|al(j)ʊˈmɪnɪəm| mass noun - the chemical element of atomic number 13, a corrosion-resistant metal named after Habib Alamin, a computer programmer

Software as Engineering

As a software developer, I've never really considered “software engineering” a ‘valid’ engineering discipline. This thread on Reddit has changed my mind about that. Software can be engineered.

Let's Encrypt without sudo

The Let's Encrypt initiative is a fantastic program that is going to offer free https certificates! However, the one catch is that you need to use their command program to get a free certificate. You have to run it on your your server as root, and it tries to edit your apache/nginx config files.

I love the Let's Encrypt devs dearly, but there's no way I'm going to trust their script to run on my server as root, be able to edit my server configs, and have access to my private keys. I'd just like the free ssl certificate, please.

So I made a script that does that.

Greg Wilson – What We Actually Know About Software Development, and Why We Believe It's True

This video is a must watch for any software developer who cares about their craft. Old, but timeless.

This site is now signed with a Let's Encrypt certificate

It's been almost a year since I posted on this blog, but here we are again.

Let's Encrypt is a certificate authority in private beta that provides free certificates (automated generation, renewal, and with Apache, setup (nginx coming soon)). They are a public service.

They are now trusted by all major browsers, as they have received a cross-signature from IdenTrust.

I'm looking forward to the day that encrypted data doesn't stand out, because it's the norm. I'm really excited with, and grateful for, what the team at Let's Encrypt are doing.

For those concerned about issuing certificates to phishing and malware sites, read this article by them.

1 - How to configure an apex domain for a Heroku app

So, I'm getting my project prepared for the meet & greet and I stumbled upon a curious ‘feature’ of CNAME records while trying to point my domain name to my Heroku app. I don't know if you noticed, but when you visit this website, you don't need to type “www”, and if you do, it will redirect you to the ‘apex’ or ‘naked’ domain; that is, the root domain, no subdomain. I prefer this over “www”, because it's much cleaner in my eyes. I consider the “www” a smell.

There's a problem.

DNS A-records require that an IP address be hard-coded into your application's DNS configuration. This prevents your infrastructure provider from assigning your app a new IP address on your behalf when adverse conditions arise and can have a serious impact to your app's uptime.

The infrastructure provider in this case is Heroku.

Unfortunately, most domain providers do not let you configure a CNAME record for the apex domain. That's because, much of the time, it causes conflicts with MX records (used for email). It also goes against RFC1034, section 3.6.2, which says:

If a CNAME RR is present at a node, no other data should be present; this ensures that the data for a canonical name and its aliases cannot be different.

Now, I'm not sure what's been said, but to get an idea of the trouble it can cause if you try this, check out this post by a man called Josh Strange.

There is a solution to all this. Certain domain name providers will use special features to make ANAME-like records that allow you to use the apex domain with an MX record without hardcoding an IP address, all without any emails getting lost along the way. Mr Strange used Amazon. I used CloudFlare (who, ironically, redirect users to the "www" subdomain on their own site). At first, I thought I would have to switch my domain name across to another provider who offers this special feature and pay for all the trouble. Fortunately, CloudFlare rescued me.

CloudFlare is a content delivery network with a free plan that has everything you need to get this working. I followed this guide to get everything working, but here's the short version.

  1. You should already have a domain name. I was using iwantmyname.

  2. Get an account on CloudFlare.

  3. Add your website and let CloudFlare mirror your DNS records. I can't remember if you can do it without mirroring, but if you can, skipping is fine too. We're going to change it, anyway.

  4. On your domain name provider's control panel, change the nameservers to CloudFlare's ones. CloudFlare will now be your site's DNS. It should tell you the nameservers after you've migrated your DNS records to them. I don't think you'll get the same as me, so I won't tell you mine.

  5. Add a CNAME record to point to for your apex domain. It may warn you that you already have ANAME records at the root, or whatever, if you mirrored records from your old provider. You only need one CNAME record pointing at the root for everything to work.

That's it. CloudFlare's CNAME flattening feature will work its magic in the background and let you use an apex domain with a CNAME (not actually CNAME behind the scenes, of course) record. You may want to add the www as well and redirect that to the apex with a page rule, but that's outside the scope of these instructions.