Keycloak is an enterprise-ready, open source identity access management (IAM) solution that's scalable, extensible, and robust. And it really doesn't need all that much care and feeding to launch a simple implementation.

This article will introduce you to the technology and the ways it can integrate best-practice authentication into your infrastructure.

Note on Hitachi Contributions to Keycloak:

Takashi Norimatsu works for Hitachi and has been the official maintainer of Keycloak since late 2021. Hitachi has been actively contributing to Keycloak since at least 2018.

Hitachi appears to be doing more strategically with open source in general and Keycloak in particular. I believe strong, continued corporate support as part of an open source project is a positive sign, but at the very least, you should be aware of the corporate support for Keycloak during your assessment.

Getting Started with Keycloak

I'll begin with a brief "quick start". As you can see from this screenshot, Keycloak will run happily on multiple platforms. And their product documentation is excellent.

But here's some very simple one-command Docker syntax that will create a fully-functioning live Keycloak instance on your local machine:

docker run -p 8080:8080 \
     -e KC_BOOTSTRAP_ADMIN_USERNAME=admin \
     -e KC_BOOTSTRAP_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:26.0.7 start-dev

That's it. After a minute or two, you can open the administration interface on your browser using the appropriate variation of:

localhost:8080

Based on the Docker command defaults, you'll log in using admin and admin. Spend a few minutes digging into the environment to get a feel for the tools that are available.

What Keycloak Offers

Ok. So why do you need Keycloak? Because it supports all the functionality demanded by modern deployments. That'll include Single Sign-On (SSO) to allow seamless authentication across multiple applications and services, OAuth2, OpenID Connect, SAML protocol compliance, and federated identities using existing LDAP or Active Directory setups or through social media logins like Google.

Keycloak incorporates the use of Multi-factor Authentication (MFA), built-in token revocation and expiration mechanisms, fine-grained permission management through Role-based Access Control (RBAC), and end-to-end encryption for sensitive communications. GDPR, HIPAA, and PCI DSS compliance are all possible.

Keycloak comes with a RESTful API for scripted and programmatic interactions. That will encourage task automation to further optimize your authentication processes. And your developers can build their own custom plugins to fill any usability gaps you encounter.

The Business Case for Keycloak

Because Keycloak is open source, there'll be no license fees to worry about. But open source gives you a lot more than just "cheap".

Keycloak cuts out vendor lock-in, allowing you to work with any platform or cloud provider – or move between them whenever necessary. It can also reduce overall operational costs through its simplified deployments (how much time did it take you to get that Docker image up and running?), automated updates, and no limits or cost penalties for even millions of monthly API calls or active users.

Having out-of-the-box (and free) access to the full feature set (including RBAC and MFA) also simplifies planning and execution. There's nothing "more" efficient than having to wait a week to access paywalled functionality until you get a response to your request for more project funding. All Keycloak features are just a click away.

This radar chart illustrates the feature and functionality differences between Keycloak and its major commercial peers.

What to Consider

As much as Keycloak has to offer, it won't be the ideal choice for every use-case. And there are issues about which you should be aware up front.

For instance, while getting started may be easy, fully configuring, say, clustering and high availability for Keycloak can be complex for teams without experience in identity management. Managing latency issues for very large deployments can be challenging.

And while the documentation is generally excellent, it may not fully address specific complexities or edge-case scenarios. Similarly, there's no resource within the Keycloak community that offers guaranteed support. Although there are excellent third-party providers out there.

It's possible that, because you're not working with a commercial product, demonstrating regulatory compliance could be a bit more involved. You may also need to adapt your logging functionality to comply with various audit trail requirements.

Finally, customizable environments risk introducing destabilizing complexity. The further off the beaten trail your plugins and API implementations wander, the greater the odds that something will eventually break – especially around version upgrades.

Your Next Steps

It's always helpful to explore the journeys other people took with a new technology.

So this page includes information on a fascinating case study involving a Japanese bank that was looking for an API solution and decided on Keycloak because of its high level API security features. Yuichi Nakamura’s presentation at the OpenShift Commons event in 2023 gives details how the bank successfully used Keycloak to secure their APIs. Nakamura, Hitachi Chief OSS Strategist, has recently been appointed as Head of Hitachi Open Source Program Office (OSPO).

And this is an account of a university that implemented Kerberos Single Sign-On (SSO) for FreeIPA and configured Keycloak to connect with FreeIPA. The university successfully achieved user authentication from Keycloak by leveraging the SSSD option under “user federation” instead of relying on Kerberos or LDAP.

I’m no stranger to Keycloak myself, having taught a Getting Started with Keycloak course on Pluralsight. For beginners, this may be a good place to start. A 10 day free trial is available.

One particularly versatile example is the LangChain project. The overall goal involves providing easy integrations with various LLM models. But the LangChain ecosystem is also host to a growing number of (sometimes experimental) projects pushing the limits of the humble LLM.

Spend some time browsing LangChain’s website to get a sense of what's possible. You'll see how many tools are designed to help you build more powerful applications.

But you can also use it as an alternative for connecting your favorite AI with the live internet. Specifically, this demo will show you how to use it to programmatically access, summarize, and analyze long and complex online documents.

To make it all happen, you’ll need a Python runtime environment (like Jupyter Lab) and a valid OpenAI API key.

Prepare Your Environment

One popular use for LangChain involves loading multiple PDF files in parallel and asking GPT to analyze and compare their contents.

As you can see for yourself in the LangChain documentation, existing modules can be loaded to permit PDF consumption and natural language parsing. I'm going to walk you through a use-case sample that's loosely based on the example in that documentation. Here's how that begins:

import os
os.environ['OPENAI_API_KEY'] = "sk-xxx"
from pydantic import BaseModel, Field
from langchain.chat_models import ChatOpenAI
from langchain.agents import Tool
from langchain.embeddings.openai import OpenAIEmbeddings
from langchain.text_splitter import CharacterTextSplitter
from langchain.vectorstores import FAISS
from langchain.document_loaders import PyPDFLoader
from langchain.chains import RetrievalQA

That code will build your environment and set up the tools necessary for:

• Enabling OpenAI Chat (ChatOpenAI)

• Understanding and processing text (OpenAIEmbeddings, CharacterTextSplitter, FAISS, RetrievalQA)

• Managing an AI agent (Tool)

Next, you'll create and define a DocumentInput class and a value called llm which sets some familiar GPT parameters that'll both be called later:

class DocumentInput(BaseModel):
    question: str = Field()
llm = ChatOpenAI(temperature=0, model="gpt-3.5-turbo-0613")

Load Your Documents

Next, you'll create a couple of arrays. The three path variables in the files array contain the URLs for recent financial reports issued by three software/IT services companies: Alphabet (Google), Cisco, and IBM.

We're going to have GPT dig into three companies’ data simultaneously, have the AI compare the results, and do it all without having to go to the trouble of downloading PDFs to a local environment.

You can usually find such legal filings in the Investor Relations section of a company's website.

tools = []
files = [
    {
        "name": "alphabet-earnings",
        "path": "https://abc.xyz/investor/static/pdf/2023Q1\
        _alphabet_earnings_release.pdf",
    },
    {
        "name": "Cisco-earnings",
        "path": "https://d18rn0p25nwr6d.cloudfront.net/CIK-00\
            00858877/5b3c172d-f7a3-4ecb-b141-03ff7af7e068.pdf",
    },
    {
        "name": "IBM-earnings",
        "path": "https://www.ibm.com/investor/att/pdf/IBM_\
            Annual_Report_2022.pdf",
    },
    ]

This for loop will iterate through each value of the files array I just showed you. For each iteration, it'll use PyPDFLoader to load the specified PDF file, loader and CharacterTextSplitter to parse the text, and the remaining tools to organize the data and apply the embeddings. It'll then invoke the DocumentInput class we created earlier:

for file in files:
    loader = PyPDFLoader(file["path"])
    pages = loader.load_and_split()
    text_splitter = CharacterTextSplitter(chunk_size=1000, \
        chunk_overlap=0)
    docs = text_splitter.split_documents(pages)
    embeddings = OpenAIEmbeddings()
    retriever = FAISS.from_documents(docs, embeddings).as_retriever()
# Wrap retrievers in a Tool
tools.append(
    Tool(
        args_schema=DocumentInput,
        name=file["name"],
        func=RetrievalQA.from_chain_type(llm=llm, \
            retriever=retriever),
    )
)

Prompt Your Model

At this point, we're finally ready to create an agent and feed it our prompt as input.

llm = ChatOpenAI(
    temperature=0,
    model="gpt-3.5-turbo-0613",
)
agent = initialize_agent(
    agent=AgentType.OPENAI_FUNCTIONS,
    tools=tools,
    llm=llm,
    verbose=True,
)
    agent({"input": "Based on these SEC filing documents, identify \
        which of these three companies - Alphabet, IBM, and Cisco \
        has the greatest short-term debt levels and which has the \
        highest research and development costs."})

The output that I got was short and to the point:

‘output’: ‘Based on the SEC filing documents:\n\n- The company with the greatest short-term debt levels is IBM, with a short-term debt level of $4,760 million.\n- The company with the highest research and development costs is Alphabet, with research and development costs of $11,468 million.’

Wrapping Up

As you’ve seen, LangChain lets you integrate multiple tools into generative AI operations, enabling multi-layered programmatic access to the live internet and more sophisticated LLM prompts.

With these tools, you’ll be able to automate applying the power of AI engines to real-world data assets in real time. Try it out for yourself.

This article is excerpted from my Manning book, The Complete Obsolete Guide to Generative AI. But you can find plenty more technology goodness at my website.

The reason I'd missed the live version was because I had no time (I was, if you must know, rushing to finish my Manning book, The Complete Obsolete Guide to Generative AI – from which this article is excerpted).

Well, a half a dozen hours later I still had no time for the video. And, inexplicably, the book was still not finished.

So here's how I resolved the conflict the GPT way:

• I used OpenAI Whisper to generate a transcript based on the audio from the recording

• I exported the transcript to a PDF file

• I uploaded the PDF to ChatPDF

• I prompted ChatPDF for summaries connected to the specific topics that interested me

Total time to "download" the key moments from the 90 minute call: 10 minutes. That's 10 minutes to convert a dataset made up of around 15,000 spoken words to a machine-readable format, and to then digest, analyze, and summarize it.

How to Use GPT for Business Analytics

But all that's old news by now. The next-level level will solve the problem of business analytics.

Ok. So what is the "problem with business analytics"? It's the hard work of building sophisticated code that parses large datasets to make them consistently machine readable (also known as "data wrangling"). It then applies complex algorithms to tease out useful insights. The figure below broadly outlines the process.

A lot of the code that fits that description is incredibly complicated, not to mention clever. Inspiring clever data engineers to write that clever code can, of course, cost organizations many, many fortunes. The "problem" then, is the cost.

So solving that problem could involve leveraging a few hundred dollars worth of large language model (LLM) API charges. Here's how I plan to illustrate that.

I'll need a busy spreadsheet to work with, right? The best place I know for good data is the Kaggle website.

Kaggle is an online platform for hosting datasets (and data science competitions). It's become in important resource for data scientists, machine learning practitioners, and researchers, allowing them to showcase their skills, learn from others, and collaborate on projects. The platform offers a wide range of public and private datasets, as well as tools and features to support data exploration and modeling.

How to Prepare a Dataset

The "Investing Program Type Prediction" dataset associated with this code should work perfectly. From what I can tell, this was data aggregated by a bank somewhere in the world that represents its customers' behavior.

Everything has been anonymized, of course, so there's no way for us to know which bank we're talking about, who the customers were, or even where in the world all this was happening. In fact, I'm not even 100% sure what each column of data represents.

What is clear is that each customer's age and neighborhood are there. Although the locations have been anonymized as C1, C2, C3 and so on, some of the remaining columns clearly contain financial information.

Based on those assumptions, my ultimate goal is to search for statistically valid relationships between columns. For instance, are there specific demographic features (income, neighborhood, age) that predict a greater likelihood of a customer purchasing additional banking products? For this specific example I'll see if I can identify the geographic regions within the data whose average household wealth is the highest.

For normal uses, such vaguely described data would be worthless. But since we're just looking to demonstrate the process it'll do just fine. I'll make up column headers that more or less fit the shape of their data. Here's how I named them:

• Customer ID

• Customer age

• Geographic location

• Branch visits per year

• Total household assets

• Total household debt

• Total investments with bank

The column names need to be very descriptive because those will be the only clues I'll give GPT to help it understand the data. I did have to add my own customer IDs to that first column (they didn't originally exist).

The fastest way I could think of to do that was to insert the =(RAND()) formula into the top data cell in that column (with the file loaded into spreadsheet software like Excel, Google Sheets, or LibreOffice Calc) and then apply the formula to the rest of the rows of data. When that's done, all the 1,000 data rows will have unique IDs, albeit IDs between 0 and 1 with many decimal places.

How to Apply LlamaIndex to the Problem

With my data prepared, I'll use LlamaIndex to get to work analyzing the numbers. As before, the code I'm going to execute will:

• Import the necessary functionality

• Add my OpenAI API key

• Read the data file that's in the directory called data

• Build the nodes from which we'll populate our index

import os
import openai
from llama_index import SimpleDirectoryReader
from llama_index.node_parser import SimpleNodeParser
from llama_index import GPTVectorStoreIndex

os.environ['OPENAI_API_KEY'] = "sk-XXXX"

documents = SimpleDirectoryReader('data').load_data()
parser = SimpleNodeParser()
nodes = parser.get_nodes_from_documents(documents)
index = GPTVectorStoreIndex.from_documents(documents)

Finally, I'll send my prompt:

response = index.query(
    "Based on the data, which 5 geographic regions had the highest average household net wealth? Show me nothing more than the region codes"
)
print(response)

Here it is again in a format that's easier on the eyes:

Based on the data, which 5 geographic regions had the highest household net wealth?

I asked this question primarily to confirm that GPT understood the data. It's always good to test your model just to see if the responses you're getting seem to reasonably reflect what you already know about the data.

To answer properly, GPT would need to figure out what each of the column headers means and the relationships between columns. In other words, it would need to know how to calculate net worth for each row (account ID) from the values in the Total household assets, Total household debt, and Total investments with bank columns. It would then need to aggregate all the net worth numbers that it generated by Geographic location, calculate averages for each location and, finally, compare all the averages and rank them.

The result? I think GPT nailed it. After a minute or two of deep and profound thought (and around $0.25 in API charges), I was shown five location codes (G0, G90, G96, G97, G84, in case you're curious). This tells me that GPT understands the location column the same way I did and is at least attempting to infer relationships between location and demographic features.

What did I mean "I think"? Well I never actually checked to confirm that the numbers made sense. For one thing, this isn't real data anyway and, for all I know, I guessed the contents of each column incorrectly.

But also because every data analysis needs checking against the real world so, in that sense, GPT-generated analysis is no different. In other words, whenever you're working with data that's supposed to represent the real world, you should always find a way to calibrate your data using known values to confirm that the whole thing isn't a happy fantasy.

I then asked a second question that reflects a real-world query that would interest any bank:

Based on their age, geographic location, number of annual visits to bank branch, and total current investments, who are the ten customers most likely to invest in a new product offering? Show me only the value of the customer ID columns for those ten customers.

Once again GPT spat back a response that at least seemed to make sense. This question was also designed to test GPT on its ability to correlate multiple metrics and submit them to a complex assessment ("...most likely to invest in a new product offering").

I'll rate that as another successful experiment.

Wrapping Up

GPT – and other LLMs – are capable of independently parsing, analyzing, and deriving insights from large data sets.

There will be limits to the magic, of course. GPT and its cousins can still hallucinate – especially when your prompts give it too much room to be "creative" or, sometimes, when you've been gone too deep into a single prompt thread. And there are also some hard limits to how much data OpenAI will allow you to upload.

But, overall, you can accomplish more and faster than you can probably imagine right now.

While all that greatly simplifies the data analytics process, success still depends on understanding the real-world context of your data and coming up with specific and clever prompts. That'll be your job.

This article is excerpted from my Manning book, The Complete Obsolete Guide to Generative AI. There's plenty more technology goodness available through my website.

But the beauty of template-it-once-and-deploy-it-everywhere comes with a cost: what if a single layer within that template contains a security vulnerability? And if there was a vulnerability tucked away down there, how would you even know?

In this article, I'll to show you how to use Chainguard (and Docker Scout) to manage security for all your images.

You can watch the video version of this article here:

When you build your software infrastructure on a physical server the traditional way, you'll manually acquire and install each element of the stack one piece at a time. The odds are that you'll be pulling the latest version of everything straight from the official source. And you'll at the very least be thinking about each layer.

But most modern containers are built from complicated templates. It's easy to just copy and paste the code and fire it up. It's very possible that you might not even be aware of all the software that's powering your application. And even if you are, it would easily take you hours of research into each and every element to figure out where you stand.

That's the problem that Chainguard exists to solve. Chainguard provides hundreds of well-maintained custom versions of many of the most popular container images out there.

Of course, you're free to pull, say, the official MariaDB image into your Dockerfile, but going with the Chainguard version instead will be a far safer choice. That's because Chainguard is constantly analyzing their image layers for vulnerabilities and building images that are as up-to-date and secure as possible.

Let's find out how all of this actually works in the real world. Before we get started with building new images, I should tell you how we're going to visualize each image's vulnerabilities so we can quantify the Chainguard advantage.

First though, I should explain that infrastructure vulnerabilities are generally defined using the Common Vulnerabilities and Exposures – or CVE – system based on the National Vulnerability Database maintained by the US government's NIST. There are hundreds of thousands of CVE definitions that have been identified and categorized by the CVE system, with each one rated by severity. The existence of this database – along with a number of important related tools – allows us to automate our security assessments.

Docker Scout is one of those tools. This page gives you installation instructions for using Scout on Docker Engine, but it should run out of the box if you're using Docker Desktop. The curl command will simply download the install-scout Bash script that'll make everything happen.

curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main install.sh -o install-scout.sh

How to Choose the Right Image

I created a Dockerfile that'll pull the official MariaDB image from Docker Hub:

FROM mariadb:latest

ENV MYSQL_ROOT_PASSWORD=my_root_password
ENV MYSQL_DATABASE=my_database

ENV MYSQL_USER=my_user
ENV MYSQL_PASSWORD=my_user_password

We'll pretend that the image will be used for a multi-tiered deployment, so we'll create a root database and password, and a new user account with it's own password. There might be an application tier instance that'll use those credentials to access the database at some point.

Either way, I'll build the image the usual way, giving it the name mariadb_standard.

docker build -t mariadb_standard .

There's another Dockerfile that's exactly the same as the first one, except that we're pulling the special Chainguard image of MariaDB.

FROM chainguard/mariadb

ENV MYSQL_ROOT_PASSWORD=my_root_password
ENV MYSQL_DATABASE=my_database

ENV MYSQL_USER=my_user
ENV MYSQL_PASSWORD=my_user_password

That image came from Docker Hub, but we could have just as easily pulled it from Chainguard's own repo:

docker pull cgr.dev/chainguard/mariadb:latest

Build this image the same way you did for the official image. When you scan the two images, here's what you'll see:

$ docker images
REPOSITORY         TAG       IMAGE ID       CREATED       SIZE
mariadb_cg         latest    50a484d1ded3   7 days ago    556MB
mariadb_standard   latest    67949ccf8eb5   6 weeks ago   405MB

The Chainguard image is, as you can see, quite larger. But note how it's actually a whole lot more recent.

How to Scan Your Image

Now it's time to put docker scout to work. Here's how that'll work. I'll point Scout to the mariadb_standard image first:

$ docker scout qv mariadb_standard

qv, by the way, is short for quickview.

Here's what the output should look like:

docker scout output

The standard image is made up of three layers, beginning with the Ubuntu 23.10, then Ubuntu 22.04 long term support release, and then MariaDB on top. Ubuntu has 10 Low and 9 Medium vulnerabilities. Alarmingly, the MariaDB layer has 2 Critical and 28 High problems.

This should be enough to keep an admin up at night. And sorting through all of those to figure out which are show stoppers and which aren't such a big deal for your environment will take you a lot of time.

Now I'll run Scout against the Chainguard image:

First off, we can see that there's only one layer here. I suspect that's one way that Chainguard maintains control over their images. Those two Critical vulnerabilities are still there, but there are only 5 High severity and no Medium or Low at all.

If you wanted, you could dive deeper to display all the individual vulnerabilities. Here's the command to do that with an excerpt of the output:

$ docker scout cves local://mariadb_cg
    ✗ CRITICAL GHSA-xfg6-62px-cxc2 [OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities]
      https://scout.docker.com/v/GHSA-xfg6-62px-cxc2
      Affected range : <42.2.8                                         
      Fixed version  : 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, 42.2.8  
      CVSS Score     : 10.0                                            
      CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H    

    ✗ CRITICAL CVE-2024-1597 [Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')]
      https://scout.docker.com/v/CVE-2024-1597
      Affected range : <42.2.28                                      
      Fixed version  : 42.2.28                                       
      CVSS Score     : 10.0                                          
      CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

We can research each of those using the standard CVE tools and databases to understand them better. But it'll be a whole lot easier than it would have been researching all 28 High severity vulnerabilities in the standard MariaDB image.

Conclusion

So if you're worried about container image security – and you'd better be – then Docker Scout is an excellent tool for maintaining visibility in your stacks. And Chainguard's cleaner images can give you a significant head start.

There's more IT goodness in the form of books, courses, and videos available at my Bootstrap IT site.

This article comes from my Complete LPI Open Source Essentials Exam Study Guide Udemy course and book. You can also view the video version.

What are Software Releases?

There are several types of software releases and some related versioning methods used to keep track of software changes and to communicate them to users. We'll start with releases.

• There's the alpha release – an initial version of software that is typically not feature-complete and is not intended for use by the general public. It is used for testing and internal use only.
• A beta release is a pre-release version of software that is feature-complete but may still have bugs or other issues. It is released to a limited audience for testing and feedback before the final release.
• Next will be a release candidate, which is a version of software that is considered stable and ready for release, pending final testing and bug fixes.
• And finally you'll produce a general availability release as the final version of software that's released to the general public.

What is Software Versioning?

Software versioning (sometimes known as semantic versioning) is the practice of assigning unique version numbers to different releases of software.

Here's a useful example:

vmlinuz-5.19.0-40-generic

In some approaches, the first number in the version number ("5" in this case) is the major version. A major version change indicates significant changes or new features that are not backward compatible with previous versions.

The second number ("19") is the minor version. A minor version change indicates new features or functionality that are backward compatible with previous versions.

The third number in the version number ("0") is the patch version. A patch version change indicates bug fixes or minor changes that are backward compatible with previous versions.

Why distinguish between major and minor releases? Major releases are typically used for significant changes or new features that are not backward compatible with previous versions. Major releases are usually announced to users and customers with a lot of fanfare, as they represent a significant milestone in the development of the software.

Minor releases, on the other hand, are used for smaller changes or new features that are backward compatible with previous versions. Minor releases are typically released more frequently and are intended to provide users with incremental improvements to the software.

What Does Backward Compatibility Mean?

Backward compatibility is the ability of a newer version of software or system to work with files, data, and other components created in an older version of that software or system. This means that users can upgrade to the newer version without losing access to their existing data or files.

For example, let's assume a user has created a document in an older version of a word processing program. If the newer version of the program is backward compatible, the user can open and edit the same document without any issues. This is because the newer version of the program is designed to read and interpret the file format used in the older version.

However, if the newer version of the program is not backward compatible, the user may not be able to open or edit the file created in the older version without first converting or re-creating it in the newer version. This can be a significant inconvenience for users and can lead to compatibility issues and data loss.

Here are some more quick – but important – definitions.

Feature Freeze

Feature freeze is a stage in the software development process where no new features are added to the product or project. It is typically implemented as a deadline by which all new features must be completed and approved before the release of the software product.

The primary goal of a feature freeze is to stabilize the software product in preparation for release. By setting a feature freeze deadline, developers can focus on completing and testing existing features rather than introducing new ones. This allows time for rigorous testing and bug fixing, improving the overall quality and reliability of the software product.

Roadmaps

A roadmap is a high-level strategic document that outlines the goals, objectives, and timeline for a software product's development. It provides a visual representation of the product development plan, outlining key milestones and the expected timeline for completion.

Roadmaps are useful for communicating the overall direction of a software product to stakeholders, including developers, product managers, investors, and customers.

Milestones

Milestones are specific, measurable achievements that mark progress towards the completion of a software product. They're typically set at regular intervals throughout the development process and are used to track progress and ensure that the project stays on schedule.

Examples of milestones might include the completion of a specific feature, the successful completion of a testing phase, or the release of a beta version of the software product.

Changelog

A changelog is a document that lists the changes made to a software product over time, including bug fixes, new features, and other updates. Changelogs allow developers and other stakeholders to understand what's been updated and when.

Changelogs are particularly useful for software products that are updated frequently or have a large number of contributors.

Long Term Support (LTS)

Long term support refers to a software version that is designated for longer-term support and maintenance, typically for a period of several years. During this time, the software vendor provides ongoing support, including bug fixes, security updates, and other maintenance activities.

LTS versions are often used in enterprise environments where stability and reliability are critical. In April of each even year, for example, Canonical will release an LTS version of Ubuntu. These versions are normally supported for four or five years.

End of Life (EOL)

On the other hand, end-of-life refers to a point in time when a software version is no longer supported by the vendor. This means that the vendor will no longer provide updates or fixes for the software, and any security vulnerabilities or bugs that are discovered will not be addressed. This can leave users with unsupported software that may be prone to security risks and other issues.

When a software product reaches its end-of-life, it is typically retired, and users are encouraged to upgrade to a newer version or switch to a different product. The EOL process is often gradual, with the vendor providing advance notice and guidance to users to help them migrate to a new version or product.

Conclusion

You've seen how it's important to understand the stages through which successful software projects will move. And this isn't just theoretical, because this knowledge gives you the tools to track your progress and quickly identify when things are going off rails.

This article comes from my Complete LPI Open Source Essentials Study Guide course__. And there's much more technology goodness available at bootstrap-it.com

You don't need a law degree to avoid problems, but you should definitely familiarize yourself with some basic principles.

This article comes from my Complete LPI Open Source Essentials Exam Study Guide Udemy course and book. You can also view the video version here:

We'll begin with some best practices:

• Conduct an inventory of all open source software used in your business workflow, including third-party libraries and dependencies. This will help you identify the licenses and terms of use associated with each piece of software. You'll also want to implement a system for tracking licenses and their terms of use. This can include using tools or software that automatically identify open source software and their associated licenses.
• Create a license policy that outlines the procedures and guidelines for using open source software in your business workflow. This policy should be communicated to all employees and stakeholders involved in the software development process.
• Use only approved open source licenses that comply with your license policy. This can help you avoid legal issues and ensure compliance with regulations.
• Monitor changes to open source software licenses and updates to ensure continued compliance. This can include subscribing to notifications or alerts about license changes and updating your license inventory accordingly.
• Document all steps taken to ensure compliance with open source licenses, including license reviews, approvals, and renewals. This documentation can help you demonstrate compliance in the event of an audit or legal challenge.

That sounds like a lot of work. Well, you might consider creating an Open Source Program Office. Let's see how that works.

Open Source Program Offices (OSPO)

An OSPO is an organizational unit or team within a company or organization that's responsible for managing open source software and its use within the organization.

An OSPO helps organizations effectively manage the use of open source software by providing guidelines, policies, and procedures that ensure legal and regulatory compliance, proper usage, and contribution to the open source community.

The OSPO can also help organizations to establish a strategic direction for open source use, including identifying opportunities for collaboration with other organizations or contributing to industry-wide initiatives.

Typically, an OSPO is responsible for ensuring that the organization complies with the terms of open source licenses, including understanding license obligations, tracking license usage, and managing compliance risk. It'll also work to:

• Build relationships with the open source community, contributing to projects, and promoting internal contributions to open source projects
• Develop and implement policies and governance frameworks that guide the organization's use of open source software
• Develop and execute strategic plans for open source software use within the organization
• Provide training and education to employees and stakeholders on the use of open source software, including compliance, governance, and community engagement.

There are some useful business tools that can help simplify the administration of your software resources.

Software Package Data Exchanges (SPDX)

A Software Package Data Exchange, for instance, is a standard format for exchanging data related to software packages, including open source licenses, copyrights, and other related information.

SPDX is intended to simplify the sharing of information between developers, software vendors, and other stakeholders in the software supply chain. SPDX provides a common language for describing software packages and their associated licenses, making it easier to understand the terms of use and comply with license obligations.

The primary purpose of SPDX is to promote license compliance and facilitate the management of open source software. SPDX allows developers and organizations to easily identify the open source software components in their software products and track license obligations associated with each component.

The Software Bill of Materials

A Software Bill of Materials (SBOM) is a list of all the components and dependencies that make up a software application or system. The SBOM provides information about the software's components, such as open source libraries, commercial software components, and proprietary code.

The goal of an SBOM is to improve transparency and accountability in software supply chains by providing a detailed inventory of the software components used in a product.

An SBOM typically includes information about the version, license, and origin of each component. An SBOM can help identify security vulnerabilities in a software system. By providing a complete list of all software components, developers and security teams can more easily identify and address security risks.

An SBOM can also helps ensure compliance with open source licenses and other legal requirements by providing information about the licenses associated with each component. And an SBOM can help manage supply chain risks by providing visibility into the software components used in a product. By knowing what components are used and where they come from, companies can more easily assess the risks associated with each component and make informed decisions about their use.

We should also take some time to talk about lawyers. Or, at least, the things that might get lawyers all excited. By which I mean to say that open source business models can carry legal risks, including risks related to product liability and export regulations. It's important for companies that use or distribute open source software to understand these risks and take appropriate measures to manage them.

Product Liability

Product liability is a legal concept that holds manufacturers or distributors of products liable for any harm caused to consumers by defects in the products. When a company uses or distributes open source software as part of its products, it assumes responsibility for any defects in the software that could cause harm to consumers. This could result in legal claims for product liability, which can be costly and damaging to the company's reputation.

To manage product liability risks associated with open source software, companies should implement effective quality assurance processes to ensure that the software is free from defects and meets industry standards. Companies should also work closely with their legal teams to understand the legal implications of using and distributing open source software, including any potential product liability risks.

Export regulations are another area of concern for companies that use or distribute open source software. Export regulations are laws and regulations that govern the export of goods and technology from one country to another. These regulations can restrict the export of certain types of technology or require companies to obtain licenses or certifications before exporting certain types of products.

Like any other technology, open source software can be subject to export regulations. Companies that use or distribute open source software should be aware of these regulations and ensure that their use and distribution of open source software comply with all applicable laws and regulations.

Mergers and Acquisitions

One more lawyerly thing: mergers and acquisitions can have a significant impact on the use of open source software within organizations. When two companies merge or one company acquires another, they may have different approaches to the use of open source software and different policies and practices for managing open source licensing and compliance. This can create challenges and risks related to the integration of open source software.

One potential impact is that the acquiring company may need to conduct due diligence to understand the open source licensing and compliance practices of the acquired company. This can be a complex and time-consuming process, especially if the acquired company has a large and diverse software portfolio. The merged company may also need to reconcile different approaches to open source licensing and compliance. For example, if one company has a more permissive approach to open source licensing than the other, the merged company may need to develop a new policy or approach that takes both approaches into account.

Mergers and acquisitions can also impact the use of open source software in terms of product development and innovation. For example, if the acquiring company has a different technology stack or development process than the acquired company, it may need to integrate or replace open source components used by the acquired company. This can result in delays and added costs.

And don't forget that mergers and acquisitions can also impact the open source community. If a company that is an active contributor to an open source project is acquired, the new company may change its approach to the project or reduce its contributions. This can have a negative impact on the project and the community that supports it.

Conclusion

The bottom line? Building software can be fun and profitable and can change people's lives in positive ways. But, if you're not careful, it can also get you into a lot of trouble.

So take some time to educate yourself on your business and compliance responsibilities.

This article comes from my Complete LPI Open Source Essentials Study Guide course__. And there's much more technology goodness available at bootstrap-it.com

This article will introduce you to the big players and concepts in the open source license universe.

This article comes from my Complete LPI Open Source Essentials Exam Study Guide Udemy course and book. You can also view the video version here:

In broad terms, we'll divide those classes into two categories. We'll discuss both permissive and restrictive licenses here.

Working with Permissive Software Licenses

Permissive open source software licenses are a type of software license that allows for a wide range of uses of the licensed software. Some examples of permissive open source software licenses — that we'll explore in greater depth a bit later — include Apache, BSD, and MIT.

In general, permissive open source software licenses give you the right to use the software for any purpose – including commercial purposes – and the right to modify the software to suit your needs.

You'll get the right to distribute the software to others, either in its original form or as a modified version and the right to sublicense the software to others, allowing them to exercise the same rights as the original licensee. You'll also have the right to use any patents or trademarks associated with the software, as long as they comply with any applicable laws.

At the same time, permissive open source software licenses also impose certain obligations on users. You might be required to include a copyright notice when making further copies or distributions of the software.

You could also need to include a copy of the license in subsequent distributions. You might need to disclaim any warranties or liability for damages that may arise from the use of the software. And you'll often have to give attribution to the original software authors or contributors. Although there might also be times when using the names of those authors without explicit permission is forbidden.

The bottom line: make sure you read the fine print.

Now let's take a more detailed look at some actual permissive licenses.

The 2-Clause BSD License

The 2-Clause BSD License, also known as the Simplified BSD License, is a permissive open source software license that allows for a wide range of uses of the licensed software.

The license permits users to use, copy, modify, and distribute the software, as long as they include a copyright notice and disclaimer of any warranties or liability. The 2-Clause BSD License is commonly used for software that is released as open source but also used in proprietary software products.

The 3-Clause BSD License

The 3-Clause BSD License, also known as the New BSD License, is similar to the 2-Clause BSD License but includes an additional clause that requires users to include a copy of the license and copyright notice in any distributions of the software. This license is commonly used for open source software projects that want to ensure proper attribution and give credit to the original authors or contributors.

"BSD", by the way, stands for "Berkeley Software Distribution". The license is associated with the version of the Unix operating system that was developed at the University of California, Berkeley in the late 1970s and early 1980s.

The MIT License

The MIT License is a permissive open source software license that allows users to use, copy, modify, and distribute the software, as long as they include a copyright notice and disclaimer of any warranties or liability.

The license is similar to the 2-Clause BSD License but is often preferred for its brevity and simplicity. The MIT License is commonly used for open source software projects, especially those related to web development and programming languages.

"MIT", of course, stands for Massachusetts Institute of Technology, a private research university located in Cambridge, Massachusetts, USA. The MIT License is named after the university because it was developed by the university's computer science department and used for its open source software releases.

The Apache License

The Apache License version 2.0 is widely used for open source software projects, especially those related to web and server software. The license permits users to use, copy, modify, and distribute the software, as long as they include a copyright notice, disclaimer of any warranties or liability, and a notice of any changes made to the original software.

The license also includes patent grant provisions that protect users against patent infringement lawsuits. The Apache License version 2.0 is often considered to be one of the most permissive open source software licenses available.

The Eclipse Public License (EPL)

The EPL is a permissive open source software license that was developed by the Eclipse Foundation for use with the Eclipse software development environment. On the other hand, EPL is not a permissive open source software license. In fact, EPL kind of straddles the border between permissive and restrictive. I'll describe it here, but bear in mind that it actually shares some features with the restrictive copyleft licenses we'll talk about later.

At any rate, the license is designed to be compatible with other open source software licenses and allows for the creation of derivative works.

The EPL version 1.0 is a copyleft license that requires any modifications or derivative works to be released under the same license. The license also includes a patent license grant that allows users to use any patents associated with the software, as long as they comply with the terms of the license.

The EPL version 2.0, released in 2017, is also a copyleft license but includes several updates and improvements over the previous version. The license has been updated to address some of the legal issues that arose with the previous version and to make it more compatible with other open source software licenses. One notable change in version 2.0 is the addition of a patent non-assertion covenant, which assures users that the software's licensors will not assert their patents against the user for using or distributing the licensed software.

Working with Protective Software Licenses

Copyleft software licenses aim to ensure that the licensed software remains free and open for future users and developers. These licenses use copyright law to achieve this goal by requiring any derivative works of the software to be licensed under the same license terms.

This means that anyone who modifies or distributes the software must also make their changes and additions available to others under the same license.

The most well-known copyleft software license is the GNU General Public License (GPL), but there are many other copyleft licenses such as the Lesser General Public License (LGPL), the Mozilla Public License (MPL), and the Affero General Public License (AGPL).

The rights and obligations defined by copyleft software licenses can vary depending on the specific license, but some common aspects include rights, typically granting users the right to use, modify, and distribute the software. The licenses often require that any derivative works be licensed under the same terms, which ensures that the software remains free and open for future use and development.

Copyleft software licenses also impose certain obligations on users and developers of the software. These obligations can include requirements to include a copy of the license with any distributions of the software, to make the source code available, and to maintain copyright notices and attribution to the original authors.

Copyleft licenses can have implications for compatibility with other licenses. For example, using individual software components licensed as copyleft as part of a larger project may require the entire project to be released under a copyleft license. This is because the copyleft license requires any derivative works to be licensed under the same terms.

Let's work through some of the more popular copyleft templates, one at a time.

The GNU General Public License

The GPL is developed by the Free Software Foundation (FSF). It requires any derivative works of the licensed software to be licensed under the same terms.

The GPL has several versions, including version 2.0 (GPLv2) and version 3.0 (GPLv3). The GPL is widely used for software development projects and is often seen as a key component of the free software movement.

GPLv2 (that is, "version 2") of the GPL includes provisions for distributing the source code and making modifications to the software. GPLv3 added provisions for preventing "tivoization" (meaning, the practice of using digital restrictions to prevent users from modifying the software) and for addressing patent issues.

The GNU Lesser General Public License

The LGPL is another license developed by the FSF that allows for more flexibility in the use of the licensed software. The LGPL has two versions, version 2 (LGPLv2) and version 3 (LGPLv3).

The LGPL is commonly used for software libraries and other software components that are designed to be linked with other software. LGPLv2 and LGPLv3 added more flexibility in the use of the licensed software, particularly for software libraries. Later versions also worked to add greater compatibility with the GPLv3.

The GNU Affero General Public License

The AGPL also comes from the FSF. It's similar to the GPL but includes additional requirements for software that is distributed over a network.

The AGPL is often used for software that's designed to be run on servers and accessed over a network, such as web applications.

Version 3 (AGPLv3) includes additional requirements for software that is distributed over a network. It requires anyone who uses the software over a network to make the source code available and to provide a copy of the license to users.

The Mozilla Public License

The MPL was developed by the Mozilla Foundation – the people behind the Firefox browser. It is a copyleft license that allows for the distribution of the licensed software under both proprietary and open source terms. The MPL is compatible with the GNU General Public License (GPL), allowing code to be shared between MPL-licensed software and GPL-licensed software. The MPL is also compatible with other open source licenses such as Apache and MIT.

The MPL requires that the source code for any modified versions of the licensed software be made available. This allows others to see and modify the code, promoting the growth and development of the software. The MPL also requires that any distribution of the licensed software, whether in its original or modified form, be made under the MPL.

This means that anyone who distributes the software must provide a copy of the license with the software and make the source code available. The MPL includes provisions to protect users from patent claims related to the licensed software. These provisions ensure that users of the software are able to use and distribute the software without fear of legal action.

Wrapping Up

With this information you're now ready to carefully evaluate the benefits and limitations of each specific collection of open source code you might use. And you can similarly understand how you might want to license your own code when it's ready to be shared with the world.

This article comes from my Complete LPI Open Source Essentials Study Guide course__. And there's much more technology goodness available at bootstrap-it.com

So let's see what we've got. There's client/server computing, thin and fat clients, microservices, and various flavors of Application Programming Interfaces (APIs). Let's explore these one at a time.

This article comes from my Complete LPI Open Source Essentials Exam Study Guide Udemy course and book. You can also view the video version of the article on YouTube.

Client/Server Architectures

Client/server computing architectures are a type of distributed computing architecture in which computing tasks are split between two types of machines: clients and servers.

A client is a device or program that requests services or resources from a server. Clients can be desktop computers, laptops, mobile devices, or any other device capable of making requests over a network.

A server is a device or program that provides services or resources to clients. Servers can be dedicated machines or programs that run on shared machines. Servers are responsible for processing requests from clients and returning the requested data or service.

The interaction between clients and servers is typically based on a request-response model. A client sends a request to a server over a network, and the server processes the request and sends a response back to the client.

A typical client/server setup

The client/server architecture provides several advantages, including:

• Scalability, meaning that servers can be added or removed from the network as demand changes. This allows the system to scale up or down as needed without having to make changes on the clients.
• Centralization, which means that by centralizing resources on servers, it is easier to manage and control access to those resources, and to enforce security policies.

Examples of client/server applications include email servers, web servers, file servers, and database servers. In each case, the server provides a service or resource that clients can access over a network.

Thin Client and Fat Client Architectures

Thin client and fat client architectures are different approaches to designing client/server computing systems.

In a thin client architecture, the client machine is responsible for only the presentation layer, while the application logic and data processing are handled on the server side. Thin clients typically have limited processing power and memory, and rely heavily on network connectivity to function.

When a user interacts with a thin client, the input is sent over the network to the server, which processes the request and sends back the necessary data to the client for display.

This approach can be more efficient in terms of hardware resources and easier to manage, as the server is responsible for most of the processing and storage. But it can also be more dependent on network connectivity and can suffer from latency issues if the network is slow or unreliable.

Fun fact (or, at least, a relatively fun fact): my very first serious administration project – and my introduction to Linux and network administration – involved deploying thin client infrastructure to save significant costs and efforts. It went well, and launched my admin career.

On the other hand, in a fat client architecture, the client machine is responsible for both the presentation layer and the application logic. The client machine typically has more processing power and memory, and can execute code and process data locally.

This approach can provide better performance and responsiveness, and can be more resilient to network connectivity issues.

When a user interacts with a fat client, the client machine processes the input and executes the necessary code and data processing locally, without relying on the server for every request.

Thin clients outsource compute operations, while fat clients process operations locally

This approach can be more resource-intensive, as the client machine must have sufficient processing power and memory to handle the workload. It can also be more complex to manage, as updates and maintenance must be performed on both the client and server sides.

Microservices vs. Monolith Architectures

Now, should you design your software as a microservices or monolith architecture? In a monolith architecture, the entire application is built as a single, self-contained unit. All functionality, from data access to user interface, is bundled together in one codebase and deployed as a single unit.

Monoliths are typically easier to develop and deploy, but can become unwieldy and difficult to maintain as the codebase grows in size and complexity.

A single, multi-purpose server workload

But in a microservices architecture, the application is divided into smaller, independent services that communicate with each other over a network. Each service is designed to perform a specific task or set of tasks, and can be developed and deployed independently of the other services.

Specialized servers

Microservices can be more complex to develop and deploy, but offer greater flexibility and scalability, as each service can be scaled independently to handle changing workloads.

In a monolith architecture, all components of the application are tightly coupled, meaning that changes to one component can have a ripple effect throughout the entire system. This can make it difficult to scale or modify specific components of the application without affecting the entire system.

Microservices architectures, on the other hand, make use of loosely coupled features, meaning that changes to one service have minimal impact on other services. This makes it easier to modify or scale specific components of the application without affecting the entire system.

Web Apps

Web applications are software applications that are accessed through a web browser over a network such as the Internet. The purpose of web applications is to provide users with a convenient and accessible way to perform various tasks and access services over the web.

Web applications can be used for a wide range of purposes, such as e-commerce, online banking, social networking, email, file sharing, and online productivity tools. They can be designed to be accessible from any device with a web browser, including desktop computers, laptops, tablets, and smartphones.

Web applications are typically built using web development technologies such as HTML, CSS, and JavaScript, and can be hosted on a web server that communicates with client-side browsers using various web protocols such as HTTP and HTTPS.

Single Page Applications (SPAs)

An SPA is a web application that loads a single HTML page and dynamically updates the content on that page as the user interacts with it. This is in contrast to traditional web applications, which require a full page refresh every time the user interacts with the application.

In an SPA, the initial HTML, CSS, and JavaScript are downloaded to the client-side browser, and subsequent interactions with the application are handled through asynchronous requests to the server-side API. The server returns data in a lightweight format, such as JSON, which the client-side JavaScript then uses to update the page content without refreshing the entire page.

SPAs are often built using modern JavaScript frameworks and libraries, such as React, Angular, and Vue.js. They offer several benefits over traditional web applications, such as faster load times, improved user experience, and reduced server load. But SPAs can also present some challenges, such as search engine optimization, accessibility, and managing the application state on the client-side.

Application Programming Interfaces (APIs)

An API is a set of rules, protocols, and tools that developers use to build software applications. The purpose of an API is to enable communication and integration between different software applications, allowing them to exchange data and functionality.

Or, in other words, APIs are a tool for securely and efficiently exposing compute functionality and data to public networks. Which is just a different way to bring about a software deployment.

APIs can be classified into several categories, based on their function and level of access:

• Open APIs, also known as public APIs, are accessible to developers outside the organization that owns the API, and often require no authentication or authorization to access.
• Internal APIs, also known as private APIs, are intended for use within an organization and are not accessible to external developers.
• Composite APIs are APIs that combine functionality from multiple APIs into a single interface, simplifying the development process for developers.
• REST APIs are APIs that use the HTTP protocol to access and manipulate data, and are widely used for building web and mobile applications. They make it easy for developers to programmatically expose local resources to remote users in a controlled way. REST stands for Representational State Transfer Application Programming Interface.
• SOAP APIs, where SOAP stands for Simple Object Access Protocol, are APIs that use the SOAP protocol to exchange data between different systems, and are commonly used for enterprise-level applications. These days, SOAP is a much less popular protocol than REST.

Wrapping Up

We've worked through some of the most popular software deployment platform alternatives. Now, with a better sense of what's available, it's your turn to go out and create!

This article comes from my Complete LPI Open Source Essentials Study Guide course__. And there's much more technology goodness available at bootstrap-it.com

The API is the interface you can use to connect programming code running on your own PC with OpenAI's GPT servers.

Of course, when using the API you can include plain language prompts where you ask GPT for answers and generated content. But you can also apply all the built-in power of that programming code to create sophisticated and automated operations that involve GPT.

You could, for instance, ask ChatGPT to write an article on a specific topic. But using the API, you can ask it to write 100 articles on the topics listed in a text document and then sit back while your code does all the work for you.

Anything that takes advantage of code rather than performing manual operations is a thousand times more effective when you add GPT to the equation.

The problem is that, like all APIs, figuring out the syntax and other fine details can take time. To help you over that hill, OpenAI created the visual tools within their Playground. Let's see how that'll help.

This article is excerpted from my Manning book, The Complete Obsolete Guide to Generative AI.

What is the Playground?

Playground, shown in the figure below, existed even before ChatGPT, and it was where I had my first interactions with GPT. Although do keep in mind that, along with everything else in the AI world, the interface will probably have changed at least twice by the time you get to it.

We're going to use the playground throughout this tutorial to learn how to interact with GPT.

OpenAI's Playground interface

You get to Playground from your OpenAI login account. Rather than enjoying a sustained conversation where subsequent exchanges are informed by earlier prompts and completions, when the Chat option is selected from the pull-down at the top-left of the screen, the text field in Playground offers only one exchange at a time. The models it's based on might also be a bit older and less refined than the ChatGPT version.

But there are two things that set Playground apart from ChatGPT. One is the configuration controls displayed down the right side of the screen in the image above. The second is the View code feature at the top-right. It's those features that make Playground primarily an educational tool rather than just another GPT interface.

How to Access Python Code Samples

The image below shows a typical Playground session where I've typed in a prompt and then hit the "View code" button with the "Python" option selected. I'm shown working code that, assuming you'll add a valid OpenAI API key on line 4, can be copied and run from any internet-connected computer.

Playground's View code tool with Python code

Don't worry about the details right now, but take a moment to look through the arguments that are included in the openai.Completion.create() method.

The model that's currently selected in the Model field on the right side of the Playground is there (text-davinci-003), as is my actual prompt (Explain the purpose of...). In fact, each configuration option I've selected is there.

In other words, I can experiment with any combination of configurations here in the Playground, and then copy the code and run it – or variations of it – anywhere.

This, in fact, is where you learn how to use the API. In other words, here is where you're shown code samples that can form the basis of a lot of what you'll eventually want to run in your own environment.

How to Access CURL Code Samples

The next image shows us how that exact same prompt would work if I decided to use the command line tool, curl, instead of Python.

Playground's View code tool with curl code

curl is a venerable open source command line tool that's often available by default. You'll generally use curl when you want to access a remote server directly from your command line. Those will usually be for relatively simpler requests.

Python, on the other hand, will be the tool of choice for more complicated applications that involve programming logic.

To confirm it's available on your system, simply type curl at any command line prompt. You should see some kind of help message with suggestions for proper usage.

Besides Python and curl, you can also display code in Node.js (for when you're building server-based applications) and JSON (to enable programmatic integrations).

With that, you're all set to dive deeper than simple chat sessions: you're now able to finely control and programmatically automate your interactions with GPT from the comfort of your own command line (or IDE).

This article is excerpted from my Manning book, The Complete Obsolete Guide to Generative AI. There's plenty more technology goodness available through my website.

But things have changed. Even though new services are being added to AWS, for example, nearly every week, we've had loads of time to figure out how things generally work. So it makes sense to listen when admins and industry leaders share their experiences.

In this article, I plan to share some important rationales for assessing and, perhaps, rethinking your deployment strategies. There's certainly no single approach that'll work for everyone, but everyone needs to at least consider the big picture.

This article is excerpted from my Pluralsight course: The IT Ops Sessions: Why Some Companies Are Moving OUT of the Cloud.

What's the "Problem" with the Cloud?

So what are the experts telling us? Number one seems to be that once your company hits a certain scale, cloud operating costs start to matter a lot. And that whole abstracted "reduced complexity" thing everyone talks about? Not so much.

Let's dive a bit deeper.

When all you've got running is a website on a single Linux instance and some data stored in a couple of S3 buckets, you'll barely notice the monthly bills.

An AWS availability zone with a single EC2 instance and two S3 buckets

But once your user demand begins to rise and the possibility of losing some of your data or even a one hour outage keeps you up at night, then you'll need to give the numbers another look.

You see, once your application requires high availability, that single instance won't cut it any more. You'll need at least a second instance hosted in a different availability zone.

But now that your front-end is distributed, you'll need a dedicated high availability database running somewhere that each of your instances can access in real time. On AWS, that'll mean an RDS instance. And they're not free.

Two AWS availability zones with replicated EC2 instances

Planning significant data transfers between your servers and users? Count on extra network costs and on more expensive network-optimized instance types. Sharing your instances with other AWS clients not good enough for your security requirements? Then you can add the ongoing costs of Dedicated Hosts.

You can try it out for yourself on the handy AWS Pricing Calculator: it won't take long before your costs hit tens or even hundreds of thousands of dollars each month.

The output of a typical AWS Pricing Calculator estimate

Now I'm certainly not suggesting that those costs are unfair or that they're not justified. AWS and other big cloud providers work very hard to give you as much information as you'll need to understand what you'll be spending and even how you can spend less. But there's no hiding the fact that renting a lot of compute resources can get very expensive.

What Does Cloud Repatriation Look Like?

Now think what it might mean to apply all of those requirements to meet the needs of a company of the scale of Dropbox or even X – by which, of course, I mean Twitter – both of which have repatriated at least some of their cloud infrastructure.

Say what you like about Twitter (and everyone's got something to say), but they very recently announced that their cloud reorganization led to a drop of 60% in their cloud-based media storage and that their cloud data processing costs dropped by 75%. Overall, estimates suggest that they're now spending around 60 million dollars less each year on AWS services.

But that's not even the impressive part. Because they made those changes at the same time they were reducing their employee count by 75%. And, while there's been plenty of entertaining chaos and mayhem on the platform, there were few if any notable service outages.

So not only did they cut their cloud usage, but they seem to have done it without incurring any "complexity" penalty – which of course would have required them to increase their hiring and other expenses. As an example, they claim to be saving another 13.9 million dollars a year through reconfiguring their network backbone.

Naturally, I couldn't throw such ideas at you without the earnest warning that you should never try this yourself at home. Or possibly even at work. What seems to have worked for X might not be a good fit for your organization.

But I can definitely tell you that it's not just X that we're talking about here. 37 Signals – the creators of Basecamp and Hey – expect to save around 7 million dollars over the five years following their 2022 pull-back from AWS.

The market intelligence firm IDC has noted that, in its experience, cloud repatriation has been visible since all the way back in the cloud's early days. They claim to have seen repatriation on some level within around 70 or 80 percent of companies each year.

But we're not necessarily talking about completely abandoning the cloud. Rather, it's a matter of understanding which workloads belong in the cloud and which on-premises or in colocation facilities.

As a rule, the cloud is a great place to test new workloads and smooth out the kinds of unpredictable demand you see in early deployments. But as you grow, cloud costs could increase to the point where, for at least some services, you can do it cheaper "at home".

And keep in mind that cloud migrations that weren't sufficiently planned and executed or went all-in rather than some form of a hybrid deployment are likely to fail over time. Proper preparation and planning are crucial.

As an Andreessen Horowitz report put it: "You're crazy if you don’t start in the cloud; you're crazy if you stay on it."

From here, your job will be to assess your current deployment profile and, if there are elements that need improving, begin mapping out your repatriation plan.

_T_here's much more technology goodness available__ for you through the books and courses available at bootstrap-it.com

What we really need is a way to reliably store and manipulate our data within the application environment.

In this article, I'm going to show you how to connect a back end database to your data collection process. The plan involves tossing some HTML, JavaScript, and the tiny database engine SQLite into a bowl, mixing vigorously, and seeing what comes out.

This article comes from my Complete LPI Web Development Essentials Study Guide course. If you'd like, you can follow the video version here:

As you may already know, the SQL in SQLite stands for structured query language. This means that the syntax you'll use for interacting with a SQLite database will closely parallel how you'd do it with databases like MariaDB, Amazon Aurora, Oracle, or Microsoft's SQL Server. If you've got experience with any of those, you'll be right at home here.

Why are we going to use SQLite here? Because it's a very popular choice for the kind of work you're likely to undertake in a web environment.

You'll need to create a new directory on your machine along with some files with JavaScript code. We'll learn how to create, modify, and delete records in a SQLite database.

I could incorporate all those actions into a single file, of course, but I think breaking them out into multiple files will make it easier to understand what's going on.

Connecting to a Database and Creating a Table

Here's what the first file will look like:

const sqlite3 = require('sqlite3').verbose();

// Create/connect to the database
const db = new sqlite3.Database('mydatabase.db');

// Create a table
db.run(`CREATE TABLE IF NOT EXISTS users (
    id INTEGER PRIMARY KEY,
    name TEXT,
    age INTEGER
)`);

// Insert data
const insertQuery = `INSERT INTO users (name, age) VALUES (?, ?)`;
const name = 'Trevor';
const age = 5;
db.run(insertQuery, [name, age], function (err) {
    if (err) {
        console.error(err.message);
    } else {
        console.log(`Inserted data with id ${this.lastID}`);
    }
});

// Close the database connection
db.close();

We begin by loading the sqlite3 module as sqlite3 and then creating the db variable to represent our new database instance. The database will be called mydatabase.db.

const sqlite3 = require('sqlite3').verbose();
const db = new sqlite3.Database('mydatabase.db');

If there isn't a database using that name in our local directory, the code will create one, otherwise it'll just connect to the one that's there already.

Since this is our first run, I'll create a new table within the mydatabase.db database. There will be three keys in our table: id, name, and age.

db.run(`CREATE TABLE IF NOT EXISTS users (
    id INTEGER PRIMARY KEY,
    name TEXT,
    age INTEGER
)`);

As you can see, id will be the primary key that we'll use to reference individual records.

We defined the data type of each key: integer, text and, again, integer. This definition is something we only need to do once. But we do want to get it right, because changing it later, after we've already added data, can be tricky.

Inserting New Data into a Table

In this section, we'll will add a new record to the table using the SQL INSERT command.

const insertQuery = `INSERT INTO users (name, age) VALUES (?, ?)`;
const name = 'Trevor';
const age = 5;
db.run(insertQuery, [name, age], function (err) {
    if (err) {
        console.error(err.message);
    } else {
        console.log(`Inserted data with id ${this.lastID}`);
    }
});

You'll probably discover that official SQL documentation always capitalizes key syntax terms like INSERT and SELECT. That's a useful best practice, but it's not actually necessary. As a rule, I'm way too lazy to bother.

The query itself is templated as insertQuery, with the name and age details added as constants in the lines that follow.

The db.run method, using the insertQuery constant and those two values (name and age) as attributes, is then executed. Based on the success or failure of the operation, log messages will be generated.

But hang on for a moment. What's with those question marks after declaring insertQuery? And why did we need to break this process into two parts?

This is actually an important security practice known as an escape variable. With this in place, when the db.run() method executes the prepared statement, it'll automatically handle the escaping of the variable value, preventing SQL injection.

Lastly, we close down the connection:

db.close();

Modifying Data

Now let's see how the "modify" code works. Like before, we create a SQLite3 constant and then connect to our database.

This time, however, our table already exists, so we can go straight to the "modify" section.

const sqlite3 = require('sqlite3').verbose();

// Create/connect to the database
const db = new sqlite3.Database('mydatabase.db');

// Modify data
const updateQuery = `UPDATE users SET age = ? WHERE name = ?`;
const updatedAge = 30;
const updatedName = 'name2';
db.run(updateQuery, [updatedAge, updatedName], function (err) {
    if (err) {
        console.error(err.message);
    } else {
        console.log(`Modified ${this.changes} row(s)`);
    }
});

// Close the database connection
db.close();

The pattern is similar. We define an updateQuery method to UPDATE a record that we'll define. This operation will change the age value for an entry whose name equals Trevor.

You may recall that Trevor's age was earlier listed as 25. We're going to update that to 30. Everything else will work the same as before, including closing the connection when we're done.

This section of code from the third file will delete a record:

const deleteQuery = `DELETE FROM users WHERE name = ?`;
const deletedName = 'name1';
db.run(deleteQuery, [deletedName], function (err) {
    if (err) {
        console.error(err.message);
    } else {
        console.log(`Deleted ${this.changes} row(s)`);
    }
});

The code above will delete the record where the name equals Trevor.

You can run any of those files using the node command. But you should first make sure that you've installed the sqlite3 module:

$ npm install sqlite3

Next I'll use node to run the first file (that you could choose to call db.js).

$ node db.js
Inserted data with id 1

We'll see that a new record has been successfully inserted. If you list the directory contents, you'll also see that a new mydatabase.db file has been created.

You can always manually log into sqlite3 to see how things might have changed. I'll reference the mydatabase.db file so we can open it up right away.

$ sqlite3 mydatabase.db

Typing .tables within the SQLite interface will list all the existing tables in this database. In our case, it'll be the users table we created.

sqlite> .tables
users
sqlite>

Now I'll use the SQL select command to display a record. Here I'll use the asterisk to represent all records and specify the users table.

sqlite> SELECT * FROM users;
1|Trevor|25
sqlite>

We can see that record 1 containing Trevor who is 25 years old has been created. Great!

Finally, we can run the delete code which should remove Trevor altogether:

const deleteQuery = `DELETE FROM users WHERE name = ?`;
const deletedName = 'Trevor';
db.run(deleteQuery, [deletedName], function (err) {
    if (err) {
        console.error(err.message);
    } else {
        console.log(`Deleted ${this.changes} row(s)`);
    }
});

I should note that the db.run and db.close format I used for those methods can also be referred to as Database.run(), and database.close(). It's just a matter of preference - or, in my case, laziness. I'm a Linux admin, after all, and the very best admins are, in principle, lazy.

Summary

We've seen how use JavaScript to connect to a back end database, create a new table, and then add, modify, and delete records in that table. And we seem to have gotten away with it, too!

Now try this on your own computer. But play around with the values. Even better: build something practical.

This article comes from my Complete LPI Web Development Essentials Study Guide course. And there's much more technology goodness available at bootstrap-it.com

Let's discover how Node.js code works, and how that code can be integrated within your JavaScript and then executed.

This article comes from my Complete LPI Web Development Essentials Study Guide course. If you'd like, you can follow the video version here:

Node.js allows developers to use JavaScript both on the client-side and the server-side, providing a unified language and ecosystem. This eliminates the need for context switching and enables code reuse between the front-end and back-end. This results in improved productivity and reduced development time.

Node.js has a vast and active ecosystem of modules and libraries available through the Node Package Manager (npm). This rich ecosystem offers ready-to-use tools and packages for various functionalities, such as web frameworks, database connectors, authentication, and testing frameworks.

Developers can leverage these modules to accelerate development and enhance application functionality.

Given all that, Node.js is particularly well-suited for building:

• Web applications
• Scalable APIs
• Real-time applications requiring instant data updates and bidirectional communication like chat applications and multiplayer games
• Streaming applications like audio or video processing or real-time analytics
• Single-page applications
• Internet of Things deployments

All that sound like a good match for some useful web applications? I thought it would. So let's see how it all works.

How to Build a Node.js Server Environment

First off, you won't need to set up and run a third-party web server like Apache HTTPD or NGINX or place your content within the /var/www/html directory hierarchy. That's because Node.js is, among other things, a web server framework.

Let me show you what that means. You'll need to make sure you've got Node.js installed along with the necessary dependencies. By and large, you'll use the NPM package manager to get that done. There's excellent documentation for installing Node on your OS from the official website.

You can confirm that both Node and NPM are live and waiting for action by running these commands:

$ node -v
v18.16.0
$ npm -v
9.5.1

Just to have some HTML to work with, you should find or create a simple index.html file and save it to a local directory on your machine. This command will download the html of an LPI page from my own website if you need something quick and small:

wget https://bootstrap-it.com/lpi/

Let's take a look at the server.js code we used for our Node server.

const http = require('http');
const fs = require('fs');

const server = http.createServer((req, res) => {
  // Read the HTML file
  fs.readFile('index.html', 'utf8', (err, data) => {
    if (err) {
      res.writeHead(500, { 'Content-Type': 'text/plain' });
      res.end('Error loading HTML file');
      return;
    }

    res.writeHead(200, { 'Content-Type': 'text/html' });
    res.end(data);
  });
});

const port = 3000;
server.listen(port, () => {
  console.log(`Server is running on http://localhost:${port}`);
});

Now let's work through that code, one section at a time. We begin by loading two necessary modules: http to manage the website hosting, and fs to read the HTML files.

const http = require('http');
const fs = require('fs');

We then create a server function – called server. When called, it will either read and serve our index.html file (generating a 200 success code) or, if there's a problem reading the file, it'll generate a 500 error message.

  fs.readFile('index.html', 'utf8', (err, data) => {
    if (err) {
      res.writeHead(500, { 'Content-Type': 'text/plain' });
      res.end('Error loading HTML file');
      return;
    }

The code continues by setting 3000 as the listening port for our application – although, technically, you could change that to any value you like between 1 and 65535.

const port = 3000;

Finally, we call the server function using the listen method and specifying the port number, and then writing an entry to console.log.

server.listen(port, () => {
  console.log(`Server is running on http://localhost:${port}`);

How to Execute Your Node.js Server

Running the npm init command in the same directory were your program files will live is used to initialize a new Node.js project and create a package.json file.

The package.json file serves as the manifest for the project, containing metadata and configuration information about the project, its dependencies, scripts, and other details.

You can manually add dependencies to the file or use:

npm install <package-name>

...to add packages and their versions to the dependencies section of the package.json.

When you actually run npm init to initialize a directory for a new project, a script will ask you some questions. The default values npm suggests for you will include 1.0.0 as a version number and an entry point of index.js.

You'll also have the option of setting a git repo, keywords, and a choice of user license models. All the defaults should work just fine.

When that's done, the script will show you the proposed JSON-formatted version of your settings and ask for your approval. The package.json file that was created will reflect those settings.

For our project, install the MySQL database connector module along with express.js:

$ npm install mysql
$ npm install express.js

Neither takes more than a few seconds. When that's all done, I'll see that there's now a new file in town: package-lock.json.

Peeking inside that file will show you an awful lot of JSON goodness. What's that all about? The package-lock.json file is automatically generated by npm when you install dependencies for your project. It serves as a lockfile that ensures deterministic and reproducible builds of your project across different environments.

It's important to include the package-lock.json file in version control systems like Git so that other developers or deployment environments can reproduce the exact dependency tree and versions used in the project. This ensures consistency and avoids potential conflicts or surprises when working with dependencies.

There will also be a new node_modules directory that was automatically created and populated by that init operation. This directory is a storage location for all the packages and modules our project relies on. When you install packages using npm install, the downloaded packages are placed here.

npm automatically resolves and installs the required dependencies of each package. It creates a hierarchical structure in the node_modules directory that reflects the dependency tree of your project.

Launching your server is straightforward:

$ node server.js

To view the service, open your browser and direct it to the application URL, using port 3000. When your browser is on the same machine as the Node server, this is how that'll look:

localhost:3000

Of course, you don't really need Node.js just for that. The value of Node.js comes from building user interactivity by integrating it with a backend database. That can happen using Express.js, but it'll have to wait for another time.

Wrapping Up

What we have seen here is how the magic behind building a Node.js environment can provide all the infrastructure and backend functionality you need to launch and maintain an interactive and dynamic server.

This article comes from my Complete LPI Web Development Essentials Study Guide course. And there's much more technology goodness available at bootstrap-it.com

In this article you're going to learn how you can use that structure to more effectively control the way your HTML elements behave. You'll also learn how to use it to add dynamic interactivity to your users' experience.

This article comes from my Complete LPI Web Development Essentials Study Guide course. If you'd like, you can follow the video version here:

Understanding DOM elements

The HTML DOM provides a way to interact with and manipulate the elements of an HTML document using JavaScript. It allows you to access, modify, and add elements dynamically, change styles and classes, handle events, and perform other operations on the document.

commons.wikimedia.org/wiki/File:DOM-model.svg using the CC Attribution-Share Alike 3.0 Unported license

As you can see from that illustration, Document is the top-level object representing an HTML document. It serves as the entry point for accessing the DOM tree and provides methods for navigating and manipulating the document.

Element represents an HTML element in the DOM tree. Elements have properties that allow you to access and modify attributes, styles, and content. You can select elements using various methods like:

• getElementById
• getElementsByTagName
• getElementsByClassName
• querySelector
• querySelectorAll

Node is the base class for all types of nodes in the DOM tree. Nodes can be elements, text nodes, comment nodes, and so on. They have properties and methods for common operations, such as accessing parent and child nodes, manipulating node content, and more.

The DOM provides an event system to handle user interactions and other events. You can attach event listeners to elements to respond to events like clicks, keypresses, and mouse movements.

How to Interact with the DOM using JavaScript

Using JavaScript, you can interact with the HTML DOM to dynamically modify the content and behavior of an HTML page. This allows you to create interactive web applications, implement dynamic user interfaces, and perform various operations on the document based on user actions or programmatic logic.

Here's a simple example that actually does something surprising:

<!DOCTYPE html>
<html>
<head>
  <title>DOM Manipulation Example</title>
</head>
<body>
  <h1 id="myHeading">Hello, World!</h1>
  <p id="myParagraph">This is a paragraph.</p>

  <script>
    // Changing the contents and properties of HTML elements
    document.getElementById("myHeading").innerHTML = "New Heading";
    document.getElementById("myParagraph").style.color = "red";
    document.getElementById("myParagraph").textContent = "This is updated.";
  </script>
</body>
</html>

We have an HTML document that contains a heading <h1> element with an id of myHeading and a paragraph <p> element with an id of myParagraph.

  <h1 id="myHeading">Hello, World!</h1>
  <p id="myParagraph">This is a paragraph.</p>

The JavaScript code within the <script> tags manipulates these elements through the DOM.

 <script>
    // Changing the contents and properties of HTML elements
    document.getElementById("myHeading").innerHTML = "New Heading";
    document.getElementById("myParagraph").style.color = "red";
    document.getElementById("myParagraph").textContent = "This is updated.";
 </script>

The code uses the getElementById method to select elements by their id attribute. It then modifies the elements' contents and properties using the following DOM manipulation techniques:

• innerHTML sets the HTML content inside the selected element. In this case, we change the heading's text to "New Heading".
• style accesses the CSS styles of the selected element. We set the paragraph's text color to red.
• textContent sets the text content of the selected element. We update the paragraph's text to "This is an updated paragraph."

When we load the HTML document in a web browser, the JavaScript code executes immediately. You'll never see the original HTML styling, but just the "updates" ordered by the JavaScript. The heading text will be "New Heading", the paragraph text color will be red, and the paragraph content will be "This is updated."

This demonstrates how JavaScript can interact with the DOM to dynamically modify the contents and properties of HTML elements based on programmatic logic or user interactions.

How to Make Your Websites More Interactive

You can also trigger changes to an HTML page in response to user activities. In this example, we define two JavaScript functions: showMessage and changeColor. These functions are triggered from HTML elements using the onclick attribute.

<!DOCTYPE html>
<html>
<head>
  <title>Triggering JavaScript Functions</title>
  <script>
    function showMessage() {
      alert("Button clicked!");
    }

    function changeColor() {
      document.getElementById("myDiv").style.backgroundColor = "red";
    }
  </script>
</head>
<body>
  <h1>Triggering JavaScript Functions Example</h1>

  <button onclick="showMessage()">Click me</button>
  <div id="myDiv" style="width: 200px; height: 200px; background-color: blue;"></div>
  <button onclick="changeColor()">Change color</button>
</body>
</html>

The showMessage function displays an alert box with the message "Button clicked!" when the button is clicked.

    function showMessage() {
      alert("Button clicked!");
    }

The changeColor function changes the background color of the <div> element with the id of myDiv to red when the button is clicked.

    function changeColor() {
      document.getElementById("myDiv").style.backgroundColor = "red";
    }

The HTML code includes a button with the onclick attribute set to showMessage(), which triggers the showMessage function when the button is clicked.

Similarly, there's another button with the onclick attribute set to changeColor(), which triggers the changeColor function when the button is clicked.

  <button onclick="showMessage()">Click me</button>
  <div id="myDiv" style="width: 200px; height: 200px; background-color: blue;"></div>
  <button onclick="changeColor()">Change color</button>

When you load the HTML document in a web browser, you'll see the heading, two buttons, and a colored <div> element. Clicking the "Click me" button will trigger the showMessage function and display an alert.

Clicking the "Change color" button will trigger the changeColor function and change the background color of the <div> element to red.

As I'm sure you can guess, this barely scratches the surface on what you can do with DOM. Here's a longer list of DOM-friendly elements and methods and HTML attributes that you can also play with:

• document.getElementById()
• document.getElementsByClassName()
• document.getElementsByTagName()
• document.querySelector()
• document.querySelectorAll()
• innerHTML, setAttribute()
• removeAttribute()
• classList
• classList.add()
• classList.remove()
• classList.toggle()
• onClick
• onMouseOver
• onMouseOut

Wrapping Up

This was a brief introduction to DOM elements, where you caught a quick glimpse of the how and whys of controlling HTML elements. You also learned how you can add dynamic interactivity and fine-tuned programmatic versatility to your website.

This article comes from my Complete LPI Web Development Essentials Study Guide course. And there's much more technology goodness available at bootstrap-it.com

Its benefits include:

• Server-side development through Node.js
• Client-side interactivity where scripts run directly within your users' browsers
• Responsive and interactive user interfaces
• Broad API and third-party service integration that permit multi-tier applications
• Cross-platform mobile app development through frameworks like React Native and Ionic
• Near-universal browser support, and vast ecosystem of libraries, frameworks, and tools

If you're planning to add interactivity into any of your websites, then you'll need to pick up some JavaScript skills. But the basics are actually pretty straightforward.

In this article I'm going to show you how you can incorporate JavaScript into your HTML code, what simple operations might look like using JavaScript, how to create and execute functions in JavaScript, and how you can take advantage of your browser's console to test JavaScript in a live – but safe – environment.

By the way, there isn't any technical connection between JavaScript and the Java programming language.

Some time after Brendan Eich created his LiveScript language at Netscape in just 10 days back in 1995, legend has it, he renamed his project JavaScript to leverage the popularity of Java at the time.

But that was more of a marketing strategy than an indication of any technical relationship.

This article comes from my Complete LPI Web Development Essentials Study Guide course. If you'd like, you can follow the video version here:

How to Incorporate JavaScript into Your HTML Code

You can include JavaScript code in your HTML web pages in a couple ways. First, you can do it by referencing an external .js file as an attribute of a <script> tag – the way you see here:

<script src="script.js"></script>

Or you can drop your code between <script> tags in the head section of your HTML like this:

<head>
  <title>JavaScript App Example</title>
  <script>
    function greet() {
      var name = prompt("What's your name?");
      alert("Hello, " + name + "!");
    }
  </script>
</head>

Both work fine. Since the adoption of HTML5, however, you no longer need to add text/javascript as an attribute of the <script> tag. At this point, JavaScript is the default scripting language for HTML.

How to Execute Some Simple JavaScript

Here's a simple hello-world kind of script that'll work to get us up and running:

<!DOCTYPE html>
<html>
<head>
  <title>JavaScript App Example</title>
  <script>
    // JavaScript code
    function greet() {
      var name = prompt("What's your name?");
      alert("Hello, " + name + "!");
    }
  </script>
</head>
<body>
  <h1>JavaScript App Example</h1>
  <button onclick="greet()">Say Hello</button>
</body>
</html>

Let's work through that code one section at a time.

You can see that the JavaScript is all in between those two <script> tags and contains its own comment line.

  <script>
    // JavaScript code
    function greet() {
      var name = prompt("What's your name?");
      alert("Hello, " + name + "!");
    }
  </script>

I really don't know why it has to be this way, but the comment escape codes for one language never seem to work for another. In the JavaScript world, you'll need two forward slashes: //.

The first line of real code introduces a new function that's named greet.

    function greet() {
      var name = prompt("What's your name?");
      alert("Hello, " + name + "!");
    }

The parentheses are necessary and, I assure you, you'll make good use of them later. The function's code must all lie between two curly braces the way you see here.

This function has just two lines. The first uses var to declare a variable that'll be called name. name will take the value entered by users when they're prompted with the "What's your name?" question.

NOTE: while declaring a variable as var still has its use cases, for most modern JavaScript development, using let and const is considered a best practice due to their improved scoping rules and stricter variable assignment behavior. I went with var here for simplicity

Once a value has been entered, alert will generate a pop-up window with the text Hello , a comma and space, the current value of the name variable, and an exclamation mark. The + character serves to concatenate all these values into a sentence.

But hang on: you can't see any name entry field on this page, can you? And how exactly is the function executed?

Excellent questions. That'll happen down in the HTML section. This is basically a <button> tag that has a text label of Say Hello. But it's the tag's attribute that really interests us.

onclick calls our greet function. In other words, onclick tells the browser to execute the greet function whenever the button is clicked.

<body>
  <h1>JavaScript App Example</h1>
  <button onclick="greet()">Say Hello</button>
</body>
</html>

Paste the code into an .html file and load it in a browser. When you click the button a new dialog box opens with a data entry field looking for your name. When you type your name and then click OK, you'll see nicely concatenated sentence, all perfectly arranged.

How to Work with JavaScript in a Browser Console

But before moving on, I should remind you that JavaScript was built for browsers. So we can expect some useful integrations. Well, perhaps the most useful of them all is the console.

You can open the console by right-clicking on any empty spot on a browser page and selecting Inspect. This should work no matter what browser you're using. Hitting F12 is another way to get to the same place.

In my Brave browser, the console appears on the right side:

Opening the console

This is known as the developer's console, because there are all kinds of helpful debugging and code analysis features packed in.

In the Elements tab, you'll see a representation of the page code. You can expand the <head> and the <script> sections so you can see what you're working with. Moving over to the Console tab, you find a live JavaScript environment.

In this example, I pasted three JavaScript operations into the console which we can actually test.

Here's that world-changing code in a cut-and-paste format:

console.log(2 + 2);
console.log("Hello" + " " + "World");
var fruits = ["Apple", "Banana", "Orange"];
console.log(fruits.length);

Try it yourself.

Now, you should be aware that console.log() is a built-in JavaScript function that allows you to output messages or values to the console. It is commonly used for debugging and displaying information during the development process. So, as a rule, you'll only want to use the console.log function here.

This would be a great opportunity to introduce you to some JavaScript syntax. The function accepts one or more arguments within parentheses and prints them to the console.

The first execution is the sum of 2 + 2.

console.log(2+2);

From here we can see that you can use any of the arithmetic operators (like plus, minus, the asterisk for multiplication, the forward slash for division, the right angle for greater than, the left angle for less then, and the equal sign) as-is within your JavaScript code.

The only other thing about this that might catch your attention is the semicolon that follows. In JavaScript, semicolons are statement terminators that help you avoid ambiguity and, sometimes, unexpected behavior. Use 'em early, use 'em often.

The second line contains another example of concatenation.

console.log("Hello" + " " + "World");

This one will print the word "Hello" followed by a space, and then the word "World".

Before running the next command, we'll declare a variable called fruits, which will contain an array of three words: "Apple", "Banana", and "Orange".

var fruits = ["Apple", "Banana", "Orange"];
console.log(fruits.length);

The code that follows will take the variable fruits and output its length.

When I hit Enter , all three commands will execute in one go. There are three lines of output: "4", "Hello World", and "3" – which is exactly what we would have expected.

That was nice and everything, but it hardly makes use of your browser's full resources. So now try running a command that'll generate an error. You could, say, add a couple of illegal characters to an operation like these asterisks:

console.log("Hello" + " " + "World")**;

Here's what happens:

VM30:1 Uncaught SyntaxError: Unexpected token ';'

You should see an uncaught syntax error. The VM30:1 test even shows us which line of our code contained the problem - 1 in this case. If this were real code, we'd be a step closer to solving a bug.

Wrapping Up

You're now properly introduced to the basics of JavaScript and, in particular, how to integrate JavaScript with your HTML and how to use your browser's console environment. Now go see what you can build!

This article comes from my Complete LPI Web Development Essentials Study Guide course. And there's much more technology goodness available at bootstrap-it.com

As we'll see in this tutorial, you can also control content behavior using custom or ID styles, pseudo classes, and inheritance. This happens through the use of selectors.

CSS selectors target HTML elements based on their tag names, attributes, classes, IDs, or their position in the document structure. When a selector matches an element, the styles defined in the corresponding CSS rule are applied to that element.

Here's some code that'll illustrate how selectors can work to control various kinds of elements. Read through it and try to understand what everything does, then we'll work through it one section at a time.

<!DOCTYPE html>
<html>
<head>
  <style>
    /* Target elements with a class */
    .highlight {
      background-color: yellow;
      font-weight: bold;
    }

    /* Target elements with an ID */
    #special {
      color: red;
      text-decoration: underline;
    }

    /* Target elements based on their tag name */
    p {
      font-size: 16px;
    }

    /* Target elements based on their relationship */
    ul li {
      list-style-type: square;
    }

    /* Target elements based on attribute values */
    input[type="text"] {
      border: 1px solid gray;
    }
  </style>
</head>
<body>
  <h1 id="special">Welcome to my Website</h1>

  <p>This paragraph will have a font size of 16 pixels.</p>

  <ul>
    <li>List item 1</li>
    <li>List item 2</li>
    <li class="highlight">List item 3</li>
  </ul>

  <input type="text" placeholder="Enter your name">
</body>
</html>

This article comes from my Complete LPI Web Development Essentials Study Guide course. If you'd like, you can follow the video version here:

CSS Custom and ID Styles

This first style is an example of a custom selector called highlight.

    /* Target elements with a class */
    .highlight {
      background-color: yellow;
      font-weight: bold;
    }

That HTML might look like this:

<li class="highlight">List item 3</li>

Next, this ID selector (#special):

    /* Target elements with an ID */
    #special {
      color: red;
      text-decoration: underline;
    }

...will be applied in the HTML through the id= attribute:

<h1 id="special">Welcome to my Website</h1>

We've already seen how associating a style with an HTML element like p works:

    /* Target elements based on their tag name */
    p {
      font-size: 16px;
    }

...But the shape of the background coloring applied to <ul> tags and the border color of the text input field are controlled by these two styles:

    /* Target elements based on their relationship */
    ul li {
      list-style-type: square;
    }

    /* Target elements based on attribute values */
    input[type="text"] {
      border: 1px solid gray;
    }

Now, in addition to the HTML snippets we've already examined, we can also see how the third bullet point has the highlight class attribute, so it'll get both a yellow background and that background will be square. Finally, the <input type="text"> field will get a gray border.

<body>
  <h1 id="special">Welcome to my Website</h1>

  <p>This paragraph will have a font size of 16 pixels.</p>

  <ul>
    <li>List item 1</li>
    <li>List item 2</li>
    <li class="highlight">List item 3</li>
  </ul>

  <input type="text" placeholder="Enter your name">
</body>

If save all that code to a .html file and load it in your favorite browser, you'll see that it all looks exactly the way we wanted it. Hopefully, at least.

How to Work with the CSS pseudo class

There's another kind of class in CSS we call a pseudo class. They're called "pseudo" since these aren't exactly traditional classes, but class controls.

You've probably already seen pseudo classes in action on web pages you've visited. Links or page elements will change their appearances when different actions are occurring around them.

For instance, as you can see from this CSS code, there are definitions for normal, hover, focus, and active states.

/* Normal state */
button {
  background-color: blue;
  color: white;
}

/* Hover state */
button:hover {
  background-color: lightblue;
}

/* Focus state */
button:focus {
  outline: 2px solid red;
}

/* Active state */
button:active {
  background-color: darkgreen;
}

You should take those CSS styles and apply them to some simple HTML code. This example shows how they could all be applied to the Click me button text in the HTML.

<button>Click me</button>

Let's see how that'll work.

The normal, at-rest appearance of a button might have a blue background color and white text. But when you hover your mouse over top of the button, the background turns light blue.

/* Hover state */
button:hover {
  background-color: lightblue;
}

If you would use the Tab key on your keyboard to cycle through all the page elements, once you reach the button, the state will become Focus and the outline will turn red.

/* Focus state */
button:focus {
  outline: 2px solid red;
}

When I would actually click and hold the button, the background will change to dark green.

/* Active state */
button:active {
  background-color: darkgreen;
}

CSS Inheritance

CSS inheritance is a mechanism that allows properties defined on parent elements to be inherited by their child elements. When a property is set on a parent element, its value is automatically inherited by its descendants unless overridden.

Inheritance applies to various CSS properties, such as font styles, text colors, and some layout properties. For example, if you set the font family or font size on a parent element, the child elements within it will inherit those values unless explicitly specified otherwise.

In some cases, certain properties are not inherited by default. For instance, properties like background color, border properties, and box-model properties are typically not inherited. In these cases, child elements will not inherit the values from their parent elements unless explicitly set.

CSS inheritance simplifies the styling process by allowing you to set properties once on parent elements, reducing the need for repetitive styling on child elements. However, it's essential to be aware of which properties are inherited and which ones are not to ensure the desired styling outcome.

This code creates a #parent style that sets the font and font color. It also creates a second style that'll apply to paragraphs within the HTML. But this second style is also a child of the parent.

<style type="text/css">
#parent {
  font-family: Arial, sans-serif;
  color: blue;
}
p {
  font-size: 24px;
}
</style>

The HTML exists within a <div> that uses the id= attribute to adopt the parent style. There are two lines of text, one inside the <p> tag and one outside.

<div id="parent">
  Here is some regular text.
  <p>This is a paragraph inside the parent element.</p>
</div>

When we load our code in a browser we'll see that both those lines of text will be printed in blue - which means that the child element has, indeed, adopted the parents values. But it'll also get its own larger font formatting. This kind of formatting can be powerful when you want to very precisely control overall, global behavior, while maintaining the ability to further define individual elements.

To prevent inheritance and establish a completely new value, the inherit keyword can be used to override the inherited value. Additionally, the initial keyword can be used to reset a property to its default value.

One more important point that's particularly relevant when you're working with multiple CSS styles. What happens when, between your inline CSS, multiple stand alone CSS files, and layers of parents and children, there's a conflict between styles? Well there's a set of rules that determine how everything will be handled.

Inline code within an HTML file's <style> tags always comes first. The more specific a selector is, the greater its priority. The further down in the code a style appears the greater priority it's given. And the !important attribute will always win.

Rule Precedence in CSS

Here's a quick summary of rule precedence in CSS:

• Inline CSS overrides CSS rules in style tag and CSS file
• A more specific selector takes precedence over a less specific one
• Rules that appear later in the code override earlier rules if both have the same specificity
• A CSS rule with !important always takes precedence.

Wrapping Up

You've seen how customizing your CSS styles through attributes like id and applying structures like pseudo classes can go a long way to liven up your HTML pages. And you've seen how all of that works through CSS selectors.

You also saw how CSS inheritance can help you closely control the way objects on your web pages behave.

So you're all set to start building some pretty sophisticated websites. Why not start today?

This article comes from my Complete LPI Web Development Essentials Study Guide course. And there's much more technology goodness available at bootstrap-it.com