What they never tell you about GitHub

GitHub is brilliant…. There are loads of tutorials, video and articles out there, recently I’ve spent time filling gaps in my Git version control knowledge and something struck me as odd. Every tutorial should make it clear right from the start and reminders throughout their presentations that you

DO NOT STORE PASSWORDS, KEYS, USERNAMES, CREDENTIALS, ETC. ON GIT HUB

Why?

Because there are bastards out there who are scanning git repositories for anything that could help access secured areas or consume resources they should not.

Git does scan your repo’s and will warn you but its not in real time so be warned. Still not convinced? The image is of a free Amazon Web Service account that was set up as a learning exercise the keys where saved in a Git Repo and over the course of 3 days a free account had racked up nearly $10,000US .

What can you do, if you accidentally commit a password, key, etc? Delete the branch? Roll back?

No!

The best advice and this is also given by Git themselves is to consider your data compromised and your accounts that use the data hacked. Once again, rolling back and deleting does not work.

So reset your passwords/key etc and don’t just add a 1 at the end or swap out vowels for 12345.

How do you manage password and environment values?

Have a Google for git .gitignore or visit dotIgnore on GitHub

JavaScript fetch()

In a previous post I was refreshing my memory with vanilla JavaScript  after years of jQuery-ing, especially AJAX request and the

XMLHttpRequest()

My eyes rolled when I was reading more about it then  I found fetch()  ( I know its been about since 2015 and now almost universally adopted).

Fetch does what XMLHttpRequest does but in a more elegant way and DOES NOT need additional libraries as it is bundled with JavaScript. It also makes use of “promises” .

const url = "https://randomuser.me/api/?results=10";

fetch(url)
.then(function(response) {
 return response.json();
})
.then(function(data) {
 console.log(data.results);
})
.catch(function() {
 console.log("Booo");
});

The above code queries the URL, then parses the string as JSON, then does something with the data.

It also catches errors.

Good eh?

Its looks to be easy to expand and do all manner of fetching. For example submitting a form

var form = new FormData(commentForm);
fetch( url, { method: "POST", body: form })

You can then chain .then() promises to get the desired outcomes.

For more information

A quick introduction video from Google

From Google Working with the Fetch API

Jake Archibald’s post Thats so Fetch

Scotch post The Fetch API

 

 

 

 

 

Javascript AJAX without jQuery

I learnt this stuff years ago but with the rise of jQuery I like many others had become lazy. Add the fact that so many browsers handled things slightly different going down the library route had its benefits.

It is 2017 and things have improved many jQuery(ish) approaches have been adopted by Javascript and browsers have become more similar.

So here goes. First off a GET request to retrieve a Chuck Norris joke

<script>
var url = "http://api.icndb.com/jokes/random";
var request = new XMLHttpRequest();

request.open('GET', url, true);

request.onload = function() {
 if (request.status >= 200 && request.status < 400) {
 // Success!

printJokes(request.responseText);

} else {
 // We reached our target server, but it returned an error
 console.log('There was a problem. Status:' + request.status);

}
};

request.onerror = function() {
 console.log('There was a problem!');
};

request.send();


var printJokes = function(jokes){

JSON.parse(jokes, (key, value) => {
 key == 'joke' ?
 console.log(value) : ''
 });

}
</script>

 

 

 

Javascript reminder #1 Spread syntax

Okay, a quick reminder on Spread Syntax

If you have a Javascript function that you call with

average(1, 2, 3);

function average(x, y, z){
// Average of the three numbers
}

You are limited to just three properties/arguments. Not very useful if you have more or less numbers you want to find an average. Using Spread Syntax we don’t have to worry about the number of values passed

function average(...args) {
  var sum = 0;
  for (let value of args) {
    sum += value;
  }
  return sum / args.length;
}

average(2, 3, 4, 5); // 3.5

The Spread Syntax ( the three dots{name}) includes all the unknown values.  It gets better still

var averageMethod = 'mode';
var roundTo = 2; /Decimal places
doThing( averageMethod, [2,4,3,6,10,19], roundTo);

function doThing(method, ...valuesToAverage, roundTo)
{
// Calculate averages
}

And Spread Syntax can be used when creating arrays

var parts = ['shoulders', 'knees']; 
var lyrics = ['head', ...parts, 'and', 'toes']; 
// ["head", "shoulders", "knees", "and", "toes"]

Good eh?