Text

· · to read

I read The Pleasure Trap earlier this year, and was amazed at what its authors have to say about the dangers of modern food. It’s very hard to avoid unhealthy food. I wanted to get to know the authors a bit better so I searched YouTube and found this excellent hour-long video about the Dietary Pleasure Trap. It’s worth a watch if you’d like to eat better, help someone you know to eat better, or just understand why so many people are overweight. The book goes into it much more deeply and in my opinion is well worth the time it takes to read.

Text
· · to read

Avoid describing your code as automatically doing something. If you need to do multiple things at once, separate it out into a convenience function or method. Finally, make it easy to call each step explicitly. Please don’t put the orchestration code, that calls code that interacts with the outside world, into a constructor. This makes the code less flexible and harder to test. Instead, use the constructor to set up the internal state.

Text

· · to read

Update: @twitinsin points out that it’s still useful in the console for quickly declaring multiple variables.

I developed the habit of always using var when I write JavaScript long ago. At some point I got in the habit of typing var even when I’m using a JavaScript console in node or in a browser. After examining the issues I’ve decided to break that habit.

I think I got in the habit of this because I came to appreciate explicit variable declaration, and decided to gladly pay the tax. The four extra characters, including the space, isn’t bad. But it doesn’t serve a useful purpose in short console sessions. Without var, it’s still valid JavaScript, that will run in node.js and in any browser. It won’t pass JSHint and JSLint, which is why it should always be added before delivering code.

If this gets me to be just a little quicker to fire up a REPL (a more generic term which includes the JavaScript console), it will be an improvement.

Text

· · to read

I have an Apple Bluetooth keyboard and touchpad for my MacBook Pro that I keep in my upstairs bedroom at home. I leave it on all the time. When I’m at home, my MBP automatically connects to it, and disables the touchpad on my MBP. This would be useful if I was only using a bluetooth TouchPad and was using the MBP keyboard, as I could use the MBP keyboard without worrying about accidentally touching the TouchPad on the wrist rest on my MBP. With my external keyboard the disabling of the MBP TouchPad isn’t all that useful, but I still like it, except for one minor issue.

The issue is when I come home and decide to use my MBP on the dining room table, or the couch downstairs. Bluetooth works across that distance. When I did this I had to go upstairs and either grab my bluetooth keyboard and touchpad or turn them off. I wasn’t able to turn off bluetooth on my computer because I can’t use my MBP’s TouchPad to click the Bluetooth icon in the OS X Menu Bar, when the bluetooth TouchPad is enabled and the MBP’s TouchPad is disabled.

I no longer have this problem, since I found a way I can disable the bluetooth with my keyboard. All I have to do is install blueutil, which I can do with homebrew.

brew install blueutil   # install it
blueutil power 0        # turn bluetooth off

Once I turn bluetooth off, my MBP’s TouchPad becomes enabled, and I can start using it!

Repositoryblueutil
Ownertoy
Text

· · to read

A while ago I got systematic about organizing the files on my computer. It started with a ~/github directory that mirrors the structure of GitHub itself. If I’ve cloned visionmedia’s commander.js, I know I can find it in ~/github/visionmedia/commander.js. This has helped make things easy to remember. Since then I’ve added an archive directory, a src directory (which contains most of my code), and a projects directory (which contains the code I’m currently working on. A few days ago I added an apps directory.

What does my ~/apps directory contain? It contains credentials and configuration for web apps, which I don’t want to store in my code repositories. For the fluxnote project I’m developing, it contains a script to set my environment variables to mirror what I require on Heroku:

export GITHUB_CLIENT_ID=7f2264d71eb1dfbc2611
export GITHUB_CLIENT_SECRET=copied_and_pasted_from_github
export SESSION_SECRET=a_long_hard_to_guess_session_secret
export GITHUB_USERNAME=benatkin
export COUCH_URL=https://therystillonleamoldescle:hahahahaha@bat.cloudant.com/fluxnote/

(Side note: Cloudant has clever auto-generated usernames. The username and GitHub Client ID are real; the secrets and password are not.)

If I run source ~/apps/fluxnote/config, the environment variables from the above script are loaded into my shell. Then I can run npm start to start my server. (After I add my Procfile I’ll also be able to run it with foreman start.)

I like it, because I have my credentials in one place, that I know not to give to anybody (and that would be hard to steal because I use full drive encryption).

Text

· · to read

Connect has a session middleware that has a pluggable API for session storage. There is a session store for redis, written by TJ Holowaychuk, who maintains both connect and express. There are also session stores for CouchDB, MongoDB, and postgresql that look to be well-maintained and ready for production use.

These are great, but I wanted to store my session data in cookies, because the amount of session data I plan to use is tiny, and because my app is designed to handle high-latency CouchDB database connections gracefully.

I had a hard time finding a session store that stores session data in the cookies. The session middleware uses cookies, but it uses them to store the keys to access the session data, not the session data itself. I found an example but no actively maintained session store for cookies.

After some more searching, I found that the way to store sessions in cookies is to use a whole different middleware that comes with connect! It’s called cookieSession. To use it all I have to do is add this code snippet, and ensure that I have session_secret set in my app settings:

app.use(connect.cookieParser(app.set('session_secret')));
app.use(connect.cookieSession());

When using cookie sessions it’s important that the cookie data is small and that the cookie is signed using a session secret, to prevent session fixation. This is documented in the excellent Ruby On Rails Security Guide. Even if you aren’t using RoR I recommend reading it.

Text

· · to read

I’m a believer in the concept of necessary steps.

I can’t waste less time online unless I show some restraint.

I can’t have more privacy online if I don’t self-filter.

Tools can help. Things that break up the habit can help. But in order for them to work, I have to make a good, old-fashioned change.

If I’m not ready to, I should ask why. Perhaps there’s something online that’s really important to me, and I don’t want to restrain myself. Or maybe I need to fix an issue I have that’s keeping me from wanting to do something more productive.

Text

· · to read

A function, all by itself:

module.exports = function(string) {
  return string.replace(/&(?!\w+;|#\d+;|#x[\da-f]+;)/gi, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/'/g, '&#x27;').replace(/\//g,'&#x2F;');
};

This is the escapeHTML() function from Backbone.js, which is hidden behind a closure. Thankfully it’s now in the latest version of Underscore.js, which is depended upon by Backbone. If an old version of underscore was being used and escapeHTML() was the one missing utility function that a developer needed, putting it in a module by itself would be one way of supplying it.

Side note: Backbone and Underscore escape the exact six characters specified in Rule #1 of the Open Source Web Application Security Project (OWASP)’s XSS (Cross Site Scripting) Prevention Cheat Sheet.

Text

· · to read

I published a node.js package to npm called br-jquery, which contains jQuery and provides an alternate path to downloading jQuery and putting it in a repository when starting a jQuery project. It is a lot like jquery-browserify, but it contains a newer version of jQuery (1.7.1) and has the minified version as well. Additionally it has a build script which fetches jQuery and a full example.

Browserify creates bundles from node.js-style CommonJS modules. It stubs out some core functionality so node.js modules with minimal dependencies can be used in the browser. Here is some JavaScript taken from the example, that creates a bundle:

var js = require('browserify')({
  require: {jquery: 'br-jquery'},
  entry: 'hello.js'
}).bundle()

The require property is used to , and the entry property is used to include a module that will be run when the bundle is loaded. The entry module starts by requiring jQuery:

var $ = require('jquery');
$(function() {
  // manipulate the DOM here...
});

I really like the browserify way of doing things. Instead of adapting browser code to run on the server, it adapts server code to run on the browser!

Repositorybr-jquery
Ownerbenatkin
Repositorynode-browserify
Ownersubstack
Repositoryjquery
Ownerjquery
Text

· · to read

This isn’t my only goal for 2012, but it’s the only goal from my only set of goals for 2012 which contains only one goal.

My goal is to, each night before I go to bed, prepare for the next morning. This means having a default choice of what to wear, knowing what I need to pack and where I’m first going to go, and a draft of a schedule and to-do list for the day.

My inspiration for this comes from a few different sources:

This matters most to me because I feel that my best self can figure out all of the other stuff, but if I don’t start my mornings off right, I’m unlikely to be my best self.