The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,860 other subscribers

Archive for the ‘Web Development’ Category

« Previous Entries
Next Entries »

Connecting Visual Studio 2010 to TFS over a Corporate Proxy (via: Visual studio 2010: cannot connect for any online resource – Stack Overflow)

Posted by jpluimers on 2012/07/11

One of the clients has tightened up their web proxy so much that Visual Studio 2010 does not want to connect to the HTTP 8080 port on the external TFS server (yes, I will switch to HTTPS if the workaround appears stable enough).

The problem is that Visual Studio often just tells you it cannot connect. No further error details.

Well, after you get most things working, you get this error every now and then:

[Microsoft Visual Studio]
Error
Team Foundation services are not available from server tfs.some-domain\PREFIX.
Technical information (for administrator):
HTTP code 407: Proxy Authentication Required
[OK]

There are a few problems involved:

  • Visual Studio does not allow you to enter credentials for the Proxy server.
  • Visual Studio doesn’t fully use the proxy settings from Internet Explorer either.
  • Visual Studio (unlike Internet Explorer) seems to loose the proxy session and or proxy authentication for that session over time.

All in all, it is fishy, even editing the devenv.exe.config proxy settings didn’t work (maybe I haven’t found the right combination of settings yet: that’s part of the research I need to do).

Workaround

So far, these are the current workaround steps (I will post a new entry when I found the solution or shortened the steps).

The workaround includes HTTP Fiddler, and sometimes doesn’t work without. HTTP Fiddler helps anyway as it shows the HTTP traffic (including error messages from the proxy server) between Visual Studio and TFS. Read the rest of this entry »

Posted in .NET, Development, Fiddler, Software Development, Visual Studio 2010, Visual Studio and tools, Web Development | 3 Comments »

CloudFlare: CDN and more from the makers of the HoneyPot project

Posted by jpluimers on 2012/06/15

The CloadFlare network is built by some of the people behind the HoneyPot project.

This sounds very interesting; is on my “todo” list. I’m anxious to see their business model, and how they finance their free entry level subscription. Do their subscription plans cross-financen?

  • CloudFlare CDN

    Distribute your content around the world so it’s closer to your visitors (speeding up your site).

  • CloudFlare optimizer

    Web pages with ad servers and third party widgets load snappy on both mobile and computers.

  • CloudFlare security

    Protect your website from a range of online threats from spammers to SQL injection to DDOS.

  • CloudFlare analytics

    Get insight into all of your website’s traffic including threats and search engine crawlers.

  • CloudFlare apps

    CloudFlare apps makes installing web apps on your site fast, safe and one-click simple.

–jeroen

Posted in Development, Power User, Software Development, Web Development | Leave a Comment »

Which “Posting categories” overview do you like most?

Posted by jpluimers on 2012/04/14

I’m experimenting with the Posting categories overview page as a prequel to a proper tag cloud (and a series of posts on how to get there).

Please let me know in the comments which of the below ones you like most:

  1. Left:
    HTML tree with post count per category
  2. Middle:
    HTML tree with font size indicating post count
  3. Right:
    HTML tree with post count per category and font size indicating post count

(For comparison, you need a big screen; the most popular choice will survive on the Posting categories page).

–jeroen

via: Posting categories « The Wiert Corner – irregular stream of Wiert stuff. Read the rest of this entry »

Posted in CSS, Development, HTML, Power User, SocialMedia, Software Development, Usability, User Experience (ux), Web Development, WordPress, WordPress | Leave a Comment »

Page with my WordPress posting Categories

Posted by jpluimers on 2012/04/02

I’m in the midst of writing a small app that generates trees and clouds of the WordPress categories.

The main reason is that I want to better organize the categories, so I need an overview. The multi-page WordPress Categories editor isn’t of much use as it is very hard to get an overview.

Using the [Category] WordPress tag isn’t of much help as I can’t get things like this to work (I remember seeing something like this on the forums, can’t find it any more though):
[Category]
[Category number='5' method='title' order='asc' id='11,45' orderby='comment_count']

Preliminary output is at the Posting Categories page in the top menu that I will update every once in a while.

I will post the app later, as I intend to create a category cloud in addition to the tree.

–jeroen

Posted in Development, SocialMedia, Software Development, Web Development, WordPress, WordPress | Leave a Comment »

WordPress XML sourcecode help needed; forum posts gets deleted.

Posted by jpluimers on 2012/02/23

Please one of the WordPress.com support people, contact me through my contact form.

I tried posting this question, but as you can see it is marked as ‘Topic Closed, This topic has been closed to new replies’, and looks empty on your forums’:

Please stop deleting the XML from my

</h1>
Since WordPress deletes anything but the most basic XML from

tags:

See https://wiert.me/wp-content/uploads/2012/02/wordpress-html.doc

When I put that in a WordPress post, it deletes the XML.
It does this for anything but the most basic XML.

Please fix that!

–jeroen

Thanks in advance!

–jeroen

Posted in Development, SocialMedia, Software Development, Web Development, WordPress, WordPress | 2 Comments »

Funny how StackExchange, StackOverflow, ServerFault, SuperUser and differ in indicating their site outage “We are Offline”

Posted by jpluimers on 2012/02/18

Tonight these most StackExchange sites have maintenance, including their bogs and meta sites (the chat sites like http://chat.stackoverflow.com/ are on-line). I checked these to be off-line, most of the bigger table below are offline too.

Later I will amend this post with the HTML and try to get some site previews too.

A bit later I got this kind of message from Chrome, that tried to protect one of the sites:

Error 139 (net::ERR_TEMPORARILY_THROTTLED): Requests to the server have been temporarily throttled.

Note that http://askubuntu.com/ is up and running :) Read the rest of this entry »

Posted in Development, Pingback, Stackoverflow, Web Development | Leave a Comment »

:: Strip HTML Tags :: Online Tools

Posted by jpluimers on 2012/02/02

Handy when copy-pasting stuff from the Web or Word Processor and your tools keep too much formatting:

HTML Tags Stripper is designed to strip HTML tags from the text. It will also strip embedded JavaScript code, style information (style sheets), as well as code inside php/asp tags ()

Edit:

John Kaster indicated that http://ckeditor.com/demo works nicely too, but I could not get their “paste from word” to emit nice clean un-styled HTML for me.

WordOff does work, and cleans away all the HTML tags (I with it didn’t clean structure tags and anchor tags, which you can keep with HTML Tags Stripper).

–jeroen

via :: Strip HTML Tags :: Online Tools.

Posted in Development, HTML, Power User, Software Development, Web Development | Leave a Comment »

Free: German HTML5 Cheat Sheet (via Google Translate)

Posted by jpluimers on 2012/02/01

While speaking at the German BASTA 2011 Fall conference, I noticed a German HTML 5 Cheat Sheet.

I recently found out that a PDF and XPS of that sheet is available.

Here is the English translation of the German download page (I did some editing on the Google Translate result):

Free: HTML5 Cheat Sheet

Know-how | 06/27/2011

MSDN Germany has put on line a cheat sheet with the most important new HTML5 tags and attributes. The handy two-page information informs web developers about how to use the audio, video and canvas element through JavaScript, what CSS3, and geolocation can provide you with and how websites with “Pinned Sites” can become even more useful. Simply download the free PDF (2.17 MB) or XPS file (601 KB), print it, and place it next to your keyboard!

Note that the PDF and XPS are German, but very handy even though your German is not perfect.

–jeroen

via: Google Translate.

Posted in Development, HTML, HTML5, Software Development, Web Development | Leave a Comment »

Many more web platforms vulnerable to the hash collision attack (not only ASP.NET) #28C3 @hashDoS #hashDoS @ccc

Posted by jpluimers on 2011/12/29

When writing my Patch your ASP.NET servers ASAP early this morning, I didn’t have time to research the full extend of the vulnerabilities published at 28C3 (slides, mp4), though a small bell was ringing a message that I had seen something like it before earlier this century.

I was right, this posting on perlmonks direct me to a /. posting in 2003 pointing me to the research paper on low-bandwidth attacks based on hash collisions (pdf version) that I had seen before. Perl 5.8.1 fixed it September 2003 (search for “hash” in that link).

The attack can be used for DoS because a normal distributed hash table insert of n elements will be running O(n), but a carefully crafted insert of those elements will run O(n^2).

Carefully crafting a worst case scenario depends on how well you can predict collisions in the underlying hash table implementation, which – apparently – is not too difficult, and requires little bandwidth.

Many platforms and languages are vulnerable (already archived at the WayBack machine), including those based on Java, Tomcat, .NET, Ruby, PHP and more in greater or lesser extent. I have the impression that the list only includes big names, but presume platforms based on smaller names (ASP, Delphi, Objective C) are equally vulnerable.

Just read the articles on CERT 903934, oCERT 2011-003Arstechnica, Cryptanalysis.euHeise (German), Hackillusion and the research paper published at 28C3.

a few quotes:

“This attack is mostly independent of the underlying Web application and just relies on a common fact of how Web application servers typically work,” the team wrote, noting that such attacks would force Web application servers “to use 99% of CPU for several minutes to hours for a single HTTP request.”

“Prior to going public, Klink and Wälde contacted vendors and developer groups such as PHP, Oracle, Python, Ruby, Google, and Microsoft. The researchers noted that the Ruby security team and Tomcat have already released fixes, and that “Oracle has decided there is nothing that needs to be fixed within Java itself, but will release an updated version of Glassfish in a future CPU (critical patch update).”

“The algorithmic complexity of inserting n elements into the
table then goes to O(n**2), making it possible to exhaust hours of CPU time using a single HTTP request”

“We show that PHP 5, Java, ASP.NET as well as v8 are fully vulnerable to this issue and PHP 4,
Python and Ruby are partially vulnerable, depending on version or whether the server
running the code is a 32 bit or 64 bit machine.”

Microsoft seems to have been notified pretty late in the cycle, I presume because the researchers started with a some platforms and finally realized the breath of platforms involved.

The ultimate solution is to patch/fix the platforms using for instance a randomized hash function a.k.a. universal hashing.

Microsoft will provide a patch for ASP.NET later today, Ruby already patched and other vendors will soon or have already (please comment if you know of other platforms and patches).

The links this morning indicated there were no known attacks. That is (maybe was) true for ASP.NET, but for PHP a public proof of concept of such a DoS is has been published by Krzysztof Kotowicz (blog) with sources at github and a demo html page.

Temporary workarounds (based on the some of the links in this and the prior blog post, and the workarounds mentioned here and here):

  1. If you can: replace hash tables by more applicable data structures
    (I know this falls in the for-if anti-pattern category, but lots of people still use a hammer when a different tool works much better)
  2. Limit the request size
  3. Limit the maximum number of entries in the hash table
  4. Limit form requests only for sites/servers/etc that need it.
  5. Limit the CPU time that a request can use
  6. Filter out requests with large number of form entries

Some platforms already have applied temporary workarounds (I know of Tomcat (default max 10000 parameters), and PHP (default max_input_vars = 1000) did, and looks like the ASP.NET fix will do too).

Other platforms (like JRuby 1.6.5.1, CRuby 1.8.7 (comments) and Perl 5.8.1 in September 2003 ) fixed it the proper way.

Note: workarounds are temporary measures that will also deny legitimate requests. The only solution is to apply a fix or patch.

A major lesson learned today for a few people around me: when vendors start publishing “out of band” updates, do not trust a single 3rd party assessment with state “initial investigation”, but be diligent and do some further research.

–jeroen

PS: Just found out that most Azure users won’t need to manually apply a fix: just make sure your Hosted Service OS servicing policy is set to “Auto”.

Posted in .NET, ASP.NET, C#, Cloud Development, Delphi, Development, Java, PHP, Ruby, Scripting, Software Development, Web Development, Windows Azure | 6 Comments »

MIX2011 Fiddler talk is now live – Fiddler Web Debugger – Site Home – MSDN Blogs

Posted by jpluimers on 2011/05/20

I just found out that the talk that Eric Law gave on Fiddler during MIX2011 : he blogged MIX2011 Fiddler talk is now live, you can find the video here.

During that talk he:

  • launched the new version of Fiddler2
  • that IE9 allows localhost traffic to be intercepted by Fiddler (so no more ipv4.fiddler hacks)
  • indicated that FireFox now can use the INET layer that Fiddler2 intercepts, so no more need for FiddlerHook

–jeroen

Posted in Development, Fiddler, Power User, Software Development, Web Development | 1 Comment »

« Previous Entries
Next Entries »