24 December 2020

curl cheat sheet

 Curl, the wget with steroids. https://curl.se/

1. response headers

curl -I http://localhost:8081/customers

HTTP/1.1 302
Set-Cookie: KC_REDIRECT=/customers; Path=/; HttpOnly
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Location: http://localhost:8081/sso/login
Transfer-Encoding: chunked
Date: Sun, 27 Dec 2020 15:38:57 GMT

2.  gzip call

curl -v -H "Content-Type: application/json" -H "Accept-Encoding: gzip" -I http://127.0.0.1:8080/example/fourkb 

Content-Encoding: gzip
Content-Type: application/json

curl -v -H "Content-Type: application/json" -H "Accept-Encoding: gzip" http://127.0.0.1:8080/fourkb -o four.json.gz

curl -v --compressed
-verbose

3.  curl get

curl -k --max-time 30 -X GET 'https://10.10.10.31:8080/rest/accounts?user=test&password=test&channel=1&client-ID=1020'
 --request GET

 
 
4. curl post body:

curl -k --request POST 'https://10.10.10.31:8080/rest/num-accounts' --header 'Content-Type: application/json' --data-raw '{"user":{"user":"testuser","password":"welcome1","request-channel":1},"client-ID":"12345"}'

-d '{"query":{"match_all":{}}}'
-d, --data <data>



5. ssl

to avoid self-signed cert:

-k

curl --cacert cacert.pem https://self-signed.badssl.com


6. cookie

--cookie "jsessionid=123"


7. timeout

--max-time 30


8. header

curl -H "Authorization: Basic YXBpdXNlcjphcGlwd2Q=" http://devweb.cl/status


9.  basic user?

--basic --user "redemption-br:GUkboMIZ"

 
10. for brackets

curl -g

otherwise:
curl: (3) bad range in URL position 47:

11. download

-O -J

curl -k -O -J https://www.devweb.cl/file.txt

 
12. linux/windows

linux:

curl -X POST http://172.18.235.19:8773/api/v1/publishEvent --header 'Content-Type: application/json' --data-raw '{"user":{"user":"testuser","team":"welcome1","request-channel":1},"client-ID":"12345"}'


windows:

curl -X POST http://127.0.0.1:8773/api/v1/publishEvent --header "Content-Type: application/json" --data-raw  "{\"user\":{\"user\":\"testuser\",\"team\":\"welcome1\",\"request-channel\":1},\"client-ID\":\"12345\"}"

 

07 December 2020

API Integrations Summary

The concept of API integrations is broad. This must consider a function and non-functional requirements (today called quality attributes).

There several ways to integrate to an API


One way that integrating with third-party, or partner, APIs can be easier is by using a client or SDK. API clients handle much of the overhead when interacting with an API. They can handle common tasks like:

  • Authentication
  • Error handling
  • Encoding requests and parsing responses
  • Simplifying requests
  • Offering a better user experience than direct usage
  1. API integration of workflow !
  2. different user story --> workflows !


Track performance

The work isn’t over once you set up your API integrations. While we all would like to “set and forget” an integration, the truth is that any dependency is also a liability. You can start by monitoring your API usage. Specifically, here are the metrics we think are the most important:

  •     Latency
  •     Response Time
  •     Availability
  •     Consumption
  •     Failure Rate
  •     Status Codes

 

  1. https://blog.cloud-elements.com/10-step-guide-designing-api-integration
  2. https://www.infoq.com/articles/api-first-integration/
  3. https://blog.bearer.sh/api-integration-best-practices/




Modern C for Absolute Beginners

Technical proofed/reviewed:

Modern C for Absolute Beginners
A Friendly Introduction to the C Programming Language

https://www.apress.com/gp/book/9781484266427


Authors: Dmitrovic, Slobodan



05 December 2020

Posix Threads C11

simple example of Posix threads in C11, which doesn't have impl in gcc/clang. Remember to use -pthread as argument.

03 December 2020

Beginning C 6th edition

I am proud to participate as co-author in Beginning C - From Beginner to Pro, 6th Edition, press 2020.

https://www.apress.com/de/book/9781484259757

Beginning C

From Beginner to Pro - 6th Edition

Authors: Gonzalez-Morris, German, Horton, Ivor
© 2020

 

05 November 2020

Apofenia

La apofenia (del griego ἀπό, apó, "separar, alejar", y φαίνειν, phaínein, "aparecer, manifestar(se) como fenómeno, fantasía") es la experiencia que consiste en ver patrones, conexiones o ambos en sucesos aleatorios o en datos sin sentido. 

Este término tiene acepciones diferentes en los ámbitos de la psicología y de la estadística, donde también suele utilizarse.[cita requerida]

https://es.wikipedia.org/wiki/Apofenia

 


Estadística

En estadística, la apofenia suele estar relacionada con un error de tipo I, que puede llevar a conclusiones falsas en una investigación. La probabilidad de encontrar una asociación espuria o casual entre dos variables, y creer erróneamente que se ha encontrado una asociación real, se incrementa cuando en lugar de aplicar el método científico se realiza el hackeo estadístico de una base de datos (P-hacking). Esta mala práctica consiste en jugar con una base de datos y relacionar la variable dependiente con todas las posibles variables independientes hasta encontrar una asociación estadísticamente significativa, sin haber establecido previamente un marco conceptual y una hipótesis de investigación que justifiquen por qué se van a estudiar estas relaciones.2​ La publicación de estos resultados en revistas científicas es una de las causas de la pérdida de credibilidad y reproducibilidad de la ciencia, lo que ha llevado a muchos científicos a realizar manifiestos de alerta.3



30 October 2020

Sofisma

 

Del lat. sophisma, y este del gr. σόφισμα sóphisma.

1. m. Razón o argumento falso con apariencia de verdad.

 

23 October 2020

Java SIGBUS

 Core dump of a lack of space at /tmp

:S

Aborted (core dumped)
#
#   https://github.com/AdoptOpenJDK/openjdk-support/issues
# If you would like to submit a bug report, please visit:"
#
#  SIGBUS (0x7) at pc=0x00007f1240764eac, pid=6, tid=48#
# JRE version: OpenJDK Runtime Environment AdoptOpenJDK (11.0.8+10) (build 11.0.8+10)
# Java VM: OpenJDK 64-Bit Server VM AdoptOpenJDK (11.0.8+10, mixed mode, tiered, compressed oops, serial gc, linux-amd64)# C  [libc.so.6+0x18eeac]
# Problematic frame:
#
# Core dump will be written. Default location: /usr/app/core.6
#
# An error report file with more information is saved as:
# /usr/app/hs_err_pid6.log
#
# A fatal error has been detected by the Java Runtime Environment:
#

it is interesting that docker also has shared memory device configuration /dev/shm
through shm_size

https://efod.se/java-sigbus/

https://confluence.atlassian.com/confkb/java-vm-dies-with-sigbus-0x7-when-temp-directory-is-full-on-linux-815584538.html

https://bugs.freedesktop.org/show_bug.cgi?id=100432

https://buddy.works/docs/on-premises/solving-problems/shared-memory


Socket 101

 A connection between two computers uses a socket.





https://www.silabs.com/products/development-tools/software/micrium-os/micrium-tcp-ip-networking

http://personales.upv.es/rmartin/TcpIp/cap02s12.html

https://docs.oracle.com/javase/tutorial/networking/sockets/definition.html

https://cwiki.apache.org/confluence/display/HADOOP2/SocketTimeout

https://apur1e.wordpress.com/2018/03/23/299-tcp-ip-http-get-post/

https://en.wikipedia.org/wiki/Network_socket
 

15 October 2020

Gradle cheat sheet

 Despite my preference for Maven, here it is a quick list of gradle (6.x) commands:

In gradle 7 has removed several tasks, and replaced by implementation, runtimeOnly, testImplementation, and testRuntimeOnly.

├── gradle
│ └── wrapper
│ ├── gradle-wrapper.jar
│ └── gradle-wrapper.properties
├── gradlew
├── gradlew.bat
├── settings.gradle
└── lib
 ├── build.gradle
 └── src
 ├── main
 │ └── java
 │ └── demo
 │ └── Library.java
 └── test
 └── java
 └── demo
 └── LibraryTest.java

1. basic build

gradle clean build

gradle assemble

gradle test

gradle init

2. eclipse java14 plugin

It has issues with wrapped gradle for older gradle (6.2--) gradle-wrapper.properties

Caused by: java.lang.NoClassDefFoundError: Could not initialize class org.codehaus.groovy.vmplugin.v7.Java7

plugins {
 id 'eclipse'
}

gradle cleanEclipse eclipse

3. tasks (list of possible task to execute)

./gradlew tasks

4. springboot 

gradle bootRun

5. version

./gradlew -version

6. sonarqube

plugins {
 id "org.sonarqube" version "3.0"
}

sonarqube {
 properties {
 property "sonar.sourceEncoding", "UTF-8"
 }
}

gradle sonarqube

7. debug/stacktrace

--stacktrace
--debug
--warning-mode=(all,fail,none,summary)

8. publish local maven

gradle publishToMavenLocal

available with:

apply plugin: 'maven-publish'

Another approach:

apply plugin: "maven"
group = "mygroupid"
version = "1.0.0"

repositories {
   mavenLocal()
}


$ gradle clean build install

 

9. skip test 

gradle build -x test

 

10. jar building

gradle jar

jar {
 manifest {
 attributes "Main-Class": "com.baeldung.fatjar.Application"
 }
 from {
 configurations.compile.collect { it.isDirectory() ? it : zipTree(it) }
 }
}


11. lombok

dependencies {
    compileOnly 'org.projectlombok:lombok:1.18.20'
    annotationProcessor 'org.projectlombok:lombok:1.18.20'
    
    testCompileOnly 'org.projectlombok:lombok:1.18.20'
    testAnnotationProcessor 'org.projectlombok:lombok:1.18.20'
}

12. dependencies

gradle dependencies
 

01 October 2020

OAuth 2.0 - OpenID Connect (OIDC)

 OpenID Connect (OIDC) is an authentication layer on top of OAuth 2.0, an authorization framework.[1] The standard is controlled by the OpenID Foundation.

  1. Authorization Code Flow
  2. Implicit Flow
  3. Resource Owner Password Credentials Flow
  4. Client Credentials Flow
  5. Refresh Token Flow


direct grant

A way for a client to obtain an access token on behalf of a user via a REST invocation.

 



curl --location --request POST
'http://localhost:8180/auth/realms/spring2/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=user2' \
--data-urlencode 'password=welcome1' \
--data-urlencode 'client_id=login-app2' \
--data-urlencode 'scope=openid'
 
curl --location --request POST 'http://localhost:8180/auth/realms/SpringBootKeycloak/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=user1' \
--data-urlencode 'password=welcome1' \
--data-urlencode 'client_id=login-app' \
--data-urlencode 'client_secret=17c7b0a7-665d-4231-bc1f-818bda511d1f' \
--data-urlencode 'scope=openid'
 

{


Refresh token:

curl -X POST \
  http://localhost:8180/auth/realms/spring2/protocol/openid-connect/token \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'grant_type=refresh_token&client_id=login-app2&client_secret=welcome1&refresh_token=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJhZTY0YTA1Mi1iMGJlLTRjY2UtODUxNS1lYTM0MDY5YWQ1YTMifQ.eyJleHAiOjE2MTE5NTI3MjYsImlhdCI6MTYxMTk1MDkyNiwianRpIjoiZjA4MjFhMGMtZjdmNi00YmRkLTg4YTctZmZkOTIwZTA0YWQ5IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MTgwL2F1dGgvcmVhbG1zL3NwcmluZzIiLCJhdWQiOiJodHRwOi8vbG9jYWxob3N0OjgxODAvYXV0aC9yZWFsbXMvc3ByaW5nMiIsInN1YiI6ImRkNGU2ZTQ2LWIwMjQtNDZmYS05ZjUzLWM3OWE2MDM5YWIzZiIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJsb2dpbi1hcHAyIiwic2Vzc2lvbl9zdGF0ZSI6IjUyYmU0ZTllLTVhNWMtNDFiZC1hZWVlLTg4ZjFiNTNhYjgwNiIsInNjb3BlIjoib3BlbmlkIGVtYWlsIHByb2ZpbGUifQ.FIAstcSWnq1ZUdHfgbIY9Z3u9_a2ywoFe9vxV-vwp6E'


 

Resources:

 


22 September 2020

ATAM - Architecture tradeoff analysis method

Consequences of architectural decisions in light of quality attributes requirements

ATAM is developed among technical professional, is not mandatory to include domain experts.

Steps:

  1. Present the ATAM.
  2. Present business drivers.
  3. Present architecture.
  4. Identify architectural approaches.
  5. Generate quality attribute utility tree.
  6. Analyze architectural approaches.
  7. Brainstorm and prioritize scenarios.
  8. Analyze architectural approaches.
  9. Present results.

Quality Attributes:

  • performance
  • availability
  • security
  • modifiability
  • interoperability
  • integrability
  • (observability)






 

Outputs of ATAM
 

  •  A concise presentation of the architecture.
  •  Articulation of business goals.
  •  The quality requirement in terms of a collection of scenarios.
  •  Mapping of architectural decisions to quality requirements.
  •  A set of identified sensitivity and tradeoff points.
  •  A set of risks and non-risks.
  •  A set of risk themes.



https://concisesoftware.com/architecture-tradeoff-analysis-method-atam/

https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=5177

http://devwebcl.blogspot.com/2017/05/software-architecture-books.html

https://resources.sei.cmu.edu/asset_files/TechnicalReport/2000_005_001_13706.pdf

 


15 September 2020

Dynamic Proxies in Java Mini-Book

Technical proofed/reviewed:

* Dynamic proxies are such a tool. We can save thousands of lines of repetitive code with a single class. By taking a thorough look at how they work, we will recognize good use cases for them in our systems.

        https://www.infoq.com/minibooks/java-dynamic-proxies/

 


 

11 September 2020

ADR (Architectural Decision Records)

The content of the ADR can have the following sections:

  1. Title - Title of the decision record.
  2. Decision - The decision that was made. For instance, use Elasticsearch for an enterprise-wide search API.
  3. Status - Status can be proposed, accepted or superseded. If you make any decisions and you need to change them later, you can simply add a new record with the changed status.
  4. Context - What is the context of this decision? It is important to capture the full context of the decision so that the reader knows the reasons behind it.
  5. Consequences - In this section, you can add what would happen if this decision is made. It is important to list all consequences, both positive and negative.

https://github.com/joelparkerhenderson/architecture_decision_record 

https://github.com/npryce/adr-tools

 UPDATE: 2 years later we see the same in AWS: https://www.infoq.com/news/2022/06/aws-adr-guide/

02 September 2020

The Twelve-Factor App

 From wikipedia:

The Twelve-Factor App methodology is a methodology for building software-as-a-service applications. These best practices are designed to enable applications to be built with portability and resilience when deployed to the web.


https://12factor.net/


I. Codebase
One codebase tracked in revision control, many deploys

II. Dependencies
Explicitly declare and isolate dependencies

III. Config
Store config in the environment

IV. Backing services
Treat backing services as attached resources

V. Build, release, run
Strictly separate build and run stages

VI. Processes
Execute the app as one or more stateless processes

VII. Port binding
Export services via port binding

VIII. Concurrency
Scale out via the process model

IX. Disposability
Maximize robustness with fast startup and graceful shutdown

X. Dev/prod parity
Keep development, staging, and production as similar as possible

XI. Logs
Treat logs as event streams

XII. Admin processes
Run admin/management tasks as one-off processes

 

04 August 2020

Writing words

Aforismo
nombre masculino
 
Frase o sentencia breve y doctrinal que se propone como regla en alguna ciencia o arte.
"los aforismos de Hipócrates"
 
  • Las mentiras más crueles son dichas en silencio (Robert Louis Stevenson).
aforismo

Del lat. aphorismus, y este del gr. ἀφορισμός aphorismós.

1. m. Máxima o sentencia que se propone como pauta en alguna ciencia o arte.

 
 
Epifanía

Del lat. tardío epiphanīa, y este del gr. ἐπιφάνεια epipháneia.

Escr. con may. inicial en acep. 2.

1. f. Manifestación, aparición o revelación.

24 July 2020

Migration p.1

There several techniques for migration legacies systems. One common task is to move from monolith to microservices, and a common strategy is to do an incremental rollout.

The migration can be achieved by using:
  1. Canary Deployment
  2. A/B Testing
  3. Blue-Green Deployment
  4. Feature flags (toggles)


Among several best practices for microservices design, one is : https://12factor.net/

 

10 July 2020

Knowledge Pyramid

We need to understand the breadth and depth of this pyramid to become a good Architect.

The more dangerous part is the bottom: "stuff you don't know you don't know."


I am taking this idea from Neal & Mark.


http://nealford.com/memeagora/2015/09/08/knowledge-breadth-versus-depth.html

02 June 2020

Math for Programmers


Technical reviewed:

Paul Orland
MEAP began December 2018  Publication in Fall 2020 (estimated)
ISBN 9781617295355  650 pages (estimated)  printed in black & white

https://www.manning.com/books/math-for-programmers


Spring Security in Action

Technical reviewed:

Laurentiu Spilca
MEAP began December 2019  Publication in Early 2021 (estimated)

ISBN 9781617297731  550 pages (estimated)


https://www.manning.com/books/spring-security-in-action



Language Fashion

Python --> Math
Typescript --> OOP
Java --> Enterprise/Microservice
Javascript --> Frontend

22 May 2020

Ludic Computer Science Books

Among the years, I have seen several books that provide sharp academic knowledge in a ludic way.

 This is a list I gather together :

  • TAOCP 4 (has some of it because of handle puzzles).

https://devwebcl.blogspot.com/2015/10/books-for-programming-challenges-puzzles.html

https://devwebcl.blogspot.com/2018/12/musician-books-entities.html


16 May 2020

Memoization Notes


  • Memoization... las funciones de verdad que siempre tendran el mismo output... entonces podemos guardarelas para no recalcularlas.
  • Fibonacci is a good example
  • We need to identify/create the function that can be memoization... and if we are lucky, then we can have a functional function :P that can have memoization.
  • Books on Memoization?
  • Do thinking! (correct thinking!)
  • Combinatorial optimization
  • Linear programming
  • Dynamic programming


24 April 2020

Bastion Hosts on AWS

A bastion host is a server whose purpose is to provide access to a private network from an external network, such as the Internet. Because of its exposure to potential attack, a bastion host must minimize the chances of penetration. For example, you can use a bastion host to mitigate the risk of allowing SSH connections from an external network to the Linux instances launched in a private subnet of your Amazon Virtual Private Cloud (VPC).



https://aws.amazon.com/blogs/security/how-to-record-ssh-sessions-established-through-a-bastion-host/

https://aws.amazon.com/quickstart/architecture/linux-bastion/


23 April 2020

Oracle Cloud Infrastructure Foundations Associate

Current certification as an introduction to OCI (Oracle Cloud Infrastructure).
  • Dynamic Routing Gateway (DRG, a virtual router): (for on-premises) Fast connect, and IPSec VPN (Site-2-site)
  • Internet Gateway (internet)   
  • Service Gateway (oci services)
  • NAT Gateway: only outbound
  • Peering:  Local & Remote VCN peering (diff VCN regions)






https://www.oracle.com/corporate/blog/free-certifications-oracle-oci-autonomous-033020.html



Blog Archive

Disclaimer

The views expressed on this blog are my own and do not necessarily reflect the views of Oracle.