6 different ways to run an asp.net core web application

<blink> Gratuitous self promotion: Joseph Cooney and I will be talking about running asp.net core on Linux, at the upcoming DDD Brisbane conference at 4:05 pm, 3rd of December, less than 3 weeks from now. </blink>

Now that you've suffered through the advertisement, here's some content.

PLEASE tell me if I say anything misleading in what follows... if I'm going to stand in front of people and pretend to be worth listening to, I want some rigorous vetting to occur first.

Tell me leon, what are all the ways you can run an asp.net core web site?

Well I don't know all the ways, but I do know 6 different ways!

Get your head around this lot (even if it requires extra background reading) and you'll understand a lot about how asp.net core sites work.

  1. Visual Studio F5

If you're developing an asp.net core website in Visual Studio, then you might run it by pressing F5, for debugging purposes. But that's not the only show in town...

  1. Commandline "dotnet run"

Your website is really a dotnet console app, that self-hosts a website using a tiny webserver called Kestrel. (There's a lot to unpack in that sentence, but just let it wash over you for now)

You can run it, from the console, by calling dotnet run from the folder that contains the project.json file.

The output in the console will say something like:

Now listening on: http://localhost:2000

So if you then browse to http://localhost:2000, you'll see your website (and the console will show logging info about your visit)

  1. dotnet publish → cd bin{...}\publish → dotnet YourProject.dll

On your local machine, you can prepare the application for deployment by running "dotnet publish". This builds the application artifacts, does any minification and so forth.

If you don't specify where the published results go they will end up in YourProject\bin\debug\netcoreapp1.0\publish

If you go into that folder you can run the resulting artifacts by calling:

dotnet YourProject.dll

Note that you don't call "dotnet run YourProject.dll" -- leave out the run for this one!

So the commands in full (starting in the folder that contains the project.json file)

dotnet publish
cd bin\debug\netcoreapp1.0\publish
dotnet YourProject.dll
  1. IIS

You can host it in IIS. I've never done this and don't intend to. Me and IIS are parting ways for now. But it can be run by IIS. More info here: Publishing to IIS and here: Publishing to IIS with Web Deploy using Visual Studio.

  1. Running on Linux, from the console.... "dotnet YourProject.dll"

You can grab the artifacts from your local computer's "publish" folder (created in step 3), and copy them onto a Linux machine (using a technique such as SSH, scp, sftp). Then you can run it in the console, exactly the same as step 3:

dotnet YourProject.dll

(This assumes that you have have .net core installed on that linux machine already, instructions here.)

From a different console attached to the same machine, you can view the website by running, for example:

curl http://localhost:2000

...which isn't the most comfortable way to surf the internet. But since our webapp isn't accessible from the open internet, it's about the best you can do at that point.

Also, as soon as that first console window is closed, the application will stop. So this is not your final production technique. For that....

  1. Running properly on linux, with supervisor + nginx

In Linux you can configure supervisor to run your application (and keep it running). This is analogous to the work that Application Pools do in Windows land.

And nginx is a popular webserver, analogous to using IIS on Windows. The two work together to run your application and deliver webrequests to it. You set up nginx to receive requests from the internet and pass them on to your application (i.e. to "proxy them" through to your application, also know as acting as a 'reverse-proxy')

Details about using supervisor, at TIL.secretGeek.net:

To learn how to configure nginx to proxy requests through to your application, try the article here:

With those in place, you can browse to your site from the internet (assuming you purchased a domain and configured it to point to the webserver, or perhaps you are browsing by IP address, like all hardcore nerds.)

Okay, that's 6 different ways to run your asp.net core web app.

(You can swap nginx for some other webserver like Apache, but I'm not counting that as a separate method, just a variation on number 6.)

(And you can user systemd and upstart instead of supervisor: notes here.)

What did I get wrong!?

Update: Some answers to this question have come in already...

I wrote Katana instead of Kestrel -- fixed.

You can of-course also host a .net core app inside an MS Word Macro.

I left out Azure. You can deploy .net core apps to Azure, and if that's something you're interested in doing, I think this article covers it nicely: Deploy ASP.NET Core 1.0 apps to Azure web apps.

Just kidding about the Word Macro.

Further reading

This document brings together documents on each deployment method: asp.net core: Publishing and Deployment.

 

Have you ever seen the International Space Station?

The International Space Station is a gigantic space base, the largest artificial object in space, and there are people on board! Real actual people, all the time. Ever since the year 2000 it has been continuously occupied, with anywhere from 3 to 10 people.

It zips around the earth, 350 kilometers above the ground. It moves so quickly (about 30,000 kilometers per hour) that there is no gravity (well, only a tiny bit of gravity) and it completely orbits the Earth 15 times a day (once every 92 minutes... in the time it takes you to watch a movie, that station goes right around the Earth!)

And one of the best things about it is that when the conditions are right, you can see it very clearly from Earth, without using a telescope or binoculars. The best time to see it is just after sunset, when the sky is getting dark but the ISS is up high enough to still catch the sunlight. It can appear far brighter than any other star. It travels from one side of the sky to the other quite quickly, in about 5 minutes.

My 6 year old daughter told me last night, "When I grow up I'm going to be an artist or a scientist, and if I'm a scientist I might get to go up on the ISS." (My ten year old said "Oh suuuure" because she's currently studying for her masters in sarcasm, which some very talented kids receive by age 13).

iss.png

If you want to see the ISS for yourself, these are the steps:

  1. Sign up at Spot the Station — and NASA will email you every time viewing conditions are favorable from your location.

  2. Get a smartphone App such as SkyView (SkyView on Apple Appstore, SkyView on Google Play store) which helps you locate astronomical bodies.

  3. When you receive an email from Spot the Station create a reminder to tell you when to go check the sky. For example you might receive an email at 08:00 telling you the ISS will be visible at 19:00 that night. So immediately set a reminder for 18:55, to make sure you don't forget.

  4. At the appropriate time, head outside, and use your app (such as SkyView) to locate the ISS.

  5. Be amazed and filled with awe.

By the way, even if you don't do any of the other steps, you should check out SkyView (SkyView on Apple Appstore, SkyView on Google Play store). It's very handy being able to locate planets, stars etc, and you learn a lot.

And here's an example of the email you get from NASA. It's so succinct that if you don't remember signing up you won't realize what it's talking about:

From: HQ-spotthestation@mail.nasa.gov
26 Oct (1 day ago)
to: me 
Time: Wed Oct 26 7:15 PM, Visible: 6 min, Max Height: 88°, Appears: 11° above NW, Disappears: 15° above SE
 

Teach kids (and adults) to master algebra with DragonBox

Lately I've been playing with an app called DragonBox. This game has expanded my mind.

It presents itself as a simple game, with a level structure and game play reminiscent of Angry Birds. The first few puzzles are very easy. Slowly, as the game progresses, new rules and abilities are introduced. And each new rule or ability is oddly specific, maintaining a pleasing kind of symmetry. Every time you solve a puzzle, or master a new ability, there is a satisfying feeling of victory.

Slowly, over many levels the complexity of the rules are increased, but always in a fun and engaging way. And slowly the style and appearance of the elements in the game transform from boxes, critters and dice, until eventually, ever so gradually, they become letters and numbers, and you see that what you have been manipulating all along are equations! Beautiful wonderful equations!

dragonbox: teaches you to manipulate equations

I found this app because I was playing with Tangle. What is Tangle? Tangle is a tool from Bret Victor for creating 'Explorable Explanations', and somewhere in my reading, someone mentioned DragonBox.

I was playing with Tangle, in order to create this minimum price calculator, as part of that damn book I'm still damn well writing.

costs_pie_25.jpg

Building a minimum price calculator was a lot of fun. I finally got all of the ideas about costs clear in my head, ten years after writing my actual first product. Costs. Boring, but crucial. I've done what I can to make them fun. Have a play.

Or if you would rather learn algebra than build a product, play with dragonBox instead.

 

Improvements to the Way MessageBox works, in latest Service Pack for Windows 7, 8 and 8.1

No doubt you are all familiar with the way the 'System.Windows.Forms' MessageBox behaves in all versions of the .net framework.

For example you type this code:

MessageBox.Show("Please click OK.");

And you get this result:

messagebox_OK.png

With the upcoming service pack for Windows 7, 8 and 8.1, improvements to the System.Windows.Forms.dll mean that the style of messagebox will be altered slightly. The exact same code:

MessageBox.Show("Please click OK.");

Will produce this slightly altered dialog.

messagebox OK with implicit win 10 upgrade

The service pack is being automatically deployed during a forced reboot as soon as you finish reading this sentence.

 

Post Slackathon Wrap up

It seems an eternity ago now, but just last weekend a very special event occurred: we held the inaugural Stupid-Ideas Powershell Slackathon, where people from around the planet came together to build and share frivolous things with Powershell.

You like numbers? Here's the numbers:

  • 87 people asked to join the Slackathon and were sent slack invitations.
  • 71 of those people answered their invitations and joined the slack site.

On the actual weekend people contributed:

  • 35 separate folders of powershell code that are publicly available for your reading pleasure (detailed below).
  • 45 files within the slack group (snippets, images, etc)

The publicly available contributions came from 14 different people.

One thing that surprised me was that some people didn't talk in slack at all, but quietly contributed really interesting code, which spoke volumes.

There were also 7 "profile.ps1" files that people chose to make available. These are great reading for anyone who lives by the slogan:

Live fast, die young, leave a well maintained profile.ps1 file.

And there are prizes! Prizes, yes!

People seemed to contribute for the sake of contributing, so I don't want to over-emphasize the prizes. Any contribution is a thrill. In the end I went ahead and sent a NimbleText Bundle (NimbleText + NimbleSET) to every one who contributed public code.

But to award the other sponsored prizes, I put all of the contributions (see below) into a spreadsheet and assessed them all on a range of criteria. After much deliberation, here's how the remaining prizes are distributed:

Prize for Slackathon Fever

The 'slackathon fever' prize was awarded for most contributions and highest points total. The prize for this is a copy of Douglas Finke's book: Windows Powershell for Developers (O'Reilly).

I have the envelope here. The winner is...

It's a tie! Two people with the same number of contributions and equivalent overall score:

Prateek Singh and Douglas Finke!

Well, I suspect Doug already has a copy of his own book. But he will now have to send a copy to Prateek as well.

So Wrong It's Right!

The 'so wrong it's right' prize is for misuse of technology. This was hotly contested, and I was torn between a few. I ended up awarding it to a very deserving though simple entrant: Ken Erwin, with his Favorite Drink script.

Unless the team from Chocolatey issue a protest, Ken will receive a Chocolatey Pro license.

The Toppest of the Top!

This is the big one, the toppest of the top prize also brings a Chocolatey Pro License, but on top of that you get a profound sense of shame and a permanent blotch on your resume. The winner of this was Glenn Sarti for 'Ascii Art Conversions'.

Finally, here's a list of all the contributions and who to blame. (If you want your name redacted just send me 15 bitcoin)

BlameTopic
Glenn SartiASCIIArt-Conversions
Doug FinkeAskWolfram
Chris HuntAudioPeakLevelMeter
Glenn SartiBieber
Doug FinkeCentralLimitTheorem
Lee HolmesDefiant
Ken ErwinDevOpsLibrary
Lee HolmesDominos
Doug FinkeExportDataTable
Ken ErwinFavorite-Drink
Prateek SinghFind-UnsecureWIFIConnection
Prateek SinghGet-Celebrity
Prateek SinghGet-Joke
Prateek SinghGet-Nutrient
Doug FinkeGetChange
Doug FinkeGoogleAndBingMaps
Prateek SinghGoogleMaps
Prateek SinghHangman
Justino GarciaInvoke-Chipotle
Glenn SartiInvoke-Yolo
Doug FinkeMaze
Leon BambrickOut-TShirt
Joe BeaudryPosht-ly
Leon BambrickPowerSpell
Brandyn ThorntonRussian-Roulette
Prateek SinghSet-RandomBackground
Chris HuntSingleSampeMajority
Doug FinkeSpellingCorrector
Prateek SinghTest-AdultContent
Ken ErwinTic-Tac-Toe
Leon Bambrickmagic8ball
Doug Finkemoonphase
Leon Bambrickmusic
Paul Lorett Amazonapowerpi

I wanted to write down everything I learnt, but life is just too short to dig into all that.

A few of the salient points...

Floobits is an OK place to allow people to contribute. There's a few confusing things about floobits that we had to explain over and over, now listed here.

A better name (e.g. workshop instead of hackathon), a more diverse group of organizer, and a clear code of conduct up front might've improved the diversity of the event. On gender diversity for example the event was a failure.

Slack worked really well. Avoid the temptation of playing with slack too much... you could lose days doing that if you're not careful.

Cross time-zone issues were terrible, for me in Australia at least. I basically acquired jet lag.

That's all I've got time for.

 

Less than 3 days until the Stupid Ideas Powershell Slackathon.

stupid ideas powershell slackathon logo

What's that?

It's a newly-coined portmanteau of the words Slack and Marathon. It's a lazy, online event, where people from around the world give as much or as little time as they can spare over the course of a weekend, to achieve Stupid And Entirely Un-Noteworthy Things, with any kind of tenuous link to PowerShell.

Why should you join?

So far there are 53 people who've joined the slack channel (and a further 23 who are yet to accept the invitations they requested)

And these 53 people seem to mostly be very clever and knowledgeable bounders, brimming with knowledge on the PowerShell. They're all very keen to help any inexperienced dabblers, so I hope that anyone who hesitated join before will now jump in while they can, knowing that they'll be well supported by a super helpful team.

Enough jibber-jabber Leon, how do I join??

Alternatively you can:

And how long until it starts?

Run this command to find out...

New-TimeSpan -Start (GET-DATE) -End (get-date -Date "2016-06-17T11:00:00Z")

Days              : 2
Hours             : 11
Minutes           : 26

It'll be here in the blink of an eye!

Any further details?

See my previous post on the topic!

There are now confirmed prizes, such as 2 Chocolatey Pro Licenses, A copy of Douglas Finke's book: Windows Powershell for Developers (O'Reilly) and I'll give away a few copies of my own product (NimbleText) for good measure.

Some of the snippets that have been discussed so far are available at our public floobits site.

Here's an example of a Wolfram-Alpha script that Doug Finke has been working on (click to enlarge)...

wolfram alpha from powershell (click to enlarge)

Also -- you can order a slackathon T-Shirt here:

slackathon_tshirt.png
Order-TShirt

 

The Stupid Ideas Powershell Slackathon

stupid ideas powershell slackathon logo

When is it?

Friday 17th June 2016.

How do I join?

What does it cost?

It's free! And there are prizes.

Where is it?

It's an online event. It is everywhere.

What do I need to do?

Think of something simple, fun, funny, stupid, puzzling or plain wrong that you'd like to achieve in powershell. It doesn't need to be humorous, it may just be some recreational programming you've been kicking around in the neglected pipelines of your mind.

On the weekend of June 17-19 2016, there will be people online, at a special instance of "slack", willing to help you achieve your weird ideas.

At the end of the weekend a summary of all participation will be written up, and prizes awarded in a range of fun categories that are yet to be decided. (Some possibilities below)

Why PowerShell?

Powershell is much maligned. Any time I perform a public act of powershell I am met with the meanest comments. I'm attacked by linux users, insulted by 'real programmers', scoffed at by web developers. But I'm willing to fly my freak flag, even if it does have a powershell logo on it, and want to share the joy of powershell with others.

Why Stupid Ideas ?

I've always approached the serious topic of technical learning through the lens of frivolity and play. And I have so many stupid ideas! Surely there are other powershellers who harbor whacky ideas. Surely powershell is not just a corporate tool, whose only lot in life is to quietly get the job done. There must be a place for stupid ideas, even in the world of PowerShell.

Okay, when exactly is it?

TimezoneFromTo
Sydney/Brisbane9pm Friday, 17th Juneapprox. 9pm Sunday, 19th June
Auckland11pm Friday, 17th Juneapprox. 9pm Sunday, 19th June
UTC2016-06-17T11:00:00Zapprox. 2016-06-19T21:00:00Z
London12 noon Friday, 17th Juneapprox. 9pm Sunday, 19th June
New York7am Friday, June 17approx. 9pm Sunday, June 19
California4am Friday, June 17approx. 9pm Sunday, June 19

That's weeks away!

No, it's only...

> New-TimeSpan -Start (GET-DATE) -End (get-date -Date "2016-06-17T11:00:00Z")

Days              : 9
Hours             : 4
Minutes           : 20
Seconds           : 51

What sort of stupid ideas?

It's completely up to you!

Here's some things I think would be fun to work on:

  • out-tshirt

    A cmdlet that directs your text/images to a custom t-shirt design website, and returns a url where that shirt can be purchased. e.g. "hello!" | out-shirt returns a url where you can buy a t-shirt with the word "hello!" on it. dir *.png | out-shirt returns urls to buy t-shirt for each of the pngs in the current folder.

  • dir *.png | Add-Feature -Moustache -Fangs -Glasses -Scar

    Add-Feature is a commandlet that uses OpenCV face detection to find faces in pictures and add features such as Hitler Moustaches, bushy eyebrows and so on. This could have put my 8 year old self completely out of work.

There is a much longer list of suggestions and resources further down. Those two examples were not particular highlights.

You said there was a form to fill out?

Lo, and what a form!

Alternatively you can:

What sort of prizes are on offer?

I was thinking of prize categories such as:

  • Worst idea
  • Most interesting hack
  • So bad it's good!
  • Evil genius.
  • Worst Prompt Function
  • Best One Liner

Confirmed prizes:

I haven't yet organized any other prizes, though I'm confident I can secure other prizes, along the lines of:

  • Lee Holmes' book (Windows PowerShell Cookbook, O'Reilly)
  • Other software, e.g. powershell related tools. (Hmmm, octopus deploy springs to mind)
  • Other books, on the topic or off.
  • An amazon voucher (I would be happy to donate money to this)

You said you had other bad suggestions for stupid ideas?

Some of the new ideas contributed by people inside Slack:

  • A powershell script that automatically sends flowers to your significant other on important days
  • Try and do anything Xiki can do. Perhaps within VS Code.
  • Estimate a person's clothing sizes in two months projected from Fitbit trends
  • Musical programing. Map each char to a note, a-z 0-9 is 36 chars, the standard piano has 12 notes, that's 3 octaves.
  • nCurses like library in powershell
  • Allow powershell to stream to flooty
  • Find a way to activate Cortana commands from PowerShell
  • Some sample pranks and
  • Chipotle ordering script
  • A RandomActOfPizza.ps1: A group of random pizza recipients and random payees, then you spin the wheel and a random person buys another random person a pizza with random toppings.
  • A Rube Goldberg contraption with as many different technologies into a single thing as possible, e.g. Docker, Windows, Vagrant, Chocolatey, ASP.NET Core, etc.
  • Random resume generator
  • A graphviz wrapper
  • And look -- some early progress on cmdlets for displayed the phase of the moon as an emoji.

ps_graph.png

Can I watch and enjoy without participating?

Most certainly! Lurkers, onlookers, observers, auditors, all are welcome.

I hardly know powershell, I should stay away, right?

No no no -- we love you, I love you, you don't need to know anything about powershell. You're very welcome. If anyone makes you feel unwelcome, I will pat them on the shoulder and say, "heyyy, come on, you're better than that. Have a hug." and then they'll remember that they *are* better than that.

I hate powershell, I should stay away, right?

Hate is a strong word. "Fear" maybe? "Have sometimes been frustrated by"? those are more accurate, right? Give powershell another go. Like Vienna, it waits for you.

There's already a brilliant powershell slack team people can join at slack.poshcode.org, why didn't you ask them to host it?

Yes, that is a brilliant slack instance. I'd urge any powershell user to join. They have over 1200 members, and answer many great powershell questions day and night.

But I wanted a small and cosy location, where I could feel free to create a lot of channels, and do a lot of stupid things. It's hard to integrate stupid into a social structure that wasn't built with stupid in mind.

Why are you doing this? Is this all some elaborate plan to promote your product book??

Oh god no. I have heard this accusation, so I want to specifically refute it.

This whole stupid ideas slackathon is -- for me -- a way to procrastinate instead of working on the book. So that's like the opposite of helping with sales of the book. Because if the book isn't finished there can be no sales. And in any case the book is not targeted at powershell developers.

My motivation for having this slackathon, beyond finding new and more interesting ways to procrastinate, is to share the idiocy. As this guy says on his fascinating blog:

"I'd rather live in a world full of eccentric thinkers than one full of unthinking consumers"​
—Simon Jansen

 

Hosting an infinite number of apps in the cloud for free, on your own domains.

Longer title: Building and hosting an infinite number of scalable secure web apps on custom domains, with no vendor lock, only using skills I already have, for free.

Sometimes I talk myself into the seemingly impossible. While writing a stubborn paragraph of my book (Your First Product... go sign up!), I wanted to know just how cheaply I could host a custom web app in the infamous cloud.

For example, could I do it for free?

Cheap is good, cheap is wonderful, but FREE is magical. If you can host apps for free, then you can host as many apps as you dream up. Whoosh! Bing! Blam! Another thought? Another app!

Once I'd realized what I was attempting to achieve, I put it in tweet form as this:

And promptly gave up on the idea, as it was clearly BONKERS. Or at least I tried to give up on it. My mind kept turning the idea over... there must be a way to have it hosted for zero dollars, without vendor lock in.

Sometimes if you set up a system with a lot of constraints, you see that it's impossible. And you then need to work out which constraint to relax. (This is called "engineering")

So I did what any true engineer does, I used a spreadsheet. I put all the constraints in their own column, and listed different solutions on each row, then checked which constraints they broke.

Anything involving Azure cost too much, and was too likely to lead to vendor lock in. Heroku had a lot going for it, but relied on technology I don't use. GitHubPages had a lot of advantages -- but don't permit any kind of server-side code. At the same moment as I started looking into 'Parse' I heard that it had been shutdown.

Finally I stumbled on an architecture that suited my needs. It was a hybrid, like that mythical beast with the head of a lion and the belly of a zebra, or however those old myths used to run. They were pretty popular back in the day.

Here's what I came up with.

free_cloud_app_hosting.png

That's right. As befits a zero-dollar architecture diagram, I have resorted to the use of Comic Sans.

The front end is static html and javascript, hosted by GitHubPages. GitHubPages are free, and they let you configure your own domains or sub-domains, so for example I could have "GuessAGuid.secretGeek.net" be served from GitHubPages, provided I own the domain (...and have wrestled it back from some pesky Ukrainian). One downside is that the repository has to be public, as private repositories at github still cost a little money, but since this is just the front end of the website, I see no harm in making the code available.

The front end uses javascript (json) to talk to the back-end, which is an asp.net app hosted elsewhere. The back end is hosted by appharbor using their free tier. Because it's the free tier they won't let me have a custom domain, they assign a url such as http://guessaguid.apphb.com/ but that's okay: this is just a back-end which the customer never need see.

AppHarbor is a great way to host the back-end of a site, because I can deploy to it from the commandline, by just pushing to a repository. I don't want the backend code to be public, so I need a private repository. Private repositories at github cost money. For one low monthly price you get unlimited private repositories... but that's not good enough for my constraints, nuh uh. Fortunately, bitbucket gives you unlimited private repositories for a single user, and appharbor integrates just as nicely with bitbucket as they do with github.

So there we have it. GitHubPages front end, appharbor+bitbucket back end. A way to host an unlimited number of small applications, on custom domains, in the cloud, without learning any new tech or getting slugged with fees from anyone.

(One thing I didn't solve was the 'secure' part. I wanted to have the whole thing encrypted end to end, using the mystical glory of Let's Encrypt, a new certificate authority who are ushering in a golden age of https everywhere. The most commonly suggested way to do this is to use cloudflare with a custom domain in front of github pages, though there's also a kloudsec solution. I haven't tried either, so can add nothing of value on the topic. The 'free tier' of AppHarbor includes 'piggyback SSL' which I think might be sufficient for this example.)

And here's the app:

Guess A Guid ← Can you guess a GUID? Try it and see for yourself!

 

How to Left Pad, for real

So someone removed a bunch of their packages from the node package manager, and this in turn broke a lot of other people's software builds.

There have been 1 million articles written (so far) wherein sweaty-fingered coders tie themselves in predictable knots asking:

  • Does this mean NPM is doomed?
  • Does this mean opensource is doomed?
  • Does this mean opensource wins, because it can respond so quickly?
  • Does this mean micro-dependencies are terrible?
  • Can something still be a knee-jerk reaction even if someone specifically says it's not?
  • Does this show that NPM is an evil corp?
  • Doesn't this mean that you should do a trademark check before publishing anything ever?
  • Should you check in your dependencies? Should your dependencies have checked in their dependencies?
  • Has everyone forgotten how to code all of a sudden?
  • It's like everyone has gone crazy! Has everyone gone crazy!?

...and so on. But I don't want to ponder any of that.

I just want to look, very carefully, at the code itself, in the center of this maelstrom....

function leftpad (str, len, ch) {
  str = String(str);
  var i = -1;
  if (!ch && ch !== 0) ch = ' ';
  len = len - str.length;
  while (++i < len) {
    str = ch + str;
  }
  return str;
}

I've had left-padding (and right-padding) functions on my brain lately, as they were added to the most recent release of NimbleText. I was curious if this function behaved the same as mine. 11 lines... what could possibly go wrong?

So I grabbed this implementation and tested its behavior.

I was surprised to see it gave different results to my function!

Specifically -- what does the leftpad function do if you give it a string such as 'HELLO' and ask it to left-pad it to a width of 4 characters (i.e. a length that is smaller than the initial string)?

In NimbleText, to answer this question I asked my customers, who uniformly pointed to the behavior of Oracle's LPAD function.

Oracle's LPAD function, if given a len that is smaller than str, will truncate the result.

e.g.

LPAD("HELLO", 4) returns "HELL".

So that's what I implemented for NimbleText.

But that's not what this function does!

Instead:

leftpad("HELLO", 4) returns "HELLO".

The difference is minor -- but minor things can have dramatic consequences.

For example if someone assumes that leftpad(someString, 10) has an invariant property that it always produce a string that is 10 characters long, they could soon end up with a security vulnerability.

I mentioned this on Twitter and celebrity whitehat hacker 'OJ' responded with:

I wouldn't want a leftpad() function to trim strings

Which I attribute to a latent desire he has to see more and newer vulnerabilities in code (not that there's any foreseeable shortage of vulnerabilities looming otherwise)

...but anyway -- what would you expect from a leftpad("HELLO",4) ?

Should the package manager maintain a running vote, and the people can decide democratically on every question?

Or should there be... I dunno... what's the dirtiest word in software... A standard?

 

Today I Learned

A month ago I saw an article on Hacker News about someone who created a github repo, in which they recorded any interesting and resuable solutions to the problems they encountered.

I started doing the same thing, storing little markdown files inside my 'utils' repo (the private repository where I keep copies of all the little tools I use on every machine, plus my powershell profile etc.)

Pretty quickly I had 100 such files, and I looked into what I could do with this growing knowledge base. I found out about 'gitbook' which is a way of rapidly turning a github repo full of little markdown files into a genuine book.

So here's the product... the free book I wrote without trying to write a book...

today i learned title image

Today I Learned (TIL.secretGeek.net)

(and here's the git repo, error corrections welcome!)

Inside that book, I've written a short article on "getting started with gitbook" so you can do the same thing, including details on how to use gitbook locally (for example for documentation inside the enterprise!)