Friday, May 31, 2019

  • HN.
  • Jordan Peterson and Ben Shapiro: https://www.youtube.com/watch?v=1opHWsHr798.
    • Something like "inheritance jealousy" - if a dumb person inherits a billion dollars, you might be mildly annoyed because of their luck. If a competent, smart person gets a billion dollars, you are much more jealous. You are more threatened. Hierarchies are fundamentally efficient structures, and they provide purpose + goals, but they create resentment in the majority. Cain and Abel.
  • Audited all the phone bills and sent the balance (looks like $240) to mom to confirm.
  • While there are babel libraries to offer multi-language support, in webdev babel is the javascript compiler.
  • Split was Hollywood's first surprise sequel, where it was not marketed as such and rather left the bruce willis surprise for the end of the film. It follows Unbreakable, and the trilogy is concluded with Glass.
  • I like the whitestrips more than the mouthpiece with the light. It's too salivating. However, I do like the sequence of charcoal brushing right before the treatment, and will do so for whitestrips in the future.
  • React and redux practice.

Thursday, May 30, 2019

  • Most had originally thought (amount in diet = amount in blood). So, if you ate more cholesterol, for example, your blood would have more cholesterol, which is bad. Now, the equation is more clearly (amount in diet + amount produced = amount in blood). This applies to a lot, and is changing how we view a lot of foods (especially ones that were historically looked down on like saturate fat). If you eat more of something, your body produces less of it, and vice versa.
  • Transferred 10k (online limit) to parents, then went in to transfer the other 20. Spoke with a customer service representative about the $5 fees on the closed savings account. They said that they can revert fees up to 90 days old, so they credited $15 dollars back to my account lol. The other 200+ are lost.
  • Interesting PEP for the removal of many stdlib modules, due to obsoletion and/or replacement: https://www.python.org/dev/peps/pep-0594/#deprecated-modules.
  • RSVPed for 2 for Arlen/Rob's wedding. Eddie is gonna add us to his AirBnB. I'm gonna wait to buy flights because I don't know if I'll be leaving from the Bay or LA.
  • With some elimination, I've noticed a pretty clear causation for my back pain. It's Leg Day. I need to be extremely cautious, warm up, and stretch before any of these lifts.
  • Homemade sushi for the first time ever, it was amazing! Sticky rice, spicy sesame oil, salt and pepper, seaweed, salmon, avocado. That's it. Cost about $16 for 4 rolls, probably half the restaurant price.
  • WARRIORS RAPTORS game 1 finals.
  • Talked with Art a bit more.
    • Because we decide to flee or pursue, we should speak with pharmacies. User storymapping. Discuss the problem before understanding the solution.
    • A footrace is gonna have execution risk. Other products are way ahead, with bigger staff, etc. If we try to make a cleaner website, an easier signup process, a larger pharmacy base, rebates whatever - then we're probably going to lose. We need to shift a bit more into market risk. What different feature does our stack have that others don't? What additional service can ours provide?
    • Other models: buy in situ (orbitz model), take a percentage cut (amazon).
    • Another model we could try: redirect for purchase and take a query fee (kayak).

Wednesday, May 29, 2019

  • Teeth whiteners. Newer charcoal products are effective at removing stains, because activated charcoal's outer pores will strip away any foreign bodies on the outer surface of your teeth. However, they don't bleach the teeth like hydrogen (or carbamide) peroxide based whiteners do. These take time, working beneath the surface to actually change the color of your teeth. I'll probably get a charcoal jar to use sparingly (maybe brush once every couple weeks) for regular maintenance, but still use whitestrips about once a year for the actual whitening effect.
  • Went to store, placed regular amazon order, and amazon fresh order! All for various elements of making sushi at home tomorrow.
  • There are MANY important KPIs for websites: dwell time, new unique visitors, signups, return visitors, on and on and on. https://databox.com/website-kpis-and-measuring-performance.
  • Watched an entrepreneurship video from FW: https://www.youtube.com/watch?v=Q-Cbav_Dt2s.
    • Market risk. Better to play this game as a young person with an idea. Usually something novel, first product/service to create the market. You're buying a lottery ticket. Higher risk, higher reward.
    • Execution risk. Better to play this game as an established entrepreneur. Usually not a market-changing technology, but some improvement that's basically guaranteed to become successful. You can buy a team of sales, marketers, employees etc to see it to market first. Lower risk, lower reward.
    • This guy is pretty cool. Justin Kan. Biggest creation: twitch. He has a few smaller ones as well. He talks about mindfulness and how important diet/sleep/exercise/meditation are to his success.
    • Company culture is so so important. Make your employees feel like things are happening through them instead of to them.
  • Started reading two books: The Untethered Soul and Leadership and Self Deception.
  • Jon Snow checked into rehab: https://www.usmagazine.com/celebrity-news/news/kit-harington-checked-into-treatment-center-for-wife-rose-leslie/.
  • Went to bank of america. Deposited my solium check. Can't transfer until it clears (SOB tomorrow). Transferred my remaining balance in the savings account to the checking account, then closed savings. The $5 monthly fees were for being below a minimum lol. Ridiculous policy. The agent said she would try to waive them.
  • Did some valuation research on the ninja. KBB, cycletrader, and craigslist all were in the range of 2-3k for my year, odo, condition, etc. I would probably sell to a private party at around 1.5k because of the shift fork on 2nd gear. I might drop as low as $1000 for a friend.

Tuesday, May 28, 2019

  • Finally got a tracking number for Urthbox. If it arrives in a couple days, it will have taken 2 months to arrive after the order was placed.
  • The Solium check hasn't arrived either. If it arrives tomorrow, it will have taken 2 weeks for a $20 delivery fee.
  • Cheerio is the npm package for using jquery in node. You can select DOM elements, act on them, etc. Also serves a functionality like beautiful soup.
  • Axios is the npm package for an http browser client, like solium. It enables webscraping.
  • The chase for the world's largest tesla coil: http://lod.org/. Lightning on demand!
  • Pharm
    • Startup research.
      • Develop your business model.
        • Plan to grow, services provided, etc.
        • Build the beta website.
      • Develop your company model.
      • Patent/Copyright/Trademark/Trade Secret. Usually one is necessary.
      • Get funding. NDAs are necessary here.
      • Market to customers. Expand.
    • LLC research.
      • Limited Liability Company. The owners won't risk personal assets if it goes bankrupt or gets sued. Can't intermix personal money.
      • To start an LLC, you file Articles of Organization and Operating Agreement with the Secretary of State (online) and pay a fee.
      • LLCs can choose to be taxed like a partnership (see LLP below, basically personal income tax for partners) or like a corporation.
      • Different from:
        • Sole proprietorship. The simplest. The owner is responsible for all debts. It is not a legal entity. Just register for license. Also allows you to mix personal funds with the business. Taxed with owner as regular income.
        • Partnership. Can be general partnership (like sole proprietorship but with an even split for profit/debt across multiple people) or limited liability partnership (called an LLP, and still taxed on the partners' personal taxes). LLPs are common for architecture and law firms.
        • Corporation. The most common for larger companies. You have to have common stock, license, board of directors, etc. Very similar to LLC, just larger. The owners still have limited liability. The corp is basically another person in legal eyes. They're taxed separately and make decisions separately. Corp vs Inc - it doesn't matter, but once you declare, you have to be consistent in all your legal nomenclature after that. Most common type is C Corp.
    • Allie knows a decent amount about all of this.
    • Looked up some more domain names. These are available: focuseuticals, rxcenterpiece, keynoterx, plazapharm, rxcapitol, bazaarpharma, bazaarpharm, racketpharm, pharmracket, pharmaracket, rxracket, rxcrux, kernelpharm, pharmakernel, kernelrx, rxkernel.
      • I loooove racketpharm because it sounds like "rocket farm" and implies you're getting something for ridiculously cheap, but has negative connotations because technically rackets are illegal business handlings so it might deter people.
      • kernelrx and bazaarpharma both sound pretty good too, and are self-descriptive.
    • Still a little hesitant due to the maturity of other established sites.

Sunday, May 26, 2019

  • Murder mystery party was awesome yesterday. The curry brisket turned out pretty good as well. We finished one packer and I took the second home for leftovers this week.
  • Cast iron pans shouldn't be soaked, for fear of rust. They also shouldn't be washed with soap, which might strip some of the seasoning on the pan (the seasoning is usually vegetable oil).
  • Warriors raptors finals baby. We're the heavy favorites, but I love both teams. Some articles some that this is a bigger threat than Lebron's Cavaliers the best 4 years. That's ridiculous. There have been 9 NBA finals sweeps in the history of the league. I wouldn't be surprised if this becomes the 10th. Also, Drake is a diehard raptors fan but has warriors tattoos.
  • Reminder about betting lines. If a team is +150 and you bet $100, you would get back your $100 plus $150 in winnings. If a team is -250 and you bet $250, you would get back your $250 plus $100 in winnings. A positive line is for the underdog and you risk less than you gain. A negative line is for the favorite and you risk more than you gain.
    • The superbook line is -310 for the warriors in the finals, a very heavy favorite.

Friday, May 24, 2019

  • Scrolldown animations are very popular now. Just slight shifting of the text and increasing opacity is enough to give the user a nice scroll feel. Also gives a bit better load time and responsiveness, since the lower panes don't have to load when the initial page does.
  • The difference between iterator and iterable. They're very similar, they just slightly differ in how Python deals with them under the hood. Both can be looped over. Iterators just have an explicit __next__() method so they inherently know how they're supposed to be iterated over. Iterables don't have this behavior. Python calls iter() on them to determine how to sequence the iteration. TLDR: An iterator has the "how to iterate over my data" baked into it. An iterable does not.
  • Put the new amex credit card info for AAA autopay.
  • HN
  • Meditated for a bit today for the first time in a long time, love it. Great for destressing.
  • Did a little research into carnivory and other dietary choices. Some are extreme, like the sole "beef-salt-water" lifestyle. There are worshippers of this end of the spectrum, just like there are on the vegan side. Both with firsthand accounts and both with scientific research. Cholesterol too. Diff btw dietary cholesterol and blood cholesterol.

Thursday, May 23, 2019

  • Yesterday spent the day in San Bernardino again.
  • Notes from art meeting Tuesday:
    • Prices drop after the usual patent (10yr?) expires, allowing generic meds to flood.
    • AWP = average wholesale price. There are usually hot items that have low awp and high resell value. Knowing these waves is much easier if you work in the industry.
    • Redirects and utm query params can identify the majority of traffic induced by our hub. Probably not close to 100%, but maybe ~70%?
    • LOTS of domain names are taken.
    • Can have public accounts for otc and pharmacy accounts for rx.
    • Applications take a few days and require signatures, etc. Some are even still mail, not digital. Abstracting all of this into a universal application has value on its own, even without the price comparisons. We'd aim to do both.
    • Getting a read-only account is another option. This seems more core to the principles of the idea. Completely skip all buying capability, just show prices. No account, nothing. Simpler.
    • Befriending a vendor would be huge at this stage. Could give details on price margins, traffic amounts, value of our product, etc.
  • Identity Politics. It's something I've always been familiar with, but never knew the formal name for. Individual identity should come before group identity. Tribalism has historically ended in violence, and our modern world continues to confirm this. So much political conflict twirled around race, gender, etc.
  • PW/MD.
  • Checked mail. The solium check which was shipped on May 15, eight days ago, with a delivery method that cost $20, has not arrived yet :)
  • Bought brisket from costco. Trimmed and brined. Also bought jelly bellies for the counting game.
  • Bought prizes (drinks) from vons, as well as ring toss bottles (perrier lime lol).
  • Wow, this pharmarket alternative already exists: https://www.ezrirx.com/
    • Based in New Jersey. Founded 2016. They have the universal application, price comparison, and in-situ purchasing :/
    • We'll create an account to see the list of wholesalers. If it's not that many vendors, the market is still open.
    • Even if it's legit, we have another model that may work: no account, no buying power. Just show up to the site and compare prices, like kayak. The hard part about this is it involves uprooting the status quo. We'd basically have to convince vendors to publish their prices.
  • In order to fully immerse someone in an experience, you must attend to as many senses as possible. Think of a date: a scene with candles, chocolate, music, flowers, and physical touch is much more impressive than an alternative with any one sense missing.

Tuesday, May 21, 2019

  • Sent out all murder mystery invitations, as well as the printouts and office supplies and decorations. This is a lot of work!
  • India's Tandoori up near Allie in miracle mile has a lunch buffet that goes until 3. I went today, so good.
  • GRRM blogpost after the series finale: http://georgerrmartin.com/notablog/2019/05/20/an-ending/.
  • The expedia/priceline business model:
    • The customers are not the individual users. The customers are the companies selling through your marketplace.
    • The cofounder of Kayak was the cofounder of Orbitz before. The key change which made Kayak successful was that it no longer sold tickets, it just became a search engine to aggregate prices and compare. This was easier to maintain, fewer employees, no customer service needed, etc.
    • Kayak gets about half its revenue from referrals (flight/hotel/car companies paying them) and half from advertising.
    • Kayak earns anywhere from 0.1 - 0.3 cents per query for flights, cars, and hotels (hotels being higher).
    • Amazon takes anywhere from 6-20% cut per item sale (average 15%), as well as monthly dues to even list items ($0-$40). There's also a minimum (a dollar or two) in case 15% of an item sale is less than that.
  • Progress:
    • Free for pharmacies. Money comes from vendors. Could take a percentage of sales or charge a fee per query. We'll have to iterate on the sweet spot for this number until it makes sense for both parties.
    • Roadmap:
      • Add a few more vendors.
      • Enable user accounts, necessary to store partnership information and vendor credentials and such.
      • MVP is done. Show it to pharmacies. Get them to use it.
      • Once there are enough users, start pitching to vendors (our actual customers).
      • In production, we should not aggregate prices by webscraping. Supported vendors should expose a contracted API for our data.
      • Possibly: buy bulk and resell for discounted rates, just like kayak does with hotel blocks. To do this, we'd need to add functionality/complexity to the app. It would allow buy/sell instead of just redirect.
      • Start trending history and offering price prediction.

Monday, May 20, 2019

  • HN/PW.
    • Papermill is a tool that takes a Jupyter notebook (and some params) and executions it with a production context in mind (saving artifacts, etc). Netflix has been pushing these architectures hard, even outside of the data science workflows at the company, because it's a great way to combine runtime with notes/datasharing for others to consume.
    • Some awesome gems in python 3: https://datawhatnow.com/things-you-are-probably-not-using-in-python-3-but-should
      • fstrings for autoformatting based on variable names.
      • built-in lru.
      • type hints.
      • no __init__ necessary for subpackages.
  • Game of thrones and barry are done, mostly just nba/nhl now (although that will finish soon too). Westworld s3 trailer came out (parts filmed right here in hermosa).
  • Very interesting segment! https://www.youtube.com/watch?v=aMcjxSThD54.
  • Warriors swept Portland, off to the 5th consecutive finals!
  • Bought the circus murder mystery night (from a new company), started preparing everything for saturday.

Thursday, May 16, 2019


Tuesday, May 14, 2019

  • Back from LiB! Great trip. Uploaded and shared pictures.
  • Yesterday caught up on all the quarterfinals NBA/NHL games that I missed, game of thrones, and ufc/bellator events.
  • QR stands for Quick Response in QR codes. The most recent version is a 177x177 grid.
  • Emails, newletters, HN, PW, MD, etc:
    • Guido about creating python (as a middleground between C programs and shell scripts) and stepping down as BDFL: https://www.youtube.com/watch?v=qxMcGDnT8uc.
    • SQL is old and has many pitfalls. We should not resist the forthcoming of newer query languages.
    • Some good response headers to add to your server's HTML pages:
      • Strict-Transport-Security: max-age=1000; includeSubDomains; preload
      • Content-Security-Policy: upgrade-insecure-requests
      • Cache-Control: max-age=30, public
      • Accept-Encoding: gzip, deflate, br
      • Accept: image/webp; imgae/apng, image/*, */*;q=0.8
      • Accept-CH: Width, Viewport-Width
      • Accept-CH-Lifetime: 100
      • Link: </font.woff2>; rel=preload; as=font; no-push
      • Feature-Policy: vibrate 'none'; geolocation 'non'
    • Remember, PyTorch is an ML library.
  • Apparently the purchase offer proceeds are doled out through cash holdings in Solium, rather than between SpaceX and the employee directly. You have to elect between a transfer (which requires bank info) and a check (which requires an address). If you don't elect, it defaults to check. I was out of town with no service, but I received no notification of shipment, so I emailed them today (others said they received their transfers earlier).
  • GSW crushed Portland in game 1.
  • Promises in JS are just like callbacks (setTimeout, etc), just cleaner. They define two things: what to return when it succeeds (.then), and how to handle the error when it fails (.catch). Resolve vs reject. You can have multiple chained .then calls, executed in order if it no errors are thrown in the previous. You can also fire off multiple promises at the same time (Promise.all([]).
    • async is simply a way to return a promise. Then you call await, which blocks until the promise resolves. You can do multiple concurrently with Promise.all() in the same way.

Wednesday, May 8, 2019

  • California has a larger economy by itself than every country on the planet except 4: US, China, Japan, Germany.
  • Got my POA notarized. Allie will bring to SpaceX tomorrow. We also got the final allocations today. lol.
  • Read about all 3 star wars trilogies, 9 movies in total. I have only seen maybe 2 of them, and only when I was a child. Not a fan, but was just curious to read a 10min summary of the entire saga.
  • Unloaded amazon fresh and packed the BMW saddlebags full of all LiB food. Packed all regular stuff as well, after laundry.

Tuesday, May 7, 2019

  • Supercontest
    • Split the uwsgi ini file into proper sections and moved all configuration there instead of as clargs in docker-compose.
    • Process
      • docker network create nginx-proxy
      • docker run -d -p 80:80 -v /var/run/docker.sock:/tmp/docker.sock:ro --name nginx-proxy --net nginx-proxy jwilder/nginx-proxy
      • Then start the app containers (usually `make build-start-prod`).
    • letsencrypt-nginx-proxy-companion has some useful utilities.
      • docker exec nginx-letsencrypt /app/force_renew
      • docker exec nginx-letsencrypt /app/cert_status
    • Created the bmahlstedt.com github repo. Added a tiny app with tiny landing page.
    • Created the infra github repo. Moved the command line process above to a docker-compose and added a readme. Now, you simply docker-compose up there (after creating the nginx-proxy network) just once, and then can create as many virtual hosts as you'd like.
    • nginx-proxy is pretty dope. It uses a dummy dhparam while a new one is generated in the background (2048 bits can take a while), then it reloads nginx automatically when done.
    • Renamed services (like app_prod) to use dashes instead of underscores (to app-prod).
    • Confirmed that app-dev still works.
    • After a docker system prune, you need to recreate the network. The volumes will stay by default.
    • http forwards to https and www forwards to non-www (just southbaysupercontest.com and bmahlstedt.com).
    • Got ssl working with letsencrypt-nginx-proxy-companion. The setup is pretty clean now.
    • Updated documentation.
    • Closed #47. Everything is done now. There are two containers (nginx-proxy and letsencrypt) that control traffic (and certify) all other virtual host containers on that machine. Right now that includes two apps, southbaysupercontest.com and bmahlstedt.com.
  • DHPARAM = Diffie Hellman parameters, used for secret key validation.
  • Buyback BS.
    • I made my election and submitted the transmittal form separately to SpaceX. This is a dumb requirement in the first place, because you're already making a digital confirmation.
    • I played with my election after, knowing that I wasn't going to change it. I just wanted to observe. I intentionally did not submit the transmittal forms for these.
    • Because the transmitted number and my solium number did not match, Solium generated incorrect final documents. SpaceX can fix this, but they need my power of attorney since it's technically changing a number after the close date. Ridiculous and inconvenient (requires notary).
    • Made an appointment for BOA tomorrow.
  • Dad is going in for surgery tomorrow, called for good luck.
  • Placed Amazon Fresh order for Lightning in a Bottle - $140. Soylent, protein bars, and almost every non-refrigerated fruit & vegetable you can imagine!
  • Tutorials
    • Express
      • Process
        • npm init (creates package.json)
        • npm install express (adds it to node_modules/ and the deps in package.json)
        • app.js with require, app instantiation, route addition, listen on port.
        • node app.js
      • This is identical to what I'm used to. Remember, node is the javascript runtime outside the browser (python). Express is the web framework (flask).
      • Autoreload behavior can be enabled by `sudo npm install nodemon -g` then `nodemon app.js` instead of `node app.js`.
      • Pug (and old-school jade) is the template engine for node, just like jinja is for python. You can render these templates and insert variables and other functionality.
    • JS, even with its exponential growth, is still not as full-featured of an environment for enterprise app development as something like java/python/c#.
      • Typescript goes a little further than JS because it has static typing.
    • OvernightJS is a utility lib for apps build with typescript and express. Gives some nice classes and controllers and decorators.
  • Updated resume. Cleaned the skill organization at the bottom. Did a little on linked/github as well.

Monday, May 6, 2019

  • JS is, of course, dynamically typed like Python. Types are inferred at runtime. Typescript is statically typed, so types are known before runtime. You can lint this with tslint.
    • Python 3 has type hinting (called such because it's optional). You can specify the input and output types a function expects, and then static analysis can catch any errors before runtime. It's also nice for documentation.
  • California is about the same latitude as the VERY bottom of Europe, almost between it and Africa. Northern California is about the same as Spain/Portugal.
  • Deer shed their antlers every spring and they grow back during summer. I had no idea.
  • Started work on the reverse proxy for supercontest and bmahlstedt.com. Will post all details tomorrow.

Sunday, May 5, 2019

  • Played around with maintenance banners for a downed website. You basically just have to return 503 so search engines know it's temporary. Then, for users, you can add a custom html template with a friendly, descriptive message.
  • Helped jcriss with the grom mods. Bar end mirrors, bunny ear blockoffs with turn signals integrated, fender eliminator with brake and turn signals, sprocket, brake and clutch shorty levers.
    • Sliced open my finger pretty bad with an exacto knife while slicing a bundle to rewire.
  • Smoked ribs again for game of thrones. This time did NOT use hot sauce as the only marinade! Added a little curry to the rub.
  • Got the replacement amex and activated it. Got new insurance cards and put them on all bikes.
  • Received my medical identification card and the choice form. You must elect one of the two plans: LA Care and Health Net. They're both HMOs. I choice Health Net because Torrance Memorial Medical Center is under them, my closest hospital (although Health Net's Medi-Cal plan will cover emergency services anywhere in the United States!) I have no intended doctor visits or anything else to sway the decision. Chose Salahuddin Aschrafnia as primary care simply because it's close (Redondo) and decently rated.
  • Unboxed the new tent and sleeping pad for LiB, practiced assembling everything (even hitching the guy lines).

Friday, May 3, 2019

  • Puppeteer is a popular headless browser webscraper like selenium.
  • HN/MD.
  • Completely reorganized all of my files in Google drive. This took a couple hours.
  • Watched deliverance. It was hyped as one of the most disturbing movies of all time. It was average. The movie was 2 hours long and crawled. There were essentially 3 scenes: rape, river peril, and cliff climbing. It could have been 60 minutes shorter. It was neither shocking nor provocative. The banjo duel was the best part.
  • Ordered a single person tent and sleeping pad (totaling $125, but they're good quality and reusable) for lightning in a bottle.
  • I get a couple recruitment calls a day. Considering taking my number off linkedin.
    • They're starting this new tactic of "we're looking for the best of the best for <X> role, can you recommend one of your colleagues who is looking for an amazing new opportunity?" They manipulate the tone by flattering your altruistic side, seeming informal and taking pressure off the real focus before circling back to your pursuit.
  • Supercontest.
    • Played around with multiple docker-compose, splitting the dev/prod envs into separate files rather than separate services within the same file. I prefer it the way I had it.
    • Had to recalibrate my consideration of the reverse proxy. I'm not adding an nginx container to then forward traffic to multiple other containers running nginx as the server frontend for other app containers. I'm simply taking the existing nginx and certbot containers that serve supercontest, and I'm swapping them for nginx-proxy and letsencrypt-ngnix-proxy-companion so that they can be the webserver for multiple service domains (running in separate other containers).
      • Those two containers are therefore abstracted outside of the supercontest project. They probably won't be in a compose file. They'll just be a command to run prior to starting the supercontest containers, with the sc compose file just having the app and the db.
      • This is a wonderful compartmentalization, in both technical and general terms. Service administration has advanced wondrously in the past decade.
  • Created a repo for my rc files and uninstalled dejadup: https://github.com/brianmahlstedt/config.

Thursday, May 2, 2019

  • Supercontest
    • Remember, you have to docker-compose down before running the tests on the host. Otherwise, the app will not be able to start (socket already in use).
    • Added tests for http auth and the graphql endpoint. CSRF is disabled in the python tests, so I gave a full client example in the readme.
    • Stopped using relays and connectionfields, opting instead to just use graphene's List type. You lose some automatic pagination and other cursor capabilities, but querying becomes a lot simpler - you don't have to specify edges and nodes every time. As it grows, switching back would be very easy.
    • Deployed to prod and closed #41 after merge. The `make deploy` convenience target works.
    • Graphiql in prod was missing the csrf token. I ensured SC_DEV worked and the csrf protection was initialized.
    • Changed the makefile recipes for ansible to use --key-file at the command line instead of requiring that ssh-agent and ssh-add be run before.
    • Added csrf_protect back to the app in dev mode, then exempted the graphql view. This is just wrapping it with the func (instead of the decorator), like login_required(csrf_protect.exempt(GraphQLView.as_view())).
    • Right now, my graphql resolvers just return everything. I don't add nodes and fields for people to filter on certain values. I can later, but right now I just expect clients to handle it all.
    • Emailed the group with the graphiql link and the python query example.
  • docker top can be used to check processes in the container.
  • You can check the environment of an already-running process with `cat /proc/<pid>/environ`. Super useful.
  • Removed the ps1 stuff from tmux (it was exiting immediately on startup) and removed the ssh-agent stuff from .bash_profile (I explicitly call out the ssh key in my makefile calls to ansible).
  • Nginx reverse proxy.
    • Multiple websites in different containers on the same machine.
    • First create the umbrella network on the host: docker network create nginx-proxy
    • Then start the reverse proxy container which uses this network.
    • Then start the actual service containers with this network as well. These must have 3 things in their docker-compose yamls:
      • Expose port 80 on the service
      • Add the nginx-proxy network
      • Add the VIRTUAL_HOST env var for the domain.
    • There's a companion container to handle letsencrypt as well.
      • Add a few more volumes to share certs between the containers.
      • Add the LETSENCRYPT_HOST (and _EMAIL) env vars for the domain.
    • Didn't finish this, but will resume tomorrow.
  • Generalized my digitalocean project name and droplet name to MyProject and MyDroplet, since they host multiple services. Added the A and NS records for my second domain (bmahlstedt.com), so digitalocean's nameservers direct to both my domains instead of godaddy. The registrar update it within like 60 seconds, much faster than last time.
    • Since I haven't finished the reverse proxy yet, https://bmahlstedt.com points to the supercontest application lol. This makes sense, as I'm not VIRTUAL_HOST routing the traffic by domain yet.
      • This could be used easily to point multiple domains at the exact same service/site.
    • It's also not ssl trusted and red, which makes sense since I haven't certified this domain yet.

Wednesday, May 1, 2019

  • Bazel.
    • WORKSPACE file defines the root. File(s) named BUILD within that root defines the rules, to point at the input source and define the outputs. You can have multiple BUILD files. Each defines a "package" for bazel. They can depend on each other (need to add "visibility" in the build file), and each can have multiple targets.
    • bazel build //path-to-package:target-name
    • Say you have a .cc file that prints hello world. Building that target with cc_binary would add it to <workspace_root>/bazel-bin/main/hello-world, which you can then call whenever you want.
    • bazel-bin, bazel-genfiles, bazel-out, bazel-* are all just symlinks (in your workspace root) to ~/.cache/bazel.
    • You can query dependencies of your targets: bazel query --output graph --nohost_deps --noimplicit_deps 'deps(//main:hello-world)'
    • Installed graphviz and xdot, common viewers for many things (including bazel dependency graphs).
      • http://www.webgraphviz.com/ is an awesome browser viewer, just copy the text output from the command line. Or, pipe it to xdot at the command line.
    • The value here is the entire tree. Everything is a file, and the entire dependency graph is known. Therefore, building outputs (binaries, whatever) can be optimized. When outputs need to be rebuilt, only the inputs that have changed need to be rebuilt.
    • For a language like python that isn't built (compiled) manually, but rather interpreted, this has a lot less value. There are four standard python targets. py_binary, py_library, py_test, py_runtime.
    • Looked up some more python/bazel suggestions, watched https://www.youtube.com/watch?v=9mhmGcR6CPo.
    • Ultimately, not using this for supercontest or any of my other projects. Simple GNUmake and sx-setuptools are wonderful.
    • There is value in a monorepo setting, but the hardest part is getting the dependency resolution down to the file level instead of the python package level.
      • This becomes impossible fully, because third-party packages will be vendored and you can't specify all of those down to file.
      • If third-party packages started defining as bazel packages instead of python packages, we could get somewhere.
    • This is all an attempt to define a language-agnostic packaging standard that ultimately just defines file inputs and file outputs.
    • Bazel users absolutely love the word hermetic. It means airtight, people.
  • Remember, compiling is just translating to a lower-level language (like assembly, bytecode, machine code...).
  • Some nix reminders.
    • inode is a data structure. It stores metadata like owner, perms, parent dir, last modified, etc. It does not store filename or the actual data in the file.
    • Hard links are basically copies. They contain the data. Can only hard link files, not dirs. Same inode. Must be on same filesystem.
    • Soft links (symlinks) are basically shortcuts. They do not contain the data. Can soft link dirs or files. Different inodes. Can cross filesystems.
  • To nest bullets in github markdown, leave the hyphen and just put 4 spaces in front of it.
  • $PS1 is a linux variable that defines the custom shell prompt. It's different within tmux vs outside, hence the lack of color. Tried the top 5 solutions to fix this, none worked. Messed with a ton of bashrc and tmux.conf.
  • Nginx can directly serve multiple websites (domains) from the same machine. If you are running your services in a container, then you can also use nginx on the host as a reverse proxy to forward traffic to the appropriate containers (where nginx again can be the server for the app-specific request).
  • Bought bmahlstedt.com for $21 (2yr contract) through GoDaddy, same as southbaysupercontest.
  • If a website tells you to disable your adblocker, you can often just set style="display:none;" on the banner and then change the background color back to white or increase brightness.
  • GraphQL.
    • There are a few places in my application where I translate an email to an ID, an ID to picks, picks to scores, etc. GraphQL should be able to help quite well with this over-fetching that REST is vulnerable to.
    • Was created at FB in 2012, earlier than I thought.
    • graphene and graphene-sqlalchemy are two python packages to aid in use with graphql models. flask-graphene is the extension to add the /graphql view. gql is the client.
    • Added the graphql view, with the query schema wrapped around my existing user/pick/matchup models.
    • Created the environment variable SC_DEV and set it to 1 in docker-compose for app_dev. This skips csrf protection and enables graphiql in the browser.
    • Wrapped the view_func with login_required() for add_user_rule, rather than decorating it like a normal route. You now need to login to hit the graphql endpoint, even programmatically.
    • In graphiql, ctrl-space will autocomplete with an option dropdown. ctrl-enter will execute the query.
    • You can then query from the command line with curl at /graphql?query=<>
    • You can then query from python with gql.
    • Since the app has direct access to the database, sqlalchemy is fine to perform internal app queries. To go through graphql for the app itself would be weird and inefficient: python -> http through view -> python.
    • I am intentionally not adding mutations. This is a read-only interface for users to mess with the db.
    • Graphiql is an extremely useful interface for users to query the db. I had to do some fancy stuff to extend csrf/auth to the graphql endpoint, but I was successful.
    • Added two tests. One that verifies that you can auth with the app via basic requests + csrf token (rather than with selenium). The second auths verifies that the graphql endpoint can return data programmatically. This was simply achieve with json={'query': query} where query is a docstring with the same content you'd enter into graphiql. Didn't end up needing gql (bc I couldn't really use it without hacking my auth mechanism for csrf in).
    • Ended up enabling graphiql for production, since it's protected by auth anyway.
  • Github offers an API to query their data with graphql: https://developer.github.com/v4/.
  • Medium obviously collaborates with freecodecamp.org and codeburst.io.
  • Alexa (not amazon) is another company that monitors internet traffic. They rank the most popular sites: https://www.alexa.com/topsites. In the US the top 24 are: google youtube facebook amazon wikipedia reddit yahoo twitter linkedin instagram ebay microsoftonline netflix twitch instructure pornhub imgur live craigslist espn chase paypal bing cnn
  • JWT = json web tokens.
  • Extremely using for programmatically repeating a manual browser request (like a login): open chrome devtools, perform an action, then go to the network tab, right click the request, copy as curl, then convert to python requests with https://curl.trillworks.com/.
  • It totally depends on the service, but selenium should be able to login for all because it's closest to a real user. For direct auth with requests, the server can expect whatever it wants. Some require certain cookies (which you can get with a naked request then session.cookies.get_dict()). Supercontest requires a csrf_token to be passed with your credentials, that's it. Make a request, save the csrf token from the response, the hit /user/sign-in with your creds and the csrf token.
Subscribe to: Posts (Atom)