iOS9 App Transport Security Policy

Recently came across this error while trying to build an app for ios9.

The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.

Easy way out is to allow all http requests and stop iOS from automatically converting to https. Here is how:

1. Navigate to the “Info” Panel in your app target.
2. Add a new key titled “NSAppTransportSecurity” with type Dictionary
3. Add a new key under the one you just created with the name “NSAllowsArbitraryLoads” with type Boolean and value YES
4. Build and rejoice… and read on

The idea is to make sure all communications secure, but there are some services that are out of your control. If you know what those are, here is a better way to handle the whitelisting.

1. Navigate to the “Info” Panel in your app target.
2. Add a new key titled “NSAppTransportSecurity” with type Dictionary
3. Add a new key under the one you just created (NSAppTransportSecurity) with the name “NSExceptionDomains” with type Dictionary
4. Add a new key to the NSExceptionsDomains with name “” with type Dictionary ( This is where you whitelist your domain )
5. Add a new key to the with name “NSIncludesSubdomains” of type Boolean and value YES
6. Add a new key to the with name “NSTemporaryExceptionAllowsInsecureHTTPLoads” of type Boolean and value YES
7. ( If you want to specify a minimum tls version ) Add a new key to the with name “NSTemporaryExceptionMinimumTLSVersion” of type String and value TLSv1.1 ( or whatever version you want )

Add more domains by redoing step 4 – 7

Here is a more detailed blog post : http://ste.vn/2015/06/10/configuring-app-transport-security-ios-9-osx-10-11/

 

Docker rails connection refused

I ve been playing with docker and fig for a rails application being built for scripted. This is my first time using docker in an actual project and I came across an issue that doesn’t readily have an answer out there even though in retrospect the answer was staring at me in the face.

Essentially after getting the containers built and running, I was not able to connect to the docker container at all. Everytime I tried connecting to the container, I would get a connection refused error.

~/P/r/schoolio ❯❯❯ boot2docker ip

The VM's Host only interface IP address is: 192.168.59.103

~/P/r/schoolio ❯❯❯ curl -i 192.168.59.103:3000
curl: (7) Failed to connect to 192.168.59.103 port 3000: Connection refused

My Dockerfile looks like

# Choose the official Ruby 2.1.2 image as our starting point
FROM ruby:2.1.2

# Run updates
RUN apt-get update -qq && apt-get install -y build-essential libpq-dev sudo openssl libreadline6 libreadline6-dev curl git-core zlib1g zlib1g-dev libssl-dev libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt-dev autoconf libc6-dev ncurses-dev automake libtool bison nodejs

RUN useradd -ms /bin/bash deployer
RUN echo "deployer:deployer" | chpasswd && adduser deployer sudo
RUN mkdir -p /home/deployer/schoolio && chown -R deployer:deployer /home/deployer/schoolio
ENV HOME /home/deployer
RUN echo "%sudo        ALL=NOPASSWD: ALL" >> /etc/sudoers
USER deployer
ENV DOCKER true

RUN ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_FILE'

# Set up working directory
WORKDIR /home/deployer/schoolio

# RUN sudo gem update --system

# Set up gems
ADD Gemfile /home/deployer/schoolio/Gemfile
ADD Gemfile.lock /home/deployer/schoolio/Gemfile.lock
RUN sudo chown -R deployer /home/deployer/schoolio/*
RUN bundle install

ADD . /home/deployer/schoolio

My fig.yml looked like this:

db:
  image: postgres
  ports:
    - "5432"

# redis:
#   image: redis
#   ports:
#     - "6379"

web:
  build: .
  command: rails s
  volumes:
    - .:/home/deployer/schoolio
  ports:
    - "3000:3000"
  links:
    - db
    # - redis

When I tried to run, the server started fine but wouldnt let me connect to it at all.

~/P/r/schoolio ❯❯❯ fig up
Recreating schoolio_db_1...
Recreating schoolio_web_1...
Attaching to schoolio_db_1, schoolio_web_1
db_1  | LOG:  database system was shut down at 2014-12-07 13:50:32 UTC
db_1  | LOG:  autovacuum launcher started
db_1  | LOG:  database system is ready to accept connections
web_1 | => Booting Puma
web_1 | => Rails 4.2.0 application starting in development on http://localhost:3000
web_1 | => Run `rails server -h` for more startup options
web_1 | => Ctrl-C to shutdown server
web_1 | Puma 2.10.2 starting...
web_1 | * Min threads: 0, max threads: 16
web_1 | * Environment: development
web_1 | * Listening on tcp://localhost:3000

~/P/r/schoolio ❯❯❯ curl -i 192.168.59.103:3000
curl: (7) Failed to connect to 192.168.59.103 port 3000: Connection refused

Docker showed two containers running and an the correct ports

~/P/r/schoolio ❯❯❯ docker ps
CONTAINER ID        IMAGE                 COMMAND                CREATED             STATUS              PORTS                     NAMES
8e0b1fe500b8        schoolio_web:latest   "rails s"              14 seconds ago      Up 13 seconds       0.0.0.0:3000->3000/tcp    schoolio_web_1      
0283bd6147c6        postgres:9            "/docker-entrypoint.   16 seconds ago      Up 15 seconds       0.0.0.0:49153->5432/tcp   schoolio_db_1     

After searching far and wide, I stumbled upon this issue on github and that pretty much solved the issue. All that need to be changed was the rails server startup command. specifically in the fig.yml,

  command: bundle exec rails s -b 0.0.0.0

The problem was that rails was trying to listen on localhost while the server was running on 0.0.0.0 . Hope this helps someone else out there.

 

Ruby split ignores empty fields

Came across a little weirdness with the string split function in ruby today. Basically

"a,b,c".split(",") #=> ["a,b,c"] # this is correct
"a,b,c,,".split(",") #=> ["a", "b", "c"] # this is weird

I was expecting the second one to have 2 extra empty fields. After doing some digging, turns out there is a limit param.

If the limit parameter is omitted, trailing null fields are suppressed. If limit is a positive number, at most that number of fields will be returned (if limit is 1, the entire string is returned as the only entry in an array). If negative, there is no limit to the number of fields returned, and trailing null fields are not suppressed.

source: Class: String (ruby 2.1.4)

Essentially, the split function needs to be called with a limit the same way as you would in Scala.

"a,b,c,,".split(",",-1) #=> ["a", "b", "c", "", ""]
 

How not to recruit for your startup

Recently someone got in touch with me on angellist and it turned out to be quite the dramatic conversation. As usual, it started out with the email stating that the company is interested in a chat. They seemed like an interesting startup and decided to connect and see where it goes. Then the weirdness started; names have been blacked out to protect identities.

initial_email

I was also recently introduced to x.ai, an awesome virtual assistant that schedules meetings over email. I decided to cc my virtual assistant on my reply to schedule a time for a call on my calendar.

my_first_reply

This is when things got interesting. The CEO + CTO ( yeah, that was the person’s title) replied back to me with this:

ceo_cto_reply

yep,
 

Fuck this bot. Arun, not a good call to have a virtual assistant schedule a job interview for you. Poor judgment.

At first, I was a little taken aback; then it became funny and I ended up having a good laugh over it. I gave it some thought and replied with this:

my_final_reply

So, coming to the point of this reactionary blog post, here is a list of dos/donts when you are trying to recruit for your startup. This is mostly common sense, but based on my interaction above, someone has to say it.

* Be civil. I dont believe this has to be said. Be especially civil on any permanent communication.

* Leave your ego at home. You are not trying to prove your superiority here, you are trying to build what is possibly going to be a long term relationship.

* Always keep up your company’s culture. You are always acting as a representative of your culture, it is every employee’s job to represent the culture of the startup. Its the big Chief’s job to set the culture and evolve it.

* Be open to new things.

 

wrong number of arguments (1 for 0) | Rails | Facepalm

I am working on a simple web application to help out dieudonne and came across a seemingly random error on the rails stack while trying to build a simple email functionality. My thought process was to scaffold a “message” model and have a “send” function in the controller that would then parse the mail content using LiquidTemplating and send out the email with a delayed job process.

 

Well, all fine and dandy till I hit this error,

__define_callbacks activesupport (4.0.2) lib/active_support/callbacks.rb
364365366367368369370371372373374

      # if it was not yet defined.
      # This generated method plays caching role.
      def __define_callbacks(kind, object) #:nodoc:
        name = __callback_runner_name(kind)
        unless object.respond_to?(name, true)
          str = object.send("_#{kind}_callbacks").compile
          class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1
            def #{name}() #{str} end
            protected :#{name}
          RUBY_EVAL
      end

There is no information about this out there and no one on the interwebs seems to be talking about that particular line:

str = object.send("_#{kind}_callbacks").compile

which is where unicorn says I am going wrong. Now, I know I have done no changes in the rails stack and thought maybe it was the model name and maybe I couldnt create a “message” model. So I made a “communication” model and scaffolded it. No dice.

A week later, when I decided to give it another go, I realized that I ve been inadvertently overriding the “send” method from the rails Controller class. Rename the function “send” to something else and voila, things are back to normal.

facepalm.

I wish unicorn was better at telling me the issue started at the controller and not at some point in the rails stack. oh well.

 

No, DO NOT start deprecating your CSS

This is in reply to this post on medium that was recently shared by Sidebar on one of their recent daily newsletters. I found this post so ridiculous that I felt compelled to write this follow up post.

I want you to go to the last web page you have developed and view the source. How many programming languages did you have to write? If you’re like me, you probably have some HTML, CSS, JavaScript or Node, and PHP in there. You may be able to count the languages on one hand, but that doesn’t leave many fingers left on that hand for typing more code.

It doesnt matter how many languages you used. What matters is wether you used them right and wether the end product was what you wanted it to be. It matters how efficient that end product was and how usable it is. It matters if the code written was maintainable and readable. It doesnt matter how many languages you used, it only matters how efficiently those languages were used.

Freeing hand space is critical, so it’s important that we try to remove one of the languages in our stack. HTML can only be replaced by XML, which defeats the purpose of saving space, and web pages on modern browsers cannot run without Node or PHP. Through process of elimination, we are left with finding an alternative for CSS. Fortunately, that is possible with Node.

Hold on, wait, is the author actually saying there is no other language out there that can serve up web pages other than node and PHP? and why is is so critical to remove a language in the stack? Also, if it is so critical, why not remove PHP or Node and handle the logic in one of those (very small subset of languages available)?

 

Using Node Instead of CSS

Replacing CSS with Node is easy and actually a lot more intuitive and whitespace-free. All you have to do is open your .js file and type in the instructions for changing the style of elements. For example, take a look at the following CSS for changing the color and padding of a paragraph with id “gulp”:

#gulp { 
    color : #0000ff;
    padding : 10px; 
}

This CSS takes up 4 lines, and at least 13 spaces. In node, we’ll change the style for the same paragraph:

document.getElementById(‘gulp’).style.color=‘#00f’;
document.getElementById(‘gulp’).style.padding=‘10px’;

This Node code takes up only 2 lines and there are 0 spaces. Essentially, we are saving lines, spaces, and files (delete your .css documents!).

1. This is vanilla JavaScript and not necessarily node.

2. If 2 lines are better than 4, the css can be written in one line

#gulp{color:#0000ff;padding:10px;}

now, by the same argument, css became a better choice.

3. The JS written is ineffecient. The author is traversing the DOM twice to target the same element. A better way to write that would have been to cache the element in a variable and do the style updates on the variable.

var gulp = document.getElementById(‘gulp’);

gulp.style.color=’#00f';

gulp.style.padding=’10px';

Either the author chose to not do this out of ignorance or to make a point. I dont see the point. The problem with this style is that it is not maintainable. CSS is much more DRYer than this proposed JS method. It easier to maintain and on top of it, it has all the hardware accelerated goodness that comes with natively supported languages.

The Future of CSS

Just like the blink and marquee tags, it will only be a matter of time until browsers stop supporting CSS, so the sooner you start using HTML5 to style your pages, the longer your projects will last in the future.

It’s time to take back our fingers and whitespace and stop using so many languages to perform the same tasks.

This is when I kind of realize that this whole post is satire (at least I hope it is, for the love of all things web!). I should probably just give up on all languages and write my web pages in assembly (makes things way faster, no?).

In conclusion, those of you who are new to web development and took this article seriously, UNLEARN any coding patterns you might have learnt through this post. I believe it is meant to be satire. For those who saw it coming from the beginning, touche.