Posts

Showing posts from 2018

Custom Login Validation

One of the many behaviors that I was asked recently to create was to allowing hide/show of the password and warn users that the locked character key is active. Since this solution could get complex and I just wanted to create a quick/simple demo and because of that I'm going to pick jquery. I could late come back and do it in another library but I already have a few ideas what I want to do. Notes: input - Is it standard practice to indicate on the form that Caps Lock is on? - User Experience Stack Exchange html5 - What's the difference between HTML 'hidden' and 'aria-hidden' attributes? - Stack Overflow Examples:  Edit fiddle - JSFiddle Better Passwords #3: Caps-lock Warnings — SitePoint Code Bins : Password masking in jQuery

AspnetCore Oauth Active Directory

I'll be honest active directory has always been a difficult area for me to develop in. Which is why I prefer a basic user authorization that's just attached to the database. What I'm trying to do is leverage Oauth and inside pass in credentials to the active directory. Thous prevent users with the built in prompt and instead handle the authorization just like you would if it was inside an aspnet core Identity table. However this is no table! This means they can pass me any username and password. Not just what they are logged as under the domain (and under their browser). Very simple just difficult to explain with all the major buzz words floating around like Single Sign On, external service providers and etc. Which where I start to have trouble explain because I like to keep things simple. What my application will do is have an authorization page and redirect users to it if that are not logged in. Once I figure out they are who they say they are with the AD then continue a

Nginx with Naked Domains

This right I'm going naked on everything! Non-www and everything lowercase. Just to simplify my urls. If you couldn't write it out naturally or if it takes too long then I avoid making it a path. Special cases like unique guid url parameters being the exception. For the sites that have a ton parameters this its understandable but for the domains this rule really should be applied. In some cases might say the path is up to the application however if the framework doesn't handle this is a fall back. https://superuser.com/questions/432674/nginx-remove-www-from-https https://www.digitalocean.com/community/tutorials/how-to-redirect-www-to-non-www-with-nginx-on-ubuntu-14-04 http://nginx.org/en/docs/http/server_names.html

Orchard 1.10.1 - Seo & Social Module

Most of the work I do for orchard is open source, this is because nothing other than content is property of my employer. Even if open source makes some employers uncomfortable a lot of my work is about success of a given project or the development process flow. In other words is everyone able to achieve what with the development or features created within a given project. That's just my take on things, I'm sure someone will disagree, putting security in a much higher priority. Which I think is a big part of my reason for being open source on the things I could improve unpon. Notes: https://stackoverflow.com/questions/11149157/orchard-getting-the-contents-title-from-the-theme-layout https://stackoverflow.com/questions/11688626/orchard-theme-placement-not-overriding-module-placement https://stackoverflow.com/questions/13000711/add-individual-page-titles-to-html-document-head-in-orchard-cms https://stackoverflow.com/questions/17737509/orchard-cms-custom-theme-every-page-d

Content Security Policy & Best Practices

Image
This article is mostly on configuration with nginx and maybe a little on IIS. Notes: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors https://csp-evaluator.withgoogle.com https://securityheaders.io/

Nginx Best Practices Extended

Based on a gisthub configuration, which I thought was worth going through piece by piece. https://gist.github.com/plentz/6737338 https://github.com/BIAndrews/nginx-compliance-config HTTP2  https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-with-http-2-support-on-ubuntu-16-04 https://developers.google.com/web/tools/lighthouse/audits/http2 https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/http2-on-iis Avoid If https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ SSL Configuration https://mozilla.github.io/server-side-tls/ssl-config-generator/ https://stackoverflow.com/questions/24594971/how-to-changehide-the-nginx-server-signature  Strict Transport Security (HSTS) https://hstspreload.org/ https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/ https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility

Bootstrap Cheatsheet

There are many things I wouldn't call myself a master of but bootstrap is one of them. I never seem to have difficultly with css but do forget a few things cause they aren't really all that important ! Haha css joke... https://stackoverflow.com/questions/11425115/css-media-queries-for-pixel-density-moz-min-device-pixel-ratio-vs-min-moz-de https://stackoverflow.com/questions/23700941/bootstrap-full-responsive-navbar-with-logo-or-brand-name-text https://stackoverflow.com/questions/8805208/css-min-width-and-max-width-and-flexible-layout Positions Learn CSS Positioning in Ten Steps: position static relative absolute float CSS z-index property CSS Positioning Free responsive html5 CSS website templates, create your own free website How to Center Anything with CSS 50+ Nice Clean CSS Tab-Based Navigation Scripts Table centering using CSS or HTML: theodorakis.net HTML5 Simplequiz 6: Zeldman’s fat footer | HTML5 Doctor CSSTidy https://css-tricks.com/multi

CSharp Cheatsheet

Owin & Katana An Overview of Project Katana | Microsoft Docs Understanding OWIN and Katana - CodeProject Data Access ASP.NET Data Access - Recommended Resources | Microsoft Docs async and parallel programming with .NET 4+ (TPL) String Modifying http://stackoverflow.com/questions/444798/case-insensitive-containsstring Entity Framework c# - Dynamic filtering and sorting with Entity Framework entity framework - Code-first vs Model/Database-first Entity Framework Code-Based Configuration (EF6 onwards) Performance Improving http://stackoverflow.com/questions/30816496/why-do-local-variables-require-initialization-but-fields-do-not c# - Will using 'var' affect performance? http://blog.slaks.net/2015-01-12/linq-count-considered-occasionally-harmful Miscellaneous: (will clean up later) https://msdn.microsoft.com/en-us/library/bb964711.aspx?f=255&MSPPError=-2147217396 concepts https://stackoverflow.com/questions/2220134/displaying-a-pdf-file-from-winf

Linux: Set Default Permissions with Directives

I would normally put this in an update for one of my cheatsheets, and will probably put a link to it for linux for this article. However I don't see a lot of people talk about this often and use these commands normally when I'm setting up a folder for a web application. I'll normally work in the /var/www folder but I attached the Gitlab CI to this but nginx needs read access. sudo setfacl -d -m g::rwx EXAMPLE sudo getfacl EXAMPLE Note:  https://linux.die.net/man/1/setfacl

Windows via Command-Line Cheatsheet

I think if you use a server it should be with minimal graphical environments, this protects you and the clients from simple mistakes in my experience. Commands are easier to repeat. Programming and process power are limited to what matters. A developer's focus can't be any clearer. So let's stop using windows like a desktop please... Initial Goals disable all processes using the UI disable remote connections if it use a terminal. look into security bridge the gap into windows vs. linux basic commands. Notes: Coming soon

Docker Cheatsheet

More coming soon... trying to get ahead but starting off creating all my cheatsheets so I don't have work at creating multiple notes for specific problems I run into. Notes: https://stackoverflow.com/questions/42365336/how-to-stop-docker http://blog.baudson.de/blog/stop-and-remove-all-docker-containers-and-images https://mtarnawa.org/2017/11/10/running-secured-private-docker-registry-nginx-proxy-letsencrypt/

Avoiding Select Options by Design

Image
This is just a foot note in my career after years of developing websites. You can take it as a rant or a word of caution. So for a lot of reasons, I really don't like the select tag. For starters its buggy, there are many things about it that don't work across browsers or behave differently. I wish it didn't, and instead could replace the css alternative, dropdowns. An example of my experience over the years, where I tried disabling a option, apple's safiri didn't like that. On another project I tried to just style one of the options again I ran into a wall with firefox. I don't know if these issues still exist but its giving me enough reasons to avoid. Notes: Not allowed cursor of a disabled field appears in a select tag https://jsfiddle.net/3sq410wk/1/ https://github.com/twbs/bootstrap/issues/16088 https://github.com/twbs/bootstrap/issues/14528

Bootstrap: Mobile Integer Input

Image
Its comes to my attention that handling integers suck and probably as much for me as it does the users. Who's got time to plug in a number? In a lot of cases I've default to an text input instead of a integer type because I hate the way browsers display it. That side toggle doesn't work on mobile and isn't very intuitive. So instead I'm using these displays, a slider and a "input spinner"(not the name I would have given it but I'm going with it). I ha rols ve use cases for both styles of these inputs. The slider works great on mobile and in cases where the integer is small works to speed up input. The second is more of a fall back and works on almost everything. Examples: https://github.com/seiyria/bootstrap-slider https://bootsnipp.com/snippets/featured/simple-input-spinner-cont

Unity Editor freezing After Initial Start

     For about three month now I've been working on a little project in unity3d. The project is simple I have a udp socket in c++ and I want to communicate with it in my game. Currently it works great going out to my server. I can see all the requests and the speed is awesome! However here comes the big issue, unity after its first run freezes. Hard nothing is responding and the editor is completely useless until I close it and open it back up. For two weeks I stopped programming because of this, it was a stopping point for me until I figured out what was happening. At first I thought it was the game and after doing some reading messed around with the settings. With my issue it had nothing to do with rending/lighting.     It just happening to come to me last week after reading an article on threading. It was the last bit of code they gave as an example about proper closing a thread. Which got me thinking about my issue, I think unity is holding on to the upd connection and cause

Not Autocomplete but Autofill

After a long process of rebuilding a login page and since the first time I rebuilt a login page which was way back in 20012 or so. I've learned that a great deal of things but one change still comes to mind. I ran into an issue with ios/ie/chrome browsers "auotfilling" user & passwords. This auto-fill doesn't happening with the autocomplete function but its a new features. One that I've seen but ignored at that point because I haven't mess around with it. After all is said and done I choice to now use any of the solutions in my notes. I have yet to find a solution that I like meaning one that isn't a workaround. With autocomplete its simple to just disable but until this features has a html equivalent I will not be fixing it. As the behavior is built in and based on the browser. Meaning the user has more control over it then I do. Notes: Disabling Safari autofill on usernames and passwords Disable auto correct in Safari text input https://caniu

Indeepth: Inheritance with the prototype chain

These notes are for none else but me, because I need them for a bigger project. No time to explain...C# and javascript are completely different worlds. let f = function ( ) { this . a = 1 ; this . b = 2 ; } let o = new f ( ) ; // {a: 1, b: 2} - you need the 'let' beause f.a will not exist. - https://developer.mozilla.org/en-US/docs/Web/JavaScript/Inheritance_and_the_prototype_chain - https://stackoverflow.com/questions/728360/how-do-i-correctly-clone-a-javascript-object https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/prototype - https://stackoverflow.com/questions/11854958/how-to-call-a-parent-method-from-child-class-in-javascript - https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Classes - https://www.ecma-international.org/ecma-262/6.0/#sec-class-definitions

Host ASP.NET Core on Linux with Nginx (Additional Notes)

I could submit this to the repo but like the half blood prince, I'm keeping all the good stuff for myself. Plus it would have to go through the proper channels and who's got time for that. Instead I'm just want to get back to working on my applications and handling multiple applications is time consuming. Framework Issues ran into issue where the frameworks were not the same on the linux box as my machine. However the errors were not helpful to figure this out. https://www.microsoft.com/net/download/linux-package-manager/ubuntu16-04/sdk-current Exporting Issues  - I just keep forgetting the command and you can ignore all the linux based ones. dotnet publish --configuration Release Is there really any difference with builds for OS versions? From what I can tell no... They probably will or should just remove it. Make the build detect the os and if its going to be cross platform just work every anyway. Aspnet 2.1 changing the port using the environment variable

Linux CLI: Tab Autocomplete broken

If your finding your command terminal acting weird like mine did, and can't seem to find out whats happening. Don't panic! Remember this wonder snippet. set show-all-if-ambiguous on set show-all-if-unmodified on Notes:  Tab does not auto-complete in terminal

PostGreSql and EFcore: Cheatsheet

Rather then writing a separate article on Postgresql and another one with Efcore, I'll place my notes here. I currently only seem myself using it with EFcore and instead using mongodb with nodejs. Redis is still on my list of things to use more extensively in the future. https://wiki.postgresql.org/wiki/First_steps https://stackoverflow.com/questions/10845998/i-forgot-the-password-i-entered-during-postgres-installation https://stackoverflow.com/questions/40614466/postgresql-9-5-allow-remote-connections-without-editing-pg-hba-conf-file https://www.thegeekstuff.com/2014/02/enable-remote-postgresql-connection/ https://stackoverflow.com/questions/18664074/getting-error-peer-authentication-failed-for-user-postgres-when-trying-to-ge http://www.postgresqltutorial.com/postgresql-insert/ https://stackoverflow.com/questions/10335561/use-database-name-command-in-postgresql https://dba.stackexchange.com/questions/1285/how-do-i-list-all-databases-and-tables-using-psql https://stacko

Postfix Cheatsheet

Updated As of 7/23/18 I'm still working on my own systems and postfix isn't easy to handle. So this article will go through multiple changes in the next year. Hopefully I will have a little more personal experience to add. -https://help.ubuntu.com/lts/serverguide/postfix.html - http://www.postfix.org/postconf.1.html -https://wiki.archlinux.org/index.php/S-nail -http://manpages.ubuntu.com/manpages/xenial/man1/s-nail.1.html -https://serverfault.com/questions/669847/how-to-disable-sslv3-in-postfix-2-11 -https://community.nodemailer.com/ https://serverfault.com/questions/632213/postfix-cannot-authenticate-against-sasl https://serverfault.com/questions/856054/postfix-authentication-not-working-from-nodemailer http://postfix.state-of-mind.de/patrick.koetter/smtpauth/postfix_configuration.html https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-on-ubuntu-16-04 -https://stackoverflow.com/questions/33792811/node-js-nodemailer-smtptransp

Working Dotnet 2.0 with Ubuntu 16.04

Image
  One of the bugs I ran into on my journey was not using the published version of my aspnet application but moving from 1.x to 2.0 of dotnet. I was already setup to use https but I don't think my nginx configs were the issue but instead the app not building a published build of the app. just use the publish command and everything worked as planned. -  https://docs.microsoft.com/en-us/aspnet/core/publishing/linuxproduction?tabs=aspnetcore2x -  https://docs.microsoft.com/en-us/dotnet/core/tools/dotnet-new?tabs=netcore2x aspnet core inside a linux system Conclusion I'm very happy with my solution, I haven't found a lot of issue except the some of the issue that were related to version differences with 1.x/2.0. I believe I've found a way to simplify the tutorial provided in the Microsoft by using docker. Running docker no whatever port you need and then from there write the configs to nginx.

Updating to ParticleSystems In Unity3D

Image
This article loosely based on a service I want created and hopefully will soon be published. I just thought it would be beneficial for some to know. Since I like to keep on top of things this is one of the many issue I run into when adapting other people's code. This is a huge jump from 2016 to the 2017 version of unity3d. Notes -  https://www.gamasutra.com/view/feature/131565/building_an_advanced_particle_.php Using the correct enable property -  https://docs.unity3d.com/ScriptReference/ParticleSystem.EmissionModule-enabled.html Max and Min Particles Seems to be gone -  http://answers.unity3d.com/questions/1136597/changing-particle-emission-rate-via-c-script.html I believe the fields move to MinMaxCurve -  http://answers.unity3d.com/questions/1395242/particlesystem-does-not-contain-a-definition-for-m.html -  https://docs.unity3d.com/ScriptReference/ParticleSystem.MinMaxCurve.html ParticleSystem.startLife Instead of this field on the particle system it is on

Research on Certbot for IIS

Image
   If you don't know the days of paying for security is over! Certbot solves the age old program for being SSL compatible for all your sites. Since I've move out of the cloud, things haven't gotten easier but for securing my websites its a snap so I couldn't recommend certbot enough. However for my personal work with employers IIS is a must and that's where things get tricky.  Since I don't have the time I wanted to bring anyone wondering about this topic up to speed. Here's the forms and ticket issues related that I'm aware of, and hopefully get finish. - https://github.com/certbot/certbot/issues/1794 - https://github.com/ebekker/ACMESharp - https://community.letsencrypt.org/t/running-certbot-on-windows-phase-1/28348/16

Theory & Practice of Data Cleaning

Image
   This is a topic that I found very interesting, however I find the industry's best practices to counterintuitive and in opposition of this very idea. In the near future I am making plans to attend multiple online classes pertaining in or around the subject, however I believe very little of it will be put into use professionally. Instead this is more for my own systems and business model. Since I'm limited by my hardware and the services I've created. Data backups need to be precise without question.     An Example of this very issue, on a project sometime ago  I built an application where the clients could upload image to update their profile. Simple enough however the system had no way of knowing if it was the same image or did any kind of file system clean up for images unattached to the profile. This part was left up to another developer, and wasn't a concern for the developer in regards to the sever's hard-drive space. The previous images in the system

Mongodb Cheatsheet

Image
This cheat sheet is based on the latest version of mongodb, which initial had setup and didn't encounter any problems. However that all changed when I was working remote and forgot I disabled the port no my network, rather than with the server. So I went pointing around where I didn't need to and ended up messing things up. The Best tutorial out there is of course on digital ocean for my setup on ubuntu 16.04 , this articles isn't so much about getting setup. I just wanted to include it because I found myself looking back at it to see if I missed a step. Bugs/Problems Now comes all the messed up things I found and had to deal with. firewall - Port seems to be open, but connection refused try using 0.0.0.0 in the bin_ip for the /etc/mongo.conf try sudo ufw disable and check to see if it works without the firewall (probably still wont but worth a shot), then just sudo ufw enable. Make sure port 27017 is open. Then check this  linux - Connection refused to MongoDB e

Popular posts from this blog

UI-Bootstrap Collapsible Sticky Footer

Installing Windows on Acer chromebook 15 cb3-532

Aspetcore: NLog with Postgresql