Books, LeetCode, build-your-own-blog & more

TL;DR - On Monday I visited my alma mater to talk to a small group of students about ways for them to get ahead in their search for an internship/job in the coming months. I may decide to come back to this and summarize my take(s) which I shared with them. Until then I’ll leave some links with a sentence or two of “blah blah” for context.

LeetCode

I’ll leave my opinions about interviewing systems for another time. Fact of the matter is, if you study your butt off doing LeetCode and you apply to more than a couple positions that grant you an interview loop, you’ll come out the other side with an offer.

Software (Programming) Interview Prep Books

This is how I prepared for my interview at Microsoft. I probably read Programming Interviews Exposed and worked through the problems three or four times just in the hotel room the night before my interviews. I’ve heard good things about Cracking the Coding Interview as well, and from the titles I’m guessing you get the idea. Just like LeetCode, these books don’t substitute for years of studying or never having studied the material. They do, however, do their job at freshening up all those tools you forgot you had and need ready for the big day.

Blog, Online Resume, Portfolio, Project Site… Call it whatever you want

While a traditional resume is necessary, it’s not uncommon to have something extra cool you want to show off. My reccomendation is to keep your resume content semi-traditional; don’t try and turn it into a project pamphlet. You should totally showcase your work though, I use Hexo to build this site. I still build and deploy it from my laptop, and I created and manage the Azure resources it runs on. That’s my thing and I wanted that control of the full system. There are other tools/sites you can use that offer more simplicity too.

  • GitHub Pages are super awesome and even simpler than Hexo (you don’t have to worry about the infrastructure like how I manage my Azure Web App for this site).
  • WordPress is free if you don’t mind the limitation of hosting on a WordPress subdomain. In other words, if this site was hosted as a subdomain it would be danzumwalt.someothersite.com instead of the easier-to-remember-and-just-cooler danzumwalt.com. But, sometimes you can’t compete with fast and free; I wouldn’t pass judgement on anyone whose resume had a link to some-site-with-impressive-stuff-to-show.wordpress.com.

Hello World & SSL at Last

After an embarrassingly long time I have finally disabled HTTP for this site. Of course, the only way to go about disabling HTTP was to properly support HTTPS. This is what’s been causing the delay (at least that’s what I’d been telling myself), and today I finally decided to show myself just how silly that excuse has been.

Turns out, it was beyond silly. Acquiring a certificate and configuring SSL was easier than spinning up the website (which was easy - perhaps a retroactive post on that another day). It was easier than getting started with Hexo to bootstrap the site’s layout and authoring tooling. It was less than an hour of work.

I had heard about Let’s Encrypt, so naturally I did some online sleuthing and found a tutorial for a plugin that “just works” for Azure WebApps. I found the tutorial easy to follow and made it to the very last step where I expected to see a magical “success!” screen but found this welcoming me instead.

Error shown after attempting to set up the Let's Encrypt plugin

Don’t get me wrong, the blog did its job; I invested very little time and it nearly worked out. By all accounts, the plugin did work at one point (perhaps it still does and I just screwed up one of the few setup steps). I wasn’t super keen on troubleshooting the issue, so I decided to poke around a bit more and ended up finding a slightly less opaque solution for generating free certificates at ZeroSSL.

Using their FREE SSL Certificate Wizard was straightforward. With a few clicks and a TXT entry at danzumwalt.com, I had a certificate. The process was less magical and clever, which in my opinion is a good thing for a dev tool like this - I learned a bit in the process, and I’ll learn more when I automate the renewal of the cert sometime in the next 90 days.

Obtaining an SSL Certificate using ZeroSSL (powered by Let’s Encrypt)

The Certificate Wizard is a breeze to use. In the first screen you’ll accept terms of use and indicate what validation method you’ll use to obtain the cert; I opted for the DNS verification option.

ZeroSSL Certificate Wizard

You can leave the RSA and CSR fields blank and click ‘next’. ZeroSSL with generate a RSA key and CSR for you. Be sure to save these somewhere private (i.e. please don’t check them in to source control, that’s not a place for private/secret values).

ZeroSSL Certificate Wizard with RSA and CSR populated

The next step is very quick. The cert authority needs to know they can trust that you own the right to the domain you’re trying to obtain the certificate for. The way you’ll prove that is by performing a handshake of sorts by placing an agreed upon breadcrumb in the DNS record for your domain.

Aside: I recently started using google domains instead of GoDaddy because Google lets you protect your private information (go ahead, run whois danzumwalt.com - but if you want to get to know me you’re better off sending an invite on LinkedIn).

Because I’m registering two hosts: danzumwalt.com and *.danzumwalt.com for good measure, I need to place two TXT entries at my domain, like so:

ZeroSSL will ask you to place TXT records on your domain to verify you own it

After the validation is complete (it’s only taken a few seconds for me, but can take longer) ZeroSSL will provide an RSA key and the domain certificate. Save them both (again, somewhere private).

This is where you’re left alone in the cold a bit. Your hosting provider is likely going to want a pfx file and secret, so you’ll need to generate those. Luckily its pretty straightforward (the Azure docs helped).

As an example, if you had saved your RSA and CRT text as domain-rsa-key.txt and domain-crt.txt you would run the following command: openssl pkcs12 -export -out myserver.pfx -inkey domain-rsa-key.txt -in domain-crt.txt. You’ll be prompted for a passphrase, remember it! You’ll need it when you upload your certificate to your hosting provider.

The last part is to login to your website in the Azure portal and navigate to the SSL Settings page. Toward the bottom of the page you’ll see an option to upload your certificate. This is where you’ll select the .pfx file you just generated, and enter the same passphrase you typed when running the command to generate the file.

Uploading your shiny new cert to Azure

Next, you’ll bind the certificate to your host:

And finally you’ll see I took the measure of disabling HTTP support and bumping the minimum supported TLS to version 1.2. To confirm your site is up and running with the certificate, navigate to the site and click on the lock icon. If your browser is reporting everything as being OK and the cert matches what you generated (like in the screenshot below) you can go ahead and celebrate.