Wednesday, December 31, 2014

Drop that Internet Explorer!

What about the globe icon?
Should you drop support for Internet Explorer 8? Why not? My comic never supported it in the first place.

Well, maybe that's a little unfair. My comic doesn't support it because it has no support for SVG images, which are a major part of the comic's design. Also, CSS3 support is not there, which makes things look pretty bad. I just don't have time to develop a completely different site design for the roughly 9% of Internet users still on the antique browser. I doubt they are my target audience anyway (actually, only about 10% of my comic audience uses any version of IE).

Yeah, that's the one I remember
Internet Explorer 8 is the last version available on Windows XP, which is itself no longer supported. I liked XP and kept it around for a really long time myself, but Windows 7 and 8 are just fine operating systems and both support decent versions of IE.

But for further reading, look at these:

Is it Time to Drop Support for IE8?

The Internet Explorer 8 Countdown

Microsoft IE8 browser support ending in 17 months

Now there are even rumors that Microsoft will replace Internet Explorer with a totally new browser in Windows 10! While you might think that retiring the frustrating surfing tool is great news, just wait until you have to support TWO DIFFERENT weird non-standards-compliant Microsoft browsers instead of just one! It's not like every computer on earth is going to suddenly upgrade to Windows 10. There will be people hanging around on Windows 7 for years, and I doubt they'll get this new browser.

In case you are wondering, it's not until Internet Explorer 10 that 100% of my comic is supported. It does look fine in IE9 though. I just don't know what happened to Internet Explorer. I remember it being much better than Netscape Navigator 4, but it lost its way somewhere around version 5. Nobody stays on top forever. I wonder when someone will come out with a better browser than Chrome... comic for 31 December 2014

Monday, December 29, 2014

Atomic Feed!

There just aren't enough ways to get my comic delivered to you. In the old days, a newspaper would be dropped off at your house each morning and would contain a page full of comics. You didn't have to go to the publisher and get them. But today, there are no newspapers (well, maybe a few are left) and I am my own publisher. You have to remember to go to every Monday, Wednesday, and Friday to see the comics. Who can remember to do that, with all the other stuff you have to remember every day?
How do you get your comics? (photo by cartese)

I had the idea that I should be supplying an RSS or Atom feed of my comic so those people who use readers like Feedly will be automatically given the new comics when they are available.

Since my comic server application is JavaScript on Node, of course I looked for a module on npm that would enable me to easily create feeds. The top one is simply called feed. And it worked fine. But I found a few limitations and quirks with it when I was creating Atom format.

First, the validation was a little off from the Atom specification. Link is not technically a required element of the feed element, but an error was generated if I didn't include it. It was also putting in a "hub" type link, but that's not an Atom thing - it's from the RSS 2.0 type. There was an option for "image" which mapped to the logo element, but there was not an option for specifying the icon element. The logo should be more like a banner (twice as wide as it is tall) and the icon should be square.

For individual entries in the feed, again link was mandatory when it doesn't have to be. It was also missing the published date option for entries.

Now don't get me wrong, it's a great package. The issues I found are relatively minor, so I forked the project on GitHub and made changes to correct them. My version is available at

I am still playing around with how to structure the content and which optional elements make a difference to readers such as Feedly, so I don't recommend subscribing to the feed just yet. But here's an example of how I am currently using it:

var feed = new Feed({
    id: "",
    title: "",
    description: "A web comic about frogs who run a technology company.",
    link: "",
    feed: "",
    icon: "",
    copyright: "All rights reserved 2014, Casey Leonard",
    author: {
        name: "Casey Leonard",
        email: "casey at",
        link: ""

var comics = loadComics(); // get the latest comics

for (var c in comics) {

        title: comics[c].title,
        link: "" + comics[c].id,
        description: " comic for " + comics[c].pubDate,
        date: comics[c].pd,
        content: "comic html goes here"


feed.updated = comics[0].pd; // date of the newest comic

var atom = feed.render("atom-1.0");

I'll be sure to announce when I think it's done and hope to get the comic listed in the "comics" category on Feedly as well. comic for 29 December 2014

Friday, December 26, 2014

What did you get for Christmas?

Another Christmas has passed and the new year will be here in a week. I still haven't had 2 minutes to write anything about the new JavaScript library I've been using off-and-on for the last few weeks, but hopefully that will change this weekend and all 3 of you that read this blog can be treated to that next week.

But let's take a moment to reflect on the gifts we've received for Christmas.

This year I got some coffee aged in oak barrels previously used to age Cabernet. I also got a stapler that looks like a frog.

When I was 12 years old, I got Visual Basic 3.0 (on floppy disks). That was an exciting Christmas. It was quite expensive at the time and I believe it might have been the only thing I got from my parents that year.

In 2001, I got two 15-inch LCD monitors from my girlfriend. I gave her an engagement ring that same year, and we've been married since September 2002. I would have given her the ring even if she hadn't given me the monitors. comic for 26 December 2014

Wednesday, December 24, 2014

Merry Christmas!

'Twas the night before Christmas...

Yes, it is Christmas Eve. I hope you have all your shopping done, if you're one of those people who buys gifts at Christmas.

My 5-part Christmas poem on wraps up today. I'll be spending this evening with my family in our traditional manner - pizza, Christmas Eve service at our church, and watching the Muppet Christmas Carol. The best film adaptation of Dickens' work, in my opinion.

The frogs will be back to their usual shenanigans on Friday, as will most of the world. I hope you have a Merry Christmas, and come back to read my blog when I return to writing about software development next week! comic for 24 December 2014

Monday, December 22, 2014

A Little More Daylight

Today there is more daylight than yesterday, but you probably didn't notice.

Yesterday, the 21st of December, was what people here in the northern hemisphere like to call "the shortest day of the year." I like to call it my father's birthday as well, but that's not the point. The point is, all days are actually the same length (unless they add a leap second or some crazy nonsense). Yesterday wasn't the shortest day of the year, but it was the day when the Earth received the smallest amount of solar radiation, due to the tilt of the planet's axis. Winter has officially started.

Today, the 22nd of December, will get slightly more sunlight. But just by a few seconds. Here in central Pennsylvania, we had 9 hours and 16 minutes of daylight yesterday. It won't be until the 26th when we can say we got 9 hours and 17 minutes.

But we're starting to pick up some momentum...we only have to wait until the 28th to get 9 hours and 18 minutes of sun, and we can add another minute on the 20th. At the beginning of January 2015, we'll be adding 1 minute per day, and by the end of the month we'll add 2 minutes per day.

By mid-March, we'll be enjoying around 12 hours of sunlight (when daylight and darkness hours are equal, Spring begins) and we are adding around 3 minutes daily. It slows down as we get closer to June 21, when we max-out at 15 hours and 5 minutes.

I like tables of this kind of information. Here you can find the daylight/darkness table for someplace close to where you live: Duration of Daylight/Darkness Tables comic for 22 December 2014

Friday, December 19, 2014

Finally Backing Up

I did something today that I should have done a long time ago - set up automatic backups of my database.

As you may or may not know (depending on how many of my blog posts you've read before), all of the data for my web comics is stored in a MySQL database. The words coming out of the frogs mouths, their positions in each cell, and the SVG images of the frogs themselves - all stored in simple tables in MySQL. I needed to be doing backups.

I set it up with cron and mysqldump. I wrote a simple bash script that will call mysqldump to create the complete backup of my amphibian database. It looks something like this:

fn=/path/to/backups/amphibian-$(date +%d-%b-%Y).dump
mysqldump amphibian > "$fn"

To make sure each backup file gets a unique name, I create the fn variable which includes a section made out of the formatted date, in DD-Mon-YYYY format. To the Linux date command, that is %d-%b-%Y. Then I simply call mysqldump giving it a single parameter: the database name. I redirect the output to a file of the name I made above...and that's it.

Wait, why didn't it prompt for a user name and password to dump that database? Good question! That was my initial problem - I didn't want to put the password right in the script file. I found that if I make a file in my home area named .my.cnf and have it contain a section like this,

user = username
password = pw12345

...I can use mysqldump with a default user and without being prompted for a password. As long as the .my.cnf file has 0600 (read-write only owner) file permissions, it is reasonably secure.

I set my backup script to be called once per week by cron and I'm feeling much better now. I made an additional script that automatically copies the backup files offsite to a remote server for added safety. Being prepared for catastrophic data loss will really let me sleep better tonight. comic for 19 December 2014

Wednesday, December 17, 2014

You Know, That Christmas Poem

Okay, so my comic up until Christmas Eve is clearly a parody of "A Visit from St. Nicholas." You may know it better as "The Night Before Christmas", which is not actually its title but part of the first line.

This classic poem, written by Clement Clarke Moore way back in 1823, is largely responsible for our modern ideas about Santa Claus. My poem will most likely have no cultural impact whatsoever. But it is a chance for us all to think for a few minutes about the level of effort required for Santa's operation to make it on time every year. To meet his requirements, Santa can't be up there in his workshop hand-assembling dolls. He needs to be an expert at managing a production line of impossible size, and use the most advanced techniques for both planning and execution. Knowing the current wakefulness state of every child on earth, their position on the naughty/nice scale, and their desired gift list at any moment is clearly a monumental achievement of data science that is the envy of everyone from Google to the NSA.

And we haven't even gotten to the whole delivery phase of the operation yet. Amazon can experiment with flying delivery drones all they want, but only Santa Claus has a team of flying reindeer out delivering packages at speeds which imply some sort of controlled distortion of space-time.

There's no company on earth that wouldn't like to send someone to Santa for training - he's clearly mastered things that the rest of us don't even know exist yet.

I'm not the only one considering things of this nature. As part of your Christmas preparations this year, be sure to read Are Santa’s Reindeer Used for Propulsion or Navigation?, in which an MIT graduate student delves into the interesting question using Moore's original poem as evidence. comic for 17 December 2014

Monday, December 15, 2014

Making Some Pies

Shoofly Pie by Syounan Taji
My favorite kind of pie is Shoofly Pie, a molasses pie which originates among the Pennsylvania Germans. It is very similar to the English Treacle Tart, where golden syrup is used instead of molasses, which is also one of my favorite desserts when I'm in the U.K.

None of that has anything to do with the kinds of pies I made last week (before I got sick and spent several days barely awake). I made pie charts. You know, like doughnut charts, but without the hole in the middle. Both sound delicious but can't be eaten.

Also, don't confuse charts and graphs. It is my understanding that a graph is a type of chart that uses lines. Like a square is a type of rectangle.

Anyway, I wanted to take some of my data I capture from and plot it in a way that makes analyzing it easy. I am most interested in how many comics are accessed per day and which types of browsers people use to access the site. I have web services that generate the raw numbers from the server, so I wanted to find a JavaScript client library that could draw pretty pictures for me.

After experimenting with a few options, I went with Chart.js. Another popular recommendation was Data-Driven Documents, D3.js, but that was really overkill for my needs. I like to keep it simple.

Chart.js lets you take JSON data and render 6 different chart types using HTML5 Canvas. You can extend it to create your own additional chart types if you want, but the ones already included meet most needs: Line, Bar, Radar, Polar Area, Pie, and Doughnut. One of its best features is that it allows the charts to be responsive. When enabled, it resizes the canvas element as the parent element changes and the chart still looks good.

Using it on a web page is easy. First, just download the library and include it on your page:

<script type="text/javascript" src="/js/Chart.min.js"></script>

Now put a Canvas element, or elements, on your page where you want to draw the chart(s). There's a tricky thing about Canvases in that they really need width and height attributes, which is fine except when we want to have responsive charts that size with the browser. When going responsive, the trick is to just set the size very small but maintain the proportions, such as 80x60 instead of 800x600 and let Chart.js size it up for you - you won't even notice.

<div style="width: 50%">
  <!-- I really want this chart to fill the div automatically -->
  <canvas id="chart1" width="80" height="60"></canvas>

All that's left to do is organize your data in an appropriate way for the type of chart you'd like to draw, and pass it to the appropriate Chart function. Let's look at a simple line chart for example, but the Chart.js documentation has plenty of detail on all the other options plus more customizations.

var chartData = {
        "labels": ["A", "B", "C", "D", "E"],
        datasets: [
                label: "Something",
                fillColor: "rgba(151,187,205,0.2)",
                strokeColor: "rgba(0,51,102,1)",
                pointColor: "rgba(151,187,205,1)",
                pointStrokeColor: "#fff",
                pointHighlightFill: "#fff",
                pointHighlightStroke: "rgba(220,220,220,1)",
                data: [33, 57, 42, 88, 101]

var opts = {
    "scaleGridLineColor": "rgba(0,0,0,.08)",
    "datasetStrokeWidth": 3,
    "responsive": true
var ctx = document.getElementById("chart1").getContext("2d");
var myChart = new Chart(ctx).Line(chartData, opts);

Line charts need a set of labels for the X-axis, and at least one set of data for drawing a line. You can actually draw more than one line on the same chart, useful when comparing data, which is why the datasets field is an array (even though in my example it only had one element).

Each dataset object should contain a label, color-related information for the lines and fills and points, and the set of values to plot on the Y-axis. Those values should in in an array given as the data field.

An options object can be used as well. There are a number of "global" chart options but each kind of chart has some specific options you can use. I customized the color of the scale grid lines, the stroke width of the data line, and made sure to set responsive to true.

All you need to do is pass the 2D context from the appropriate Canvas element into Chart and pass the the chart data and options to the chart type (see the final 2 lines above). You get back a reference to the chart, which you can use later to update the data and redraw if you want.

A chart that is always 50% of the page width

I was pleased with how simple it was to create and customize the simple charts I needed. I would recommend you check out Chart.js if you have similar needs on a project.

Sorry if you are disappointed by the lack of actual pie making in this blog. I know, I didn't even show how I made a pie chart! I did actually make some, after I made a line chart - but I'll let that be an exercise for the reader (or you could check out the repo on GitHub). comic for 15 December 2014

Friday, December 12, 2014

Sweet Dreams (of the 1980's)

Whenever I hear the word "logarithm" I can't help but think of this song...

I guess it's just because word "logarithmics" sounds so similar to "Eurythmics". You can understand my confusion, right? Plus, growing up in the 80's I must have heard this song 43,000 times - long before I ever knew what a logarithm was.

While I'm at it, here's a short list of more songs that were the soundtrack of my childhood.
Someday, we're going to look at these songs the same way we look at classical music today. You know, you'll take your flying car to the symphony to listen to them perform some Bon Jovi.

Until that day, we'll have to settle for symphonetic renderings of Edvard Grieg. Or, this...

Wednesday, December 10, 2014

The Christmas Song Lyrics You Never Knew

I'm feeling a bit under-the-weather today, so instead of a post about how to use some JavaScript technology or how to make a paper frog I'd like to help you with your Christmas songs.

Jingle Bells

I would have to suspect that you have never seen more than the first verse of this song. Few people know the rest of it.

Here are the complete lyrics:
Dashing through the snow
In a one-horse open sleigh
O'er the fields we go
Laughing all the way
Bells on bobtail ring
Making spirits bright
What fun it is to ride and sing
A sleighing song tonight!
Jingle bells, jingle bells,
Jingle all the way.
Oh! what fun it is to ride
In a one-horse open sleigh.
Jingle bells, jingle bells,
Jingle all the way;
Oh! what fun it is to ride
In a one-horse open sleigh. 
A day or two ago
I thought I'd take a ride
And soon, Miss Fanny Bright
Was seated by my side,
The horse was lean and lank
Misfortune seemed his lot
He got into a drifted bank
And then we got upsot. 
(repeat chorus) 
A day or two ago,
The story I must tell
I went out on the snow,
And on my back I fell;
A gent was riding by
In a one-horse open sleigh,
He laughed as there I sprawling lie,
But quickly drove away. 
(repeat chorus) 
Now the ground is white
Go it while you're young,
Take the girls tonight
and sing this sleighing song;
Just get a bobtailed bay
Two forty as his speed
Hitch him to an open sleigh
And crack! you'll take the lead. 
(repeat chorus)
The rest of the song isn't quite as catchy as that first verse, huh?

Good King Wenceslas

Now I'll share the words to one my favorite Christmas songs that isn't really even a Christmas song. Of course I'm talking about "Good King Wenceslas." You hear the music to this song all the time but rarely does anyone sing the words. It's not technically a Christmas song if you pay attention to the first line: "Good King Wenceslas looked out, on the Feast of Stephen." The Feast of Stephen takes place on December 26th, but I guess that's close enough. Also worthy of note, Wenceslas wasn't ever even a king in his lifetime - the title was bestowed on him after this death. Here are the words:
Good King Wenceslas looked out
On the feast of Stephen
When the snow lay round about
Deep and crisp and even
Brightly shone the moon that night
Though the frost was cruel
When a poor man came in sight
Gath'ring winter fuel

"Hither, page, and stand by me
If thou know'st it, telling
Yonder peasant, who is he?
Where and what his dwelling?"
"Sire, he lives a good league hence
Underneath the mountain
Right against the forest fence
By Saint Agnes' fountain."

"Bring me flesh and bring me wine
Bring me pine logs hither
Thou and I will see him dine
When we bear him thither."
Page and monarch forth they went
Forth they went together
Through the rude wind's wild lament
And the bitter weather

"Sire, the night is darker now
And the wind blows stronger
Fails my heart, I know not how,
I can go no longer."
"Mark my footsteps, my good page
Tread thou in them boldly
Thou shalt find the winter's rage
Freeze thy blood less coldly."

In his master's steps he trod
Where the snow lay dinted
Heat was in the very sod
Which the Saint had printed
Therefore, Christian men, be sure
Wealth or rank possessing
Ye who now will bless the poor
Shall yourselves find blessing
I don't understand why more people don't sing the words. I've always liked them. comic for 10 December 2014

Monday, December 8, 2014

Frog Paper Craft

Today, we're not going to build anything out of code. We're going to use a more primitive medium.

You may notice that my frogs are constructed out of nothing more than simple geometric shapes. I used to draw them by hand this way, but now I draw them as Scalable Vector Graphics in Inkscape. Since SVG defines the shapes using mathematical formulas you might say that the frogs are made out of math. Yesterday my daughter wanted to make a craft, and I came up with this idea: making frogs out of paper!

I made up some templates for the parts of one of my frogs and printed them out on colored paper. We cut and glued the paper together with some cardboard and had some fun. Now I'm going to share the fun with you!

Step 0.

You'll need some thick cardboard, scissors, glue, a marker, and colored paper. Print out the templates of the different pieces on colored paper (see links below). Print the body template on green paper, the bellies template on yellow, and the eyes on white. Or use other colors if you want some more interesting frogs!

Frog Body Template
Frog Belly Template
Frog Eyes Template

Frog Body - Print on Green Paper

Frog Bellies - Print on Yellow Paper

Frog Eyes - Print on White Paper

Step 1.

Cut out all the frog parts. Get a fun color paper for your background (I use purple in my example). Glue the back eye, arm, and leg on your paper something like the following picture.

Step 2.

Glue one of the body pieces on top of the eye, arm, and leg. Glue one of the belly pieces on top of that.

Step 3.

Cut out some cardboard pieces and glue them on as pictured below. The thicker the cardboard, the better. It will give the frog some depth.

Step 4.

Glue the other body piece on top of the cardboard. Glue the other belly piece on top of that. In the picture below, I have the body slightly transparent so you can see the placement.

Step 5.

Glue the second eye, arm, and leg on top of the body and exposed cardboard pieces. Again, I use transparency in the picture to help show the placement of the parts.

Step 6.

Almost done! Get your marker and draw in the eyes and mouth. Your frog craft is complete!

Here are the ones I made with my daughters, but that was before I wrote these nice instructions. Yours should turn out even better.

Send me pictures of your complete crafts! comic for 8 December 2014

Friday, December 5, 2014

Your Internet Thermometer

Photo by Bernard Gagnon
It's amazing what access to the Internet on phones has done to us. When I wake up in the morning, I look at my phone to check the outside temperature. I remember when I was a kid and we had to use antiques like thermometers stuck on the outside of our windows!

In today's comic, the frog is trying to get the body temperature reading from another frog. He fails to realize that frogs, being ectotherms, will basically have the same body temperature as that of their environment. His phone shows him (and you, the reader of the comic) the actual temperature from my town here in central Pennsylvania. Look at the comic today and you'll see today's temperature. Come back in 6 months and you'll see a warmer temperature (I hope). Whatever temperature it is here when you load the page, that's what you'll see.

Getting weather data for my comic is not difficult. I basically do the same thing that the weather app on your phone is doing - accessing a server somewhere that has been collecting data from weather stations around the country and getting the latest information for a certain location. I have used both Weather Underground and OpenWeatherMap to get data, as both have APIs that anyone can use. In the case of my comic, I wrote a simple module for Node that I use to manage the API calls.

var http = require('http');

module.exports = function(conf) {

    var currentTemp = 50;  // start with some reasonable value

    var apiKey = conf.weatherApiKey || "";
    var location = conf.location || "";

    function pullWeatherData(cb) {

        // OpenWeatherMap
        var url = ""
                + location + "&units=imperial&APPID=" + apiKey;

        // Weather Underground
        //var url = "" + apiKey
        //        + "/conditions/q/" + location + ".json"; 

        http.get(url, function(res) {

            var wData = "";
            res.on("data", function(chunk) {
                wData += chunk;
            res.on("end", function() {
                try {
                    var data = JSON.parse(wData);
                    cb(null, data);
                } catch (e) {

        }).on("error", function(e) {


    function weatherTimer() {

        pullWeatherData(function(err, data) {
            if (err) {
            } else {
                try {

                    // OpenWeatherMap
                    if (data.main.temp) {
                        currentTemp = data.main.temp;

                    // Weather Underground
                    //if (data.current_observation.temp_f) {
                    //    currentTemp = data.current_observation.temp_f;

                    console.log("Setting current temp to " + currentTemp);

                } catch (e) {
                    console.log("Unable to update temp");
            setTimeout(weatherTimer, 1800000); // call again in 30 minutes


    weatherTimer(); // run now, and then every 30 minutes

    return {
        temperature: function() {
            return currentTemp;


The goal of this module is to give me access to the current temperature value and update that value automatically on a timer. Temperature doesn't usually change that quickly so every 30 minutes is fine for my application.

There are really only two functions - one that calls the API to get the data and the timer that asks for new data and updates the temperature. In my code above, I show it using the OpenWeatherMap API with the Weather Underground stuff commented-out, in case you want to try that one as well.

The first function I called pullWeatherData. It simply calls http.get for whichever service you want to use and reads the response stream, in JSON format, into a string which is parsed into an object at the end. I had to make sure error conditions were handled gracefully, because when you call external APIs you sometimes get garbage back. That's the point of the try/catch around the JSON.parse call - the response might not actually be JSON (it could be a plain text HTTP 500 page, for example) and you don't want to crash your whole app. So if there is any kind of error, the callback function given to pullWeatherData is called with the error as the one and only parameter. In the case of a successful call and parse, the callback function is called with a null as the first parameter to indicate no errors and the weather data object as the second parameter. The exact format of this object will depend on which service you called.

The weatherTimer function simply calls pullWeatherData and then does something with the data before setting a timeout for calling itself again in 30 minutes. All it really does with the data is take the temperature value out of it and store it in a variable. If everything works, that variable will be automatically updated every half hour.

After defining these two functions, my module calls weatherTimer in order to get the data for the first time and start the timer for the next call. The return value is an object with a function simply called temperature which will return the current value of the temperature variable. Here's an example of how the module would be used in an app:

var express = require("express");
var app = express();

 * OpenWeatherMap uses their own location ids.
 * Id 5184309 is near Reedsville, PA.
 * Weather Underground can use ZIP codes.
 * ZIP 17084 is Reedsville, PA.
var weather = require("./weather")({
    weatherApiKey: "your_key_here",
    location: "5184309"

app.get("/", function(req, res, next) {
    res.send("weather demo");

app.get("/temp", function(req, res, next) {
    res.send("current temperature is: " + weather.temperature() + " deg F");

// ------------ start listening
var server = app.listen(3000, function() {
    console.log("listening on port %d", server.address().port);

Just like the comic, this sample app will tell you the temperature here in Reedsville if you point your browser at the /temp path. As you can see, it's cold in Reedsville as I write this.

If you want, you could modify this module to get different weather data or more data and store it in a more complex object. You could really just store off the entire response object and access different values each time. You might even apply this pattern to other non-weather APIs as well. Be creative! comic for 5 December 2014

Wednesday, December 3, 2014

What's Not on my Christmas List

I don't want a smart watch for Christmas. I don't want a new iPad. I don't want a new video game system. Or a 1TB SDD. Or pretty much anything else you would probably guess.

Much to the displeasure of my family, I rebel against the commercialism of Christmas. Corporate America does a pretty good job of convincing all of us that Christmas is about buying things for people. It gets more extreme every year. A few years back, I'd just had enough of it. I don't need anything. No one in my immediate family needs anything. There are many people in the world that do need things, but we don't know many of them. We spend all our time and money worrying about the people near us who most likely have few material needs.

No, I'm not some kind of Ebenezer Scrooge, sitting in my office counting stacks of coins and complaining about the Christmas season. I love Christmas, I just don't feel the need to celebrate it with consumerism. I want to celebrate it in a more appropriate way.

Here are my guidelines of Christmas gifts.
  1. When giving a gift, it should be something that the recipient either can't or won't buy for themselves. This could mean making something to give as a gift, but it can also mean buying something that the recipient would like to have but is too impractical for them to purchase on their own.
  2. Choose quality over quantity. My grandfather lived by this rule in everything. But at Christmas, a single thoughtful gift is worth more than a whole mountain of inconsequential junk.
  3. Try presence instead of presents. Is the giving of a gift the best way to show our love for another person? It depends on the person. Some people really respond to gifts, but others feel love more through quality time spent with them or acts of service done for them.
These are not just for me to follow when thinking of others - I want people to try this when they think of me as well.

Studies have shown that materialistic people are less happy (here, here, here, and here, for starters). Try my guidelines in your family and see if you have a happier and more meaningful Christmas. comic for 3 December 2014

Monday, December 1, 2014

Authentication with Passport

Since today's comic is about unauthorized access to a computer system, it seems like as good a time as any to talk about how I do authentication in my Node web apps. I use the Passport authentication middleware, which integrates nicely with the Express framework. It can be a little tricky to get everything configured - I can't remember how many hours I spent on it the first time. Here I'll give you an example of the simplest possible way to set it up.

First, you have to make sure you have all the required dependencies. While Passport won't complain without things like body-parser, it won't actually function properly. To use Passport, you'll need express-session as well, and express-session requires cookie-parser. Additionally, you'll need to grab whatever particular authentication strategy you want to use with Passport. In my example, I use passport-local which is the simplest thing to demonstrate. There are lots of others though - once you see how this works you can experiment with them.

So here's what my package.json looks like for this demo app:

  "name": "passport-demo",
  "version": "0.0.1",
  "private": true,
  "scripts": {
    "start": "node app.js"
  "dependencies": {
    "express": "4.10.4",
    "cookie-parser": "1.3.3",
    "body-parser": "1.9.3",
    "express-session": "1.9.2",
    "passport": "0.2.1",
    "passport-local": "1.0.0"

I also have 2 really simple HTML pages that go along with this. One is just the index.html that shows some generic welcome text. The other is the login form, form.html. That one is how you can submit your login credentials. Here is the main page:

<!doctype html>

<html lang="en">
  <meta charset="utf-8">


<p>Thanks for visiting.</p>



and here is the login form:

<!doctype html>

<html lang="en">
  <meta charset="utf-8">


  <form action="/login" method="post">

    <input type="text" name="username" />
    <input type="password" name="password" />
    <input type="submit" />




Now for the good stuff. It starts out like any other Node app with all the requires. Then the Express App is created.

var express = require("express");
var bodyParser = require("body-parser");
var cookieParser = require("cookie-parser");
var session = require("express-session");
var passport = require("passport");
var LocalStrategy = require("passport-local").Strategy;

var app = express();

We've come to the Passport-specific items. You have to tell Passport which authentication strategy you want to use. I am going to use the LocalStrategy, which means I will handle all user authentication myself. Typically you do this by looking up users in a database or something like that. When you create a new LocalStrategy, you have to supply it with the function it will call to perform your particular type of authentication. Here's my example:

var auth = function(username, password, done) {

    var err = false; // if an error occurs while you are checking
    var credsGood = true; // if user credentials are good

    if (err) {
        done(new Error("data access error"));
    } else {
        if (credsGood) {
            done(null, { userid: username });
        } else {
            done(null, false, { message: "Invalid credentials" });


// --- set up login strategy
passport.use(new LocalStrategy(auth));

As you can see, my simple auth function always returns a positive authentication. In reality, you'd use some mechanism to determine if the supplied username and password are good instead of just assuming they are. There are three possible ways to return from the function. First, if you run into some kind of error (your database is down) you can call done and pass it an Error. If the supplied credentials are good, call done passing in a null for the first argument (no error) and a user object for the second parameter. Finally, if the supplied credentials are not acceptable, call done with a null as the first parameter (no error), a false as the second parameter (authentication failed) and an object containing more information about the failure as the third parameter.

The next things you need to set up are the Passport serializer and deserializer. Basically, the serializer needs to return a unique key given a user object and the deserializer needs to return a user object given that unique key. The user objects need not be in some specific format - they are your objects, whatever you returned from the auth function supplied to the LocalStrategy. In my example, I just use the userid as the unique key returned from the serializer and then recreate the object with that one field in the deserializer. My user objects are so simple I don't need to do anything else, but your application might store more data in them. In that case you probably would want to put your users in some sort of cache when serializing and pull from there when deserializing. So here's my code:

 * this serializer doesn't do much, just returns the userid
passport.serializeUser(function(user, done) {
    done(null, user.userid);

 * this deserializer actually performs no user lookup, just
 * recreates the user object. my user object is not really
 * much of anything at this point, just the userid.
passport.deserializeUser(function(id, done) {
    done(null, { userid: id });

The rest of the app is fairly standard. I just set up all the middlewares, making sure to do them in the right order. The last ones you do should be passport.initialize() and passport.session(). Here is the code for the remainder of the app:

// used on resources that you have to be authenticated to use
function ensureAuthenticated(req, res, next) {
    if (req.isAuthenticated()) {
        return next();

app.use(bodyParser.urlencoded({ extended: false }));
app.use(cookieParser()); // required before session.
app.use(session({ secret: "some secret", resave: false, saveUninitialized: false }));
app.use(passport.session());"/login", passport.authenticate("local", {
    successRedirect: "/",
    failureRedirect: "/form.html"

app.get("/unprotected", function(req, res, next) {
    res.send("anyone can see this");

app.get("/protected", ensureAuthenticated, function(req, res, next) {
    res.send("you have access");

// ------------ static content (index.html and form.html)

// ------------ start listening
var server = app.listen(3000, function() {
    console.log("listening on port %d", server.address().port);

I set up 3 routes in this app, one for the login credential processing, one unprotected route for an example, and one protected route for an example. The login route is what the form in form.html POSTs to. It simply calls the passport.authenticate function specifying the strategy to use, "local" in this case, and an object defining the success and failure redirects. If authentication is successful, I redirect back to the main page, and if it is unsuccessful I redirect back to the login form page.

You'll note that I have to create a middleware to protect my protected route. My ensureAuthenticated function can simply call req.isAuthenticated(), a function provided by Passport, to see if the user has access. If the user is good, I can just call next(), but otherwise I return a 403 Forbidden. All you have to do to protect any route is add this function to the middleware chain, just like I did when I defined the /protected route.

Put this all together and give it a try. You shouldn't be able to access /protected until after you've been to /form.html and submitted some credentials. I hope this example saves you a few minutes when you are setting up authentication, and make sure you check out the comic link below! comic for 1 December 2014