tkt028

Programming Achievements: How to Level Up as a Developer

This gist is part of a blog post. Check it out at:

http://jasonrudolph.com/blog/2011/08/09/programming-achievements-how-to-level-up-as-a-developer

tkt028

Installing Arch:


sudo vim /etc/pacman.conf
Update packages list: sudo pacman -Syy
run sudo pacman -Syu  before installing any software (to update the repositories first)

* Timing issue:
    - Change hardware clock to use UTC time:
        sudo timedatectl set-local-rtc 0

tkt028

#
# Working with branches
#

# Get the current branch name (not so useful in itself, but used in
# other aliases)
branch-name = "!git rev-parse --abbrev-ref HEAD"
# Push the current branch to the remote "origin", and set it to track
# the upstream branch
publish = "!git push -u origin $(git branch-name)"

tkt028

tl;dr

1. Don't run as root.
2. For sessions, set httpOnly (and secure to true if running over SSL) when setting cookies.
3. Use the Helmet for secure headers: https://github.com/evilpacket/helmet
4. Enable csrf for preventing Cross-Site Request Forgery: http://expressjs.com/api.html#csrf
5. Don't use the deprecated bodyParser() and only use multipart explicitly. To avoid multiparts vulnerability to 'temp file' bloat, use the defer property and pipe() the multipart upload stream to the intended destination.

tkt028

Secure sessions are easy, but it's not very well documented, so I'm changing that.  
Here's a recipe for secure sessions in Node.js when NginX is used as an SSL proxy:

The desired configuration for using NginX as an SSL proxy is to offload SSL processing 
and to put a hardened web server in front of your Node.js application, like:

[NODE.JS APP] <- HTTP -> [NginX] <- HTTPS -> [CLIENT]

To do this, here's what you need to do:

tkt028

5 entertaining things you can find with the GitHub Search API

Let's have some command-line fun with curl, [jq][1], and the [new GitHub Search API][2].

Today we're looking for:

• The hottest repositories created in the last week.
• The oldest user accounts with zero followers. (So sad.)
• Issue trends by language.
• Clojure projects defying convention.

tkt028

/**
 * Module dependencies
 */

var express = require('express');
var fs = require('fs');
var mongoose = require('mongoose');
var Schema = mongoose.Schema;

// img path

tkt028

# install needed libraries
sudo yum install texinfo libXpm-devel giflib-devel libtiff-devel libotf-devel

# compile autoconf
cd /tmp
wget ftp://ftp.gnu.org/gnu/autoconf/autoconf-2.68.tar.bz2
tar xjvf autoconf-2.68.tar.bz2
cd autoconf-2.68/
./configure && make && sudo make install

tkt028

PSQL

Magic words:

psql -U postgres

Some interesting flags (to see all, use -h or --help depending on your psql version):

• -E: will describe the underlaying queries of the \ commands (cool for learning!)
• -l: psql will list all databases and then exit (useful if the user you connect with doesn't has a default database, like at AWS RDS)

tkt028

Moved to git repository: https://github.com/denji/nginx-tuning

NGINX Tuning For Best Performance

For this configuration you can use web server you like, i decided, because i work mostly with it to use nginx.

Generally, properly configured nginx can handle up to 400K to 500K requests per second (clustered), most what i saw is 50K to 80K (non-clustered) requests per second and 30% CPU load, course, this was 2 x Intel Xeon with HyperThreading enabled, but it can work without problem on slower machines.

You must understand that this config is used in testing environment and not in production so you will need to find a way to implement most of those features best possible for your servers.