Maximizing Productivity and Avoiding Pitfalls: A Guide to Tech Blogging While Balancing a Full-time Job

As a software engineer, you're already familiar with the fast-paced demands of the tech industry. However, you may also have a desire to share your expertise, build your personal brand, and even earn some extra income through tech blogging. In this post, we'll explore strategies to help you become a productive tech blogger, even with a busy schedule and challenges such as writing skills and content ideas. 1. Define Your Niche: As a software engineer, you have valuable expertise to share. Defin

Post, Code and Quiet Time. Maximizing Productivity and Avoiding Pitfalls: A Guide to Tech Blogging While Balancing a Full-time Job By Errong Leng – 07 Apr 2024 – View online → Photo by Aaron Burden / Unsplash As a software engineer, you're already familiar with the fast-paced demands of the tech industry. However, you may also have a desire to share your expertise, build your personal brand, and even earn some extra income through tech blogging. In this post, we'll explore strategies to help you become a productive tech blogger, even with a busy schedule and challenges such as writing skills and content ideas. Define Your Niche: As a software engineer, you have valuable expertise to share. Define your niche within the vast field of technology, whether it's programming languages, web development, AI, cybersecurity, or another area where you excel. Focusing on a specific niche will help you target your audience more effectively and establish yourself as an authority in that domain. Create a Content Calendar: Time management is key when juggling a full-time job and blogging. Plan your blog posts in advance by creating a content calendar. This will help you stay organized and consistent with your blogging schedule, even with your busy work life. Set aside dedicated time each week to brainstorm ideas, research, and write content for your blog. Write Quality Content: If writing isn't your strong suit, don't worry. Focus on creating high-quality, informative, and engaging content that provides value to your readers. Consider alternative formats such as videos, podcasts, or infographics if you're more comfortable with multimedia. Remember, practice makes perfect, so keep writing and refining your skills over time. Curate Content: Don't always have topic ideas to share? Consider curating content from other sources. Compile lists of useful resources, summarize articles, or share insights from industry experts. Just make sure to add your own commentary or analysis to provide value and perspective to your audience. Leverage Your Expertise: As a software engineer, you have unique insights and experiences to draw from. Share your knowledge, tips, and best practices through tutorials, case studies, or technical deep dives. Don't be afraid to showcase your expertise and demonstrate your problem-solving skills to your audience. Promote Your Blog: Building an audience for your blog takes time and effort. Utilize social media platforms, online forums, and tech communities to promote your blog posts. Engage with your audience, participate in discussions, and share your content where appropriate. Building a strong online presence will help you attract more readers to your blog over time. Overcoming Writing Challenges If you're not confident in your writing skills or struggle to come up with topics, don't let that discourage you. Consider hiring a freelance writer or editor to help polish your content. Alternatively, collaborate with fellow tech bloggers or invite guest contributors to share their expertise on your blog. Remember, everyone has strengths and weaknesses, and there's no shame in seeking assistance when needed. Writing Skills and Content Ideas For many aspiring tech bloggers, writing may not come naturally, and coming up with fresh content ideas can be a struggle. However, there are several strategies you can employ to overcome these challenges: Curate Content: Instead of solely relying on original content, consider curating valuable resources, summarizing articles, or sharing insights from industry experts. This not only saves time but also provides value to your audience. Create Multimedia Content: Experiment with alternative formats such as videos, podcasts, or infographics. This allows you to leverage your strengths and engage with your audience in different ways. Crowdsource Ideas: Engage with your audience through surveys, polls, or Q&A sessions to gather topic ideas. This ensures that your content is relevant and addresses the needs of your audience. Follow Trends and News: Stay updated with the latest trends and developments in the tech industry. This provides ample inspiration for blog posts and keeps your content fresh and timely. By implementing these strategies, you can overcome common obstacles faced by tech bloggers and maximize your productivity while balancing a full-time job. Remember, consistency, creativity, and effective time management are key to success in the world of tech blogging. So go ahead, share your knowledge, build your brand, and embark on your blogging journey with confidence! Conclusion Becoming a productive tech blogger as a busy software engineer is challenging but achievable with the right strategies and dedication. Define your niche, create a content calendar, write quality content, and leverage your expertise to provide value to your audience. Don't let challenges like writing skills or content ideas hold you back. With perseverance and commitment, you can build a successful tech blog while balancing your full-time job and earn some extra income along the way. Post, Code and Quiet Time. © 2024 – Unsubscribe

Navigating the Nuances of React: Managing Event Listeners in Conditional Components

In the dynamic world of React development, managing event listeners within conditional components can be a subtle yet crucial aspect that demands attention. Often, developers encounter unexpected behaviors when event listeners persist even after a component is hidden. In this post, we'll delve into this challenge and propose effective solutions to ensure seamless functionality in your React applications. Understanding the Issue Consider a scenario where a React component adds a key event liste

Post, Code and Quiet Time. Navigating the Nuances of React: Managing Event Listeners in Conditional Components By Errong Leng – 07 Apr 2024 – View online → Photo by Holly Booth / Unsplash In the dynamic world of React development, managing event listeners within conditional components can be a subtle yet crucial aspect that demands attention. Often, developers encounter unexpected behaviors when event listeners persist even after a component is hidden. In this post, we'll delve into this challenge and propose effective solutions to ensure seamless functionality in your React applications. Understanding the Issue Consider a scenario where a React component adds a key event listener using useEffect, expecting to remove it upon component unmounting. However, when the component is hidden through conditional rendering, the event listener persists, potentially causing unexpected behaviors or bugs. The Solution To address this issue and ensure proper management of event listeners in conditional components, follow these best practices: Conditional Rendering with useEffect: Leverage conditional rendering to control the visibility of components. When using useEffect to add event listeners, ensure that you consider the visibility state within the effect. Adding and Removing Event Listeners: Instead of relying solely on the cleanup function of useEffect, explicitly manage the addition and removal of event listeners based on component visibility. Component Visibility Control: Implement a mechanism to toggle the visibility of components. When a component is hidden, remove associated event listeners to prevent them from lingering and causing unexpected behaviors. Implementation Example Let's illustrate these best practices with a practical example: import React, { useState, useEffect } from 'react'; function ConditionalComponent() { const [isVisible, setIsVisible] = useState(true); useEffect(() => { const handleKeyPress = (event) => { if (event.key === 'Enter') { // Handle Enter key press console.log('Enter key pressed'); } }; if (isVisible) { window.addEventListener('keydown', handleKeyPress); } else { window.removeEventListener('keydown', handleKeyPress); } return () => { window.removeEventListener('keydown', handleKeyPress); }; }, [isVisible]); const toggleVisibility = () => { setIsVisible((prev) => !prev); }; return ( <div> <button onClick={toggleVisibility}> {isVisible ? 'Hide Component' : 'Show Component'} </button> {isVisible && <div>This component is visible!</div>} </div> ); } export default ConditionalComponent; In this example, the ConditionalComponent toggles its visibility based on the isVisible state. The useEffect hook adds and removes a key event listener depending on the component's visibility, ensuring proper management of event listeners. Conclusion By following these best practices, you can effectively manage event listeners within conditional components in your React applications. Remember to consider component visibility when adding and removing event listeners, ensuring a seamless and bug-free user experience in your web applications. Post, Code and Quiet Time. © 2024 – Unsubscribe

Debugging Deadlock Issues with Thread Dump Analysis Using kill -3 Command

Introduction: Deadlocks are a common issue in multi-threaded applications, where two or more threads are blocked indefinitely, waiting for each other to release resources. Identifying and resolving deadlocks is crucial for maintaining the stability and performance of your application. In this post, we'll explore how to use the kill -3 command to generate thread dumps and analyze them to diagnose and troubleshoot deadlock issues effectively. We'll also discuss additional tips for handling threads

Post, Code and Quiet Time. Debugging Deadlock Issues with Thread Dump Analysis Using kill -3 Command By Errong Leng – 07 Apr 2024 – View online → Photo by Library of Congress / Unsplash Introduction: Deadlocks are a common issue in multi-threaded applications, where two or more threads are blocked indefinitely, waiting for each other to release resources. Identifying and resolving deadlocks is crucial for maintaining the stability and performance of your application. In this post, we'll explore how to use the kill -3 command to generate thread dumps and analyze them to diagnose and troubleshoot deadlock issues effectively. We'll also discuss additional tips for handling threads in TIMED_WAIT state. Let's delve into the details. Generating Thread Dumps with kill -3 Command: To generate thread dumps for a Java process, you can use the kill -3 command followed by the process ID (PID). For example: kill -3 <PID> Replace <PID> with the actual process ID of your Java application. This command sends a SIGQUIT signal to the Java process, triggering it to generate a thread dump and print it to the standard error stream or log file. Analyzing Thread Dumps for Deadlocks: Once you've generated the thread dumps, you can analyze them to identify any deadlock situations. Look for the following signs: "Found one Java-level deadlock": This line indicates that the thread dump contains information about a deadlock. Locked resources: Check for threads that are holding locks on certain resources while waiting to acquire locks held by other threads. This often indicates a deadlock scenario. Thread state: Pay attention to the thread state of each thread in the dump. Threads in the "BLOCKED" state waiting for a monitor held by another thread are potential deadlock candidates. Thread stack traces: Examine the stack traces of blocked threads to understand where they're stuck and which resources they're trying to acquire. Resolving Deadlocks: Once you've identified the deadlock issues from the thread dumps, you can take appropriate measures to resolve them. Common strategies include: Reordering lock acquisition: Ensure that locks are always acquired in a consistent order across threads to avoid circular dependencies. Timeouts and retries: Implement timeouts and retries for lock acquisition to prevent threads from waiting indefinitely. Thread interruption: Consider interrupting threads that are stuck in deadlock situations to break the deadlock and allow the application to recover. Additional Tip: Handling Threads in TIMED_WAIT State When a thread is in TIMED_WAIT state, such as when using Thread.sleep() or object.wait() in a loop, simply setting a flag to exit the loop may not work as expected. If you're using a loop like while (!stopThread) { ... } and you set stopThread to true from another thread, the loop may not exit until the thread wakes up naturally. To ensure timely termination, you should call Thread.interrupt() on the waiting thread. This will interrupt its sleep or wait, causing it to throw an InterruptedException and exit the loop gracefully. Conclusion: Debugging deadlock issues in multi-threaded Java applications can be challenging, but with the kill -3 command and thread dump analysis, you can effectively diagnose and troubleshoot deadlock scenarios. By generating and analyzing thread dumps, you can identify the root cause of deadlocks and implement appropriate solutions to ensure the stability and reliability of your application. Additionally, understanding how to handle threads in TIMED_WAIT state is crucial for proper thread management and graceful termination. Post, Code and Quiet Time. © 2024 – Unsubscribe

Bypassing Client Authentication for Specific Endpoints in Spring Boot with mTLS(2 way SSL) enabled

In Spring Boot applications secured with SSL, enabling client authentication (configured as server.ssl.client-auth: need) typically requires that all incoming requests provide a valid client certificate. However, there are scenarios where certain endpoints require bypassing this client authentication while maintaining SSL security. For instance, consider a SOAP service where the operations exposed necessitate 2-way SSL, but the WSDL endpoints do not require client certificates and may pose usabi

Post, Code and Quiet Time. Bypassing Client Authentication for Specific Endpoints in Spring Boot with mTLS(2 way SSL) enabled By Errong Leng – 07 Apr 2024 – View online → In Spring Boot applications secured with SSL, enabling client authentication (configured as server.ssl.client-auth: need) typically requires that all incoming requests provide a valid client certificate. However, there are scenarios where certain endpoints require bypassing this client authentication while maintaining SSL security. For instance, consider a SOAP service where the operations exposed necessitate 2-way SSL, but the WSDL endpoints do not require client certificates and may pose usability challenges for clients. In this post, we'll explore how to achieve this by customizing Spring Security's X509 pre-authentication mechanism. We'll develop a custom filter to selectively bypass client authentication for specific endpoints while still extracting the username from client certificates for pre-authentication purposes. Let's delve into the implementation details. server.ssl.client-auth The configuration parameter server.ssl.client-auth typically refers to the server's requirement for client authentication during SSL/TLS (Secure Sockets Layer/Transport Layer Security) handshake. server.ssl.client-auth:need When set to need, it means that the server requires clients to present a valid certificate for authentication. If the client fails to provide a valid certificate or if the certificate verification fails for any reason, the server will terminate the SSL/TLS handshake, and the connection will not be established. This setting adds an extra layer of security to server-client communication, ensuring that only authorized clients with valid certificates can access the server's resources. It's commonly used in scenarios where strong authentication and security are paramount, such as in financial institutions, government agencies, or any other environment where sensitive data is exchanged. server.ssl.client-auth:want When server.ssl.client-auth is set to want, it signifies that the server requests, but does not require, client authentication during the SSL/TLS handshake. In this configuration: If the client presents a valid certificate, the server will verify it and proceed with the handshake. If the client does not present a certificate, the server will still continue with the handshake, allowing the connection to be established without client authentication. This setup provides flexibility, allowing clients to authenticate themselves if they possess a certificate, but not enforcing it as a strict requirement. It's often used in situations where optional client authentication is desired, such as in web applications where some resources are restricted to authenticated users but others are publicly accessible. So we will change server.ssl.client-auth from 'need' to 'want' and implement a custom X509 filter to change the behaviour for pre authentication by the username provided in the client cert. Custom X509AuthenticationFilter Implementation public class CustomX509AuthenticationFilter extends X509AuthenticationFilter { private X509PrincipalExtractor principalExtractor = new SubjectDnX509PrincipalExtractor(); public CustomX509AuthenticationFilter() {} @Override protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) { X509Certificate cert = extractClientCertificate(request); return (cert != null) ? this.principalExtractor.extractPrincipal(cert) : null; } @Override protected Object getPreAuthenticatedCredentials(HttpServletRequest request) { return extractClientCertificate(request); } private X509Certificate extractClientCertificate(HttpServletRequest request) { // for get method, not use the client cert even if it existed if (HttpMethod.GET.matches(request.getMethod())) { return null; } X509Certificate[] certs = (X509Certificate[]) request.getAttribute("jakarta.servlet.request.X509Certificate"); if (certs != null && certs.length > 0) { this.logger.debug(LogMessage.format("X.509 client authentication certificate:%s", certs[0])); return certs[0]; } this.logger.debug("No client certificate found in request."); // for soap request we should reject the request if no client cert found if (HttpMethod.POST.matches(request.getMethod())) { throw new RequestRejectedException("No client certificate found in request."); } return null; } public void setPrincipalExtractor(X509PrincipalExtractor principalExtractor) { this.principalExtractor = principalExtractor; } } In our custom implementation, we intentionally return a null client certificate regardless of whether the client sent one along with the request. This is particularly relevant when accessing WSDL endpoints via a browser, as the browser may automatically include a default client certificate, even if it's not the required one. Since this behavior is beyond our control and can't be reliably managed, we choose to handle it by returning null for any requests using the 'GET' method. However, if the endpoints we want to bypass client authentication for are accessed using methods other than 'GET', we may need to inspect the request URL to determine the appropriate action. so that the username pre-authentication will be skipped since we set client-auth to just 'want', not mandatory required. WebSecurity Config @Configuration @EnableWebSecurity @Slf4j public class WebSecurityConfig { @Value("${ra.client.username}") private String userNameInClientCert; @Value("${ra.client.cn-regex}") private String subjectPrincipalRegex; @Bean RequestRejectedHandler customRequestRejectedHandler() { return new CustomRequestRejectedHandler(); } @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { CustomX509AuthenticationFilter x509AuthenticationFilter = new CustomX509AuthenticationFilter(); http .authorizeRequests(authorizeRequests -> { try { authorizeRequests.requestMatchers( new AntPathRequestMatcher("/ws/*.wsdl", "GET"), new AntPathRequestMatcher("/ws/*.wsdl", "GET"), new AntPathRequestMatcher("/ws/*.xsd", "GET")) .permitAll().and().x509(AbstractHttpConfigurer::disable); authorizeRequests.requestMatchers( new AntPathRequestMatcher("/ws/op1", "POST"), new AntPathRequestMatcher("/ws/op2", "POST") ).permitAll().and().x509(x -> x.subjectPrincipalRegex(subjectPrincipalRegex) .x509AuthenticationFilter(x509AuthenticationFilter) .userDetailsService(username -> { log.info("username in client cert is : {}, {}", username, subjectPrincipalRegex); if (!username.equalsIgnoreCase(userNameInClientCert)) { throw new RequestRejectedException("no match username found from the client certificate in request."); } // TODO... check username against ldap or your username manager service // should throw new RequestRejectedException in case required username not found return new UserDetails() { @Override public Collection<? extends GrantedAuthority> getAuthorities() { List result = new ArrayList<>(); result.add(new GrantedAuthority() { @Override public String getAuthority() { return "read"; } }); return result; } @Override public String getPassword() { return null; } @Override public String getUsername() { return username; } @Override public boolean isAccountNonExpired() { return true; } @Override public boolean isAccountNonLocked() { return true; } @Override public boolean isCredentialsNonExpired() { return true; } @Override public boolean isEnabled() { return true; } }; })).csrf(c -> c.disable()); } catch (Exception e) { throw new RuntimeException(e); } }); SecurityFilterChain sc = http.build(); x509AuthenticationFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class)); return sc; } } In this part of the implementation, there are a few key considerations. Firstly, we ensure that the AuthenticationManager is set to the custom X509 filter after the http.build() statement. This ensures that the AuthenticationManager is properly initialized before it's used by the filter. Secondly, we always throw a RequestRejectedException, regardless of whether a client certificate is found in the CustomX509AuthenticationFilter for protected requests or if the username doesn't match. This is because, in the filter chain of the Spring Boot web or WebFlux framework, only this exception will be caught and result in an error response being returned to the client when client authentication is set to 'want'. I've experimented with throwing a custom Runtime exception, but it gets caught as well. However, in this case, it's only logged and the SSL handshake continues because the client certificate is not required. Custom RequestRejectedHandler by default, HttpStatusRequestRejectedHandler is used to send error response for RequestRejectedException. it only set a status 400 BAD_REQUEST. but does not have any body. in case you want to set different status code or want tell the client the specific reason, we can customize it by implement a custom RequestRejectedHandler and initialize it as a Bean. @Slf4j public class CustomRequestRejectedHandler implements RequestRejectedHandler { @Override public void handle(HttpServletRequest request, HttpServletResponse response, RequestRejectedException requestRejectedException) throws IOException, ServletException { log.info("Rejecting request due to: {}", requestRejectedException.getMessage(), requestRejectedException); // response.sendError(HttpServletResponse.SC_BAD_REQUEST, requestRejectedException.getMessage()); // Set the status code response.setStatus(HttpServletResponse.SC_FORBIDDEN); // Write a custom response body response.getWriter().write(requestRejectedException.getMessage()); } } @Bean RequestRejectedHandler customRequestRejectedHandler() { return new CustomRequestRejectedHandler(); } Conclusion In scenarios where you need to selectively bypass client authentication for specific endpoints in your Spring Boot application secured with SSL, Spring Security's X509 pre-authentication mechanism offers a robust solution. By customizing the X509AuthenticationFilter, you can configure your application to extract the username from client certificates while bypassing authentication for designated endpoints. This approach ensures flexibility in managing security requirements while maintaining the integrity of your application's authentication process. Post, Code and Quiet Time. © 2024 – Unsubscribe

Implementing A/B Routing with Spring Cloud Gateway

In modern microservices architectures, routing requests based on specific criteria is a common requirement. In this post, we'll explore how to use Spring Cloud Gateway to implement A/B routing for different customers based on their customer IDs. We'll achieve this by implementing a custom filter in Spring Cloud Gateway to check the customer ID and route them to the appropriate service based on defined criteria. Custom Filter Implementation: import org.springframework.cloud.gateway.filter.Gate

Post, Code and Quiet Time. Implementing A/B Routing with Spring Cloud Gateway By Errong Leng – 06 Apr 2024 – View online → Photo by Mi Min / Unsplash In modern microservices architectures, routing requests based on specific criteria is a common requirement. In this post, we'll explore how to use Spring Cloud Gateway to implement A/B routing for different customers based on their customer IDs. We'll achieve this by implementing a custom filter in Spring Cloud Gateway to check the customer ID and route them to the appropriate service based on defined criteria. Custom Filter Implementation: import org.springframework.cloud.gateway.filter.GatewayFilter; import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory; import org.springframework.stereotype.Component; import reactor.core.publisher.Mono; @Component public class ABRouteFilter extends AbstractGatewayFilterFactory<ABRouteFilter.Config> { public ABRouteFilter() { super(Config.class); } @Override public GatewayFilter apply(Config config) { return (exchange, chain) -> { // Get the customer ID from the query parameter String customerId = exchange.getRequest().getQueryParams().getFirst("customerId"); // Perform logic to determine A/B routing based on customer ID boolean isRouteToA = shouldRouteToA(customerId); // Define the target route URL String targetUrl = isRouteToA ? config.routeToAUrl : config.routeToBUrl; // Modify the request URI to route to the appropriate service exchange.getRequest().mutate().uri(uri -> uri.path(targetUrl).build()); // Continue with the request chain return chain.filter(exchange); }; } private boolean shouldRouteToA(String customerId) { // Implement logic to check customer ID and determine routing // This could involve database checks or other criteria // Return true for route to A, false for route to B } public static class Config { private String routeToAUrl; private String routeToBUrl; public String getRouteToAUrl() { return routeToAUrl; } public void setRouteToAUrl(String routeToAUrl) { this.routeToAUrl = routeToAUrl; } public String getRouteToBUrl() { return routeToBUrl; } public void setRouteToBUrl(String routeToBUrl) { this.routeToBUrl = routeToBUrl; } } } Route Definition in YAML: spring: cloud: gateway: routes: - id: ab-routing uri: lb://service-discovery predicates: - Query=customerId, * filters: - name: ABRouteFilter args: routeToAUrl: /service-a routeToBUrl: /service-b Perform redirection if required When it comes to routing requests in a web application, there are scenarios where simple forwarding isn't enough. One such scenario is A/B routing, where different users are directed to different versions of a service based on certain criteria, such as customer IDs. In this section, we'll enhance our Spring Cloud Gateway setup to perform A/B routing with redirection. We'll utilize a custom filter to dynamically determine the appropriate service endpoint based on the customer ID in the request URL, and then seamlessly redirect the user's browser to the chosen service. This approach ensures a smoother user experience and better management of traffic distribution in your application. Let's dive into the implementation details. URI originalUri = exchange.getRequest().getURI(); URI redirectUri = UriComponentsBuilder.fromUriString(host) .path(originalUri.getPath()) .query(originalUri.getQuery()) .build().toUri(); // Perform redirection to the appropriate service URL return redirect(exchange, targetUrl); }; } private Mono<Void> redirect(ServerWebExchange exchange, String targetUrl) { exchange.getResponse().setStatusCode(HttpStatus.SEE_OTHER); exchange.getResponse().getHeaders().setLocation(URI.create(targetUrl)); return exchange.getResponse().setComplete(); } Conclusion Implementing A/B routing based on customer IDs using Spring Cloud Gateway offers a flexible and scalable solution for routing requests in microservices architectures. By leveraging custom filters and route definitions, you can dynamically route requests to different services based on specific criteria, enhancing the flexibility and scalability of your system. Post, Code and Quiet Time. © 2024 – Unsubscribe