|
Speaking of web development, I've spent the past few days trying to automate the deployment of our upcoming EC2 three-box setup of site, api and database nodes. The first step is a fat shell script to get everything ready for git-based puppet, and the next phase is puppet turning the machine into whatever type of node it is. Interesting experience if you haven't done much unix administration before, you get to appreciate it much more. It's pretty magical to see a generic instance turn into something of actual use with a single command.
|
#
¿
Jun 16, 2013 03:24
|
|
|
|
| # ¿ Apr 27, 2024 23:04 |
|
|
Design for Hackers is at the very least an interesting read if you're just starting out. I've personally got quite a bit of mileage by replicating someone else's theme by hand. You learn a lot by seeing the tricks that people in the know use.
|
|
#
¿
Jun 17, 2013 06:34
|
|
|
I love how 25% of the Internet is still on IE8, which in the market we're in is more like 80%. Gotta go through our fancy backbone app with 30 plugins and make sure they're all working as intended, which they really aren't right now. I even put up one of those "update your 5 year old browser, for gently caress's sake" banners on the site, but it doesn't help if it doesn't load in the first place, oops.
|
|
#
¿
Jun 17, 2013 23:47
|
|
|
Anybody here has managed to have d3.js happily work with IE8? Have you needed anything more than aight.js to make the magic happen?
|
|
#
¿
Jun 22, 2013 09:16
|
|
|
Here's a question for you guys: let's say that *hypothetically* I might have not realized I really should have supported IE8 from the get-go on my site and I'm now stuck with a very modern IE10/FF/Chrome-friendly HTML5 site. I'd love to figure out how to make it compatible with IE8 as well. It's my understanding that there are a bunch of hacks out there that might fix a lot of the issues in one single step, like including a comprehensive backwards compatibility shim etc. What would be such libraries that would make this possible? I know absolutely nothing about IE8 compat and would love a tip or two.
|
|
#
¿
Jun 24, 2013 20:03
|
|
|
kedo posted:https://code.google.com/p/html5shiv/ Wow, that worked surprisingly well, I didn't even have to modify any CSS to have it look pretty much the same. Thanks a bunch! I think there might be a couple of instances of styling that are a bit odd, but they're not obvious enough that you think it's broken. Btw, what's the deal with html5shiv vs html5shim? Both projects are up there on google code and both referenced from the github page of html5shiv.
|
|
#
¿
Jun 24, 2013 20:56
|
|
|
Any advice on where to get dirt cheap wildcard certificates that still work? I don't particularly care about the "quality" of the CA, 99.999% of the customers are not going to either. I just want to avoid blowing 300 bucks on one.
|
|
#
¿
Jun 24, 2013 21:11
|
|
|
da keebsta knicca posted:I am confused about how to setup and test a website before launch with SSL certs. Basically I am doing a redevelopment of a website for someone and we are about to launch in the next week. They are scared of the old the old developer so we just want to switch over the domain on launch day to point to the new server without telling them. I am confused about how to buy/setup and test the SSL certificate that will sit on our signup/payment page when I don't have control of the domain yet. I just want everything setup so when the domain name transfer propagates everything is there sitting waiting to go. IANAExpert, but could you possibly get the new cert, fake the domain name in your /etc/hosts or hosts file if you're on Windows and then test it locally that way? Don't know what web server you're using, but at least in nginx it's really trivial to just tell it to use a certain private key and certificate for a specific hostname.
|
|
#
¿
Jun 25, 2013 21:10
|
|
|
Any general advice, guidelines or guides for how to make your web api not suck over long stretches of time? The web app portion is easy, I can change that whenever and users will get the latest .js files in no time, but the mobile apps might lag behind by weeks if not months, depending on how aggressive the specific OS is about forcing updates (iOS really isn't at this point, not until iOS7). So how do I start developing APIs that service multiple versions of clients with a 1-2 month margin of backwards compatibility? Test the API with oldest supported client version and newest version at all times, make sure it works? I know I'll figure it out through mistakes, but ideally I'd not not learn it the hard way.
|
|
#
¿
Jul 5, 2013 09:09
|
|
|
Is there any kind of unwritten convention for giving dns names to websites / api when testing them on a local machine? For example, would you call api.mycompany.com something like api.localhost.com and then update the hosts file?
|
|
#
¿
Jul 7, 2013 01:33
|
|
|
Is it really CORS to make a call from foo.example.com to bar.example.com? For some reason I always assumed that sharing second level domains would guarantee it's wouldn't be cross origin.
|
|
#
¿
Jul 7, 2013 07:07
|
|
|
The Insect Court posted:Yes, foo.site.com is a different domain from bar.site.com. DNS is hierarchical and doesn't distinguish in any fundamental way between the second subdomain and the fiftieth, It's just that all the subdomains of site.com are usually in the same DNS zones. So just * Access-Control-Allow-Origin and be done with it?
|
|
#
¿
Jul 7, 2013 08:05
|
|
|
sim posted:Honestly, for a developer I think interview skills are more important than a portfolio. Developers are in very high demand right now, so if you can give a decent interview, you will get multiple job offers. I think it's definitely a good thing to also have a Github account with some samples, but it's not absolutely necessary. A lot of places will want you to complete a homework assignment anyway and that's where you can show your stuff. In fact I wonder how many times developers review other developers' portfolios when deciding whether to pursue recruitment. Does anybody have experience actually doing this? You'd think that things are still done old school where only the recruiter is involved in the first step and thus github doesn't factor in.
|
|
#
¿
Jul 10, 2013 02:23
|
|
|
My Backbone-based web app fetches a lot of data on the fly after the user opens a page, and so I'd like to come up with a good reusable pattern for stubbing those DOM elements out with a spinner while the data is being fetched asynchronously. At this point I manually set a minimum height on these elements (to prevent them from flattening out to a couple of pixels), and replace the internal HTML with a centered spinner gif, and then in the callback I strip those styles and replace the innerHTML with whatever I need to. Is that what most people do, or is there a more elegant solution? Also, is there a really nice and flexible library out there for putting up pretty spinners on the screen etc, like when the user is logging in? I've been rolling my own mostly, but it'd be cool if someone already did a much better job.
|
|
#
¿
Aug 15, 2013 23:32
|
|
|
piratepilates posted:stuff There's pretty reasonable pub-sub functionality in Backbone, so I can definitely make that work. I've actually been pretty lazy about using Collections/Models fetch completion notifications, mostly using callbacks instead, so it'd be good for me to revisit some of those best practices. My question was more regarding what to do on the HTML side of things: how to make that look decent. If I hide/show the elements, then I have them pop out of nowhere as the data is done fetching, which probably looks bad unless you're using animations and that's your shtick. In my case I try to keep the size of those empty elements as close as possible to the final size (once the data is rendered) to avoid having things wildly vary in size dynamically. As in, I don't want a <table> element to flatten out to a line and then suddenly blow up to 1000px in height.
|
|
#
¿
Aug 15, 2013 23:48
|
|
|
Is anyone aware of a good text or two on designing modern day distributed web applications, ideally with something like AWS as data center? I've been doing pretty much everything organically so far, so I'm sure I'm either reinventing the wheel or doing something very inefficiently quite often. Would be good to learn a few tricks from the pros.
|
|
#
¿
Aug 24, 2013 23:16
|
|
|
Lumpy posted:This is not really what you asked for, but the question made me think of something I read a few months ago about the growing pains Pinterest went through, and what architectures they tried and settled in, and why. Might be helpful to you, might not, but I found it very interesting and helpful: Scaling Pinterest That's interesting, thank you. I guess I'll have to rummage around and see who else posted something along those lines.
|
|
#
¿
Aug 26, 2013 00:19
|
|
|
I'd like to have some sort of a dendogram graph on my site, along the lines of D3's http://bl.ocks.org/mbostock/4063570 I already implemented it once the same way the example does, but I've hated every second of working with D3. I don't want to learn a whole new paradigm just to get that stuff on the screen. Are there any other libraries out there that could get me a nice dendogram without wasting days of my time?
|
|
#
¿
Aug 27, 2013 23:36
|
|
|
Assets over HTTPS question: I have a dashboard that customers log in to and the dashboard loads a bunch of images from a HTTP s3 bucket, leading browsers to display the "are you ok with seeing insecure content?" message box, which I believe scares the poo poo out of our users. Our static site right now is served from an ec2 box with nginx with a ssl cert, so I could move all of the assets over there as well, but I'd really like to stop having a separate machine just to deliver static content. I'm pretty happy with gzipping all our stuff and uploading it to S3, except then I lose SSL, which isn't cool. I believe CloudFront can do SSL with custom certs, but that's $400 bucks if I remember correctly. I'd like to spend around $0 on this if possible, and still drop the need to have a box for it. What are my options? Has anybody found a reliable and dirt-cheap way to host static https content without a box?
|
|
#
¿
Sep 5, 2013 20:54
|
|
|
Mr. Wynand posted:You know HTTPS is supported out of the box with S3 right? I wasn't, that's fair, that should address at least the assets portion of it, thanks! I'm actually now wondering if I HAVE to use a custom SSL cert for the static site, given that S3 provides their own. $600/mo is quite a bit for something I might not even need. It's been a while, but I can't think of a reason off the top of my head why I'd want a specific SSL cert there, rather than a random one.
|
|
#
¿
Sep 5, 2013 21:24
|
|
|
Mr. Wynand posted:If your current SSL cert is working for everything but the S3 poo poo, no, you don't. The images will use their own valid cert (from amazon) and everything else will use whatever it was using so far and it's all valid and secure and browsers won't yell at you. That's fair, thanks. I think the only situation where things could go wrong is if I were using some form of cert pinning, but I don't see myself doing that for anything but the API. That and I don't think browsers actually support that functionality. Actually, derp, I wouldn't be able to serve a site over https if the CNAMEs don't match, so that's a no go for S3 afaik? DreadCthulhu fucked around with this message at 22:43 on Sep 5, 2013 |
|
#
¿
Sep 5, 2013 22:13
|
|
|
I've never had to implement email confirmation and password reset before, so I want to run this by you to make sure I don't pointlessly implement everything by hand if there's a tool for it out there already. For email confirmation, do you create a "tracking" code of some sort on the backend and send the user an email with Mandrill or SES (or whatever other system) with a link? The link would make the browser do a GET against a route that checks that url-encoded param and makes sure the system is aware of it? For password reset, similarly to the above, create a tracking code on the backend, and send a link that will allow to overwrite the password for only that one user with a new bcrypted version? It's not much work besides a couple of routes and tables, but I'm still curious if there's a better way of doing this, perhaps with a SaaS solution of some sort.
|
|
#
¿
Sep 6, 2013 09:23
|
|
|
NtotheTC posted:Are you using a framework for this? Or building from scratch. This is a very common thing so for most frameworks I'd imagine there's a plugin that does exactly what you want to do. It's going to have to be done from scratch: there's no actual framework and it's too niche of a language to have these niceties.
|
|
#
¿
Sep 6, 2013 09:43
|
|
|
Dietrich posted:Whatever you do, you don't want the activation/password reset records to be re-usable. In the same transaction as you set the account to active or apply the new password, you should set the linking record to inactive or populate a date field with the date used and the IP used from. This can be useful auditing information. You can, for example, see that 900 users were activated from the same IP address in 2 hours. Are there any obvious security practices besides that one that I should make sure to have in place? Couldn't find anything specific on OWASP etc, maybe security stack exchange will have more. Oh My Science posted:What language? The api is 100% Clojure with the FE being a separate static Backbone site. The latter is something I'm actually regretting a bit, I'll need to implement server-side html generation soon, as having to update 2 codebases and ferry data in JSON blobs every single time is a pain in the rear end when you might want something quick and dirty and purely internal.. Folks in the community do tend to err on the side of re-implementing things from scratch if they're small and simple e.g. signup / auth is most of the time homebrew on top of existing modules that do cookie auth and bcrypt etc, as opposed to an end-to-end plugin like Rails' Devise. Auth is actually being looked into, as most people would agree that rolling your own is generally a bad idea, but the alternative (cemerick's friend module) is way more feature-full than most people need.
|
|
#
¿
Sep 6, 2013 19:13
|
|
|
Hypothetical REST / MVC question: say I'm creating a "employee" resource with its corresponding model. Say that when I create an employee, I also have to create a bajillion other related resources like "equipment", "promotions", "hr_violations" etc. I could start that process from an /employees POST, but then I'd be screwing myself out of the option to create JUST the employee resource one day (and I hate complex branches in my controllers, there's enough going on already for me to add extra branches based on request params), so I'm considering instead having a wrapper resource like /employee-accounts which clearly indicates that you're creating an employee account, not just an employee resource. Is that the right way to think about REST or am I smoking something?
|
|
#
¿
Sep 7, 2013 02:05
|
|
|
That's fair, those are all good things to think about. On one end I wish there was a "kosher" way of doing things, on the other I can appreciate the flexibility, albeit you do get plenty of rope to hang yourself with. I've been looking for examples of great REST-style APIs out there and could use a link or two. I stumbled upon the StackExchange one for example, and would love to know if that one is good for reference as I'm building my own? It's always great to have a solid role model until you gain enough experience to break out of it.
|
|
#
¿
Sep 8, 2013 00:23
|
|
|
I use Ubuntu full time for everything and Vagrant as pre-pre-production. The convenience of being able to edit something on your own machine without redeploying, be it the frontend or the services, is just so great that I still can't convince myself to not run the product on the dev machine itself. I guess an alternative would be to setup our configuration management to deploy an unpackaged version of our product onto vagrant (unminified site, no uberjar etc), but it still doesn't feel like a solution.
|
|
#
¿
Sep 23, 2013 21:32
|
|
|
Munkeymon posted:If you're using 13, try switching to 12 (yeah, sorry) or disabling all of the stupid bullshit they added in 13. To make 13 usable, I went through everything in unity-tweak-tool and disabled any transparency and then in the compizconfig-setting-manager (ccsm) I turned off animations and fading windows. That mostly fixed the VM I updated to 13 without making a copy first I've been using VirtualBox at home for over a year for a Ubuntu VM and it's actually quite good for most development purposes, including multi-monitor support etc. It's slower than non-virtualized Ubuntu obviously, and it my case it has a really tedious graphical glitch for gVim which drives me completely insane. Can't wait for everybody to start making Linux ports of AAA games so I can finally blow that Windows turd away. Yeah Wine etc, I'll try that at some point if I ever find time.
|
|
#
¿
Sep 23, 2013 21:34
|
|
|
Could someone explain a typical basic server-side html form verification flow to me plz? Is it: Submit POST from the HTML form -> server determines form is incorrect, returns 400 with page updated with previously input form text/choices and incorrect fields highlighted with CSS -> user updates fields, rePOSTs -> server validates correct, 20x to a confirmation page -> confirmation page <meta> redirects to home page?
|
|
#
¿
Sep 26, 2013 09:04
|
|
|
Lumpy posted:There's more than one way to skin that cat, but a widely used pattern is: Cool, thank you! A MIRACLE posted:Yeah, if it's not valid, return a 406 not acceptable I might be wrong about this, but isn't 406 a content-negotiation-specific code, and thus not in any way related to the actual parameter set? In this case, the request is "malformed" and so a 400 is the more appropriate code. I'm using this http decision graph library based off of Erlang's WebMachine and it's pretty anal about these things, heh.
|
|
#
¿
Sep 26, 2013 23:43
|
|
|
Isn't OPTIONS pretty much mandatory for any kind of CORS work involving non-idempotent HTTP verbs? I don't think you can just instruct the browser to skip the pre-flight CORS OPTIONS request, but maybe I'm missing something.
|
|
#
¿
Sep 27, 2013 20:06
|
|
|
Anyone got words of wisdom regarding setting up a VPN connection to a cloud-based subnet like Amazon's VPC? Kind of tired of keeping all my boxes Internet-facing, but the instructions on AWS also suck balls. I'm sure my lack of familiarity with basic networking concepts is making something trivial much harder than it seems.
|
|
#
¿
Sep 29, 2013 22:11
|
|
|
I could use some advice regarding online billing platforms. I need to slap together a billing page for subscriptions (ideally one-time charges as well) in a reasonably short amount of time for a quick experiment we want to make. I'm certainly considering Stripe, but I keep hearing of all these other "wrappers" around Stripe which might facilitate things, especially if you're doing something likely very throwaway. I'm curious if you folks have had experience with this and if you'd advise trying out sites like Chargebee/Chargify etc. for the kind of scenario above, or if Stripe is still the way to go.
|
|
#
¿
Oct 6, 2013 08:43
|
|
|
fletcher posted:This is amazing: http://baconipsum.com/ In that same vein http://dummyimage.com/ or http://lorempixel.com/.
|
|
#
¿
Oct 12, 2013 03:47
|
|
|
Let's talk obnoxious emails. I've noticed that MailChimp/Mandrill offer the ability to store templates in their system and offer their own templating system. The advantage is that your backend doesn't have to hold onto these assets and regular humans can customize and create templates at their whim without having to bother you. Also takes care of injecting the various "unsubscribe" links. Seems like a good deal. Any thoughts? On a related note, how do you guys handle email triggers in your systems? For example, if user has signed up but hasn't added required data to account after 3 days, send reminder email etc. Mixpanel seems to support pretty fancy querying there, so it seems like one way of handling it rather than having a background process loop through your dataset at all times and check for different conditions. DreadCthulhu fucked around with this message at 22:59 on Oct 17, 2013 |
|
#
¿
Oct 17, 2013 22:41
|
|
|
For server-side templating and assuming no javascript, is there a different paradigm out there for browser CRUD on a list of db entries than what Rails traditionally does? You know what I'm talking about.. the /new /edit pages, and read/delete all done from the main listing page. With JS you have all sorts of options, from hand-written spaghetti callbacks to using a framework to sync the DOM against the backend, but what about when you don't use JS?
|
|
#
¿
Oct 21, 2013 10:25
|
|
|
Has anybody else found procedural PDF generation and formatting to be a bit of a pita if you're trying to get the layout just right, like you would do in a browser? Is it just me?
|
|
#
¿
Nov 3, 2013 04:22
|
|
|
Any advice on how to make HTML pages printer-friendly? Is this a lost cause, or is there hope?
|
|
#
¿
Nov 7, 2013 04:01
|
|
|
Migrated our bootstrap site to 3.0. Anything exciting I should be aware of with the new version? Didn't quite get a chance to fully power through it.
|
|
#
¿
Nov 21, 2013 07:39
|
|
|
|
| # ¿ Apr 27, 2024 23:04 |
|
|
Depressing Box posted:The official docs have a pretty good rundown. I understand that, I was hoping someone might share what they found to be great among the new features of Bootstrap3 etc.
|
|
#
¿
Nov 23, 2013 16:02
|
|