I inherited some legacy Python code that sends emails the following way (code simplified):

message = MIMEMultipart()
message["From"] = email_from
message["To"] = email_to
message["Subject"] = email_subject

message.attach(MIMEText(email_msg, "plain"))
context = ssl.create_default_context()

with smtplib.SMTP(os.getenv("SMTP_HOST"), os.getenv("SMTP_PORT")) as server:
    server.ehlo()
    server.starttls(context=context)
    server.ehlo()
    server.login(os.getenv("SMTP_USER"), os.getenv("SMTP_PASSWORD"))
    server.sendmail(email_from, email_to, message.as_string())
    server.quit()

I wanted to run and test this code without modifying it at this point and without using the actual mail server. That's why I set off to find some locally runnable email server solutions that fit well within the docker-compose stack I was already using.

The most promising servers I found were the following:

• maildev/maildev (previously known as djfarrelly/maildev) and
• mailhog/MailHog

Both come with convenient Docker images that run out of the box and have documentation for the most important configurations. They also feature nice web front ends to view the received emails that don't differ that much on first sight and the REST-API to request this data has all the needed information.

In the end I settled on MailHog as it had the most recent stable version (summer 2020 vs. summer 2019).

Unfortunately what both servers also have in common is that they don't support SSH and STARTTLS that I need to use as you can see from the code snippet above. Both have feature requests in their repositories about this functionality but there seems to be no activity in this regard. Browsing through those tickets I stumbled about recommendations to use a reverse proxy to work around this problem and there was one specific mention of Simple Mail Forwarder and I decided to give it a try.

Though I take security very seriously it is not my strongest subject and I'm always happy if solutions exist that set things up securely by default and provide the needed documentation to fill the gaps as needed.

In this case I had to bite my way through it and probably spent way too much time on it. In the end I got it working and here I want to protocol how I got there.

Getting the MailHog container running

This step is fairly easy: Add this to your services inside docker-compose.yml and define the environment variables in your .env file:

email_test_server:
  container_name: ${COMPOSE_PROJECT_NAME}_email_test_server
  image: mailhog/mailhog:v1.0.1
  ports:
    - ${PUBLISH_PORT_EMAIL_TEST_SERVER_FRONTEND}:8025
  networks:
    - default

It actually exposes the ports 8025 (web interface over HTTP) and 1025 (SMTP server). As I only need to access the later from within the container network I didn't forward it in the ports section. Otherwise I didn't need to change much and am immediately able to access the front end and the API that are both unsecured.

Creating the glue

The next step is to get the Simple Mail Forwarder (SMF) to work and now it's getting interesting. I made this iteratively as I was unsure how the certificate generation would work. So I started it up with the following setup:

email_test_forwarder:
  container_name: ${COMPOSE_PROJECT_NAME}_email_test_forwarder
  image: zixia/simple-mail-forwarder:1.4
  depends_on:
    - email_test_server
  environment:
    SMF_DOMAIN: email_test_forwarder
    SMF_CONFIG: "@email_test_forwarder:to@email_test_server:testPw"
    SMF_RELAYHOST: email_test_server:1025
    TZ: Europe/Berlin
  networks:
    - default

This creates the SMTP user @email_test_forwarder with password testPw and forwards every message received that is directed to the @email_test_forwarder domain to to@email_test_server. During the setup process SMF complains about the domain names without a top level domain. This might be solved by using something like @email_test_forwarder.local but I didn't try it out as it worked anyway.

SFM takes care of generating self-signed certificates for you if don't provide it some yourself. The important thing here is setting SMF_DOMAIN correctly.

When you run this image in your container it works well. But when I ran the Python code to connect to the server I got the following error message:

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1091)

That's reasonable: By default Python doesn't want to connect to a server using a self-signed certificate. So I need to install it in the Python container.

For figuring out what to do next executing the following command from within the Python container was helpful:

openssl s_client -starttls smtp -connect HOST_EMAIL:SECURE_PORT

or in my case:
openssl s_client -starttls smtp -connect email_test_forwarder:25

It returns among other things the server certificate. I identified this certificate as the one generated as /etc/postfix/cert/smtp.ec.cert inside the email_test_forwarder container. To share this file easily I pulled it out from the forwarder container and saved it (and smtp.cert) in a new data/smtp_test_cert/ directory.

Now to reuse those saved certificates I based a simple Dockerfile on the original one and copied those files over:

FROM zixia/simple-mail-forwarder:1.4

COPY data/smtp_test_cert/* /etc/postfix/cert/

Additionally I changed the section in my docker-compose.yml:

email_test_forwarder:
  container_name: ${COMPOSE_PROJECT_NAME}_email_test_forwarder
  build:
    dockerfile: email_test_forwarder/Dockerfile
  depends_on:
    - email_test_server
  environment:
    SMF_DOMAIN: email_test_forwarder
    SMF_CONFIG: "@email_test_forwarder:to@email_test_server:testPw"
    SMF_RELAYHOST: email_test_server:1025
    TZ: Europe/Berlin
  networks:
    - default

Adjusting the Python container

At last I have to install those certificates in my Python docker container. This can be achieved by a small addition to the respective Dockerfile:

FROM python:3.7

[...]
COPY data/smtp_test_cert/*.cert /etc/ssl/certs/
RUN  ln -s /etc/ssl/certs/smtp.ec.cert /etc/ssl/certs/36cc48aa.0
[...]

The hash that needs to be used for the link (in this case 36cc48aa.0) can be found by executing the following command and appending ".0" to it.

openssl x509 -noout -hash -in /etc/ssl/certs/smtp.ec.cert

The only thing that is left to do is configuring the SMTP connection with the following values:

SMTP_HOST=email_test_forwarder
SMTP_PORT=25

# for user info see SMF_CONFIG in docker-compose.yml
SMTP_USER=@email_test_forwarder
SMTP_PASSWORD=testPw

SMTP_FROM=zzz@email_test_forwarder

Now I can test the application without having to worry about external mail servers.

A while ago I had to fit a string into a navigation menu column and didn't want to make it any wider than it already was. In my case a font size of 14px was too high while 13px felt like it was harming the readability. Testing with 13.5px I felt like I had found the sweet spot. But as I had never seen a fractional font size in style sheets before I wondered if this was allowed and supported. My coworker wasn't able to give me an advise and on StackOverflow the related discussions questioned how one should be able to render a fractional font size on an absolute pixel.

But subpixel rendering is a tried and tested technology for at least 20 years. We even have algorithms that leverage the positions of the individual red, green and blue pixel parts of specific displays. Something you will see in most of the examples below.

Surprisingly the official documents don't provide any specific's either. See https://www.w3.org/TR/CSS1/#length-units.

So when no information can be found. Let's actually test it out.

The test subjects

• Firefox (76.0.1)
• Chromium (83.0.4103.61)
• Microsoft Edge (44.18362.449.0 - not Chrome based)
• Microsoft Internet Explorer 11 (11.900.18362.0)
• Opera (68.0.3618.125 - uses the same renderer as Chromium)

The test

I put 3 div elements on top of each other with font sizes 13, 13.5 and 14 px respectively and made screenshots in all browsers.

<div style="font-size:13.5px;">
    ÈÇ - Text with font size 13.5px
</div>

The font I used is Open Sans loaded as a TTF resource.

Here you can see how this looks like:

Vertical comparison

2x zoom:

So putting all screenshots next to each other makes some things evident:

• Fractional font-sizes do actually work in all tested browsers.
• There are rendering differences between all browsers. At least between Chromium and Edge the div borders and the font base lines align.
• IE 11 only uses anti-aliasing (grey-scale) to have smooth lines while all other renderer use an RGB value on the neighbouring pixels to trigger individual color subpixels of your display (see ClearType or FreeType). You will notice the orange shadow left of a darker pixel and blue shadow to the right.
• div borders always align with a full pixel.

For a better comparison of the font sizes I aligned all base lines in the next image.

2x zoom:

As you can see the x-height and cap height are consistent for 13px font size between all browsers (with sub- and superscript it takes 15px).

At 13.5px the first differences occur. Caps heights (and overall height) in Edge and IE 11 are one pixel larger than those in Firefox and Chromium.

At 14px the caps heights align again between browsers. But now the overall height of the characters in Edge and IE 11 is 2 pixels lower.

Horizontal comparison

Those are the texts with font size 13.5px aligned for text length comparison.

2x zoom:

Because of the subpixel rendering it's not trivial to align the texts. But it can be seen that the variance in length between those texts lies at 1px for a 190px text which I would consider nearly identical.

Verdict

The major browsers I tested did a good job in rendering texts with fractional font sizes, even though I couldn't find any official or in-official recommendations concerning the usage of those. But as fractional em value would often lead to a fractional font-size too, I don't see how this is not a viable way to style your texts.

The CSS box model sticks to integer values even if it includes fractional font sized text. I guess this prevents some lay-outing nightmares.

This blog post continues on part one in which I went into detail about what I think is great about having statically generated webpages. In this post I want explain how working with Spress felt like.

So I fired up Spress without much confidence, ready to stop and try the next generator the moment it would start bothering me too much. I didn't stop. This may be the first good sign or it proves that I'm more persistent than I thought.

The main reason I tried Spress first was that I'm familiar with the technology stack from my professional daily bread and butter. It's implemented in PHP and runs off Symfony components and Twig as a templating engine. That made me hope I would be able to start working quickly and understand how it works and how I can extend it.

An easy way to use Spress is to download a PHAR file which is a package for the PHP application.

CLI

From here there are basically three important console commands to keep in memory:

spress.phar new:site ... You only need to run this once to create a page scaffold from an existing template.

spress.phar site:build ... This generates the pages in the build directory, copies all assets and can also be used as a server that rebuilds the page on every change with the --server --watch options.

spress.phar new:post ... This is a nice wizard-like shortcut that guides you through creating the skeleton for a blog post. This is not necessary though as you can easily create the files in the right format on your own if you have seen some.

Basics

Blog Post

The main element is a blog post. It has a specific file name (e.g. 2020-05-27-new-site-powered-by-spress-ii.md) and is comprised of a header in YAML syntax separated by a line from a body that contains Markdown text.

For every post you need to defines a layout which is the Twig template that is used to render the blog page on its own. As you can define your own meta data in the header and as you can have individual templates this is quite a powerful tool. For example my photo posts don't contain a body at all. All the information is given in structured data in the header and the DOM is specified entirely in the template.

Here is an example:

---
layout: photo-post
title: "Photo #8"
categories: [photos]
tags: []
author:
    name: "Marcel Pfeiffer"
images:
    20140101:
        date: "2014-01-01"
        name: ~
        url: "/assets/img/photos/20140101.jpg"
---

A minor inconvenience is the fact that pages are by default ordered by date but there is no standard way to include the time into the page ordering. That's why my photo posts are scrambled here.

Pages

Pages are a bit tricky. They are supposed to be Markdown files saved as HTML files in the project root. Again you can define a layout to be use. I use this for my simple Impressum page (impressum.html). But for some reason this doesn't work if you use pagination. In this case I had to save the file as words/index.html.

Categories, Tags and Generators

There are the concepts of categories and tags to group posts by. But there is no intrinsic difference between those apart from how you handle them.

Spless offers generators and pagination that you can use to browse through a list of posts or other collections that you have defined. That said, the documentation about those was not very understandable. But the given examples were enough for me to be able to use them.

Template

The documentation guides you into using an existing template or creating your own from scratch. As the default template doesn't look that great and the second option is badly documented this seems overwhelming at first. If you dig a bit deeper into the documentation you also notice that you can overwrite individual template assets in your layouts and includes folder. That is the route I took. I had a look at a template I wanted to change, copied it into the general directory and made my edits (or more specifically copied my existing template into it and changed the syntax to work with Twig).

The nice thing about Twig templates is that there is an easy import/include mechanism. That way I could write a base template for how an individual post should look like with header, date, author and content and then re-use this snippet through importing it into the post page, the list or the category-filtered list.

Troubleshooting

During development if you ever want to know what's inside a variable in a Twig template a trick is to transform it into a JSON string that can be written into the page.

{{ page|json_encode }}

Documentation and other flaws

Even though I got this page ported in more or less a single evening the documentation left a bad impression. Some things were badly phrased or text snippets scrambled in a paragraph (I already sent a pull request for a correction). On many page you are prominently asked to run a command first that creates an entirely new site even though you have most likely already done this if you seek out help for how to include pagination into your page.

Another thing that suprised me is the fact that there is no helping construct of how to link internal pages. You need to know into what filename and into which folder a page is going to be compiled to be able to link to it.

And the last small problem that I didn't think about beforehand is the fact that all pages are generated every time you change something or add a page or post. This is inevitable but leads to the problem that when you need to upload your page via FTP you always have to overwrite everything. Skipping mechanisms like only newer (it's always newer) or different size (my photo posts compile to the exact same number of bytes) don't help here.

For years this blog lay sleeping on the internet and I just couldn't get myself to work on content even though I had lots of ideas and opportunities. Part of the reason I guess was that the management of content never suited the iterative process I'm used to work in.

This site was first implemented with CMSMS and later with Anchor CMS. Though I tried to choose a solution as little complex as possible and got the basic layout and integration done with little effort, what was lacking all the time for me was the ability to have a 1-to-1 copy of the blog in my development environment. So I was hesitant to try things out and make little adjustments and wasn't able to have source control of everything I needed for this site.

During the last couple of years more and more information about static site generation crossed my attention and I was intrigued by the idea. I know there are many competitors but in quite a spontaneously act I browsed a small list of providers and choose the first one that looked promising. Because with no experience in the topic it's impossible to pick the right one.

So I gave Spress a try (http://spress.yosymfony.com/ , https://github.com/spress/spress).

Static site generation in general

Static site generation works in a way where you create your site in a development environment - this may be just plain files, an application or a whole CMS - and compile this into linked static HTML and asset files. Those files that browsers are great in displaying. There will be no database requests or backend requests for additional content. Everything that you see is baked into the file your browser downloads.

So what's so appealing about statically generated sites in general?

• They don't need cookies
  All CMS that I have tried have some kind of user management. Even if you're only browsing the site it keeps track of your guest status saved in a cookie in your browser that is exchanged with every page within a site. As those cookies are often used for things the user is not aware of, the GDPR or DSGVO made the confirmation of cookie usage mandatory. This is a good thing but leads to those annoying popups and bars where you learn to blindly press Confirm. This site doesn't need one such thing.
• No code injection
  You don't have to be concerned about bots that browse buggy unmaintained sites, inject some code through a security hole and make it part of their remote controlled bot net. Because there can't be security holes in static HTML files. That also means you don't have to care for constantly updating your CMS.
  Of course if someone steals your FTP credentials they could do this anyways but this is a completely different issue.
• Easy backup, automat-able deployment and version control-able
  As you compile the site every time you add some content you need to have everything necessary in one place.
  With the CMS I worked with before I edited some style sheets in an in-browser editor that wrote to the filesystem while many other configurations as well as the posts went into the database while a separate media manager kept track of the images or downloadable files you added to the site. Knowing where what information resided was in-transparent and highly vendor specific. This made backing up all of this an unpleasant job. With site generation you can fully automate and theoretically even test the pages that are created while being able to have the whole site under version control with full transparency about what changes you make to content and design.

The last points were some things I consider general advantages but there are also points why this workflow suits this site and my personal preferences as well.

• I want to do simple things
  There are no plans to make this page very big and technical. I guess if you have thousands of posts and want to apply tag filtering to your page the whole system will collapse.
• I'm the single author
  Even though with a shared repository and some trust in your colleagues you could have lots of contributors, at some point it makes more sense to use a CMS that brings user and group management with it.
• No comments section
  In the past when this blog had comments turned on it was only used by spam bots. Even though I'd like to have exchanges with readers I don't need the functionality in-site. You can always write an email to me if you like. That said the default theme for Spress even comes with working Disqus integration that moves the commenting stuff to a third party service.
• Markdown
  Markdown is the markup language used to write those posts. You define what should appear italicized or what should be a link. It's not as feature rich as your favourite word processor, especially working with tables is ugly, but for everything that is planed so far it is fully sufficient for my writing needs.
  In contrast, I don't quite like how formatting in in-browser WYSIWYG editors work and how you always have to double-check if the correct span of characters has the correct styling applied.
• I can use an editor of choice
  As an extension of my dislike for in-browser editors I just enjoy having all files - be it Markdown, YAML, CSS, Twig templates - in a nice IDE (currently Visual Studio Code for this site) and have the appropriate syntax highlighting and linters available.

With this post I tried to show how this style of creating a web site has its own set of benefits. For me it worked very well. I never before had that much fun creating content for this site. In a following blog post I will go into specifics about how well Spress does as a site generator.

• Sometimes while developing you want to try out a new idea and make a swift change to your code.
• Sometimes when you try to tackle a bug it's easier to add a short line that dumps a variable to the console to assure a piece of code is not the culprit before you swing the debugger hammer.
• Sometimes when you are working on your master thesis or a blog post you want to write down a short reminder or a new thought to be elaborated later.

All of those cases have in common that you're writing temporary code that you don't want anyone else to ever see. And here arises the problem of how to keep track of your changes especially if you have to edit multiple files at once. Later when you want to make the commit with hundreds of changed lines it's too easy to overlook a small debug statement.

A nice solution comes with the help of the phrase DONTCOMMIT and a fitting git pre-commit hook.

Whenever I add a line I want myself to delete or change back later I put a DONTCOMMIT somewhere. Usually as a comment.

Additionally my hook file .git/hooks/pre-commit looks this way:

#!/bin/sh

for FILE in `git diff --cached --name-only` ; do
    # Check if the file contains 'DONTCOMMIT'
    if grep -q 'DONTCOMMIT' "$FILE"
    then
        echo $FILE ' contains DONTCOMMIT!'
        exit 1
    fi
done
exit

What it does is checking every staged file I want to commit for an occurrence of DONTCOMMIT and in the positive case returns an error code which makes git cancel the commit with an appropriate error message. As you see this is a bash script. In a Windows environment you will have to re-implement the hook accordingly.

One challenge was to find a phrase that you are very sure you will never want to write down, that makes some sense, that is easily perceivable - in the end you want to find it yourself and that is easy enough to write down - if you misspell it it doesn't work. I settled with DONTCOMMIT. Which might be a little too long but I eased the pain a bit with the help of my IDE of choice: NetBeans. (You may lower your eye brows again.)

I added a macro that I can trigger by pressing Ctrl + Alt + D that puts the cursor at the end of the line and inserts the kill phrase. I could make it add the commenting characters as well which would be // in 95% of my cases but since I handle different file formats regularly this is only a small inconvenience.

caret-end-line
" DONTCOMMIT"

The downside of this great workflow is that I have to disable it for adding this post to source control.