Monday, October 22, 2018

Why HTTPS?

Recently I converted my web site from HTTP to HTTPS. Reasons:
  1. Chrome flags all HTTP sites as unsecure by default which is annoying.
  2. To protect login information from man in the middle attacks.
  3. For Progressive Web Apps (web apps that can run offline)
  4. For accepting online payment.
The basic steps of converting your site to HTTPS:
  1. Buy a domain name and redirect it to your server IP.
  2. Install Nginx on your server and configure it to forward traffic to relevant ports.
  3. Obtain a TLS/SSL certificate and install it.
  4. Add a cron job to automatically renew the certificate.

Complexity of IoT with web UI

One of my on going projects collects data from IoT sensors and displays them on a web page. The things I had to learn were quite a lot. Here is a short list:
  1. VPS, Ubuntu, Putty, Filezilla
  2. Nodejs, Javascript, HTML, CSS, socket.io
  3. Arduino IDE, libraries for sensor, board etc.
  4. Sending data from sensor to VPS
  5. Custom hardware design for rugged case, smaller form factor and minimal power consumption (done by a friend of mine).
  6. Obtaining a domain name and redirecting it to VPS IP
  7. Nginx as a reverse proxy
  8. HTTPS, certification
  9. Login, register
  10. Online payment
  11. Database

Friday, October 12, 2018

Best way to expand your network

The best way to expand your network is to work on something. Besides learning new things, you will also meet like minded people, exchange ideas and expand your network.

Tuesday, October 09, 2018

How bureaucracies get out of control

Recently I had to spend more than an hour to convince some otherwise very smart people that we should not have QA approval to close a bug. Having such an extra step caused developers to refrain from using the type "bug". Instead, they started to use the more generic "issue" type. The result was not being able to see which issues were bugs. For me, bugs are the more important issues to work on. When you label an issue as a bug, you get a nice red exclamation mark to the left of the issue on your board.

My personal experience is that it is quite easy to add something to an existing procedure but 10 times more difficult to remove something. This bias leads to bureaucracy getting larger, more complicated and less useful in time. This is the exact opposite of "perfection is attained not when there is nothing more to add, but when there is nothing more to remove" [Antoine de Saint Exupéry]

Simple login demo with NodeJS

I wrote a simple / bare bones login demo with NodeJS. It uses cookies to remember the user. Note that this is the absolute minimum and should not be used in applications requiring security.

Note that in login.html we have to use HTTP POST (not GET. This line in login.html: form action="/login" method="post) so that user name and pass is not displayed in browser address bar!