by Matt Brennan

A Crash Course in React

This is React 101. I’m not going to cover modules, or build systems, or boilerplates, or ES2015, or hot loading, or any of that crap you don’t care about right now. Right now, you’re looking at a React app and thinking “okay, but what is it actually doing?”. We’ll start small. I’ll assume you can read Javascript.

Read more…
by Matt Brennan

Heroku Version Infer

In the Apps team at the FT, we quite quickly ended up with 3 separate new Node apps running on Heroku, each with their own deployment pipeline and release schedule. Keeping track of what was released and fixed when was intractable. Manual version numbering was impractical. Gotta go fast.

I hit upon the idea of using something like semantic-release to automatically number our versions. We weren’t releasing npm packages, so not the thing in itself, but something based on the idea of using commit message conventions to guide version numbers. We quickly realised that semver major-minor-release was pretty much meaningless, and the idea got shelved.

A few weeks later I had a thought. A version number is nothing but a monotonically increasing sequence. It needs to increase if and only if there is a change to the code that’s running. It needs to be derivable from nothing but the source code and its Git history. Number of commits to master would fit the bill, but the number would quickly grow and become meaningless: “when was that fix released? In 2497?” “No, it’s in 2506, that’s not in production yet”.

Instead, I played around with the number of merge commits into master. It’s far less granular than gross number of commits. We have automatic deploys from master to our Heroku staging apps, and master is branch-protected on Github. That ensures that every release to staging has an associated merge, and every merge gets released. Or, put another way, the number increases if and only if there is a change to the code that’s running. It’s also comparable across environments. If production has a lower version than staging, you know exactly how many pull requests it’s behind by. If they’re the same, you know production is up to date and running the exact same code as staging.

I’ve encapsulated this in the npm package @quarterto/heroku-version-infer. It’s got a CLI designed to be run at the npm lifecycle script heroku-postbuild. It needs correct repository information in your package.json and it depends on the mostly-undocumented Heroku environment variable SOURCE_VERSION.

On its own, it just updates the version in package.json. I’ve got a suite of other tools to propagate that release version to other things that need to know about it: Github, Sentry, JIRA. They don’t depend on each other, but they do play nicely together.

We’ve been versioning like this for a couple of months now and it’s been pretty useful.

by Matt Brennan

How to cache data from an external API in Meteor

This is the blog post I wish had existed months ago.

If you’ve been using Meteor for a while, chances are you’ve come across the fantastic blog Meteor Capture and, in particular, their two-post series How to Publish Anything. If not, I strongly recommend going and reading them both, because this is the unofficial third post in that series.

Read more…
by Matt Brennan

"Vote Leave" just tried to steal the election

This post isn’t my usual fare. Sorry about that. But I am so fucking angry right now.

Up until this afternoon, if you googled “register to vote”, this is what you got:

That is not a link to the voter registration page. That’s an ad, placed by Vote Leave, that took you to a form on their site, with a nice big red “Register to Vote Now!” button that did nothing of the sort.

I’d love to assume this was done in good faith. I really would. I can’t think of any possible world in which this isn’t intentionally misleading. This is a major political campaign intentionally intending to disenfranchise people. This is electoral fraud.

I’d wager the very demographic that’s likely to be googling “register to vote” in the first place is the one most likely to vote “remain”, viz. 18-24-year-olds.

And they would have gotten away with it too, if it wasn’t for you meddling kids. Who knows. They still might.

That page is gone now. Who knows what damage it’s already done.

Image from Political Scrapbook

by Matt Brennan

Lowkey the best satay rice you ever had

  1. Boil some rice and put some peas or edamame in there
  2. Drain and rinse it and heat some oil in the pan
  3. Fry garlic then add 1tbsp each of dark soy, worcestershire, sriracha, and peanut butter and some seasoning
  4. Throw some cashews in the thickening sauce
  5. Mix the rice and legumes back in and let crisp for a minute
by Matt Brennan

Actual Carbonara

Isn’t creamy. Isn’t forgiving. Serves two.

Read more…
by Matt Brennan

Sourcing a shell script in Make

Let’s say you have a makefile, and you already have a shell script (probably called something like that you source before running your app to set environment variables in it. Now you’re writing tests (run by Make), and you need your environment variables there, too. “Aha”, you think, “I’ll source the env script in a makefile variable”:

DUMMY_ENV := $(shell source

Well, that doesn’t work. Make runs its commands in a subshell, so the variables exported by source aren’t available to other commands.

Read more…
by Matt Brennan

Taking a flamethrower to my Github repositories

Two hours ago, I had just shy of 300 repositories on Github. As of now, I have less than 90, and I’m not even sure I want to keep all those. So what up with that?

Read more…
by Matt Brennan

Stepford: a Smile Online Banking scraper

It is a truth universally acknowleged that online banking websites are shit. Smile, for example. If you’re so infelicitous as to press the back button, or reload, or open a link in a new tab because that’s how HTTP is supposed to fucking work it logs you out. And apologises (sneeringly). If, on the login screen, you start typing your sort code, it “logs you out”. Because reasons. The less I have to deal with the website, the better my general mental health seems (although I’ll admit there are confounding factors here).

I’ve also been trying to solve the problem of “whoops, where’d my money go” the only way I know how: throw a bunch of Javascript at it. Do science. Well, it generally helps when processing data, e.g. bank transactions, to actually have a machine-readable version of the data, and of course Smile doesn’t have an API.

Read more…
by Matt Brennan

"Ugh, I'm ill and I need barbecue sauce like right now" barbecue sauce

by Matt Brennan

Election results scraper

Spoiler warning: it wasn’t. Not all of it. So, I wrote a scraper to grab it from the BBC website (sorry, Auntie Beeb!).

Now, for mad electoral science.

The boring bits, unless they’re the interesting bits

Request for the HTTP, Cheerio for parsing and extracting, Numeral.js as the sledgehammer to crack 10,000-format numbers, Highland and JSONStream to glue things together.

by Matt Brennan

Fun with malicious email attachments

So, I got an email purporting to be from “FedEx International Economy”, a “Delivery Notification”. “Hmm.”, I thought. “What have I ordered? Waaait a minute…”

Attached was a zip. In the zip, a heavily obfuscated Javascript file.

Read more…
by Matt Brennan

Github releases atom feed

So, I found myself wanting to automate the “shameless plug” stage of releasing open source software. npm doesn’t (yet) have feeds for updates and releases, so that left Github. It’s got feeds for releases of each particular repo, and a firehose of a user’s public activity, but nothing in between. Until now.

Read more…
by Matt Brennan

Minimum Viable Productivity

You’ve been there. The crushing weight of your to-do list. The Twitter → Facebook → Reddit loop. The existential despair.

Ask yourself:

What’s the least I can do to be productive?

- You


Whittle down your inbox? Great. Do it.

Wash up that one pot that’s taking up the entire worksurface? It’s not even that dirty.

Pump your bike tyres up? Reply to that bug report? Commit a one-line fix? Easy.

Suddenly, everything seems not so bad after all. Everything flows that bit easier. It’s like the foot-in-the-door sales technique, except for good not evil.

by Matt Brennan

Risk dice

I made a thing. It rolls dice so you don’t have to. It lets you throw Risk battles with ludicrous numbers of dice, which probably speeds the game up.

It’s a library:

<pre>npm install risk-dice</pre>

And an app.