What will be the output of 'a' + + 'b'. aNaN. It’s understandable, that something unexpected should come, as we’ve mis-typed an extra +, but what it has to do with the NaN. Why NaN?

Now, what will be the output of 'a' + + 'b' + 'c'. aNaNc. Quite understandable. Right?

Now, tell me, what will be the output of 'a' + + 'b' + 2. Obviously, aNaN2. Correct.

But, what will be the output of 'a' + + 2. Can you guess? Shockingly, but not so unexpectedly, it’s a2. We know, there is some relation of string concatenations with numbers. So, 2 has absorbed the NaN and hence the result. But what is the relation of string concatenation with Numbers. I’m a little confused. But I’ll try to find the answer.

I’ve been using Git for quite a long time. Though I’m not that much familiar with advanced concepts or complex scenarios regarding Git. To do day-to-day normal tasks, mostly I use only six commands(status, commit, branch, checkout, push, pull), with some flags some times. It’s true that I don’t do very complex things with it. But those four commands are enough for me. In this post, I’m iterating those commands one-by-one, possibly with some comments.

Okay, let’s start by creating a git repo with init command.

mkdir new_git_repo_folder
cd new_git_repo_folder
git init

It’s as simple as that. After running this command, you can see, one folder with name .git has been created. This folder is going to hold all the meta information for the repository. Git actually maintains hash for a particular commit. Those information also reside in this folder. Now create some content.

Most of the Git host servers shows the content of README.md as default face of a directory. It’s kind of index.html in a website. The extension .md stands for mark-down. It’s a pre-defined format to write documents, that can be converted into HTML/PDF or any other type, by some tool. There are a lot of implementation of this converter. Though there is a standard for the syntax for mark-down but it mostly depend on the converter in use. GitHub, GitLab, Bitbucket all have implemented their own version of mark-down to HTML converter. Though their most of the syntaxes are same, there are some extras also. But for now, we don’t have to bother with the mark-down syntax compatibility of various providers. We are gonna just add one README.md file.

echo "# New Git Repo" > README.md

The leading # will tell the converter to make the title as h1 element in HTML. Git has two very important concepts. HEAD and stage.

git status
git add README.md
git status

Add the user info to the local repo.

git config user.name "Arnab Das"
git config user.email "arnab@coderuse.com"

Add user info for the work environment.

git config --global user.name "Arnab Das"
git config --global user.email "arnab@coderuse.com"

Now commit.

git commit -m "Adding README.md"
# or, to add author in commit itself
git commit --author "Arnab Das <arnab@coderuse.com>" -m "Adding README.md"
git status

Add the remote. It’s possible to mention the name of the remote other than origin. It’s just the most common one.

git add remote origin <origin-url>
# for the first time it's required to mention the remote name and branch name
# the -u flag persists the mapping of the local to remote branch
# later just "git push"
git push -u origin master

Create new branch and checkout to the branch.

git checkout -b new_branch
# do some changes
git push -u origin new_branch

Clone a git repo.

git clone <git-repo-url> [optional-folder-name]
cd new_git_repo

Checkout to a branch. Both the following commands does the same thing. Creates a local branch named new_branch from the remote branch new_branch. Only difference is that, it’s possible to mention a different branch name in the first command.

git checkout -b new_branch origin/new_branch
# or
git checkout -t origin/new_branch

See the branch names.

# lists only the local branches
git branch
# lists local along with remote branches
git branch -a
# search for a branch name
git branch --all | grep <string-to-search-for-in-branch-names>

Delete a branch locally.

git branch -d <branch-name>
# if branch has some new commits delete forcefully
git branch -D <branch-name>

Delete the branch in remote.

git push <remote-name> :<branch-to-delete>

There are three types of tunnels can be made with ssh.

• local
• remote
• dynamic

Of this three, the last one dynamic is of real interest for us, in regard to the socks proxy. But before that, let’s get into that topic slowly. First let’s review the other two and see their possibility and scope.

Local Tunnels

Local tunnels make remote resources available locally. Suppose a MySQL server is running on the remote machine A behind a firewall and we have ssh access to another machine B in the same network as A. Then to access the MySQL server in A, we can invoke,

# -N: do not execute remote commands
# -L: bind address locally

# local_port:A_IP or A_FQDN:A_Port_To_Bind
# binding to the local port 3309 with the remote port 3309
ssh -N -L 3309:aa.aa.aa.aa:3309 username_on_B@bb.bb.bb.bb

# another usecase, though not so practical, if A is accessible
# and for some reason MySQL port is required as local port
ssh -N -L 3309:aa.aa.aa.aa:3309 username_on_A@aa.aa.aa.aa

# optionally if local is bound to more than one IP address
# it is possible to specify local IP to bind
ssh -N -L ll.ll.ll.ll:3309:aa.aa.aa.aa:3309 username_on_A@aa.aa.aa.aa

Remote Tunnels

This kind of tunnels are rarely used. It’s just opposite to the previous one. Instead of using -L we have to use -R

# the host part is mandatory, so we have to use either of
# 127.0.0.1, localhost, 0.0.0.0
ssh -R 3309:127.0.0.1:3309 username_on_B@bb.bb.bb.bb

Dynamic Tunnels

This is of the most interest regarding the discussion about SOCKS proxy. For dynamic tunnels, we don’t have to give any specific remote port, though we have use one specific local port, that we want to pass all our traffic through.

# choice of local port is very important, but the ports
# 465, 587, 993 generally kept open even in very restrictive environments
ssh -D 8888 username_on_B@bb.bb.bb.bb

Dynamic tunnels creates light weight SOCKS proxy, that we can use to annonymize our browsing. SOCKS proxy is app level proxy. So it works at Application Chrome and IE uses system proxy. But in Firefox, we can set proxy. Paste about:preferences#advanced in the address-bar of Firefox and enter. Click on the Settings button related to Connection. Choose Manual Proxy Configuration, put 127.0.0.1 in the host and specified port for Socks Host. Leave all the others blank.

Don’t forget to check the option Proxy DNS when using SOCKS v5. This option is available in newer version of Firefox. If this is checked, Firefox will try to use the DNS of the remote host, through which the proxy has been configured.

Also, we need to prevent the WebRTC leak. Type about:config in the address-bar and enter. Click on the button containing the text I accept the risk or similar like it. Search for media.peerconnection.enabled and double click it to make this flag false.

Navigate to the site ipleak.net and see if the intended IP is shown. Also don’t forget to check the DNS list. Sometimes DNS list exposes our actual location. If the DNS of your ISP is shown, try to change the nameserver inside the router or network adapter of PC. Google DNS or Free DNS responses are quite fast.

socks5 proxy with ShadowSocks

Dynamic tunnels make use of SSH protocol to exchange network packets. A more sophisticated and secure option may be Shadowsocks. This uses altogether a new protocol. And it uses a different approach to encrypt and decrypt network packets. On top of Socks5, it uses a pre-specified password in server and client both to encrypt and decrypt. So, if the password is secure enough, it’s next to impossible to decrypt the packets.

Shadowsocks is very easy to configure. Unless we are deploying it as a service, it does not require much resource also. For personal use, low end servers from Linode, Vultr, Digital Ocean, Amazon Lightsail, Scaleway, Rackulous, Contabo can be used. All the them have reasonably good performance and reputation as VPS providers. Here three things should be considered during the selection of provider,

• location
• price
• bandwidth

I’m using Linode with 1GB RAM, 1 shared CPU core, 1 TB bandwidth for the minimum plan of $5 per month. Performance of the VPS is pretty decent and as I’m using shadowsocks-libev, it’s almost nothing on the server. shadowsocks-libev is a Shadowsocks implementation in C. So, it’s fast and requires less resource. Other options can be viewed from here.

Here I’m giving a no-frill instructions to setup a Shadowsocks server on Ubuntu 16.04.

# install required softwares
apt-get install --no-install-recommends build-essential autoconf libtool haveged automake \
        libssl-dev gawk debhelper dh-systemd init-system-helpers pkg-config asciidoc \
        xmlto apg libpcre3-dev zlib1g-dev libev-dev libudns-dev libsodium-dev libmbedtls-dev

cd /usr/local/src
git clone https://github.com/shadowsocks/shadowsocks-libev.git
cd shadowsocks-libev
git submodule update --init

# build and install
./autogen.sh && ./configure && make && make install

# this is a hack to create the autostart scripts
add-apt-repository ppa:max-c-lv/shadowsocks-libev
apt-get update
apt install shadowsocks-libev

# configure the server correctly
vim /etc/shadowsocks-libev/config.json

apt-get remove shadowsocks-libev

# change the "DAEMON" localtion to '/usr/local/bin/ss-server'
vim /etc/init.d/shadowsocks-libev

# make the server configuration file as specified below

# reload reload daemons
systemctl daemon-reload

# restart the server
/etc/init.d/shadowsocks-libev restart # if any error occurs try with just 'start'

Server configuration should be put in the file /etc/shadowsocks-libev/config.json

{
    "server":"xx.xx.xx.xx",
    "server_port": 1234,
    "local_port": 1234,
    "password":"long-non-guessable-password",
    "timeout": 600,
    "method":"chacha20-ietf-poly1305"
}

There are a lot of options for clients of Shadowsocks. Install on Android or iPhone or on desktop and start to use proxy anywhere. I personally use on my Android set. It does not drain battery like the openVPN clients.

Though proxy is used for anonymity. It helps us to keep ourselves private. But let’s not use this to harm someone. Great power comes with great responsibility. Use them carefully.

I really appreciate this AMA initiative by Sindre Sorhus. And I think that everyone should keep open some channel to contact. Not email. Because email lacks the visibility for everyone. Email is good for one-to-one communication. But forum conversations are generally meant for publicly visible. Conversations as GitHub’s issue-comment presentation is a overkill, if not a little awkward. So, I was searching for an alternative to start my AMA. I like the UI of the currently popular traditional forum softwares, like vBulletin, phpBB and many others. But main problem with them is, I’ve to host them personally and hosting a public facing forum needs a lot of time and experience, which I don’t have. There are also some choices for free forum hosting. But, they gives annoying ads all over the pages and have some irrational constraints like limit on users (how can, or why should I put restrictions on user registrations, after all it’s purpose is to communicate with all. I’m not saying my forum is going to be that big. But at-least I should have no such limitations.), limit on posts (this is another disturbing limitation) etc.

Slack has become popular for quite some time. And I really like the UI and it’s made for conversation. But one problem with the Slack teams, is joining of new members is depended upon invitation. It’s a little obstacle. Though this can be overcome if we can automate the sending of invitations. And fortunately there are some opensource projects, already solved the problem. One of the projects of this sort is Slackin.

Slackin is a really simple web app with NodeJs backend. It’s simple to host and modify. But it needs one backend. Can’t be hosted with GitHub pages. There are a few free options like heroku, openshift to host a NodeJs application. Heroku does not accept custom domains with free plan. So, my obvious choice is always Openshift in such cases. Openshift’s previous version was more generous towards the free plan. There was no mandatory sleep time, like with the new version (Openshift’s version 3 requires at-least 18 hours of sleep time in a contiguous span of 72 hours). I’ve an account with the previous version. So, I could configure Slackin with one gear (in-simple-words containers are termed as gear in Openshift’s terminogy).

I’ve modified Slackin a little. In original software there is no check for spam. Though it does not matter if invitations are generated with automated scripts, as all the requests will be submitted to Slack. But, it’s better to have means to prevent spams in all publicly accessible websites. I have also checked that, Slack server is not testing the requested emails for invitation. Invitation requests to Slack’s API with email adddresses like, a@b.c is returning success. So, it’s needed to employ a captcha at-least to prevent spams upto some level.

I’ve used Google Recaptcha. It’s simple to integrate to websites and innovative. Really. You should try this. If havn’t already.

Slackin’s guide to host with Openshift didn’t work for me. So, I modified the Slackin code to incorporate recaptcha and used different template to deploy the app to Openshift.

Let’s dive into the details of deploying Slackin with Openshift. I’m writing this conforming to my modifications of the original app. But this guide should work with the original app and different enviroment than Openshift also.

First let’s create one recaptcha token for our site. Go to Recaptcha site. Click on “Get Recaptcha“ and login with the desired Google login. Register a new site to the bottom of the page. Choose “Recaptcha V2”. Give the domain or subdomain name. By giving the domain name, all the subdomains to that domain are also authorised to use the same token. We’ve to use this feature wisely. And we’ve to include localhost, to test the recaptcha during development.

Next, we’ve to create one Slack team, where we will invite everyone to join. And create API token to authorize our app to Slack servers. So, head over to Slack website and click on Create Team.

Once the procedure of creating team and validation of email is complete, login to the Slack account and head over to create new token here.

So, the tokens we’ll use, Slack team calls legacy token, as they have introduced OAUTH app style authorization with client secret and client id. Legacy Token is fine. There are nothing wrong with it. Let’s work with it for now. Later I’ll try to modify this app to work with the new authorization.

Now, let’s clone the repo in your workstation. And install NPM packages and run the application to test.

If NodeJs is not installed in the workstation it can be downloaded from here and installed.

git clone https://github.com/arnabdas/slackin.git

cd slackin

# install npm packages
npm install

# see the options can be passed to the application
npm ./bin/slackin -h

# now run the application
node ./bin/slackin -k <recaptcha-site-key> -r <recaptcha-secret> -o <slack-team-name> -t <slack-legacy-token>

Test whether the recaptcha widget is loaded properly, once the captcha is confirmed and invitation is requested with valid email id, invitation link is received by the provided email id or not. Once it’s configured properly, it’s time to deploy the application to Openshift.

For Openshift install rhc by following this. Invoke rhc setup to login to Openshift from console and configure the workstation to work with Openshift API.

# create slacin application in Openshift cloud
rhc app-create slackin https://raw.githubusercontent.com/arnabdas/openshift-cartridge-nodejs/master/metadata/manifest.yml

# $RECAPTCHA_SITE_KEY -> Google recaptcha site key
# $RECAPTCHA_SECRET -> Google recaptcha secret
# $SLACK_SUBDOMAIN -> Slack team
# $SLACK_API_TOKEN -> Slack legacy token
rhc env-set -a slackin RECAPTCHA_SITE_KEY="recaptcha-site-key" RECAPTCHA_SECRET="recaptcha-secret" SLACK_SUBDOMAIN="slack-team-name" SLACK_API_TOKEN="slack-legacy-token"

# if custom domain to be configured for the app
# create one CNAME record for this custom domain to the Openshift app url
rhc alias-add <custom-domain> -a slackin

# add Openshift remote to the git repo to checkin the code to the Openshift repo
git remote add openshift `rhc app-show slackin | grep Git | sed 's/^.*ssh/ssh/'`

# now push to Openshift
git push openshift master

It should go fine and the app should be available at the intended url. And we’ve got our own forum. Cheers. Happy coding. :)

// new Function([arg1[, arg2[, ...argN]],] functionBody)
var animal = new Function('legs', 'this.legs = legs;');

// check the type
console.log(typeof animal); // function

// create an object
var a = new animal(4);

// and check if the value has been assigned or not 
console.log(a.legs); // 4

JavaScript interpreter does not enforce it, but it’s a common convention, the name of the functions, which are not intended to be used as classes, starts with a small letter and follows the conventions of camelCase.

Functions in JavaScript either used as a block of codes, to be executed upon call or create objects with properties assigned to the function or to its prototype.

Though operators seems to work like function, but by nature they are special kind of entity, which can’t be assigned and always needs operand(s) to operate on. That means, we can’t write var o = +;.

Objects can be created by two ways.

// by object literal
var obj = {};

// by using constructor functions
var classObj = new Animal(4);

JavaScript objects are basically representations of data-structure of key-value pair. And they can be iterated. And in modern browsers we don’t need to check with .hasOwnProperty as with the old browsers. Now we can simply do by for...in loop.

// create the object
var obj = {
  name: "Simon",
  age: "20",
  clothing: {
    style: "simple",
    hipster: false
  }
}
// iterate over the properties of the objects
for(var propt in obj){
  if (obj.hasOwnProperty(propt)) {
      console.log(propt + ': ' + obj[propt]);
  }
}

We can add properties to objects by two methods. Either declare properties at the time of creating the objects as the previous example or later assign by value-of notation.

// use the string literals directly
obj['literal'] = 'literal value';

// or dynamically set the property by variables
var property = 'dynamicProperty';
obj[property] = 'dynamic property value';

To delete a property from an object we can use delete keyword.

// directly delete the property if known
delete obj.name;

// dynamically assign property name to delete
var toDeleteKey = 'age';
delete obj[toDeleteKey];

console.log(JSON.stringify(obj)); // {"clothing":{"style":"simple","hipster":false}}

By default type of any object, created programmatically is object and parent is undefined.

var obj = {};
console.log(typeof obj); // object

Prior to ES-2015, there was no notion of classes in JavaScript, though class was a reserved keyword. So, until ES-2015, generally classes were reprsented as functions. And with functions, we can even derive one class into another, using the prototypal inheritance of JavaScript. There are several versions of deriving one class into another, and we can use one of these ways, as per the requirement and choice.

// declare class - 'Animal'
function Animal () {
  this.legs = 4;
}
Animal.prototype.legs = 8;
Animal.prototype.move = function () {
  console.log('moving...');
};

// declare class - 'Tiger'
function Tiger () {
  this.class = 'mammal';
}

Unlike other programming languages, in JavaScript inheritance assigned after creation of class, through prototype. Here we will discuss various methods of deriving classes.

// assign a new object to the prototype of 'Tiger'
Tiger.prototype = new Animal();

// create a new object of type tiger
var t = new Tiger();

console.log(t.legs); // 4

console.log(t.class); // 'mammal'

console.log(t.move()); // moving...

All things are fine and all the properties present in the prototype along with the properties declared in direct closure of the super class has been derived to child class Tiger. Programmatically and in using this type of construct don’t cause any problems.

However, using new with a prototypal language like JavaScript, seems like going against the tide. And in this historic document, Crockford agrees to the fact, that JavaScript lacks the mechanism to inherit directly from another object. Instead it uses function along with new keyword.

This indirection was intended to make the language seem more familiar to classically trained programmers, but failed to do that, as we can see from the very low opinion Java programmers have of JavaScript. JavaScript’s constructor pattern did not appeal to the classical crowd. It also obscured JavaScript’s true prototypal nature. As a result, there are very few programmers who know how to use the language effectively.

Using new keyword, actually causes a little deviation from being a pure Prototypal Language. In modern browsers, there is a method called create in the Object prototype. This tries to fulfill the promise of a pure prototypal language.

So, our previous example can be formatted as,

// declare Animal class
function Animal () {
  this.legs = 4;
}
Animal.prototype.legs = 8;

// declare Tiger class
function Tiger () {
  this.class = 'mammal';
}

// create a new instance of Animal.prototype and
// assign it to the Tiger.prototype
Tiger.prototype = Object.create(Animal.prototype);

// explicitly assign Tiger as the prototype's constructor
Tiger.prototype.constructor = Tiger;

// create instance of Tiger
var t = new Tiger();
console.log(t.legs); // 8
console.log(t.class); // mammal

So, it didn’t call the constructor of the Animal class. We need to do that explicitly inside the Tiger constructor.

function Tiger () {
  Animal.call(this); // call Animal constructor
  this.class = 'mammal';
}
var t = new Tiger();
console.log(t.legs); // 4

And if we are more into writing prototypically pure code, we should not even use functions as classes. Observe how the properties are created here. We can also control accesses of the properties. More details.

// create Animal class object creator
function createAnimal () {
  return Object.create(Object.prototype, {
    legs: {
      value: 4
    },
    move: {
      value: function () {
        console.log('moving...');
      }
    }
  });
}

// create Tiger class object creator
function createTiger () {
  return Object.create(createAnimal(), {
    class: {
      value: 'mammal'
    },
    move: {
      value: function () {
        console.log('moving in stealth mode...');
      }
    }
  });
}

// create instance of Tiger class
var t = createTiger();

console.log(t.legs); // 4
console.log(t.class); // mammal
t.move(); // moving in stealth mode...

One benefit of using prototypal language is, it’s possible to use delegation instead of inheriting another class in order to re-use code.

What is delegation? Let’s understand that by an example.

Suppose we have two classes Mammal and Reptile. By the genetic inheritance, we know that, there are almost no similarity between these two species. As designing classes means abstraction of real behavior, suppose for the sake of the program we have identified that, the movement of both of the classes are same. And some super enthusiastic developer has already implemented the move function for the mammals.

What can we do now. Derive the Mammal into Reptile, how odd it may look or sound. Or repeat the same method in Reptile. But that will introduce redundant code. Or move out the function out of Mammal and put in some Utility object and use from both the classes as method call.

As a prototypal language JavaScript gives another possibility. Delegation.

We can directly use the move function with an object of Reptile class by the use of call or apply available in Function prototype.

// create one object of reptile
var r = new Reptile();

// use call or apply to invoke the function 'move'
Mammal.move.apply(r, arguments);

Only constraint would be, Reptile class should contain all the properties, required by the move method in Mammal class.

But how this can be done?

Here comes the concept of closure. In JavaScript, there is no block-scope as in other programming languages like Java, C++, C.

{
  var i = 0;
}

// i is available here
console.log(i); // 0

Instead it defines closure as the state of a function along with the scope of it. Let’s understand it by some examples.

var outside = 'Outside';
function a () {
  console.log(outside); // Outside
}
a();
console.log(outside); // Outside

Let’s modify the code a little bit. We will declare the variable outside again inside the function a.

var outside = 'Outside';
function a () {
  console.log(outside); // undefined

  var outside;
}
a();
console.log(outside); // Outside

Why it printed undefined? Because inside the function the re-declaration of outside hoisted and it overrided the prior declaration of the variable outside. But, outside the function it remains same.

Now, let’s take an interesting example of closure.

for (var i = 1; i < 4; i++) {
  setTimeout(function() {
    console.log(i);
  }, 2000);
}

It will print 4 three times. But we expected that, it should print 1, 2 then 3. Why it did that? Because, the closure, in which the expression console.log(i); was executed, had 4 as the value of i at the time of execution.

How can we correct this? simply by creating new closure for each of the functions passed to setTimeout.

for (var i = 1; i < 4; i++) {
  setTimeout((function(i) { // new closure
    console.log(i);
  }(i)), 2000);
}

It’ll correctly print 1, 2 then 3.

Is this the only way-out? No. We can also use partial functions here. What are partial functions.

In Function prototype, there is one method, called bind, which returns a function binding with the passed context and arguments. This blog contains a previous post regarding usefulness of this function for a specific usecase. Here we can use bind for this purpose.

for (var i = 1; i < 4; i++) {
  setTimeout(function(i) {
    console.log(i);
  }.bind(this, i), 2000);
}

It’ll print 1, 2 and 3 in correct manner.

Thank you for reading this. Be happy. :-)

For GitLab, backup means backup of configuration and application data both. More details.

To take backup, first we need to decide on the policy regarding storing the backup. Yes this is very important.

It’s possible to take backup regularly, download the archive files to local computer and keep the archives in a convenient place. But, it’s good to have an automated process for this. And we should keep in mind that, our local machines can crash and if that happens, all the backups will go to vein. For this reason, we should select providers like AWS S3, Google CLoud Storage, RackSpace Cloud Files to store our backups. They have disater recovery processes and there is almost no chance that any file uploaded to these services, will be lost, unless we explicitly do this. GitLab depends on Fog for uploading backups to remote locations. And Fog supports only the above three cloud providers along with local storage. By comparing the pricing of the above three and considering the fact, mostly we will just upload and store the files, downloading will not happen very often, found that, AWS S3 has the least pricing. Refer to, AWS S3 pricing, Google Cloud Storage pricing and RackSpace Cloud Files pricing. Observe that, there are three types of storage in AWS S3 and Google Cloud Storage. We can decide that, initially we will upload the files to Standard Storage and after some time move the files to Glacier Storage of AWS or Nearline Storage of Google and after a long period of time, say one year, we will actuallly delete the files. Beacause after such a long period, there will not remain any relevance of such old backup. In S3, we can explicitly set such rule. We will see.

I’ve used AWS S3 to preserve the backed up data. If you want to use any other provider, this guide may not help you that much.

Let’s start.

Create one AWS account. If you’re an Amazon customer, you may either link the AWS account with the exisiting customer account or create a fresh one with new email. Amazon also gives a 12 month free tier, upon signup of a new account. Here one credit or debit card eligible for online transaction is required. Open AWS Console, click on the link/button Sign In to the Console and complete the procedure to sign up and in the last page click on the link, something like Sign In to Console. Check the email in the username box and select the returning user radio button and enter the password.

To create a bucket, think bucket as a bowl to put your backups, go here. Click on the Create Bucket button. Give the bucket name, you decided and select a region (here choice of region doesn’t matter seriously unless you have some constraint), and if you need logging, click on Enable Logging, otherwise click on Create. Your bucket is ready to take files.

Here we have to set the Lifecycle of the files. Click on the bucket, just created and click on the Properties button if not selected in prior. Click Lifecycle and create one rule. The wizard is self explaining. Fill it, at your own choice. I’ve set that, after 30 days, files would move to Glacier Storage and after 365 days from the creation time the files will be deleted. Now, let’s move towards to create users to configure the automated backup process.

It’s not recommended to use the root user, the user, you have logged with, in any of the automated tasks. Because if someone with malicious intent gets access to our server, severe damage can happen. So, create one IAM user here. Click on the Users tab to the left and click on Create New User. You can create upto 5 users at a time. Here we need only one user. Give the username. Keep the checkbox Generate an access key for each user checked. Click Create and in the next page download the credential by clicking on the button Download Credentials and then click Close. It’ll be better to create a group with proper inline policy, so that, it’ll be easier to manage user permissions.

Click on the Groups tab to the left. And create one group. Don’t attach any policy here. Just create the group. After creation, click on the group to open the details. Click on the Permissions and open the accordion Inline Policies. Click on the Click Here link. And select the button corresponding to Policy Generator. Select S3 from the dropdown of AWS Service. And select the following actions for specified resources.

# Resource - "arn:aws:s3:::<bucket-name>/*" 
"s3:AbortMultipartUpload",
"s3:GetBucketAcl",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:ListBucketMultipartUploads",
"s3:PutObject",
"s3:PutObjectAcl"

# Resource - "*"
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"

# Resource - "arn:aws:s3:::<bucket-name>"
"s3:ListBucket"

After putting the resource name each time click on Add Statement and finally click on Next Step and give a name of the policy and create it. The policy will be listed in the Permission tab of the Group.

Click on the Users tab in the group details page. Click Add Users to Group to add the user created previously.

Now we have to configure our GitLab server to upload the backups to AWS. Open /etc/gitlab/gitlab.rb in your favourite editor and add the search for the text manage_backup_path and make the block like below. More Details.

gitlab_rails['manage_backup_path'] = true
gitlab_rails['backup_path'] = "/path/to/backup/location/in/server"
# gitlab_rails['backup_archive_permissions'] = 0644 # See: http://doc.gitlab.com/ce/raketasks/backup_restore.html#backup-archive-permissions
# gitlab_rails['backup_pg_schema'] = 'public'
# gitlab_rails['backup_keep_time'] = 604800
gitlab_rails['backup_upload_connection'] = {
   'provider' => 'AWS',
   'region' => 'us-west-2',
   'aws_access_key_id' => '_secret_id_',
   'aws_secret_access_key' => '_secret_key_'
}
gitlab_rails['backup_upload_remote_directory'] = 'bucket-name'
gitlab_rails['backup_multipart_chunk_size'] = 104857600
gitlab_rails['backup_encryption'] = 'AES256' # Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for backups

For the codename of AWS regions, refer to this. AWS secret access key id and access key can be found in the downloaded credential file, when the IAM user was created. Replace bucket-name with proper name of the bucket, you had created in prior.

Almost done. Now, we have to run only two commands.

# reconfigure GitLab with the modified configurations
sudo gitlab-ctl reconfigure

# create first backup of the server
sudo gitlab-rake gitlab:backup:create

If all the steps have configured correctly, you should be able to see a .tar file in the web view of the bucket.

But, we don’t want to take backups manually. So, we will set a cronjob in our server. Invoke the command sudo crontab -e -u root, or you may want specify the useid, running the GitLab server. If the crontab has not been configured, it will ask for the default editor, you want to use. Select one by giving one number. Then the cron-file will be opened in the editor selected.

Now, we have to understand a little bit about the syntax of the cron. It’s very easy. Just read this once. By the knowledge, we just acquired, let’s add one line to the end of the cron file and save the file. Cron will automatically create one cronjob for it.

# it says that run the backup command on the 7th day, i.e. 
# Saturday, depends on the server setting, at 23:59 hrs
# and the backup command will take care of creating backups
# and uploading them to AWS S3
59 23 * * 7 /usr/bin/gitlab-rake gitlab:backup:create

It completes the automation of taking backups of application data, i.e. repositories, databases etc.

We are not finished yet. We need to take backup of the /etc/gitlab folder also. But, as this folder does not change very frequently, decided to take backup of this folder manually. Specially if you have many users you may want to setup a cron job to create archives of this folder at regular intervals. Refer to this.

Code happily and be happy. :-)

And of-course put the domain/sub-domain name you are going to use as the name of the server. It’s required.

This is the second part of the series to configure a source control hosting. This post contains only installation steps. If you need any push to motivate youself to do this, you may find the first part helpful.

Here is the first part, regarding choice of hosting and some inspiration.

I’ve used the Omnibus package for installation. Found this as most convenient one. And I’ve seen that, it’s possible to tweak all the services installed by this package. You can also opt for installation of individual components of GitLab. You can find lot of options here.

Before we start the installation, we need to log into the system by SSH and update our system. If you’re using any version of Linux or Mac, you have your terminal and the command ssh is available. For Windows use Putty. More details.

# first update the registry
sudo apt-get update
# upgrade if any update available
sudo apt-get upgrade

Now follow the instructions described here for GitLab Community Edition Server. Instructions have been written quite clearly.

Select Internet Site during Postfix installation

It may happen that, your server provider has blocked the SMTP port by default. Check if mails are going from the server.

sudo apt-get install mailutils
echo "This is the body of the email" | mail -s "This is the subject line" to@existingmail.address

If not, configure the mail server properly. It’ll be needed by GitLab.

But before executing the command gitlab-ctl reconfigure, we have to do something to configure this server with SSL.

Please don’t use the server with IP. Use a domain name with SSL. It’ll give a level of security inside the network layer. More details.

Theoretically you can use a IP for your server hostname. But, if you are configuring a git server for yourself. Give it a name. Even a subdomain like subdomain.domain.tld looks good. And there are lots of providers selling cheap ssl certificates. Get one of them. I’ve seen Comodo Positive SSL’s are the cheapest ones and will show a green lock in the address bar of the browser.

It’s also possible to use self-signed certificate. But that will show a red lock with cross in the address bar. Main difference will be the .crt certificate we are going to use for the server. To configure SSL for an HTTP server we need one .key and corresponding .crt file. Details about private keys and csr’s are described here. To summerize, for self issued certificate, first generate a private key and a .crt file.

# replace the domain with a name you like
openssl req \
       -newkey rsa:2048 -nodes -keyout domain.key \
       -x509 -days 365 -out ssl.crt

# put the files into proper folder so that GitLab can get them
sudo mkdir -p /etc/gitlab/ssl
sudo chmod 700 /etc/gitlab/ssl
sudo cp domain.key ssl.crt /etc/gitlab/ssl/ 

# also add the keys to the system
sudo cp ssl.crt /etc/ssl/certs/gitlab.pem
sudo cat /etc/ssl/certs/gitlab.pem > /etc/ssl/certs/ca-certificates.crt

If you’ve bought a SSL certificate from a provider like Comodo, you need one .csr file to upload to the site to issue a domain validated certificate.

openssl req \
       -newkey rsa:2048 -nodes -keyout domain.key \
       -out domain.csr

Upload the .csr file to the site and after validation/completion of the required steps you can download a .zip file containing either two files like domain.crt and something like domain-bundle.crt or 4 files, such as domain.crt, AddTrustExternalCARoot.crt, COMODORSAAddTrustCA.crt and COMODORSADomainValidationSecureServerCA.crt. This is the case of Comodo Positive SSL. If you find it otherwise, please consider your SSL issuer’s document about this.

Either way, you need to concatenate all the .crt files into one.

# if you've two .crt files
cat domain.crt domain-bundle.crt > ssl.crt

# if you've four different files
cat domain.crt COMODORSADomainValidationSecureServerCA.crt  COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl.crt

# put the files into proper folder so that GitLab can get them
sudo mkdir -p /etc/gitlab/ssl
sudo chmod 700 /etc/gitlab/ssl
sudo cp domain.key ssl.crt /etc/gitlab/ssl/ 

# also add the keys to the system
sudo cp ssl.crt /etc/ssl/certs/gitlab.pem
sudo cat /etc/ssl/certs/gitlab.pem > /etc/ssl/certs/ca-certificates.crt

To configure your server with the domain name you decided, you have to register the domain name and point the domain to the server or you can use sub-domain of an existing domain. For subdomain create just one CNAME. Here you can find some details. Open the generic steps. Use the name you decided for the subdomain as the alias.

To use a root domain like domain.tld, you need to create one A-record and one CNAME record. Here, you can read about various record types for DNS, here is one guide to add A-record and here, you will get the details regarding how to point your domain to your server. For that you need to know the IP of the server. Either get it from the mail, you got after buying the server or server provider’s control panel or by the following method, if you are logged into your server by ssh.

# icanhazip is a free service for ip lookup
curl http://icanhazip.com
xx.xx.xx.xx # server ip

We are in the last phase of configuration of our GitLab server. Open the file /etc/gitlab/gitlab.rb and add/modify some lines in it. Replace the domain carefully.

external_url "https://domain.tld"
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/ssl.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/domain.key"
nginx['proxy_set_headers'] = {
  "X-Forwarded-Proto" => "http",
  "CUSTOM_HEADER" => "VALUE"
}

Now, execute sudo gitlab-ctl reconfigure. It’ll take some time, depending on the speed of the server. And, if everything goes ok, we should be able to open GitLab client in the browser at https://domain.tld, with a green lock of SSL.

Congratulations!!!

First the browser will be redirected to set the password of the initial administrator account root. Set the password and log into the dashboard by entering the username root and the password you’ve just set. Click on the small range icon to the right hand side of the top bar and then click on the settings icon to left. There you’ll find lot of options to customize. Probably you need to stop the public Sign-up first and use two-factor authentication.

Your server is set-up. Now we have to configure our CI. This is pretty straight forward.

Upload the ssl.crt to the server, intended for the CI. SSH into this server.

sudo apt-get update
sudo apt-get upgrade

# for those, who have configured with self signed 
# certificate, following steps are required 
cd /path/to/ssl.crt
sudo cp ssl.crt /etc/ssl/certs/gitlab.pem
sudo cat /etc/ssl/certs/gitlab.pem > /etc/ssl/certs/ca-certificates.crt

First decide about the runner, and follow the steps. There are also some links to important documents here.

Create a new project. Configure .gitlab-ci.yml and enjoy build at every push. Don’t forget to add one badge to the README, will come in the format, ![Build Status](https://domain.tld/namespace/project-name/badges/branch-name/build.svg).

Happy coding. Try to live in your own terms. :-)

So, we must take good care of what we create. We must preserve them. And we should take it seriously.

This is the first part of a series to configure a source control hosting with some push towards doing it for ourselves

Second part regarding installing and configuring GitLab community edition server is here.

Now-a-days everybody is doing data-mining. Big corporations are pioneering this trend. Lot of lawsuits have been filed, is filed on a regular basis. Whatever we do, are persisted and they are analysed by good AI algorithms. Every corporations are investing trillions of dollars for AI. The data-mining are not personally targetted, at-least what they claim. But, no body is stopping them to do that in the age of aggressive marketing.

Creation costs ourselves. So, we must keep them on our own terms.

I write code. So, mimetype of my creation is application/text, in-simple-words, basically I create text-files. For this kind of documents, any version control systems like Git, Mercurial, Bazaar is enough. I prefer Git, as I have to use it on a daily basis for my job. So, I had opted for premium subscription of Github. They have recently allowed unlimited private repositories and just announced a large bouque of features, to help developers. But, it offended me and lot of others, when Github increased their price for organisations. I don’t manage any organisation, but I realized that we are so helpless before the strategical decisions aka whims of the big corporations. They can do anything to us as we have agreed their terms, when signed up for the services. Do you read the terms? I don’t, rather can’t. I find them like a spiraling web of stairs, steps made of jargons from the world of law.

We can’t go absolutely beyond the reach of the big corporations. But at-least we can try to take some steps towards making our life private and live on our own terms. :-)

On this note, let’s configure a private instance of Git Server. But maintaining a Git server and other companion tools such as source code browser, decent web interface to manage the server, we also need a issue tracker, projects need wiki’s and of-cource user management of such a server is not a matter of joke. We need a good packaged software such as Bitbucket Server or GitLab, which offer all such features. Bitbucket is quite pricey, if team size grows beyond 10. Also we have to maintain a VPS, that itself incur a recurring cost, we don’t want to spend on Server Software. So, we choose GitLab Community Edition. It’s free. Though it lacks some features of the pro edition, available ones are enough for small organisations.

In this series I’m going to write step-by-step process to configure GitLab Community Edition server along with adding support for SSL.

This is going to be long. So, buckle up.

But before we start the installation, we must get a server to host. Now, here I’ve some words to say. As we have to preserve something, whatever it may be, it should not be like that, all our saved assets be lost, if the server crashes. So, we have to take backups at regular interval, may be every day. And along with that, we should prefer cloud servers as they are more stable than dedicated ones. Actually cloud servers are made as an abstraction of the actual hardware. So, even if one or two physical units from a cloud cluster crashes, the servers, built upon them takes another computational units as failover.

When we host/run GitLab, a bunch of services run simultaneously. Redis, PostgreSQL, Nginx, Workhorse (a background process), Sidekiq, Unicorn, LogRotate. So, we need at least 2 cores and at-least 2GB memory, so that server does not get too much slow or unresponsive. More details.

For cloud servers there are many options, DigitalOcean, Vultr, Linode, AWS, Google Cloud, Microsoft Azure, and so many others. Personally I use Scaleway, a brand from Online.net to host the GitLab server. There I got one cloud server (they use KVM) with 2 cores, 2GB primary memory aka RAM and 50GB SSD hard disk at €2.99/pm. And for CI, I use lowest offerring from Aruba Cloud, a small vps with 1 core, 1GB RAM and 20GB SSD for €1/pm. You can also check for low cost KVM servers in UK from Rackulous or checkout low cost offers, regularly published in lowendbox.

Hence, it’s concluded that, it’s possible to host GitLab Community Edition Server with CI for €3.99/pm, less than €4/pm. :-)

If you have selected and got your VPS, we can go for the next step. Install and configure GitLab server. :-)

Generating the static pages and then upload them to the remote machine takes a lot of effort beside writing a post. And the job is so repetitive. So, CI is a very good use case for this. But, as I use private repo for this, most of the prominent CI hosts charge a lot to build for private repos. After searching a little bit, got the name of Vexor. The best thing is that, they are not limiting you, 1 build unit, 2 build units, private repo etc. You start with free 100 build minutes, then $0.015/min. Quite cheap. And no prior commitment with huge monthly subscriptions (Others are really pricey. I don’t understand, why do they charge over $30/month for a single unit, while builds for most of the normal projects does not go over 1hr. And how many builds per day a project can see. I don’t know.) So, I pleased with the pricing matrix of Vexor.

Update Probably Vexor recently has updated their pricing policy. At least they sent mails to it’s users that, there would be no free build minutes. Builds will be invoiced at a rate of $0.015/min, but there is no change in the pricing plans on their website. Please check with the support before creating an account.

One problem with them is they have not yet completed their documentation fully. And their whole doc is full of examples of building Ruby applications. Probably they are fond of Ruby. I’ve no complains. But they should include at-least some full examples for NodeJS. Then I came across one of the features in their build system. You can log into the build container for 30 mins (if you enable ssh) to debug. So, nice feature. Probably use only once for one project but that’s big.

So, I started to configure. First steps are quite straight-forward. Go to Vexor. Sign up with Github or GitLab or Bitbucket account. Enable your repo. You should be able to see the repo in your Dashboard. As soon as the repo is connected, it will try to start the build. But, my repo was not configured. Naturally, first build failed. Then I started to configure.

First, added one file to the root of the repo by the name .vexor.yml (vexor.yml, without the leading dot is also permissible).

As I want to build for NodeJS. I added language: node_js. They have support for several versions of Node. I added for 6.1.0.

language: node_js
node_js:
- "6.1.0"

I use Hexo to generate the site. And this needs hexo-cli to be installed globally. So, I added npm install -g hexo-cli and of-course npm install to the install section.

install:
- npm install -g hexo-cli
- npm install

As I’ve included one post-install hook to the package.json with the command hexo generate, practically I’ve nothing to do for generation of static content in the script section.

{
...
  ,
  "scripts": {
    "postinstall": "hexo generate"
  },
...
}

Now, I need to upload the generated content to the remote site. So, added some lines (with the help of Domenic) to the before_script section to add the ssh-key to ssh agent.

before_script:
- chmod 600 /home/vexor/.ssh/id_rsa
- eval `ssh-agent -s`
- ssh-add /home/vexor/.ssh/id_rsa

The available key in the .ssh is the private key you have to add in the settings of the project. You can generate one key pair by ssh-keygen -t rsa -b 4096 -C "your_email@example.com". More detail. And add the content of the public key of the pair to a file named authorized_keys in the .ssh directory of home of the user, you want to deploy with, to the remote machine.

To deploy I’ve added one shell script file, named deploy in my repo. (taken from here). Only I modified the userid, server address, added cd public (from where we need to upload), the remote directory path and removed the exclude-from flag.

#!/bin/bash

cd public
$ERRORSTRING="Error. Please make sure you've indicated correct parameters"
if [ $# -eq 0 ]
    then
        echo $ERRORSTRING;
elif [ $1 == "live" ]
    then
        if [[ -z $2 ]]
            then
                echo "Running dry-run"
                rsync --dry-run -az --force --delete --progress -e "ssh -p22" ./ build@xx.xx.xx.xx:/usr/share/nginx/html
        elif [ $2 == "go" ]
            then
                echo "Running actual deploy"
                rsync -az --force --delete --progress -e "ssh -p22" ./ build@xx.xx.xx.xx:/usr/share/nginx/html
        else
            echo $ERRORSTRING;
        fi
fi

This file deploy need to executable. So, added chmod +x ./deploy to the before_script section.

And finally in the script section added ./deploy live go, which will deploy the generated content to the remote directory, if all things go successfully.

If anyone needs the full glimpse of .vexor.yml, here it is,

language: node_js
node_js:
- "6.1.0"
install:
- npm install -g hexo-cli
- npm install
before_script:
- chmod 600 /home/vexor/.ssh/id_rsa
- eval `ssh-agent -s`
- ssh-add /home/vexor/.ssh/id_rsa
- chmod +x ./deploy
script: ./deploy live go

Anyway, as this new development happens to be completely different than the previous one, first decided to create a new repository altogether. But, after some considerations, came to the conclusion, that it would be wrong, if we create a completely new repository for a software, that will do essentially the same things as the previous one.

So, created one orphan branch from master.

git checkout master
git checkout -b --orphan new_version
git rm <all-the-unnecessary-files>
## Make changes in the code base
git add .
git commit -am "new_version: Initialize"
# Generally the remote is 'origin', if not change as required
git push origin new_version

And continued development on that.

Until this stage, there was no problem. But, problem started, when we tried to push this branch to master. We could not merge this branch to master, as that would nullify the effort to make a new commit history for the new version.

Decided to delete the master branch and create new master branch from new_version.

# Create a backup of the old version
git checkout master
git checkout -b old_version
# And push the backup to remote
git push origin old_version
# '-D' is needed instead of '-d', as current branch 
# and 'master' branch has different commit history
##### Following error will come
# error: The branch 'master' is not fully merged.
# If you are sure you want to delete it, run 'git branch -D master'.
git branch -D master

Now, we can’t delete the master branch from remote straight away. It would give the following error.

To git@github.com:username/repo.git
 ! [remote rejected] master (refusing to delete the current branch: refs/heads/master)
error: failed to push some refs to 'git@github.com:username/repo.git'

As our repository is hosted in Github, we could change the default branch temporarily to new_version in the branches tab of settings page of the repository. And delete the master branch in remote.

git push origin :master
# To git@github.com:username/repo.git
#  - [deleted]         master

Now, create the new master branch from new_version.

git checkout new_version
git checkout -b master
# And check-in this new master branch
git push origin master

Now, change the default branch to master in Github.

Here is the bare minimum code of the markup creating the modal.

<!-- index.html -->

<!DOCTYPE html>
<html lang="en">

<head>
  <meta charset="UTF-8">
  <title>Show Modal Test</title>
</head>

<body>

  <div>
    <input id="name" disabled />
    <input type="button" id="button1" onclick="openWindows()" value="Enter Name" />
  </div>

  <script type="text/javascript">
    function openWindows () {
      // Get the return value set by the modal window
      var getval = window.showModalDialog('modal.html');
      window.document.getElementById('name').value = getval.data;
    }
  </script>

</body>

</html>

And this is the markup of the modal (maintained by third party). The returnValue property in the window object of modal, is returned by the showModalDialog method.

<!-- modal.html -->

<!DOCTYPE html>
<html lang="en">

<head>
  <meta charset="UTF-8">
  <title>Modal Window</title>
</head>

<body>

  <div>
    <input id="inputName" />
    <button type="submit" id="btnReturnValues" onclick="ReturnValues()">Submit</button>
  </div>

  <script type="text/javascript">
    function ReturnValues() {
      var vReturnValue = document.getElementById('inputName').value;
      window.returnValue = {
          data: vReturnValue
      };
      window.close();
    }
  </script>
  
</body>

</html>

After some time, due to some sizing issue of the modal dialog, we used one intermediary HTML page as the content of the modal. And, in that page we navigated to the external link, via an IFrame, setting the dimention. So, we added the url of the container (where the IFrame resides) as the first parameter of the method showModalDialog and sending the url of the intended url as dialogArguments (refer to).

var getval = w.showModalDialog('container.html', 'modal.html', 'dialogWidth:960px; dialogHeight: 670px; resizable: yes');

And added the container page. Modifications were not required in the third party page.

<!-- container.html -->

<!DOCTYPE html>
<html>

<head>
  <title>Conatiner</title>
</head>

<body>
  <iframe onload="setStyle()" name="iframeExternalLink" id="iframeExternalLink"></iframe>

  <script>
    window.onload = function () {
      var url = window.dialogArguments;
      document.getElementById('iframeExternalLink').src = url;
    }

    // Explicitly setting the height of the IFrame. Even if the third-party page comes bogger, scroll bars will come
    function setStyle () {
      document.getElementById('iframeExternalLink').height = '670px';
      document.getElementById('iframeExternalLink').width = '960px';
    }
  </script>
</body>

</html>

That was working fine, till last week. After one patch (Current version: IE11-11.0.9600.18204, IE10-10.0.9200.17640), the procedure is not working as previous. If we examine closely, this should not work previously also. As from the external web page, the returnValue property is set in the window, that property is set theoretically to the window object of the IFrame itself. But somehow it was working.

As we are opening third party url, it’s a long procedure, to tell them to change in their code. So, we were searching for a solution, so that, third party code should not needed to be affected.

After some brainstorming, we thought that, in the onbeforeunload event (called before closing of a window), in the container.html, we can set the returnValue property in the window object of the page, where the IFrame resides.

window.onbeforeunload = function (e) {
  var win = window.frames['iframeExternalLink'];
  window.returnValue = win.returnValue;
}

This was working. But, that again didn’t work. As, the third party website is using Telerik, the library sets the onbeforeunload as it requires. So, our event handler is at all not fired.

What to do now?

We found our second approach. But this approach requires modification in the third party code. In the function, where the window.close is called, they need to call one method setReturnValue of parent, which in turn will set the returnValue in the parent (the modal window) or directly set the value of the property returnValue in window.parent.

<!-- In container.html -->

function setReturnValue (returnVal) {
  window.returnValue = returnVal;
}

and in the external web page:

// In modal.html

function ReturnValues() {
  var vReturnValue = document.getElementById('inputName').value;
  
  // Call the method in parent to set the returnValue
  window.parent.setReturnValue( {
    data: vReturnValue
  });
  window.close();
}

or in short,

// In modal.html

window.parent.returnValue = {
  data: vReturnValue
};

This would solve the problem. Easy solution. Right?

I got to know about this in detail at quite a later time in my programming carrier. I heard and read about the method. But couldn’t find good example/use-case to use. Recently one of my colleagues came with a puzzle question, how to write this multiply function so that the following would return 120 the product of the numbers passed.

multiply(1)(2)(3)(4)(5);

He showed the solution as following:

function multiply (a) {
  return function (b) {
    return function (c) {
      return function (d) {
        return function (e) {
          return a * b * c * d * e;
        };
      };
    };
  };
}

But, somehow I didn’t like the solution. As we can multiply that many numbers equal to the number of funcitons returned in chained fashion. And thought that partial function can be a resort to solve this problem. So my solution was:

'use strict';

// In non-strict mode we have to use this !== window (vide: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function/call)

var multiply = function (a, b) {
    if (!b && (this !== undefined)) {
        return a;
    }
    else {
        return multiply.bind(null, !b? a: a * b);
    }
};

But here we only have to call this as multiply(2)(3)(4)(5)(6)(7)(), with an extra parenthesis to call the last generated function. Also, we have to be careful about the sentinel constraint as described in the comment.

Until the last call of the method, it actually returns partial functions. And for the first and last case, we are relying on the fact, that this would be undefined in the first case and in the last call (the sentinel call), b would be undefined as well as this would be null not undefined.

It’s a good use-case to use bind. And with this implementation we are not restricting ourselves to the number of operands, can be passed.

function welcome() {
  return "Welcome!!!"; /// Return type is 'String'
}

But, sometimes back came accross an example of a function.

function add(a, b) {
  return (
    console.log(a + b),
    console.log(arguments),
    a + b
  );
};

console.log(add(2, 2));

What would be the output???

4
[2, 2]
4

Amazing. Right. Or you’re not amazed, buffled, taken-aback, surprised as I was. May be you know why this is happenning. May be you know about grouping operator, comma operator or you may have already read the ECMA specification for return and function. If neither any of these is your case, read on.

I posted one question in StackOverflow regarding this. Many programmers answered and participated in the discussion. Actually if all of the concepts liknked in the above para is clear to one, there should not arise any question. But, it’s me. Never read properly. :P

The question was, is return here is behaving like a function, as we are kind of passing arguments into it.

Answer: No

If we try to print the typeof return it gives SyntaxError: Unexpected token return. As return is a statement by specification and typeof expects identifier after it, JavaScript engine won’t evaluate the expression. So, what happens here.

• The comma operator evaluates each of its operands (from left to right)
• The grouping operator () controls the precedence of evaluation in expressions.

The comma operator makes the evaluation of each of the expressions passed to the grouping opeartor. So, we get the first two lines of the output.

And the grouping operator is responsible to return the evaluated value of the last expression, separated by comma.

Quite simple. Right.

1. Eavesdropping: It actually happens in network layer. It has nothing to do with the coding done in the app.
   Solution: If there is no direct communication between users via the app, it’s a standard to deliver the app over SSL. But solution for this kind of attack is a combination of configurations starting from DNS setting to but not limited to use of HTTPS. (See also)

2. Cross Site Scripting(XSS): This is where an attacker can inject scripts into a page sent by the server and browser treats the injected script as any other scripts inside the page.

3. Cross Site Request Forgery(CSRF): A Cross-site request forgery is when a malicious site can use a visitor’s browser to make a request to your server that causes a change on the server. The server thinks that because the request comes with the user’s cookies, the user wanted to submit that form.

Cross Site Scripting(XSS)

Use Case: Showing menu based on privileges. Users with malicious mind-set can change some of the variables, such that, non privileged members can also see the higher privileged tabs.
Solution: Send or build the template, so it would only generate what is required. Nothing more. Ng-repeat may be a good resort here.

Use Case: Generation of some part of the page, depending on user input. One may input HTML to change the behaviour of the section.
Solution: Treat the user input as strings and do not bind the user input as ng-bind-html

Use Case: User may input some code as the query parameters like: http://abc.com?<script>alert(5)</script> returns "<p>There were no hits for <script>alert(5)</script>.</p>"

Solution: Use route parameters instead of query parameters. If it’s inevitable to use the query params, do not run eval on the string, use it as a string and of course check for the tags.

Lastly,

1. Set correct mime type of the content, exchanged to-and-forth client and server
2. If html templates are compiled into templateCache, correctly obfuscate the HTML replacing tags with HTML codes like, < should be replaced by <
3. It’s more than necessary to obfuscate JavaScript code with minifiers like Closure, YUI-Compressor etc. Signing tools may also be used, to check the page hash in server
4. Depending upon the sensitivity of data, passing to the server, it may be required to encrypt the same
5. Put each of the piece of the code into a closure, viz. an IIFE and if possible put ‘use strict’ at the top of each of them
6. Use dependency injection into every providers. Life would be easy after minification
7. If non obfuscated code needs to be used in client side, make the identifier names, as neutral possible. Use ‘re4ty_ft’ instead of ‘carPrice’
8. Disable autocomplete in sensitive information fields. User may have to key-in (even can’t paste. Refer to CITI Bank’s login page) or press keys in a virtual keyboard
9. It’s not advisable to put any files containing user-restricted-data in the webroot
10. Don’t store information in a global variable

Cross Site Request Forgery(CSRF)

This form of attack includes but not limited to:

1. Access cookie to change preferences
2. Logout the victim
3. Post a comment on behalf of the victim
4. Use victim as a proxy to get data from the site
5. Perform distributed password guessing attack, without even a pass hacker tool

Solution:

1. Send a login hash along with a API key each time client calls the server
2. Logout must be done, jointly by client and server, in both ways
3. Best not to use a cookie
4. For login and sensitive operations, use captcha, or two-factor-authentication apps like DUO
5. It’s better to use two different (.aspx or .php whatever) pages for login and app
6. No state should be persisted in the server, I.e. to say the REST API should implement a complete REST architecture
7. Encourage the users to close the window after logout (Currently Google Chrome does not close the tab/window invoking window.close command)
8. Make one landing page and from there on click of a button open a new address bar disabled window to redirect to the app

Glossary:

• http://www.squarefree.com/securitytips/web-developers.html
• http://artandlogic.com/2013/05/ive-been-doing-it-wrong-part-1-of-3/
• http://code.tutsplus.com/tutorials/important-considerations-when-building-single-page-web-apps--net-29356

There are several clients to use torrent. Why do we need one client with web ui. To remotely administer the download. Why? Personally I don’t like to keep my pc turned on whole night-n-day to download large files. And sometimes it really takes a painfully long time to download. Therefore we need to have a low cost solution for this task. You can setup one Raspberry PI in your home for this. Or you can buy one cheap VPS or if you are damn serious about seeding you can get one dedicated server with a good bandwidth allocation from a p2p allowing provider. In any of this cases you need one sufficiently robust torrent client with an acceptable ui. Deluge is one of the best in this category.

Let’s start. To start this thing, we have to understand that the world of torrent is really full of very troublesome torrents. Before leaving our server to download our favorite entertainment, we must secure our server to some extent with some defensive measures. [I’ll try to add a different post for this purpose]

One thing is that, to execute this whole procedure, one need to have at-least system administrator privilege for the login. First log into the system. If the login is for normal user, execute the command sudo -i and when prompted give your login password.

To run the Deluge server on our box, we will need one different user, than the users, we use to login into our system. For example we are using ‘deluge‘ as the name for both of our user and group.

adduser --disabled-password --system --home /var/lib/deluge --gecos "Deluge Server" --group deluge

• --disabled-password disables the login with password, however login can be done by other means, for example by SSH RSA keys (though we don’t require this feature)
• --system specifies that both user and group will be one SYSTEM user and group
• --home specifies ‘/var/lib/deluge‘ as the home directory of the newly created user (for us it’s ‘deluge‘). One more thing is that, by default Deluge will be installed in this location
• --gecos Specifies META data, to be inserted into the ‘/etc/passwd‘ about the user. Typically this information may be phone number, name of the user etc. We can put any information after this in double quote
• --group this option combined with ‘–system‘, creates user and group with same name specified after this (for now, it’s ‘deluge‘)

To run Deluge, we need to run Deluge Server and Deluge Web. The web component is the interface for the user to interact with the Deluge Server. Now we need to create two files to be logged by two components. We can do that by:

touch /var/log/deluged.log
touch /var/log/deluge-web.log
chown deluge:deluge /var/log/deluge*</pre>

• touch is a *nix utility to change the time-stamp of a file and if the file does not exist, it creates one empty file with the name and location specified
• chown adds the ownership to the user and group specified. Here we have given permission/ownership of ‘/var/log‘ to user deluge of group deluge to write logs into the said directory

We have to add the Deluge ‘ppa‘ repository to get the latest package published for your Ubuntu distribution.

apt-get install software-properties-common
add-apt-repository ppa:deluge-team/ppa
apt-get update

• software-properties-common gives the ‘add-apt-repository‘ command
• apt-get update updates our apt cache for installation and update of software packages in the box

Now we are ready to install the Deluge packages.

apt-get install deluged deluge-webui</pre>

• deluged is the Deluge server and
• deluge-webui is the web interface of Deluge

To start Deluge server and Deluge WebUI at the start, we need to create two files in the /etc/init directory. Use your favorite editor to create the init script for Deluge daemon (server) /etc/init/deluged.conf

description "Deluge daemon"
author "Deluge Team"

start on filesystem and static-network-up
stop on runlevel [016]

respawn
respawn limit 5 30

env uid=deluge
env gid=deluge
env umask=000

exec start-stop-daemon -S -c $uid:$gid -k $umask -x /usr/bin/deluged -- -d

and for Deluge WebUI /etc/init/deluge-web.conf .

description "Deluge Web UI"
author "Deluge Team"

start on started deluged
stop on stopping deluged

respawn
respawn limit 5 30

env uid=deluge
env gid=deluge
env umask=027

exec start-stop-daemon -S -c $uid:$gid -k $umask -x /usr/bin/deluge-web

There are more details about this configurations here.

Now we can reboot our server by init 6 or reboot -h now or start the Deluge services by

service deluged start
service deluge-web start

Access the web interface at port 8112. http://yourserver_IP_OR_domain:8112 . It will prompt for a password. Type ‘deluge‘ and login. This is the default password for the WebUI. And we must change our password upon first login.

Also it may be required to connect the daemon by clicking the ‘Connection Manager‘ button at the top task-bar.

This is not complete. Yet we have to do a little configuration for the Deluge Daemon and mask our web port with a good context name on our server. We will use NginX for this. And along with that we will add a new security measure. But this is pending for next post. Until then have a good time. :)

After a little search I came across one solution to make the server call synchronous, then the new tab/window ‘opening code’ would be directly in the user event and there will be no problem in the intended purpose.

Keeping the above consideration in mind, came with one more solution, one solution that can by-pass the situation.

Solution 1:

Make the server call synchronous, so that the new tab/window opening code be directly in the user event handler. (plunker)

Solution 2:

Create one window, in the same closure, as the server call is made and keep the reference to it in a variable. And in the success handler of the call, change the location of the window created in-prior or close the same in error handler. (Closing the window may be a problem for Chrome & Firefox) (plunker)

Solution 3:

In the success handler create one confirmation dialog for the user, and in the ‘OK’ handler create the intended new tab/window.

There may be another solution to create a form with target=”_blank” and in the action we will do the intended server call. But, I’ve not tried it. And this may not be a very good approach.

Actually what we do, the solutions can be searched and surprisingly people have already come across the same problem one to three years back. StackOverflow is practically “Overflowing” with suitable answers to all of our questions. So there is no need to think over anything. And even if we get a real problem to solve (apparently the solution of which could not be found by Google search), managers understands that and discusses with client with such a rigor and extensiveness, that eventually the poor creature modifies the requirement and the problem gets “SOLVED”.

With having no friend and attachments outside of the office, this blog will ultimately turn into a common “TECHNOLOGY BLOG”. I know. But, I’ll try to write fascinating ideas, conceptions to me.

And of-course let’s hope that, I do not lose interest to update this. :-)