News
Entertainment
Science & Technology
Life
Culture & Art
Hobbies
News
Entertainment
Science & Technology
Culture & Art
Hobbies
My opinion on the Tauri framework
I’ve always liked GUI, both desktop-based and browser-based before you needed five years of training on the latter. That’s the reason I loved, and still love Vaadin: you can develop web UIs without writing a single line of HTML, JavaScript, and CSS. I’m still interested in the subject; a couple of years ago, I analyzed the state of JVM desktop frameworks. I also like the Rust programming language a lot. Tauri is a Rust-based framework for building desktop applications. Here&
The Vary HTTP header
I try to constantly deepen my knowledge of HTTP and REST. Recently, I stumbled upon the list of all registered HTTP Headers. This post is dedicated to the Vary HTTP Header. The problem Two years ago, I wrote about web resource caching server-side. The idea is to set up a component between the client and the upstream to cache previously computed results to avoid overloading the latter. Depending on your infrastructure and requirements, this component can be a reverse proxy or an API Gateway. H
Five ways to pass parameters to Apache APISIX
I recently read 6 Ways To Pass Parameters to Spring REST API. Though the title is a bit misleading, as it’s unrelated to REST, it does an excellent job listing all ways to send parameters to a Spring application. I want to do the same for Apache APISIX; it’s beneficial when you write a custom plugin. General setup The general setup uses Docker Compose and static configuration. I’ll have one plugin per way to pass parameters. docker-compose.yml services: httpbin: ima
The try block in Rust
I wrote previously about libs for error management in Rust. This week, I want to write about the try block, an experimental feature. The limit of the ? operator Please check the above article for a complete refresher on error management in general and the ? operator in particular. In short, ? allows to hook into a function call that returns a Result: If the Result contains a value, it continues normallyIf it contains an error, it short-circuits and returns the Result to the calling function.
Dissolving Design Patterns In Design Elements
The book Design Patterns: Elements of Reusable Object-Oriented Software was one of the texts that changed how we think about software design. This book came out in 1994 through the efforts of Erich Gamma, Richard Helm, Ralph Johnson, and John Vlissides, later remembered as Gang Of Four (GoF) GoF Design Patterns: The Origin, the Impact The book’s importance lies in its effort to review the software production done up at that moment, giving more structure to the concept of Software Design
Implementing the Idempotency-Key specification on Apache APISIX
Last week, I wrote an analysis of the ITEF Idempotency-Key specification. The specification aims to avoid duplicated requests. In short, the idea is for the client to send a unique key along with the request: If the server doesn’t know the key, it proceeds as usual and then stores the responseif the server knows the key, it short-circuits any further processing and immediately returns the stored response This post shows how to implement it with Apache APISIX. Overview Before starting
Fixing duplicate API requests
The first rule of distributed systems is 'Don’t distribute your system'. Designing distributed systems right is infamously hard for multiple reasons. The idempotency concept For example, a call to a function can succeed or fail in non-distributed systems. Once you move the called function to a remote component, a third option appears: you call the remote function but get no response from the component. At this point, it’s impossible to know whether the call reached the component o
Apache APISIX North America Tour
Once in a while, I write non-technical blog posts when I’ve something worth sharing. Today, I’d like to write about my North America 'Tour' across several conferences and user groups. The first leg of my journey started in Oakland, California, with Developer Week. Developer Week is an established conference with different editions in several locations and online during the year. Though I’m on their advisory board, this is only the second time I’ve spoken at one of their
The pitfall of implicit returns
Implicit returns are a feature in some languages. They have recently bitten me, so here’s my opinion. Statements, expressions, and returns Before diving into implicit returns, we must explain two programming concepts influencing them. A lot of literature is available on the subject, so I’ll paraphrase one of the existing definitions: An expression usually refers to a piece of code that can be evaluated to a value. In most programming languages, there are typically three differ
Using my new Raspberry Pi to run an existing GitHub Action
Recently, I mentioned how I refactored the script that kept my GitHub profile up-to-date. Since Geecon Prague, I’m also a happy owner of a Raspberry Pi: Guess what I won @GeeCON Prague? 😎 pic.twitter.com/b9dARUhfMd— Nicolas Frankel 🇺🇦 (@nicolas_frankel) October 20, 2023 Though the current setup works flawlessly - and is free, I wanted to experiment with self-hosted runners. Here are my findings. Context GitHub offers a large free usage of GitHub Actions: GitHub Actions us
From Kotlin Scripting to Python
GitHub offers a way to customize one’s profile by allowing one to create a README in a specific repository, named as your profile, e.g., nfrankel/nfrankel. A couple of years ago, I automated the update of my GitHub profile with up-to-date info: my latest blog posts, my upcoming talks, and the last recorded YouTube talk. I took the time to document how to do it on this blog. At the time, I chose Kotlin scripting because I was proficient enough in Kotlin, but I wanted to learn the scripting
Secure your API with these 16 Practices with Apache APISIX - part 2
Last week, we listed 16 practices to help secure one’s APIs and described how to implement them with Apache APISIX. Authentication 🕵️️ - Verifies the identity of users accessing APIs.Authorization 🚦 - Determines permissions of authenticated users.Data Redaction 🖍️ - Obscures sensitive data for protection.Encryption 🔒 - Encodes data so only authorized parties can decode it.Error Handling ❌ - Manages responses when things go wrong, avoiding revealing sensitive info.Input Validation & D
Secure your API with these 16 Practices with Apache APISIX
A couple of months ago, I stumbled upon this list of Secure your API with these 16 practices to secure your API: Authentication 🕵️️ - Verifies the identity of users accessing APIs.Authorization 🚦 - Determines permissions of authenticated users.Data Redaction 🖍️ - Obscures sensitive data for protection.Encryption 🔒 - Encodes data so only authorized parties can decode it.Error Handling ❌ - Manages responses when things go wrong, avoiding revealing sensitive info.Input Validation & Data Sani
Secure your API with these 16 Practices with Apache APISIX - part 1
A couple of months ago, I stumbled upon this list of 16 practices to secure your API: Authentication 🕵️️ - Verifies the identity of users accessing APIs.Authorization 🚦 - Determines permissions of authenticated users.Data Redaction 🖍️ - Obscures sensitive data for protection.Encryption 🔒 - Encodes data so only authorized parties can decode it.Error Handling ❌ - Manages responses when things go wrong, avoiding revealing sensitive info.Input Validation & Data Sanitization 🧹 - Checks input da
Error management in Rust, and libs that support it
As part of learning the Rust ecosystem, I dedicated the last few days to error management. Here are my findings. Error management 101 The Rust book describes the basics of error management. The language separates between recoverable errors and unrecoverable ones. Unrecoverable errors benefit from the panic!() macro. When Rust panics, it stops the program. Recoverable errors are much more enjoyable. Rust uses the Either monad, which stems from Functional Programming. Opposite to exceptions
Hardening Apache APISIX with the OWASP's Coraza and Core Ruleset
The OWASP stands for Open Worldwide Application Security Project: The Open Worldwide Application Security Project is an online community that produces freely available articles, methodologies, documentation, tools, and technologies in the fields of IoT, system software and web application security. The OWASP provides free and open resources. It is led by a non-profit called The OWASP Foundation. The OWASP Top 10 - 2021 is the published result of recent research based on comprehensive data com
Improving upon my OpenTelemetry Tracing demo
Last year, I wrote a post on Open Telemetry Tracing to understand more about the subject. I also created a demo around it, which featured the following components: The Apache APISIX API GatewayA Kotlin/Spring Boot serviceA Python/Flask serviceAnd a Rust/Axum service I’ve recently improved the demo to deepen my understanding and want to share my learning. Using a regular database In the initial demo, I didn’t bother with a regular database. Instead: The Kotlin service used the e
Keeping your fonts in embedded SVG
Last year, I started to use Excalidraw as a diagram tool. However, the SVG images didn’t display the font correctly. In this post, I’d like to explain the problem and offer a solution. Let’s create a sample drawing with Excalidraw. If you open the link, it should look something like this: However, in a browser, it looks like this: The code is straightforward: <img src='/path/to/sample.svg'> The font doesn’t display correctly. The problem is that the
Kicking the tires of Docker Scout
I never moved away from Docker Desktop. For some time, after you use it to build an image, it prints a message: What's Next? View a summary of image vulnerabilities and recommendations → docker scout quickview I decided to give it a try. I’ll use the root commit of my OpenTelemetry tracing demo. Let’s execute the proposed command: docker scout quickview otel-catalog:1.0 Here’s the result: ✓ Image stored for indexing ✓ Indexed 272 packages Target
2023 in retrospective
Last year, I wrote my first yearly retrospective. I liked the experience, so I’m trying one more time. Let the future decide if it will become a trend or not. Before diving into our safe technological world, my thoughts go to Ukraine, to my friends who had to flee their own country, to other friends who fought on the front to defend it from an imperial power, and to all victims of an old kleptocrat who clings to power despite the cost to others. The free world needs to support Ukraine mor
Five Apache projects you probably didn't know about
In early 2021, I started to work on the Apache APISIX project. I have to admit that I had never heard about it before. In this post, I’d like to introduce some Apache projects that are less well-known than HTTPD or Kafka. Apache APISIX APISIX is an API Gateway. It builds upon OpenResty, a Lua layer built on top of the famous nginx reverse-proxy. APISIX adds abstractions to the mix, e.g., Route, Service, Upstream, and offers a plugin-based architecture. Lots of plugins are provided ou
Apache APISIX plugin priority, a leaky abstraction?
Apache APISIX is an API Gateway, which builds upon the OpenResty reverse-proxy to offer a plugin-based architecture. The main benefit of such an architecture is that it brings structure to the configuration of routes. It’s a help at scale, when managing hundreds or thousands of routes. In this post, I’d like to describe how plugins, priority, and phases play together and what pitfalls you must be aware of. APISIX plugin’s priority When you configure a route with multiple p
Canary releases with Apache APISIX
In a few words, the idea of canary releases is to deliver a new software version to only a fraction of the users, analyze the results, and decide whether to proceed further or not. If results are not aligned with expectations, roll back; if they are, increase the number of users exposed until all users benefit from the new version. In this post, I’d like to detail this introduction briefly, explain different ways to define the fraction, and show how to execute it with Apache APISIX. Int
Chopping the monolith in a smarter way
In my previous post Chopping the Monolith, I explained that some parts of a monolith are pretty stable and only the fast-changing parts are worth being 'chopped.' I turned the post into a talk and presented it at several conferences. I think it’s pretty well received; I believe it’s because most developers understand, or have direct experience, that microservices are not a good fit for traditional organizations, as per Conway’s Law. In the talk, I use an e-commerce webapp as a
A retrospective on Errors Management: where do we go from here?
Error management is a fact of life in software development as it is often inevitable and generated by different causes that also include incorrect or incomplete understanding of the requirements or even lack of knowledge of some tools or elements used during development. Let’s go on a small trip into the evolutions and different concepts related to error management, analyzing why it is difficult and why we are going in new directions after the moment of Exceptions in programming languages
Exploring the OpenTelemetry Collector
The OpenTelemetry Collector sits at the center of the OpenTelemetry architecture but is unrelated to the W3C Trace Context. In my tracing demo, I use Jaeger instead of the Collector. Yet, it’s ubiquitous, as in every OpenTelemetry-related post. I wanted to explore it further. In this post, I explore the different aspects of the Collector: The data kind: logs, metrics, and tracesPush and pull modelsOperations: reads, transformations, and writes First steps A long time ago, observabilit
API versioning
In my previous post Evolving your APIs, I mention the main API versioning approaches. During the talk of the same name, I sometimes get some questions on the subject. In this post, I’ll detail each of them. I assume readers know the reasons behind versioning, semantic versioning, and product lifecycle. If not, I encourage you to read a bit about these themes; in particular, chapter 24 of the excellent API Design Patterns book focuses on them. I’ll summarize the subject in a few wo
Feedback from calling Rust from Python
I got plenty of feedback on my post about Calling Rust from Python: Hacker News/r/python/r/rust Many comments mentioned pyo3, and I should use it instead of cooking my own. Thanks to the authors, I checked: in this post, I explain what it is and how I migrated my code. What is pyo3? Rust bindings for Python, including tools for creating native Python extension modules. Running and interacting with Python code from a Rust binary is also supported. — PyO3 user guide Indeed, pyo3
Python "magic" methods - part 2
Let’s continue our exploration of Python’s magic methods in this second part of the series. This part will focus on numbers and containers, i.e., collections. You can read the first part here. Container-related methods Python provides the usual containers, e.g., lists, sets, and dictionaries. You can use the following methods when you want to implement your own. Common methods Containers have a size. Python defines two methods to implement to return the number of items in a con
A Java Geek weekly, Issue 2
Keeping CALM: when distributed consistency is easy A good explanation of the CALM theorem. If you’re working on distributed systems and are not familiar with the latter, it’s a must-read. Running Wasm Workers Server in Docker Desktop Wasm Workers Server is a tool that allows running WebAssembly-powered containers. Either use code compiled to WebAssembly, e.g., Rust, or interpreted code when the interpreting runtime has already been compiled, e.g., Python. Results are impressive.
Python "magic" methods
Python provides specially-named methods: methods that the runtime interprets in a certain way, but that you need to know about. The documentation is pretty exhaustive about them, but it needs examples for beginners. The goal of this two-part series is to list these methods and provide these examples, so that I can remember them. Part 1Part 2
Python "magic" methods - part 1
Java was the first language I used professionally and is the scale by which I measure other languages I learned afterward. It’s an OOP statically-typed language. Hence, Python feels a bit weird because of its dynamic typing approach. For example, Object offers methods equals(), hashCode(), and toString(). Because all other classes inherit from Object, directly or indirectly, all objects have these methods by definition. Conversely, Python was not initially built on OOP principles and is
A Java Geek weekly, Issue 1
If you’re subscribed to my Twitter feed, you might have noticed that I don’t post as much content as before. It was a good place, once, but I cannot condone the new management and most importantly, their handling of misinformation - or lack thereof. My reasoning is that if I continue posting technical content there, people will continue using it; if nobody posts such content, regular users will leave the site. You might agree or not, but since it’s my content, it’s now how
Resizing images on-the-fly
As a web architect, one of the many issues is asset management. And the most significant issue in assets is images. A naive approach would be to set an image and let the browser resize the image via CSS: img { height: 100%; width: 100%; object-fit: contain; } However, it means that you download the original image. It entails two problems: the size of the original image and the suboptimal browser-based resizing. This post will cover two alternatives: traditional and brand-new s
Calling Rust from Python
I recently watched GOTO conferences' talk Calling Functions Across Languages by Richard Feldman. I’m afraid I have to disagree with using the term 'language' in this context. It’s a no-brainer to call Java from Kotlin or Scala or to call Java from Kotlin. Hence, in the rest, I’ll use 'stack'. In the talk, the speaker cites two main reasons to go on this road: Gradual migration from one stack to the otherUsing a library that has no equivalent in one’s stack under the ass
Down the rabbit hole of an Apache APISIX plugin
My demo, Evolving your APIs, features a custom Apache APISIX plugin. I believe that the process of creating a custom plugin is relatively well-documented. However, I wanted to check the parameters of the _M.access(conf, ctx) function, especially the ctx one. The documentation states: The ctx parameter caches data information related to the request. You can use core.log.warn(core.json.encode(ctx, true)) to output it to error.log for viewing. Unfortunately, core.log ultimately depends on
Monkey-patching in Java
The JVM is an excellent platform for monkey-patching. Monkey patching is a technique used to dynamically update the behavior of a piece of code at run-time. A monkey patch (also spelled monkey-patch, MonkeyPatch) is a way to extend or modify the runtime code of dynamic languages (e.g. Smalltalk, JavaScript, Objective-C, Ruby, Perl, Python, Groovy, etc.) without altering the original source code. — Wikipedia I want to demo several approaches for monkey-patching in Java in this post
Problem Details for HTTP APIs - RFC 7807 is dead, long live RFC 9457
The positive experience of RFC 7807, whose journey began in 2016, is concluded (deprecation) but also confirmed with a new official proposition: the RFC 9457. The changes made are small but it is a suitable opportunity to analyze the evolution of this topic. Context The RFC 7807, and now the RFC 9457 which perfects it, was born after a period in which the Internet Companies have made it clear that the integration of the business, the eventual transformation of the company services into a plat
Offering my blog to new authors
Regular readers of this blog know that I started it a long time ago, namely in April 2008. I soon found my cruising speed: a post a week. It requires time and discipline, but I achieved this goal during all those years. However, while I still have enough of both, I start to miss good post ideas. There are several reasons for this. I’ve always told that working on real-world projects is a vast source of ideas. Moving to Developer Advocacy, I’ve widened the list of topics I’m fa
Send your logs to Loki
One of my current talks focuses on Observability in general and Distributed Tracing in particular, with an OpenTelemetry implementation. In the demo, I show how you can see the traces of a simple distributed system consisting of: the Apache APISIX API Gateway, a Kotlin app with Spring Boot, a Python app with Flask, and a Rust app with Axum. Earlier this year, I spoke and attended the Observability room at FOSDEM. One of the talks demoed the Grafana stack: Mimir for metrics, Tempo for traces, an