All posts by Christian Stocker

No nginx basic auth with either network or cookie set

For an internal tool, we’d like to allow access if you either coming from one of our office networks or you have a certain cookie set. If both are not satisfied, just show the usual basic auth dialog. And set that cookie, once you were allowed to access the page.

We wanted to do that in nginx and not the tool itself, as it looked like easier to do, especially since the tool didn’t have any authentication at all yet. Unfortunately it wasn’t that straight forward, but we found a working solution and wanted to share that.

Hope it helps anyone and saves them some time.

PHP 7.0.0 for OS X and CloudFoundry

Update: Since 7.0.0 is officially out, we updated our binaries as well with the final release.

PHP 7.0 is very very near, if no showstoppers show up during the current Release Candidate #8. And I finally managed to update the package on php-osx.liip.ch, so that you can test and start writing applications on your local OS X machine easily, as well. The installer also automatically does the right thing in the apache configuration with regards to “mod_php7” and “mod_php5”.

Furthermore, since we are using CloudFoundry in one of our bigger projects, I also extended the official PHP buildpack to include PHP 7.0 (and some other things like varnish, but that’s not relevant for this). This way we can easily see, if our apps still work with PHP 7 and do some benchmarks (the initial ones looked promising). To use the buildpack, add the following line to your manifest.yml

and adjust .bp-config/options.json to include (and maybe also change your composer.json to use PHP 7)

Be aware, that I didn’t port many of the extensions the official buildpack includes, so your milage may vary. And if you want to be sure it’s thoroughly tested, maybe better wait for official PHP 7.0 support in the CloudFoundry buildpack. I’m sure, they won’t wait long once it’s is released.

There’s now no excuse anymore to not test your apps against PHP 7.0

Tags: , , ,

Self managed companies in Switzerland?

“Self-managed companies” or “teal organizations” are a hot topic in many circles. Especially the books “Reinventing Organisations” and “Holacracy” are among the bestsellers in that area.

We at Liip try to be somehow self-managed since quite some time, it comes quite naturally with being agile. Teams (between 5 and 20 people) can decide a lot by themselves already. But of course, there’s still a management on top, which decides about company wide things and also not so company wide things. We now started an active discussion within the company (for example with a session at the last LiipConf) about how it could work, without such a central, top-down management. We haven’t figured out the details yet, but we’re very eager to try.

But we’re also very interested to get to know people who are already doing that or also want to try it. So, please get in contact with me, if you’d like to meet.

To get an idea, what I personally mean with “self-managed company”, here are some questions. If you can answer them with yes, you’re pretty self-managed (in my opinion)

  • Does your company not have a top-down management?
  • Do you have no hierarchy and fixed roles, especially not through job titles?
  • Can people in your company decide on their own without approval from someone “higher up”? Also for investments?
  • Are there no fixed budgets defined from above/centrally?
  • Do people decide about hiring and firing?
  • Do people even decide about their salary?
  • Are you more than “just the founders”? (not sooo important, but maybe for a future growth of your company)
  • Do you have a process to solve conflicts, so that not the one with the bigger voice always wins?
  • Can anyone take responsibility where they want? Define their own roles?
  • Don’t you always try to find a consensus while not trying to please everyone?
  • Do you trust everyone in your company that they take the right decision at that current time?

One important thing in all this is, that “decide on their own” doesn’t mean, they can just do whatever they want or what feels right. There are many different ways to approach this, but the most important part in all of them is, that you have to get advice from the others before deciding something.

I’m really looking forward to the discussions

Tags: , ,

“Time for Coffee!” open sourced!

The public transport app “Time for Coffee!”, made by some Liipers, was finally published at Github under the MIT License. Furthermore the Apple Watch app for it was also released last week, just in time for the watch release in Switzerland this Friday.

Read more about it at the Time for Coffee! blog post.

Tags: , ,

This blog is now faster than ever

After we changed silently to using WordPress a few weeks ago for this blog (from the ageing Flux CMS software), we now also upgraded the server software to the latest and greatest versions. We finally use HHVM 3.6, nginx with SPDY 3.1 support, deliver everything in SSL only (but of course redirect from port 80), updated our certificate to use SHA256, disabled all “known-as-weak” ciphers and protocols (sorry IE 6 users), do OCSP Stapling and even send an HSTS header for being extra secure. We also switched to a server not on the edge of the continent anymore and deliver it additionally via IPv6.

With all that, this site should be faster and more secure than ever. Enjoy!

(We also applied the SSL/SPDY settings to www.liip.ch, so you may enjoy a better experience there as well)

Tags: , ,

Time for Coffee for iOS and Apple Watch

Jan Hug, Cyril Gabathuler and myself worked hard in our free time the last few weeks on an iPhone app for the great website timeforcoffee.ch, a private project started by François Terrier and his friends Serge Pfeifer, Jean-Luc Geering and Kristina Bagdonaite. It also has newly addded support for the upcoming Apple Watch. As this is a project done by Liipers and non-Liipers alike, we talk about it more on medium.com, go and read it! And apply for the beta and follow us on twitter: @time4coffeeApp

Tags: , , ,

New Relic extension for HHVM updated to latest version

Since I first published my New Relic extension for HHVM, I didn’t do much and we stayed on that HHVM version (3.1). A lot changed in HHVM, which was one of the reasons I didn’t do much: Too many changes in there, but it was for the good.

(Soon) no HHVM recompling needed anymore

Since HHVM 3.4 it’s theoretically possible to have your own external profiler for function level profiling (like xhprof or xdebug) without having to recompile HHVM itself. Unfortunately it wasn’t perfect (or I couldn’t make it running), but there’s a patch in the master branch now (the upcoming 3.6), which seems to solve that problem. So I worked a little bit on my extension in the last few days and I adjusted a lot of things and improved some other stuff.

Continue reading about New Relic extension for HHVM updated to latest version

Tags: ,

php-osx available for OS X 10.10 Yosemite

Apple released OS X Yosemite as a public beta release last week and it of course comes with updated utilities, eg. Apache httpd 2.4 and PHP 5.5

Since httpd 2.4 is not API compatible for modules, the php-osx packages didn’t work and we needed to recompile the packages. That’s what I did and now you can install php-osx also for OS X Yosemite with the usual simple command.

I couldn’t compile libmemcached yet, will try to figure that out when everything settled a little. Also the iodbc extension had some problems, so that’s not in the package yet.

There was also a compile problem with 5.3, so that’s not available yet for 10.10

With all this, I have some questions about future support of all the possible versions:

  • Are you still using OS X 10.6/10.7 and would like to have updates on those platforms?
  • Do you need upcoming PHP versions like 5.6 on 10.6/10.7?
  • Do you need PHP 5.3 on OS X 10.10 (Yosemite)?
  • Do you need iodbc?
  • Anything else missing?

If you answer one of those questions with yes, please leave a comment (I also will analyse the logs to see how many times the different versions are downloaded). Or file an issue on the github project. We won’t remove any of the available packages today, the question is more about future support and if it’s worth to put some effort to eg. get PHP 5.3 running on 10.10 or PHP 5.6 on 10.6/10.7 (both currently fail for me)

You can also see what PHP version we support for what OS X version and when we last updated it at the bottom of php-osx.liip.ch. And if you didn’t notice, we also have packages for PHP 5.6beta since quite some.

Having said all that, we at Liip mostly use vagrant boxes nowadays, our operating-systems-used landscape got much more diverse and it’s much easier with vagrant to ensure a common working environment on all systems. Stuff like imagemagick is also much easier to install in a linux vagrant box and HHVM anyway (where the support on OS X is quite limited right now. It works, but still a little bit of a pain, homebrew on the other hand helps a lot as well in this regard)

Tags: , ,

How I use Docker on OS X

We at Liip started using Docker for some of our projects. For now mainly on the CI server, where it already helps us a lot in regards of reliability and performance. But we’d like to use it locally for development as well (and hopefully one day on production servers)

As we have quite a heterogenous environment on the dev laptops (everything from linux to windows to OS X), we use Vagrant to have a consistent setup locally. This makes it very easy to have the same versions of the needed software everywhere and we don’t loose time setting up things on the different OS (a great time waster for new people before vagrant)

The same easy setup can be provided with Docker and for Linux users it’s very straightforward and you can ditch your VM entirely. But Docker only runs on Linux, so OS X and Windows users still need a VM.

Currently we just added Docker to the project specific vagrant setup, which works fine. But as for some projects there’s more than one vagrant setup needed, it’s a waste of resources and disk space, as eg. you will download the same Docker images in each box.

There’s boot2docker and vagrant-docker, which both try to solve that problem. But that didn’t really work for me. boot2docker can’t mount filesystems from your host (at least not without many workarounds) and vagrant-docker seems to be not flexible enough for my taste and needs. Or at least I couldn’t figure it out.

So I started a new little project, called “dockerbox”, available at github.com/liip/dockerbox. It does exactly what I need (NIH syndrome anyone?). I took the Phusion Ubuntu Vagrant Box and adjusted it a little to my needs.

The basic idea was to start only that box and mount all project directories in there. So I just need this one box and not one for every project and I can share the base docker images.

Usually I install my projects into /opt/git, but when I already have vagrant boxes running somewhere there, I can’t mount the parent again in another box. So I created /opt/docker-git/ and put all projects I want to use with docker in there and put the following into VagrantfileExtra.rb:

With this I have the exactly same directory path in the box and on the host system (see below for why)

Now I can ssh into the box, go to the project directory I want and start Docker for using it.

But I wanted it more comfortable. As I switch often between the box and the host system, I wanted an easy and fast way to switch between them. So I created a script called ssh2docker.sh. With this I can just type ssh2docker.sh into my command line and I’m immediatly logged in in the vagrant box, and if the directory exists where I was on the host system, it automatically takes me there. (btw, it needs “vagrant global-status to be able to login from everywhere and IIRC this is only available since Vagrant 1.6)

vagrant ssh is usually not the fastest thing for logging in, therefore ssh2docker.sh caches the essential info in a file (/tmp/dockerboxid). After the first run, it should log in really fast (it also automatically does vagrant up on the docker box, if it’s not running yet).

It also takes commands to be run in the box. You can do for example ssh2docker.sh ./run/my/script.sh.

That was still too much for me. To start docker images and the test runs, we have some scripts which do the heavy work. To be able to just start them on the host system without having to think about if I’m in the correct environment, I added the following to the scripts:

I just set now SSH2DOCKER on my OS X machine to the path where the script is and I can run ./scripts/docker/build.sh on OS X as if I’d be in the vagrant box. I’d hardly ever have to login into the docker box anymore.

Additionally I installed boot2docker and set on my host

and then I can do eg. “docker pull ubuntu:14.04” or whatever docker command right from OS X and all happens in that docker box.

I don’t use this system since a very long time, maybe it has still some caveats compared to a “traditional” vagrant setup, but it saves me resources on my laptop, in terms of RAM and disk space (which is cheap, but not really on an 11″ air ;)). I don’t have to run multiple vagrant machines anymore and provisioning of single projects is usually also much faster (at least, when you downloaded the base docker images in the VM)

And of course you have all the advantages of Docker. Currently we’re switching from ElasticSearch 0.9 to 1.x, which is not backwards compatible. With docker, we just created a new image for ElasticSearch 1.1 and use that, when we need to in the new branches. With the vagrant setup we have, it’s quite a pain and time-consuming to have either two versions of ES running or to have 2 vagrant boxes running with different versions. It’s all possible and once you have done it, not too difficult, but once you have a docker setup for your projects, it’s definitively much easier this way.

And by the way, we will do a docker hack day on the 26th june at our open innovation day in Zurich with a big office opening party afterwards, everyone is welcome to attend (or in any of the other tracks).

Tags: , ,

Open innovation day in Zurich, 26th June 2014

Schedule

Rooms subject to change.

The past 7 years we’ve been able to grow as a company thanks to many awesome people. We allow Liipers to organise themselves in teams and squads around topics and projects. Every month at an “Innovation Day” respectively “Hackday” we are challenging and learning from each other. Liipers set up topics and goals, everyone can join to help reaching them.

On the 26th June 2014 we’d like to invite you to join us. Experience live how we develop skills and competences. Learn something new, get another perspective. Be open! Below we list the topics and goals Liipers have put on the program so far. If you’d like to join, please register. We’re looking forward to learning with you!

And after that we’re celebrating the grand opening of our new office with food, drinks and an awesome Liip party!

Day Program

A digital solution for HR talent management

9 am–4 pm, Nadia Fischer and Liip’s UX-guild, register here

How to match profiles of talented employees with open positions within the same company? We want to build a paper prototype of an interface that allows two-way talent management within large companies. The workshop is divided into slots: 1. Requirements definition; 2. Prototyping on paper; 3. Presentation of outcome. Attendance per individual slot is possible.

Docker.io virtualized environment

9 am–4 pm, Christian Stocker, Kai Gerszewski, register here

Docker is an easy, lightweight virtualized environment for portable applications. We want to look into it with the goal having a generalized setup at the end of the day, which we can use in our projects. People not knowing docker.io at all are very much welcome (only requirement: You should now how to open a Shell and type in commands there).

Hacking the arena lights

9 am–4 pm, Colin Frei, register here

The arena is our space for talks, meet-ups etc. in the basement of our new office. We ordered 25’000 individually addressable LEDs to bring light into it. Our goal is to do something fun with them!

Wit.AI natural language API + Laravel 4 ordering system

9–12 am, Donato Rotunno, register here

We will build a prototype app using the Wit.AI Natural language API and the Laravel 4 framework. The application will allow a registered user to order things from a fictitious webshop and submit the order. All this without touching the keyboard, mouse or screen.

Scrum curry for lunch

9–12 am, Andreas Amsler, register here

After 3 hours of workshops, talking and hacking all folks will be hungry. Our challenge is to prepare an awesome Curry for about 60 people using only two hotplates. How do we succeed? Let’s scrum! Some requirements we find in the Curry-“Topftipp”, released under “The pizza-ware license”.

Agile – to be, or not to be

1–4 pm, Daniel Frey, Efthimios Toulas, Timo Bezjak, register here

What coins an agile attitude? Where do we work in the agile sense? We are free to touch subjects like team dynamics, return of investment, agile contracts – and we drive the workshop by our own interests. We train our agile mindset, reveal contradictions and raise questions about how to improve our work.

Competencies, Goals, Compliance: Company learning with Totara LMS

1–4 pm, Didier Raboud, Kevin Mueller, register here

A look at how we use the Totara learning management system to structure further education and training at Liip. Draft improvements to the Liip education strategy. Draft integration of talent management from the “A digital solution for HR talent management” slot.

Jackrabbit Oak with MongoDB and Symfony CMF

1–4 pm, David Buchmann, Lukas Kahwe Smith, register here

Jackrabbit Oak is the next generation in content repositories. Jackrabbit not only powers such CMS as Adobe AEM and Magnolia, but it is also compatible with Symfony CMF. Jackrabbit Oak only recently got its first stable release. We will setup Oak together with the new storage option MongoDB and test it together with the Symfony CMF.

Open business data

1–4 pm, Andreas Amsler, François Terrier, Stefan Oderbolz, register here

We will explore some of Liip’s business data, sketch and build simple applications using the data. What benefits, what values are we able to unleash? What issues do we have to solve regarding privacy, ethics etc.? You are invited to bring your own business data, too. What you need to bring for sure are curiosity and scepticism. A good read: fellow-Liiper Reto Hubmann’s thoughts about “Small Data”.

Evening Program

After the hackday we invite you to experience live another of Liip’s key success factors: Party!

4.00 pm – Apéro

5.00 pm – Champagne Tasting

5.30 pm – Official Office Opening

6.00 pm – Barbecue

7.30 pm – Party