates an email input field, without actually inserting it into the page, and then information is gleaned from the input. The acquired info falls in line with what the browser would do if the email input actually existed and was interacted with on the page. This is along the same lines as what happens with feature detection using a library like Modernizr.

So the basic lesson here is, if you want to find out info on how a browser handles certain HTML elements, remember that those elements don't actually have to be in the DOM. You can create them yourself and then run some tests and respond accordingly.

JS & Dom - Tips & Tricks #1

Fri, 06 Jan 2017 00:56:15 GMT

There are many ways to read content from elements and nodes. Here's another one that allows you to read and write an individual node's value. It uses the nodeValue property of the Node interface. The nodeValue of an element will always return null, whereas text nodes, CDATA sections, comment nodes, and even attribute nodes will return the text value of the node. To demonstrate its use, I'll use the following HTML:

<body class="home">
  <p>Example. <span>Example paragraph one.</span></p>
  <p>Example paragraph two.</p>
  <p>Example paragraph three.</p>
  <p>Example paragraph four.</p>
  <!-- comment text -->
</body>

Now I'll run the following JavaScript to read/write a few of the nodes:

let b = document.body,
  p1 = document.querySelector("p");

// reading node values
console.log(b.nodeValue); // null for all elements
console.log(b.attributes[0].nodeValue); // "home"
console.log(b.childNodes[7].nodeValue); // " comment text "

// changing nodeValue of first node inside first paragraph p1.firstChild.nodeValue = 'inserted text<br>';

Notice the second console.log is displaying the text of an attribute node. This would be the equivalent of using getAttribute(), with the difference being that getAttribute() acts on elements, whereas nodeValue can be applied to any type of node.

Also notice that I’m using nodeValue to read the contents of an HTML comment. This is one of many ways you can do this. This would be the equivalent of reading the textContent property or data property of the comment node. As you can see from the final line in that code example, I’m able to define the nodeValue of one of the text nodes, so this isn’t read-only.

A few other things to note regarding defining the nodeValue property: Setting nodeValue will return the value that was set, and you cannot set the nodeValue when the nodeValue is null (unless of course you change it to null, which is the same as an empty string that’s changeable later).

MDN’s article on nodeValue has a chart that lists the different node types and what their nodeValue will return.

Queue in Python - Part 3

Mon, 26 Dec 2016 11:53:22 GMT

Prioritize your queue

A PriorityQueue is a type of queue imported from the module with the same name.

It uses sort order to decide what to retrieve from it first (your object must have a way of comparing its instances):

import queue

class Rezha(object):
    def __init__(self, priority):
       self.priority = priority

    def __lt__(self, other):
       return self.priority > other.priority

q = queue.PriorityQueue()
q.put(Rezha(11))
q.put(Rezha(55))
q.put(Rezha(100))
while not q.empty():
    print(q.get().priority)
# output is 100 / 55 / 11

Having defined the __lt__ method, our PriorityQueue knows now how to sort elements of type Rezha.

Queue in Python - Part 2

Wed, 02 Nov 2016 11:53:22 GMT

Double ended queues with deque

The deque class in the collections module makes it easy to create deques or double ended queues. Deques allow you to append and delete elements from both ends more efficiently than in lists.

Import the module:

from collections import deque

Instantiate deque:

d = deque()

Append to right and left:

d.append("b")
d.appendleft("a")
print(d)
# output is: deque(['a', 'b'])

In the same fashion, elements can be deleted (popped):

d.pop()
d.popleft()
print(d)
# outputs: deque([])

Starting from Python 2.6 you can limit the maximum number of elements in a deque by passing the maxlen argument to the constructor. If the limit is exceeded, items from the opposite end will be popped as new ones are appended to this end:

d = deque(maxlen=3)
deque([], maxlen=3)
for i in range(4):
    d.append(i)
    print(d)
...
# Output:
deque([0], maxlen=3)
deque([0, 1], maxlen=3)
deque([0, 1, 2], maxlen=3)
deque([1, 2, 3], maxlen=3)

Queue in Python - Part 1

Wed, 02 Nov 2016 11:00:22 GMT

Best way to implement a simple queue

A simple list can be easily used and implemented as a queue abstract data structure. A queue implies the first-in, first-out principle.

However, this approach will prove inefficient because inserts and pops from the beginning of a list are slow (all elements need shifting by one).

It's recommended to implement queues using the collections.deque module as it was designed with fast appends and pops from both ends.

from collections import deque
queue = deque(["a", "b", "c"])
queue.append("d")
queue.append("e")
queue.popleft()
print(queue)
# output is: deque(['c', 'd', 'e'])

A reverse queue can be implemented by opting for appendleft instead of append and pop instead of popleft.

Fix Java Unsupported major.minor version 52.0 on Ubuntu

Tue, 12 Jul 2016 06:33:05 GMT

Today when I run gradle test, I hit Unsupported major.minor version 52.0 error. It comes when you are trying to run a class compiled using Java 1.8 compiler into a lower JRE version e.g. JRE 1.7 or JRE 1.6. The simplest way to fix this error is to install the latest Java release i.e. Java 8 and run your program.

The Ubuntu archives have multiple versions of OpenJDK available. One of these is designated as the default and this has the package names default-jdk and default-jre. The java and javac programs will be symlinked to the binaries from this default JDK. On my Ubuntu, the default packages were linked to the openjdk-7-jdk and openjdk-7-jre packages.

However, you might want to install and use other versions of JDK. For example, to use Java 8 I did:

sudo apt install openjdk-8-jdk

The problem is that java, javac and other binaries still point to the default Java version. To switch the default Java binaries, use the update-java-alternatives tool.

To list the Java versions installed on your system, use the --list option:

update-java-alternatives --list

java-1.6.0-openjdk-amd64 1061 /usr/lib/jvm/java-1.6.0-openjdk-amd64
java-1.7.0-openjdk-amd64 1071 /usr/lib/jvm/java-1.7.0-openjdk-amd64
java-1.8.0-openjdk-amd64 1069 /usr/lib/jvm/java-1.8.0-openjdk-amd64

To set one of the above Java versions as the default, use the --set option:

$ sudo update-java-alternatives --set java-1.8.0-openjdk-amd64

Enable Spark Context on Your Ipython Notebook

Sat, 25 Jun 2016 08:04:33 GMT

When you're trying Spark with its python repl, it's really easy to write stuff using a simple function or lambda. However, it will be a pain in the ass when you're starting to try some complex stuff because you could easily miss something like indentation, etc.

Try running your pyspark with this command

IPYTHON_OPTS="notebook" path/to/your/pyspark

It will start an IPython Notebook in your browser with Spark Context as sc variable. You could start using it like this:

Fix GDM Service Can't be Enabled on Arch Linux

Wed, 10 Feb 2016 17:01:15 GMT

Today I just changed my desktop environment from XFCE to Gnome 3. However GDM service always failed to be enabled. Every time I ran sudo systemctl enable gdm, it always returned Failed to execute operation: File exists.

This was caused by another display manager still being enabled, but I don't know which one. Fortunately, running sudo systemctl enable gdm -f will force GDM to be enabled and another display manager will be disabled.

Removed symlink /etc/systemd/system/display-manager.service.
Created symlink from /etc/systemd/system/display-manager.service to /usr/lib/systemd/system/gdm.service.

Voila!!

Remove Entry from Known Host

Wed, 03 Feb 2016 06:01:14 GMT

Sometimes I am moving my domain from one server to another and facing this problem

Add correct host key in /home/rezha/.ssh/known_hosts to get rid of this message.
Offending key in /home/rezha/.ssh/known_hosts:60
RSA host key for rezhajulio.id has changed and you have requested strict checking.
Host key verification failed.

I am just too lazy to find line 60 of known_host I ended up deleting the entire known_host. Use this command to remove entries from known_hosts:

ssh-keygen -R rezhajulio.id

Change it to your own conflicted hostname or IP address.

Installing or Upgrading PostgreSQL 9.4 on Ubuntu 14.04

Thu, 20 Aug 2015 00:00:00 GMT

I am currently having a side project that requires JSON Blob feature on PostgreSQL 9.4. But Ubuntu 14.04 only delivers PostgreSQL 9.3 on their repositories. Now I'll post step by step how to install or upgrade if you are already using PostgreSQL 9.3 on Ubuntu 14.04 to PostgreSQL 9.4.

Add PostgreSQL 9.4 repository and Import repository signing key, and update the package lists

sudo echo 'deb http://apt.postgresql.org/pub/repos/apt/ trusty-pgdg main' > /etc/apt/sources.list.d/pgdg.list

wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | \
  sudo apt-key add -

sudo apt-get update

Install PostgreSQL 9.4 and pgAdmin III

sudo apt-get install postgresql-9.4 pgadmin3

Check current clusters

pg_lsclusters

Stop PostgreSQL 9.4 cluster, drop it, and upgrade PostgreSQL 9.3 cluster to 9.4

sudo pg_dropcluster 9.4 main --stop
sudo pg_upgradecluster 9.3 main
sudo pg_dropcluster 9.3 main

Confirm only 9.4 cluster remains

pg_lsclusters

Fix Locale Settings Error On Ubuntu Server 14.04

Wed, 29 Jul 2015 00:00:00 GMT

We are just migrating our cloud from Amazon Web Services to SoftLayer, and we feel really happy with performance improvement. But, somehow the new system has error like this.

perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
	LANGUAGE = "en_US:",
	LC_ALL = (unset),
	LC_PAPER = "id_ID.UTF-8",
	LC_ADDRESS = "id_ID.UTF-8",
	LC_MONETARY = "id_ID.UTF-8",
	LC_NUMERIC = "id_ID.UTF-8",
	LC_TELEPHONE = "id_ID.UTF-8",
	LC_IDENTIFICATION = "id_ID.UTF-8",
	LC_MEASUREMENT = "id_ID.UTF-8",
	LC_CTYPE = "en_US.UTF-8",
	LC_TIME = "id_ID.UTF-8",
	LC_NAME = "id_ID.UTF-8",
	LANG = "en_US"
    are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").

Apparently our OS doesn't know about en_US.UTF-8, and we can easily fix this just by running these few lines of commands

export LANGUAGE=en_US.UTF-8
export LC_ALL=en_US.UTF-8
sudo locale-gen
sudo dpkg-reconfigure locales

EAFP Coding Style in Python

Mon, 27 Apr 2015 00:00:00 GMT

What is EAFP?

EAFP (Easier to Ask for Forgiveness than Permission) is a coding style that’s commonly used in Python community. This coding style assumes that needed variables, files, etc. exist. Any problems are caught as exceptions. This results in a generally clean and concise style containing a lot of try and except statements. This technique really contrasts with common style in many other languages like C with the LBYL (Look Before You Leap) approach which is characterized by the presence of many if statements.

Example:

We have some old code on exporting some excel file, if we already have some file with the same name on the temporary folder, we'll delete it.

import os

if os.path.exists("something.xlsx"):  # violates EAFP coding style
    os.unlink("something.xslx ")

EAFP coding style prefers writing code like this:

import os

try:
    os.unlink("something.xlsx ")
except OSError:  # raised when file does not exist
    pass

Unlike the original code, the modified code simply assumes that the needed file exists, and catches any problems as exceptions. In the example above, if the file does not exist, the problem will be caught as an OSError exception.

Installing Varnish with nginx on Ubuntu 14.04

Sun, 26 Apr 2015 00:00:00 GMT

About Varnish

Varnish is an HTTP accelerator and a useful tool for speeding up a server, especially during times when there is high traffic to a site. It works by redirecting visitors to static pages whenever possible and only drawing on the server itself if there is a need for an active process.

Installing Varnish

I assume you already have a web server working with nginx. On your terminal, run this command one by one

sudo apt-get install apt-transport-https
curl https://repo.varnish-cache.org/ubuntu/GPG-key.txt | apt-key add -
echo "deb https://repo.varnish-cache.org/ubuntu/ trusty varnish-4.0" >> /etc/apt/sources.list.d/varnish-cache.list
sudo apt-get update
sudo apt-get install varnish

This will install the latest varnish 4 to your system. If you don't add varnish repo, you'll only get varnish 3 from official ubuntu repo. Just replace trusty with your version of ubuntu if you don't use 14.04.

Configuring Varnish

Once you have varnish installed, you can start to configure them to ease the load on your virtual private server.

Varnish will serve the content on port 80, while fetching it from nginx which will run on port 8080.

Go ahead and start setting that up by opening the /etc/default/varnish file:

sudo nano /etc/default/varnish

Find the lines under “DAEMON_OPTS”— in the Alternative 2 section, and change the port number by "-a" to 80. The configuration should match the following code:

 DAEMON_OPTS="-a :80 \
             -T localhost:6082 \
             -f /etc/varnish/default.vcl \
             -S /etc/varnish/secret \
             -s malloc,256m"

Next edit the file located at /etc/varnish/default.vcl. Change the port from 80 to 8080 like below:

backend default {
    .host = "127.0.0.1";
    .port = "8080";
    .connect_timeout = 60s;
    .first_byte_timeout = 60s;
    .between_bytes_timeout = 60s;
    .max_connections = 800;
}

Because this server runs WordPress and Ghost, I need to tell Varnish to not cache the admin area of wordpress and ghost. Still on /etc/varnish/default.vcl I need to modify sub vcl_recv block into this

sub vcl_recv {
        if (!(req.url ~ "wp-(login|admin)")) {
                unset req.http.cookie;
        }

        if (!(req.url ~ "ghost")) {
                unset req.http.cookie;
        }
}

Now the next step would be to edit the port used by nginx. Each server (if you have it configured that way) would need to be switched from 80 to 8080. The location of my config files are /etc/nginx/sites-available.

Once you have made all of the required changes, restart varnish and nginx.

sudo service nginx restart
sudo service varnish restart

Accessing your domain should instantly take you to the varnish cached version. To test, you can run varnishstat, and that should give you live data as you access the domain affected by varnish.

Disabling Apport Error Reporting on Ubuntu

Sat, 25 Apr 2015 00:00:00 GMT

What is Apport?

Apport is an Error Reporting Service provided by Ubuntu to intercept and analyze crashes and bugs as and when they occur. Crashes and Bugs may sound like bad things, but actually most operating systems will have several a day, and it doesn't mean your computer is broken, nor does it necessarily stop working. As such, Apport can usually be safely disabled, as it doesn't fix anything, it just tells developers that something went wrong.

Ubuntu 12.04 is the first release of Ubuntu that ships with Apport Error Reporting enabled by default, and as a result, you may get a large quantity of Internal System Error popups inside Ubuntu. Similar popups may also read Sorry, Ubuntu 12.04 has experienced an internal error. These popups are part of Apport, an internal debugger which automatically generate reports to submit for packages that crash. Many reports can't be filed or have already been filed, and as such it is usually safe to turn off.

Stopping Apport

You can stop the currently running Apport service with the following command.

sudo service apport stop

Note that unless you remove it or disable it at boot it will start again the next time you turn on your computer.

Disable Apport at Boot

You need to manually edit a file to Stop Apport Running at Boot (when you turn on your machine). Open the Terminal, and paste the following command with Ctrl+Shift+V, or type it in manually.

sudo nano /etc/default/apport

Change the line that says enabled=1 to enabled=0 to disable Apport. To re-enable, change it back.

Uninstall Apport

It is fairly simple to uninstall Apport, as you can open the Ubuntu Software Centre, search for apport, and simply click Remove.

A similar process can be used for the package apport in both Synaptic and the Terminal.

sudo apt-get purge apport

Even though it is safe to uninstall apport, I don't really recommend it, just in case you want to enable it back. Stopping Apport is already enough.

Do Git Pull When Git Push Failed

Tue, 31 Mar 2015 00:00:00 GMT

Don't you hate it when you're gonna push your code to git repository and find out someone just pushed earlier and you must do git pull and re-push again?

I made a simple and dumb bash script to do a git pull when git push has failed because you need to git pull first. Well, this is the script.

git push
if [ $? -eq 0 ]
then
    echo "DONE PUSHING"
else
    echo ""
    echo "OH SHIT. SOMEBODY ALREADY PUSH TO REPO"
    echo ""
    git pull
    if [ $? -eq 0 ]
    then
        echo ""
        echo "DONE PULLING. LETS RE-PUSH THAT CODE"
        echo ""
        git push
    else
        echo ""
        echo "OH NO! THERE'S SOME MERGE CONFLICT. FIX IT FIRST!"
        echo ""
    fi
fi

On linux you could just make some alias to run the script. On windows and using CMDER, just edit the aliases file and add gp=sh "path/to/your/file.sh"

I hope you find it helpful.

Essentials Javascripts Link

Wed, 25 Feb 2015 00:00:00 GMT

Whether you're a JavaScript newbie or hero, you'll find this link really useful.

https://gist.github.com/ericelliott/d576f72441fc1b27dace

PostgreSQL 9.4 failed to start on Manjaro

Sat, 07 Feb 2015 00:00:00 GMT

After setting up Manjaro on my new working laptop, I installed PostgreSQL 9.4. When I want to start the service by running sudo systemctl start postgresql, PostgreSQL kept failing to start.

Apparently before PostgreSQL can function correctly on Arch Linux based distro, the database cluster must be initialized by the postgres user. To fix this, just run the following command:

sudo -i -u postgres
initdb --locale en_US.UTF-8 -E UTF8 -D '/var/lib/postgres/data'

MariaDB error failed to start, errno 12

Sun, 25 Jan 2015 00:00:00 GMT

This server hosts about 4 blogs that all run with MariaDB 10. After a few days running, the MariaDB service keeps failing on this micro EC2 instance with error like this.

120423 09:13:38 mysqld_safe mysqld from pid file /var/run/mysqld/mysqld.pid ended
120423 09:14:27 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
120423  9:14:27 [Note] Plugin 'FEDERATED' is disabled.
120423  9:14:27 InnoDB: The InnoDB memory heap is disabled
120423  9:14:27 InnoDB: Mutexes and rw_locks use GCC atomic builtins
120423  9:14:27 InnoDB: Compressed tables use zlib 1.2.3
120423  9:14:27 InnoDB: Using Linux native AIO
120423  9:14:27 InnoDB: Initializing buffer pool, size = 512.0M
InnoDB: mmap(549453824 bytes) failed; errno 12
120423  9:14:27 InnoDB: Completed initialization of buffer pool
120423  9:14:27 InnoDB: Fatal error: cannot allocate memory for the buffer pool
120423  9:14:27 [ERROR] Plugin 'InnoDB' init function returned error.
120423  9:14:27 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
120423  9:14:27 [ERROR] Unknown/unsupported storage engine: InnoDB
120423  9:14:27 [ERROR] Aborting

Error 12 is OS error code:(ENOMEM) Out of memory, so of course you could just throw more memory at it. Or you could just enable swap so MariaDB doesn't crash anymore. By default, a micro EC2 instance doesn't have swap, so we should run a few Linux commands to make one.

sudo dd if=/dev/zero of=/swaps bs=1M count=1024
sudo mkswap /swaps
sudo swapon /swaps

Taadaa!! Your MariaDB instance should run flawlessly now. To make your change persist across reboots, add this line /swaps swap swap defaults 0 0 to /etc/fstab.

Vagrant's hosted Django can't be accessed

Wed, 14 Jan 2015 00:00:00 GMT

A few days ago I started using Vagrant to develop our Django project at my old company. After I finished installing project's dependencies and run python manage.py runserver, I couldn't access 127.0.0.1:8000 from my browser even after I enabled vagrant's port forwarding.

The thing is, Django's default settings will listen on 127.0.0.1, which can only be accessed from within the Vagrant VM. So we need Django to listen on all network interfaces by binding it to 0.0.0.0. Running python manage.py runserver 0.0.0.0:8000 will fix this problem.

Minifying Your JavaScript with Uglify

Thu, 23 Oct 2014 10:37:49 GMT

Do your web visitor a favor with faster website

Programmer biasanya selalu memperhatikan performa dari kode yang mereka hasilkan. Akan tetapi membuat kode javascript yang berjalan di sisi klien membutuhkan perhatian lebih.

Browser yang kita gunakan tidak dapat menampilkan apapun hasil pekerjaan kamu jika javascriptnya belum terdownload ke browser. Sungguh sangatlah penting untuk mempercepat javascript terdownload secepat mungkin agar website tidak terasa lemot.

Salah satu hal yang bisa kamu lakukan untuk mempercepat javascript terdownload ke browser adalah dengan memperkecil ukurannya.

(function() {
    var process = "minification";
    var tool = "Uglify";

    function logProcess () {
        console.log(process);
    }

    logProcess();
    // => "minification"
})();

Contoh kode javascript ini dapat diperkecil ukurannya menjadi seperti ini

!function(){function n(){console.log(i)}var i="minification";n()}();

Walaupun kodenya terlihat sangat berbeda, javascript engine melakukan hal yang sama. Kode ini diperoleh dengan melakukan beberapa hal seperti :

Menghilangkan whitespace.
Menghilangkan komentar.
Mengubah nama variabel dan fungsi menjadi lebih pendek.
Menggunakan sintaks IIFE yang lebih concise
Membuang variabel yang tidak digunakan (variabel tool pada contoh diatas).

Ada cukup banyak tools untuk memperkecil ukuran javascript, tetapi yang paling mudah digunakan adalah UglifyJS. Untuk memulai menggunakannya

Pastikan Node JS sudah terinstall.
Jalankan sudo npm install -g uglify-js di terminal kamu.

Kamu akan dapat menggunakan UglifyJS dengan perintah berikut

uglifyjs myfile.js --output myfile.min.js

Pada setting defaultnya, UglifyJS hanya akan melakukan minification sederhana dengan menghilangkan whitespace dan komentar saja. Untuk hasil lebih baik kamu bisa menambahkan flag ini.
1. --mangle akan mengubah nama variabel dan fungsi menjadi lebih pendek
2. --compress akan melakukan optimasi dan membuang variabel yang tidak digunakan.

Menggunakan kedua flag tersebut menghasilkan perintah seperti ini

uglifyjs myfile.js --output myfile.min.js --mangle --compress

UglifyJS juga memiliki kemampuan untuk mengecilkan banyak file sekaligus dan menggabungkannya menjadi 1 file dengan perintah berikut.

uglifyjs folderJS/*.js --output all.min.js --mangle --compress

Untuk cara penggunaan yang lebih detil, kamu bisa lihat disini.

Sekarang, kamu sudah punya tambahan tool yang solid. Waktunya membuat website yang lebih cepat!

HTTPS Everywhere!

Wed, 15 Oct 2014 07:25:47 GMT

and why the internet should do the same thing

Mulai saat ini, alamat blog saya adalah https://blog.rezhajulio.web.id. Ya, ada tambahan "s" pada protokolnya, yang menandakan koneksi kamu ke blog saya (dan juga seluruh subdomain yang berada di domain rezhajulio.web.id) telah terenkripsi.

![](../../assets/images/2014/10/https.png)

Tergantung dari browser yang kamu gunakan, kamu akan melihat gambar gembok, yang jika kamu klik akan menampilkan informasi privasi / keamanan.

Apa maksudnya ?

Pertama, browser kamu benar-benar terhubung dengan blog.rezhajulio.web.id, bukan website lain yang berpura-pura sebagai website saya. Terutama setelah sekumpulan orang ~~pintar~~ memblokir DNS publik dan melakukan sentralisasi DNS yang berpotensi untuk di-hijack.

Kedua, informasi antara browser kamu dan website ini telah terenkripsi cukup kuat, sehingga jika ada yang memata-matai kamu, akan sulit bagi mereka untuk memantau pertukaran data antara website ini dan browser kamu.

Jika kamu termasuk orang yang sering browsing menggunakan public WiFi, berhati-hatilah setiap akan menginput credentials pada sebuah website yang tidak terenkripsi. Bisa saja ada orang yang sedang menunggu kombinasi username-password kamu, dan menggunakannya untuk login di website lain seperti social media atau bahkan website keuangan kamu (Saya yakin masih cukup banyak yang menggunakan kombinasi username-password yang sama untuk berbagai website).

![](../../assets/images/2014/10/Screenshot---151014---20-23-52.png)

Turning the switch

Apakah kamu memiliki sebuah website ? Mengapa tidak menggunakan SSL ? you’ll be doing the Internet, and the people who use it, a favor. Dari ratusan juta website di internet saat ini, baru sekitar 2 juta saja yang telah memasang SSL pada website mereka.

Sederhananya kamu hanya membutuhkan 3 langkah untuk memiliki website terenkripsi. Memiliki web host yang support HTTPS, memiliki sertifikat SSL, dan konfigurasikan website untuk menggunakan sertifikat SSL.

Sebelum adanya client support untuk Server Name Indication, kamu membutuhkan 1 dedicated IP untuk setiap website HTTPS dan ini membutuhkan biaya yang lumayan mahal. Dengan adanya Server Name Indication memungkinkan website HTTPS untuk menggunakan IP bersama. Hal ini memungkinkan shared hosting untuk memberikan pelayanan SSL sehingga dapat menekan biaya.

Akankah enkripsi memperlambat web saya ?

Ya, tentu, tapi tidak seperti di awal tahun 1999 dimana tenaga komputasi belum sebesar sekarang. Enkripsi SSL sudah sangat cepat. Berikut adalah problem nyata dari GMail

In January this year (2010), Gmail switched to using HTTPS for everything by default. Previously it had been introduced as an option, but now all of our users use HTTPS to secure their email between their browsers and Google, all the time. In order to do this we had to deploy no additional machines and no special hardware. On our production frontend machines, SSL/TLS accounts for less than 1% of the CPU load, less than 10KB of memory per connection and less than 2% of network overhead. Many people believe that SSL takes a lot of CPU time and we hope the above numbers (public for the first time) will help to dispel that.

Kesimpulan

Karena data antara browser dan website telah terenkripsi, maka kemungkinan orang jahat untuk

Mencuri cookie
Mengintip apa yang kamu lakukan
Melihat apa yang kamu ketik
Memanipulasi data yang kamu kirim dan terima

akan sangatlah sulit untuk dilakukan. Selain itu juga, Google sangat memprioritaskan HTTPS dan sejak 6 Agustus 2014 kemarin telah memasukkan faktor HTTPS ke dalam ranking signal mereka. Sehingga website dengan HTTPS akan memiliki tambahan poin dalam rangking hasil pencarian. Big news for website's SEO, huh ?

Using Git Like A Boss

Thu, 24 Jul 2014 13:17:38 GMT

Kalau kamu belum menggunakannya sekarang, kamu harus mulai menggunakan version control segera. Saya gak akan membahas topik ini, karena sudah cukup banyak bahan bacaan bagus yang menjelaskan alasan dibalik statement tersebut.

Topik yang ingin saya bicarakan kali ini adalah tentang "bossing your Git", dan mengapa hal ini cukup penting.

Kalau kamu masih menghindar untuk memahami arsitektur dibalik version control ini, kemumgkinan besar kamu belum mempergunakan git dengan kemampuan sepenuhnya.

Topik ini bukan tentang "Kalau kamu gak pake CLI, kamu belum melakukannya dengan benar". Silahkan saja menggunakan GUI, karena saya juga dahulu menggunakan GUI (ketika masih menggunakan version control SVN dengan Tortoise SVN, dan sekarang menggunakan git). Terkadang saya menggunakan gitk untuk melihat apa yang telah saya kerjakan dalam perspektif yang lebih luas.

Topik ini adalah apa yang terjadi ketika kamu memencet tombol Sync di GUI kamu. Sehingga ketika terjadi sesuatu yang tidak diduga, kamu dapat memiliki perkiraan apa penyebab permasalahan tersebut dan dapat menyelesaikannya, dan atau bertanya kepada yang lebih tahu.

Sebagian pengguna version control adalah frontend developer atau web designer yang merupakan orang yang sangat "visual" dalam artian senang menggunakan sesuatu yang memiliki tampilan indah. Ini bukan kritik atau larangan, tapi saya tidak melihat alasan untuk tidak memahami version controlnya sendiri. Kamu tidak perlu tahu semuanya, tapi pemahaman sederhana ketika mengeksekusi perintah merupakan kunci untuk menggunakan tools yang kamu gunakan saat ini dengan lebih baik lagi.

Sebagian besar Git GUI memiliki fungsionalitas seperti commit, browsing log, melihat differensial, dll. Permasalahan dimulai ketika

Kamu mulai bekerja dengan banyak branch, tag, dan remote.
Tim kamu mulai bekerja dengan berbagai perintah git yang cukup rumit yang tidak tersedia di GUI kamu.
Kamu atau orang lain membuat kesalahan.

Ketika terjadi kecelakaan, recovery oleh aplikasi GUI umumnya kurang baik. Bagi mereka yang tidak memahami version controlnya, mereka menganggap pekerjaan mereka telah hilang dan mulai panik. Jika mereka menggunakan Git atau version control modern lainnya, sangatlah sulit untuk kehilangan hasil yang telah dikerjakan, asalkan sudah pernah di-commit dan index file tidak rusak.

Menurut saya Git-CLI adalah cara termudah untuk melakukan pekerjaan ini. GUI membungkus beberapa proses dalam 1 tombol, jika salah satu proses tidak berjalan dengan baik, akan sangat sulit untuk merecovery nya. Bagi user awam yang menghindari CLI, ini akan melukai ekspektasi yang mereka harapkan dari aplikasi GUI itu sendiri.

Git CLI dan GUI sebenarnya sama-sama client Git. Keduanya memproses index file yang sama, dan juga memiliki fitur umum yang sama. Walau pada akhirnya CLI memiliki fitur yang lebih banyak dibandingkan GUI.

Akan tetapi saya sendiri tidak terkejut ketika banyak orang lebih memilih GUI dan menghindari CLI. Hingga post ini ditulis, sudah ada 146 perintah di Git CLI. Apakah git GUI sudah memiliki perintah sebanyak itu ? Walau kemampuan menggunakan git saya tidak seahli Linus Torvalds sang pencipta Git, saya menimbang diri saya cukup mahir dalam menggunakan git. Setidaknya saya mampu menggunakan 20 perintah diluar kepala, untuk pekerjaan saya sehari-hari. Yang terpenting adalah memahami bagaimana distributed version control, staging, committing, pushing, pulling, merging dan rebasing bekerja, sisanya cukup mudah untuk dipahami.

Bahan bacaan yang saya anjurkan:

Terbaru di Wordpress 3.8

Thu, 24 Jul 2014 10:42:34 GMT

Tema default baru dan 8 pilihan tema admin yang cantik

Kalau kamu belum upgrade wordpress kamu ke 3.7, lebih baik tidak usah, karena sekarang telah hadir wordpress 3.8. Yaaay! :D. Karena upgrade kali ini adalah major version, maka update otomatis tidak otomatis berjalan dan kamu perlu menekan tombol upgrade di wordpress kamu.

Perubahan versi 3.7 kebanyakan tidak banyak terlihat dari sisi front-end, namun di versi 3.8 kali ini perubahannya sangat terlihat. Admin interface di versi ini telah dirombak total!

Kalau kamu hanya lihat sekilas, mungkin akan terlihat mirip dengan sebelumnya, tapi kalo kamu perhatikan lebih baik, akan terlihat bahwa ada cukup banyak perubahan, diantaranya:

Banyak menggunakan Flat Design, yang sekarang ini lagi tren.
Design responsive dalam artian akan tampil dengan baik di ukuran layar yang berbeda-beda. Dan akses melalui smartphone sekarang makin baik.
Default font menggunakan Open Sans, menjadikan tampilan lebih jernih dan rapi.
8 warna yang bisa kamu pilih untuk kamu pakai sebagai admin theme.

Tampilannya gw rasakan sedikit lebih cepat. Sebagian besar halaman berukuran 300kb dan beberapa yang cukup besar berukuran 500kb. Menurut gw ukuran ini masih dapat berkurang lagi jika team wordpress merubah animasi yang menggunakan javascript ke animasi menggunakan CSS3.

Akses dari smartphone dan tablet sudah sangat baik. Menurut hasil percobaan saya, akses langsung dari smartphone untuk mengakses admin wordpress lebih baik hasilnya dibanding menggunakan aplikasi wordpress yang tersedia di Play Store.

Theme baru

Ya, tepat sekali. Hampir setiap major version, akan selalu ada theme wordpress baru yang hadir secara default. Kali ini hadir theme Twenty Fourteen bersama wordpress 3.8. Theme ini mengusung style magazine dan sudah 100% responsive. Content wordpress loe dapat dimunculkan dalam bentuk slide ataupun grid. Tema dan manajemen widget nya pun sangat baik dalam theme default wordpress kali ini.

Perubahan lainnya dari wordpress 3.8 umumnya adalah bugfix, list perubahan seluruhnya dapat kamu lihat di http://codex.wordpress.org/Version_3.8

Fitur baru di PHP 5.6

Thu, 24 Jul 2014 10:29:49 GMT

All the new feature is awesome!

Baru-baru ini, team core PHP baru saja merilis versi terbaru dari PHP, yakni PHP 5.6.0 Beta 1. Saya mencoba untuk mengcompile nya di komputer saya dan mencicipi fitur baru dari PHP 5.6 ini. Ternyata cukup banyak fitur baru di PHP versi ini yang sangat membantu untuk pengembangan aplikasi yang kita buat. Berikut adalah ulasan saya.

Constant Scalar Expressions

Sebelum PHP 5.6 deklarasi constant hanya bisa digunakan dengan nilai static. Di PHP 5.6, constant dapat dideklarasikan dengan menggunakan aritmatika dasar ataupun struktur logika dasar.

<?php
#save as const.php
class Work {
  const SALARY = 2000;
}

var_dump(Work::SALARY);

<?php
#save as const56.php
class Work {
  const BONUS = 500;
  const SALARY = 2000 + self::BONUS;
}

var_dump(Work::SALARY);

Bisa dilihat bahwa pada file const56.php, constant SALARY dideklarasikan dengan penjumlahan. Hal ini bisa dilakukan di PHP 5.6, sedangkan di PHP 5.5 akan terjadi syntax error.

Argument Unpacking

Ketika kamu menggunakan sintaks terbaru PHP 5.6 yaitu ... (ya, tanda titik tiga kali), kamu bisa mengubah array dan transversable object menjadi argument list. Di bahasa pemrograman Ruby, sintaks ini dikenal sebagai splat operator. Untuk lebih mudahnya lebih baik kita lihat contoh kode berikut:

<?php
function jumlah($a, $b, $c) {
  return $a + $b + $c;
}

# Berjalan di semua PHP 5
jumlah(1, 2, 3); # Returns 6

Lalu bagaimana jika angka yang saya miliki berada di dalam sebuah array ?

<?php
function jumlah($a, $b, $c) {
  return $a + $b + $c;
}
$number = [1,2,3]

#disini kita menggunakan fungsi call_user_func_array
#berjalan di semua versi PHP 5
call_user_func_array('jumlah', $number); # Returns 6

#menggunakan splat operator
#berjalan di PHP 5.6
jumlah(...$number);

Bisa kamu lihat bahwa dengan menggunakan splat operator, kode yang kita miliki terlihat lebih rapi, dan kita tidak perlu memanggil fungsi tambahan dengan nama yang panjang dan jelek :D.

Variadic Function

Untuk kamu yang masih bertanya-tanya apa itu variadic function, artinya adalah sebuah fungsi yang menerima berapapun jumlah variabel yang diberikan. sebelum PHP 5.6, hal ini dimungkinkan dengan menggunakan func_get_args(), sedangkan di PHP 5.6 menggunakan splat operator (iya, splat operator yang disebutkan di poin di atas). Untuk lebih mudahnya saya akan kembali memberikan contoh menggunakan fungsi jumlah.

<?php
# di semua versi PHP 5
function jumlah($integer) {
  return $integer + array_sum(array_slice(func_get_args(), 1));
}

# di PHP 5.6
function jumlah(...$integer) {
  return array_sum($integer);
}


jumlah(1); # Returns 1
jumlah(1, 2); #Returns 3
jumlah(1, 2, 3); # Returns 6

Dengan sintaks baru ini, semua variabel yang diinputkan ke fungsi jumlah akan disimpan kedalam variabel integer dalam bentuk array. Kita tidak perlu lagi menggunakan func_get_args().

Selamat Tinggal Raw Post Data

Sejauh ini, PHP 5.6 telah menghilangkan 2 fitur lama, salah satunya adalah $HTTP_RAW_POST_DATA.

File Upload Lebih Besar

Sebelum PHP 5.6, upload file lebih dari 2 GB tidak memungkinkan karena PHP masih sangat buruk dalam menghandle dan memprosesnya. Namun, sekarang di PHP 5.6 sudah membuat hal ini menjadi mungkin. Sebagai tambahan, penggunaan memori di POST data sudah berkurang hingga 2 sampai 3 kalinya. Hal ini dikarenakan dihilangkannya raw post data seperti yang telah disebutkan diatas

Build in Debugger

Pada versi ini juga, PHP telah membundle debugger yang bernama PHPDBG. debuggerini dibundle bersama SAPI (Server API) dan dapat digunakan dari command line interface ataupun secara langsung dari code php kamu. Pelajari lebih lanjut tentang PHPDBG disini.

Fitur Baru Zip

Zip library di PHP juga mengalami penambahan fitur. Salah satu yang paling menarik adalah ZipArchive::setPassword($password) yang memungkinkan kita untuk memberi password pada file zip.

Kesimpulan

PHP 5.6 hingga saat ini masih belum ditentukan kapan versi stabilnya akan dirilis. Akan tetapi, fitur-fitur terbarunya cukup menjanjikan. Semoga ulasan singkat saya dapat membuat kamu untuk langsung mencoba PHP 5.6 begitu dirilis versi stabilnya. Jika ada kesalahan pada ulasan saya, mohon beritahu saya lewat komentar di bawah ini.

Hal yang tidak kamu ketahui tentang mongodb

Thu, 24 Jul 2014 10:15:03 GMT

Iya, kamu. #apasih

MongoDB adalah salah satu database yang lagi ngetrend saat ini. MongoDB ini juga merupakan database yang paling popular di kelas NoSQL Database. Beberapa waktu lalu saya udah mencoba untuk menggunakan database ini dan cukup bagus, namun banyak orang yang masih belum tahu keterbatasan dari database yang satu ini sehingga mereka menganggap keterbatasan database ini sebagai bug. Saya nulis artikel ini agar kamu tahu keterbatasan yang dimiliki oleh MongoDB sehingga kalau kamu menggunakannya ga bikin kamu sakit kepala :D.

Rakus space

YA! Pertama kali saya menggunakan MongoDB, database yang satu ini sangat rakus space. Ini berhubungan dengan langkah MongoDB untuk menghindari fragmentasi disk pada database mereka dengan mengalokasikan file berukuran besar. Ketika kamu pertama kali membuat sebuah database di MongoDB, misal kita namakan Rezha.0, database ini akan langsung memakan memori sebesar 64 MB. Sadis kan? Kalau aplikasi yang kamu buat ga memakan database yang besar, ini jelas pemborosan. Ketika aplikasi kamu menggunakan lebih dari setengah space database di file Rezha.0, MongoDB akan langsung membuat file baru bernama Rezha.1 yang berukuran 2 kali lipat dari sebelumnya, yakni 128 MB. Begitu juga ketika Rezha.1 ini telah digunakan lebih dari setengahnya, akan dibuat lagi file Rezha.2 dengan ukuran 512 MB, dan seterusnya hingga file database baru yang dibentuk akan mencapai 2GB per filenya.

Kalau space adalah salah satu limitasi di proyek kamu, maka kamu harus memikirkan matang-matang sebelum menggunakan database ini. Ada salah satu produk komersial turunan MongoDB yang bernama TokuMX, yang menurut pengakuannya bisa mengurangi penggunaan space hingga 90%.

Limitasi 32 bit

Versi 32 bit dari MongoDB ini juga dapat dibilang kurang bagus karena memiliki limitasi lain, yaitu hanya mampu menghandle data sebesar 2GB. Sangat nanggung untuk mereka yang akan menggunakan MongoDB untuk skala besar. Solusinya ? Pakai 64 bit!

Biaya konsultasi mahal

Kalo kamu berniat untuk konsultasi dengan team MongoDB untuk mengatasi problem yg kamu miliki. Mereka mematok harga cukup mahal, yakni sebesar $ 450 per jamnya, dan kamu minimal harus membayar untuk 2 jam, jadi minimal sebesar $900 atau Rp 10.7 Juta harus kamu rogoh dari kocek kamu untuk sekali konsultasi.

Tools administrasi kurang

Kalo kamu udah terbiasa dengan phpmyadmin untuk MySQL, mungkin kamu bakal kecewa kalo menggunakan MongoDB, karena tools yang ada seperti RockMongo sangat kurang fitur. Mungkin masih bisa sedikit terobati dengan RoboMongo, namun silahkan coba sendiri untuk pastinya

Official limitations

Yang menyedihkan adalah ga banyak orang yang mencari tahu keterbatasan dari teknologi yang akan mereka adopsi. Staff MongoDB sudah membuat sebuah halaman tentang limitasi dari MongoDB ini. Yang saya bahas diatas gak ada di halaman itu tentunya :D. Semoga dengan artikel ini kamu tahu limitasi MongoDB dan ga kaget kalau kamu mau menggunakan database ini.

Push Notifications untuk Setiap Error di Laravel

Thu, 24 Jul 2014 09:17:25 GMT

Karena user lebih memilih untuk menutup website daripada melaporkan error

Saya selalu kepengen tau ketika aplikasi yang saya bikin bermasalah. Ketika aplikasi yang kita buat bermasalah, pasti enak rasanya kalo ada notifikasi yang masuk ke smartphone kita, iya ga ?

Setting nya cukup mudah, kamu cuma perlu akun gmail dan aplikasi gmail di iOS atau android. Kalau kamu udah punya keduanya dan udah kamu setting supaya bisa dapet notifikasi email di smartphone kamu, maka kamu dah siap. Langkah yang kamu harus lakukan sebenernya mudah, kamu cuma harus buat aplikasi kamu kirim email setiap ada error.

Disini saya menggunakan fungsi mail() yang udah built-in di PHP karena saya ga butuh sesuatu yg spesial dan saya ga butuh tampilan email yg memukau. Simpel tapi efektif. Info yang saya butuhin cuma log error, IP pengguna dan server, sama URL dimana error terjadi. Untuk itu saya bikin script kayak gini

$ip = Request::server(‘REMOTE_ADDR’);
$host = getHostByAddr(Request::server(‘REMOTE_ADDR’));
$server = Request::server(‘HTTP_HOST’);
$url = $host.Request::server(‘REQUEST_URI’);
$message = "Client: $ip ($host)\r\nURL: http://$server\r\n\r\n$exception";
mail("you@gmail.com", "Exception at $server",$message, "From: $server <you@gmail.com>\r\nContent-Type: text/html;\r\nMime-Version: 1.0");

Simpel kan ? Untuk Laravel 4 cukup kamu taruh di file app/start/global.php di bagian App::error. Di Laravel 3 ke bawah bisa kamu taruh di file application/config/error.php

Terbaru di Wordpress 3.7

Thu, 24 Jul 2014 09:06:22 GMT

CMS Sejuta Umat

Saya suka banget sama frekuensi update WordPress. Mereka umumnya dirilis setiap beberapa bulan sehingga kita menerima beberapa fitur baru dan perbaikan bug. Tapi mereka juga tidak begitu sering update sampai kita harus update semua situs kita setiap hari.

WordPress 3.7 dirilis pada tanggal 24 Oktober 2013. kamu bisa download file dari wordpress.org atau kamu bisa klik link Updates dari dalam kontrol panel WordPress. WordPress menyatakan “you might not notice a thing, and we’re okay with that”.Kamu mungkin ga akan merasakan perbedaan dari update wordpress kali ini. Mungkin satu-satunya hal yang akan kamu perhatikan adalah WordPress membutuhkan lebih sedikit maintenance dari sebelumnya…

Latar Belakang Pembaruan Otomatis

Saya gak pernah mengalami masalah apapun dengan 1 click upgrade – selalu berhasil. Mulai sekarang , maintenance dan update keamanan yang dilakukan secara otomatis di background. Kamu hanya akan melihat tombol “Upgrade Now” ketika versi 3.8 dirilis.

Fitur ini mungkin tidak menarik bagi para administrator yang sangat berhati-hati diantara kalian , tetapi tim WordPress telah menguji pada 110.000 situs tanpa kegagalan satupun. Rata-rata , update memakan waktu kurang dari 25 detik dan hanya akan menempatkan WordPress dalam modus maintenance selama beberapa detik .

Untungnya , mengkonfigurasi dan menonaktifkan upgrade di background bisa dilakukan. Tunggu tutorialnya di blog gw ini.

Password Meter diperbaharui

Password Meter yang baru sekarang telah mengenal pola umum dari password yang lemah seperti nama , tanggal , urutan Keyboard , urutan nomor dan bahkan referensi dari budaya pop. Silahkan coba password kamu di password meter yang baru ini, dan jika hasilnya menunjukan bahwa password loe sangat lemah, sebaiknya kamu segera ganti password!

Pencarian

Fasilitas pencarian WordPress telah memadai tapi jarang menghasilkan hasil yang akurat seperti pencarian Google / Bing. WordPress 3.7 meningkatkan pencarian dengan relevansi yang lebih baik, bukan hanya berdasarkan tanggal yang cenderung memprioritaskan posting blog terbaru di atas halaman . Misalnya, istilah pencarian yang sesuai judul akan muncul ke bagian atas daftar. Ini agak sulit untuk mengevaluasi perbaikan yang telah dilakukan kecuali kamu memiliki wordpress 3.6 dan 3.7 dengan konten yang identik , tetapi tes dasar yang saya lakukan tampak lebih baik.

Jika itu tidak cukup …

Perbaikan aksesibilitas telah dilakukan
Codex dan sistem dokumentasi telah diperbarui
Lebih dari 437 bug telah diperbaiki oleh 211 pengembang

WordPress 3.7 adalah pembaruan besar. Belum ada perubahan mendasar ke core wordpress, jadi gw menduga kebanyakan plugin dan tema akan kompatibel . Kecuali loe tahu sebaliknya?

Jika semua berjalan dengan baik , WordPress 3.8 akan dirilis pada akhir 2013 . Kita mungkin melihat dashboard , halaman tema dan fasilitas pencarian baru.

Kompresi CSS menggunakan Python

Thu, 24 Jul 2014 05:48:44 GMT

Jangan siksa pengunjung website mu dengan bloated CSS

CSS (Cascading Style Sheet) merupakan salah satu komponen penting dalam sebuah website. Tanpa CSS, sebuah website dapat dipastikan memiliki tampilan yang tidak begitu indah dilihat. Namun ketika sebuah website memiliki komponen yang cukup banyak, ukuran file CSS ini akan menjadi cukup besar sehingga memperlambat akses website kamu. Disini saya akan kasih script kecil yang dapat digunakan untuk memperkecil ukuran css kamu.

Disini kita butuh sebuah library python bernama cssmin, installasi nya cukup mudah, cukup dengan mengetik pip install cssmin

Pastikan installasi anda sudah terinstall pip tentunya. Cssmin ini dapat dibilang import dari YUI css compressor yang berbasis java. Untuk memperkecil banyak file css sekaligus, gue akan berikan snippet code nya.

import cssmin, time, glob
#nama file output, disini gue beri nama all_UnixTime.css
#contoh file output all_1376637310.css
outfilename = ‘all_’ + str((int(time.time()))) + ".css"
#membaca setiap file css dalam 1 folder
with open(outfilename, ‘wb’) as outfile:
    for fname in glob.glob(‘*.css’):
        with open(fname, ‘r’) as rawfile:
            #mengecilkan css
            minified_file = cssmin.cssmin(rawfile.read())
            #menulis css yang sudah diperkecil ke file output
            outfile.write(minified_file)
    outfile.write(‘/* ===end of ‘ + fname + ‘===*/\n’)

simpan dalam sebuah file misalkan css.py, lalu letakkan dalam 1 folder bersama file css anda, lalu eksekusi dengan menjalankan ini di command line loe

python css.py

Untuk yang ingin mempelajari lebih jauh library cssmin, silahkan kunjungi githubnya

Bundled Javascript di Yii Framework

Thu, 24 Jul 2014 05:42:19 GMT

Ga perlu include jquery lagi.

Tahu gak sih kamu kalau Yii Framework telah menyediakan beberapa file JavaScript di dalam paketnya? Jadi kalau kamu ingin menyertakan sebuah file JavaScript ke dalam projek Web, kamu mungkin bisa cek dulu apakah Yii sudah punya JavaScript itu atau belum. Jika sudah ada, maka kamu gak perlu download dan manual meng-include JavaScript tersebut lagi, tetapi cukup memanggil fungsi di Yii saja.

Yii mempunyai beberapa JavaScript berguna yang siap dipakai di dalam sistemnya. Contohnya Jquery dan JQuery UI. Misalnya kamu perlu menggunakan Jquery UI, maka kamu cukup menulis sintaks di bawah untuk meng-include-nya

Yii::app()->clientScript->registerCoreScript(‘jquery.ui’);

Untuk mengetahui Yii memiliki script inti apa saja, kita bisa mengecek di folder Yii Framework sendiri, tepatnya di framework/web/js/packages.php. Berikut beberapa file JavaScript yang terdapat di dalam Yii Framework:

jquery: Ini merupakan file jQuery yang terkenal itu. Secara default, Yii akan menggunakan file jQuery yang sudah terkompres. Hanya pada saat kondisi debug, Yii meng-include file jQuery biasa.
multifile: Berfungsi sebagai upload beberapa file. Multifile di Yii menggunakan jQuery plugin multiple file upload dari Fynework.com. Biasanya kita tidak akan meng-include manual file ini, karena JavaScript ini dipakai CMultiFileUpload.
cookie: Untuk mengatur cookie di jQuery. File JavaScript ini diambil dari jQuery-Cookie Klaus Hartl.

jquery.ui: jQuery User Interface memiliki segudang fungsi UI seperti kalender, fungsi drag dan drop, fungsi autocomplete dan lain-lain yang berbasis jQuery.
metadata: Salah satu plugin jQuery. Fungsinya mengambil nilai metadata dari sembarang atribut ataupun kelas. Jika ingin tahu lebih lanjut silahkan kunjungi situs jQueryMetadata.

Sebenarnya script-script inti ini ada, dikarenakan Yii sendiri juga memerlukannya. Misalnya ada sebuah script inti yang bernama rating yang sebetulnya digunakan oleh CStarRating. Tetapi kita bisa saja include sendiri karena memerlukannya untuk kasus tertentu. Biasanya saya pribadi pada umumnya hanya membutuhkan jquery dan jquery.ui. Kalau kamu sendiri bagaimana?

Menggunakan Hashing API untuk Hash Password di PHP 5.5

Thu, 24 Jul 2014 03:12:15 GMT

Hari gini masih pake MD5 ?

Menggunakan bcrypt adalah cara terbaik untuk hashing password, tetapi sejumlah besar developer masih menggunakan algoritma yang lebih tua dan lebih lemah seperti MD5 dan SHA1. Banyak developer PHP bahkan tidak menggunakan salt saat hashing. API hashing baru di PHP 5.5 bertujuan untuk menarik perhatian terhadap bcrypt sementara menyembunyikan kompleksitasnya. Pada artikel kali ini saya akan membahas dasar-dasar penggunaan API hashing baru PHP.

Hashing API baru memiliki 4 fungsi sederhana:

password_hash() – digunakan untuk hashing password.
password_verify() – digunakan untuk memverifikasi password terhadap hash nya.
password_needs_rehash() – digunakan ketika password perlu di hash ulang.
password_get_info() – memberikan info tentang algoritma hasing yang digunakan serta option yang digunakan ketika hashing sebuah password

Sejumlah besar developer PHP masih menggunakan algoritma hashing yang sangat tua dan lemah, seperti MD5 dan SHA1.

`password_hash()`

Meskipun fungsi crypt() aman, telah dianggap oleh banyak programmer bahwa fungsi ini terlalu rumit dan rawan kesalahan. Beberapa developer kemudian menggunakan salt dan algoritma yang lemah untuk menghasilkan hash dari sebuah password, misalnya:

<?php
$hash = md5($password . $salt);

Tetapi fungsi password_hash() dapat membuat kode kamu lebih aman. Ketika kamu membutuhkan sebuah password untuk di hash, tinggal masukkan password ke dalam fungsi dan kamu akan mendapatkan hash yang selanjutnya disimpan ke database.

<?php
$hash = password_hash($password, PASSWORD_DEFAULT);

Mudah kan! Parameter pertama adalah string password yang perlu hash dan parameter kedua menentukan algoritma yang harus digunakan untuk menghasilkan hash.

Algoritma standar dari fungsi tersebut adalah bcrypt, tetapi algoritma yang lebih kuat dapat ditambahkan sebagai default di masa yang akan datang dan dapat menghasilkan string yang lebih besar. Jika kamu menggunakan PASSWORD_DEFAULT dalam proyek kamu, pastikan untuk menyimpan hash dalam kolom yang memiliki kapasitas lebih dari 60 karakter. Mengatur kapasitas menjadi 255 karakter mungkin menjadi pilihan yang baik. Kamu juga bisa menggunakan PASSWORD_BCRYPT sebagai parameter kedua. Dalam hal ini hasilnya akan selalu 60 karakter.

Yang penting di sini adalah bahwa kamu tidak harus memberikan salt atau parameter cost. API baru ini akan mengurus semua itu untuk kamu. Dan salt merupakan bagian dari hash, sehingga kamu tidak harus menyimpannya secara terpisah. Jika kamu ingin memberikan salt atau cost kamu sendiri, kamu dapat melakukannya dengan memberikan argumen ketiga untuk fungsi.

<?php
$options = ['salt' => fungsi_salt(), //buat fungsi untuk generate salt
'cost' => 12 // default option ini adalah 10
]
$hash = password_hash($password, PASSWORD_DEFAULT, $options);

`password_verify()`

Sekarang kamu sudah melihat bagaimana untuk menghasilkan hash dengan API baru, mari kita lihat bagaimana untuk memverifikasi password. Ingat bahwa kamu menyimpan hash di database, tapi ketika pengguna log in , kamu mendapatkan password polos. Fungsi password_verify() mengambil password polos dan string hash sebagai dua argumen. Ia mengembalikan nilai true jika hash cocok dengan password pasangannya . Contoh:

<?php
if (password_verify($password, $hash)) {
// Sukses!
}
else {
// Password salah!
}

`password_needs_rehash()`

Bagaimana jika kamu perlu mengubah parameter salt dan cost untuk string hash? Ini mungkin terjadi karena kamu memutuskan untuk meningkatkan keamanan dengan menambahkan salt yang lebih kuat atau parameter cost yang lebih besar. Selain itu, PHP dapat mengubah implementasi standar dari algoritma hashing. Dalam semua kasus ini, kamu akan ingin mengulangi hashing password yang ada.

`password_get_info()`

password_get_info() menerima hash dan mengembalikan sebuah array asosiatif yang terdiri dari tiga unsur:

algo - konstanta yang mengidentifikasi algoritma tertentu
algoName - nama algoritma yang digunakan
Options - berbagai pilihan yang digunakan saat menghasilkan hash

Kesimpulan

API baru untuk hashing password ini lebih mudah untuk dipakai daripada meraba-raba fungsi crypt(). Jika situs Web kamu saat ini berjalan pada PHP 5.5, maka saya sangat menyarankan agar kamu menggunakan API hashing baru. Kalau kamu menggunakan PHP 5.3.7 (atau yang lebih baru) dapat menggunakan library password_compat yang mengemulasi API baru ini dan secara otomatis menonaktifkan dirinya sendiri ketika versi PHP di upgrade ke 5.5.

Rezha Julio

Nobody Gets Promoted for Simplicity

How promotion packets actually work

We train people to do this

Complexity has real costs people ignore

The actual path to seniority

Making simplicity visible

The uncomfortable part

The AI Paradox: Coding is Easier, Engineering is Harder

I don't write code anymore, I review it

The ghost bugs

Speed without architecture is just fast debt

Sometimes I just want to type

The trade

Demystifying AI: Learning LLMs Through 200 Lines of MicroGPT

What it actually does

Why it is worth reading

The actual code

Self-attention, explained concretely

Running it yourself

The gap between this and ChatGPT

Bell Curve Promotions Are Broken

The math is wrong

It punishes good teams

It kills collaboration

It rewards performance theater

Manager discretion becomes kingmaker

What companies say vs. what happens

The alternative isn't "everyone gets a trophy"

The real cost

The Skeptic Who Got Benchmaxxed: What Actually Changed About AI Coding Agents

The backstory: a professional skeptic

The AGENTS.md revelation

The prompting strategy nobody talks about

From Python to Rust: where it gets wild

The benchmaxxing pipeline

nndex: the proof of concept

What I actually take away from this

The uncomfortable conclusion

How to lock yourself out of SSH with a single scp command

Compound Engineering

The loop

Plan (where most of the thinking happens)

Work (the agent writes code)

Review (catch problems, capture lessons)

Compound (the step nobody does)

The adoption ladder

Beliefs worth reconsidering

The 50/50 rule

Wrapping up

28 Posts in 28 Days: What Happened When I Wrote Every Day in February

What I actually wrote about

The hard part

What I noticed

Am I going to keep doing this?

Go 1.26: Stack vs Heap Allocation — Faster Code Without Changing a Line

What actually changed

Why this matters in practice

The catch

Bottom line

Sharpen the Saw: Don't Debug in the Dark

The Tunnel Vision Trap

Sharpen the Saw

When to Stop and Fix

Stop Using innerHTML: The New Firefox Feature That Kills XSS

Enter setHTML()

How does it handle malicious input?

Can we customize the Sanitizer?

Why not just keep using DOMPurify?

Browser Support & The Path Forward

Bonus: Trusted Types and Document.parseHTML()

Next Level Coding with Amp: Planning Before Prompting

The real shift: planning vs. execution

Agent modes

Teaching Amp your codebase with AGENTS.md

Features that actually matter

The Oracle

The Librarian

Subagents

Code review

Enter `setHTML()`

Bonus: Trusted Types and `Document.parseHTML()`

CLI piping (`amp -x`)

The fetcher (`techwatch.js`)