Wednesday, October 31, 2018

WebInspect is an example of a test harness.

A test harness tests a thing in an automated fashion, cooking up its own set of tests, in many ways from many angles and not just in a handful of happy pass scenarios.

Tuesday, October 30, 2018

Angular 7 is here as of this week (yesterday).

It looks like there will be drag-and-drop functionality for the CDK! Another CDK thing of 7 is virtual scrolling in which parts of the DOM are unloaded or loaded (based upon what is visible in a scrollable list) creating a performance gain.

Universal Date and Time Format

Per the World Wide Web Consortium it is:

YYYY-MM-DDThh:mm:ss.sTZD

 
 

...and their example here is:

1997-07-16T19:20:30.45+01:00

 
 

That is not the same as this format which will play nicely with both T-SQL and PL/SQL and that's kinda frustrating.

Edit Bindings...

If you right-click on a web site under Sites in IIS at Windows Server 2012 R2 you will see an option for either "Edit Bindings..." or "Bindings..." depending upon where you click and this will give you a list of host headers for that web site to add to or edit.

Refresh

In Windows Server 2012 R2 if you right-click on the Windows symbol start bar thing at the lower left corner and you pick "Programs and Features" the Programs and Features list may be refreshed by clicking the circular arrow at the right end of what kinda looks like a URL bar in a browser. In the Services pane, instead and in contrast, go to: Action > Refresh

Monday, October 29, 2018

Press Ctrl+Alt+a in SQL Server 2016 Management Studio to open the Activity Monitor.

There is also an icon for it in the Standard toolbar that kinda looks like a graph with some thing sitting at its lower right corner. View > Toolbars > Standard ...should unlock this menu/toolbar if you do not see it. There is an "accordion" for Processes inside, and here you may right-click on Processes to kill them. You may kick other users out of the database in advance of making sweeping changes in this manner.

Sunday, October 28, 2018

other things you may return for an IActionResult in .NET Core's MVC

Beyond returning a JsonResult when things go right, you may return stuff like this when things go South:

  • return NotFound(new { Error = ourSpecificError });
  • return new StatusCodeResult(500);
  • return new OkResult();

 
 

These are revealed on pages 202 to 205 of "ASP.NET Core 2 and Angular 5" by Valerio De Sanctis. I don't yet know how you ideally consume the errors with Angular 5. I guess I will find that out as I keep reading.

Saturday, October 27, 2018

401 Unauthorized versus 403 Forbidden

401 Unauthorized is misleading as it really has to do with authentication not authorization. You are to see this when you just can't log in with that username and password. 403 Forbidden rears its head when you can log in and browse the app but you can't go into the backroom and hang out in the VIP Lounge because you have only so much free range once you're inside the front door. A less vague example of the VIP Lounge might be that page where one can delete employees. Anyhow 403 really is of authorization and what you can and can't do even as either way you are deemed legit as a user in the big picture.

up past your bedtime?

I tried the "Uptown Diner" at 2548 Hennepin Avenue in both Minneapolis, Minnesota, USA and the 55405 zip code around two in the morning today. I specifically went here because I have been trying to find an open-all-hours place where one may grab food when one is up past one's bedtime.

It's legit. The food wasn't fantastic, but it was passible. It was greasy spoon fare like IHOP or Denny's. The problem with IHOP and Denny's outside of Texas is that they are technically open at night while not taken seriously. You go into an IHOP or a Denny's in the middle of the night outside of Texas and there will be like one waitress and one cook inside leading to a forty minute wait amongst a bunch of dirty tables. Anyhow, Uptown Diner is not a chain falling into neglect in a certain region. It has only one locale and thus that locale is not arbitrarily open 24 hours to satisfy corporate policy, but instead it runs as it does for a reason and the keepers had better get it right. I give it an A- grade. I was impressed by all of the freaks I saw inside. I haven't really seen that since I have been in the Twin Cities, but there they were.

One of the frustrating things about living in Eden Prairie is the lack of stuff that is open in the middle of the night. There is the drive through at a McDonald's though the dining room is closed after 11 P.M. and there is a Walmart. Lame! I guess I have to venture out to eat in the middle of the night.

Friday, October 26, 2018

Veracode

...it will crawl your code like HP Fortify Audit Workbench and make suggestions in the same manner for what could be more secure.

Juniper/Jupyter

Juniper Networks makes routers and switches. Jupyter Notebook is a web application for sharing documents and code. I have a coworker who is using it to work with machine learning stuff like scikit-learn, an applicable Python library.

turn off that ding! ding! calendar reminder sound in Microsoft Outlook 2010 or set it to something "better"

  1. Click the "File" tab.
  2. Pick "Options" at the upper left to open the "Outlook Options" dialog box.
  3. Click "Advanced" at the center of the left menu in the dialog box.
  4. Here you may uncheck the checkbox for "Play reminder sound" or alternatively click the "Browse..." button next to it to pick your own .wav file.

Thursday, October 25, 2018

Make a .bat file for running SSMS with Windows Authentication as a different user other than the one you are immediately logged in as.

Put something like this in the .bat file:

RUNAS /user:dmzmgmt\tjaeschk /netonly "C:\Program Files (x86)\Microsoft SQL
      Server\130\Tools\Binn\ManagementStudio\Ssms.exe"

 
 

When you double-click the .bat file you will be prompted at a console to end your password.

Wednesday, October 24, 2018

To nest a file inside of a Microsoft Word document as a supporting file that readers may double-click to open...

...just drag the file into the open .docx file in Windows 10. I'm seeing this a lot at my work. There will be a Word document with a list of like ten steps for how to do something and the step wherein you have to run some SQL will have a supporting .sql file embedded in the document, and so on.

Tuesday, October 23, 2018

Skip the installer for a Windows Service?

This talks about how to get one working which I do not finish out here, but honestly it looks kinda ghetto. It doesn't really seem to get us much. We could just run the .exe from out of the bin/Debug folder truth be told. One challenge with that is that you will need to copy more than just the bin/Debug folder to the server where you want the Windows Service to run. In my case, I just copied the whole of my code base into a folder there. The stuff the .exe needs to behave itself reaches beyond what is compiled into the bin/Debug folder.

Connectix had the "RAM Doubler"

It compressed some of what was in RAM memory in the name of making more room for memories. I'm really TRYING to write of modern tech not old gunk.

Is Wikipedia every bit as illegitimate as Paper.li?

I saw a damning YouTube movie on Wikipedia's decay this weekend. Apparently, the crowdsourced encyclopedia concept has become long-lived enough to become bogged down with rules creating a hierarchy in which some users have more clout to make edits that stick than the noobs. The "heroes" of Wikipedia unfortunately have bias, especially political bias. The high water mark for number of participants happened over a decade ago and now the site is trending away from being written by the public towards being written by its heroes. My source disses the anonymous sources at Wikipedia and points a finger at how the real encyclopedias in the 80s had sources, so I'll give her as a source.

source: Helen of desTroy

Oracle ADF

It is for building enterprise applications with Java. The ADF stands for Application Development Framework.

Minnehaha Falls in Minnehaha Park

Yesterday I went to Minnehaha and while I characteristically took some pictures it's really not the best time of year for photos there.

It was my second visit and the pictures here are from July 23rd of 2018, my first visit. I offer them as an alternative.

This waterfall is in the middle of the city, that city being Minneapolis. It is one of the cool things to see here.

Killer!

Monday, October 22, 2018

Error 1053: The service did not respond to the start or control request in a timely fashion.

I got this error by using the code to debug a Windows Service as if it were a console app as suggested here. Maybe I could get away with that back in Visual Studio 2013 and now I cannot in Visual Studio 2017. Also, while I am on this subject, if you try to install a service out of a bin/Debug folder as I suggest here, and you have success, you will not be able to rebuild your solution in Visual Studio 2017 as you will be unable to overwrite what is in the bin/Debug folder.

Friday, October 19, 2018

How may I install a Windows Service without the Developer Command Prompt for Visual Studio?

You may run the installutil.exe command as mentioned at step 7 here by first navigating to C:\Windows\Microsoft.NET\Framework\v4.0.30319 at a command prompt. You probably want to run as Administrator.

Thursday, October 18, 2018

I looked into a plugin for Git for Visual Studio and honestly there should already be tooling built in at the "Team Explorer" option under the "View" menu.

If you don't see it you may need to install whatever bits of Visual Studio 2017 you did not initially install. I do not really understand the tooling yet myself.

If you right-click on a .zip file in Windows 10 and pick: Extract All...

Well... if you extract to the same folder holding the .zip file it will make a new folder there for the contents of the .zip file with the same name as the .zip file.

 
 

Addendum 10/19/2018: This is stupid. GitHub makes zip files with a folder inside that has the same name when you download code from a repo. Therefore, I assumed the wrong things above.

HP Fortify Scan Wizard versus Audit Workbench

A coworker and I were seeing differing results today. I don't know why. Maybe it is the rules set for the Scan Wizard that the workbench doesn't have. Anyhow, these tools can tell you two different things and it is infuriating.

Apache Pig, the Hadoop platform, and its language: Pig Latin

Complex transformations in MapReduce or a similar tool like Apache Tez may be authored in Pig Latin.

Teradata

As a company, these guys provide products and services that allow for data analytics.

Mapster is another AutoMapperesque tool.

"ASP.NET Core 2 and Angular 5" by Valerio De Sanctis will have you use this to map your POCOs to your DTOs. It recommends using version 3.1.1 like so:

install-package Mapster -Version 3.1.1

Wednesday, October 17, 2018

bouncing services

If you bounce a service you just restart the service. How is that for some slang?

PHI versus PII

Phi is the 21st letter of the Greek alphabet and I think that is the context in Phi Accrual here. However, PHI, could stand for the HIPAA term protected health information. This concept overlaps some with PII and has to do with medical records. Laws protect this data from just being spread about that do not exist in other industries. There are not laws around keeping social security numbers and only two states have laws for keeping credit card records which are largely replaced in terms of "regulation" with the whole PCI (payment card industry) standards and incentives. There is nothing stopping you from building an application that has plain text passwords kept at the database either, not in American law anyways. The PHI stuff does have some legalese to it.

JKS is the Java KeyStore.

You may store an SSL (Secure Socket Layer) certificate in the KeyStore and a Java app running in Windowsland may use the certificate from there in lieu of the usual list you get when you type "mmc" at the magnifying glass in Windows 10. Also, this is the way Linux does all of its certificates.

Google Guava

This is a set of Java libraries that help with Java apps. There are charts and graphs and whatnot. It is an open source project. Guava rhymes with Java.

The "Word Wrap" toggle under the "Format" menu in Notepad determines if lines wrap in Notepad.

There is not a way to save a file from C# to set this setting.

Tuesday, October 16, 2018

Turn a list of strings into a bytes array in C# with String.Join in the mix!

I found the following at StackOverflow here.

string fullString = String.Join(String.Empty, list.ToArray());
byte[] byteArray = Encoding.UTF8.GetBytes(fullString);

My WinForms app cannot run on someone else's laptop from the .exe!!!

Cannot start Application
Application validation did not succeed. Unable to continue.

 
 

How do I beat this error? This suggests right-clicking on the WinForms UI project, picking "Properties" from the menu that appears, and then at the Application tab of the project Properties changing the Manifest to "Create application without a manifest" might help. I have not tested it yet myself. I'm going to try it in tandem with this.

 
 

Addendum 10/19/2018: Surreally, this issue turned out to be the folder I was keeping the published files in. When I copied and pasted the files out to the desktop of the Windows Server 2012 R2 environment I was attempting to run the app at the goofy problem went away. I thought at first this might be a permissions issue caused by dragging and dropping a folder with different permission from a file share, but even when I copied and pasted the folder the problem continued. Wacky!

carets in an EDI are for breaking out data within asterisk-separated data within tilde-separated data

In an ST*834 EDI file callouts of data between ST* and SE* include:

  1. NM1* for names. This suggests the next few bits of information correspond to what you might think of as a name "object" in Java or C#.
  2. INS* is for a similar insurance "object" which is going to have different properties that are related to the same concept.
  3. DTP* is for dates and there will be a number following DTP* which is a lookup code for what the date means, its context.

Monday, October 15, 2018

Call out to a database seeder from Startup.cs!

Page 190 of "ASP.NET Core 2 and Angular 5" by Valerio De Sanctis will have you putting something like this in the Configure method:

using (var serviceScope = app.ApplicationServices
      .GetRequiredService<IServiceScopeFactory>().CreateScope())
{
   var dbContext = serviceScope.ServiceProvider.GetService<MyDbContext>();
   dbContext.Database.Migrate();
   MySeeder.Seed(dbContext);
}

 
 

The point of the seeder class is to seed a database which probably doesn't exist yet with dummy objects in EF Core implementations. You want to do this after the first migration. The seeder class will add objects to a DbContext implementation (a custom class that implements DbContext) and then save changes.

A ghetto way to unit test async void methods in C#!

Well, maybe something is "coming back" in the form of an Action which gets handed in the method signature. Maybe this Action updates the UI. I've written lots of things like that and I am doing more of it lately, so how can I test it? I can make the Action set a variable that exists in my unit test, but when I go to make an Assert against that variable it's not going to be set as I expect because everything I want to test is happening on a different thread at a different time. What can I do? Upstream of the assert I could have something like so:

Thread.Sleep(1000);

 
 

This should let us hang out until the other thread is finished, but this is also pretty ghetto. It might be better to call out to something like so to do the same thing less thuggishly.

using System;
namespace MyStuff.Code.Tests.Utilities
{
   public static class Wait
   {
      public static void OneSecond()
      {
         DateTime aSecondAgo = DateTime.Now;
         while (aSecondAgo.AddMilliseconds(1000) > DateTime.Now) { }
      }
   }
}

How do I react to a WinForms radio button being clicked in C#?

Wire up an event to your radio button like so:

myButton.CheckedChanged += RadioButtonCheckedChanged;

 
 

This will naturally require a method with a signature like so:

private void RadioButtonCheckedChanged(object sender, EventArgs e)
{

After Peter Deutsch...

His list of 8 fallacies of distributed computing got expanded into 11. James Gosling added two and then later on Ted Neward added "Business logic can and should be centralized." James Gosling's contributions seem to be "The physical units of computation are logical units." which is to say that it may not be better to have ten servers than just a handful and "Network infrastructure is redundancy compliant." which is to say it may not be so easy to recreate your network if you had to. On this other list I dug up once upon a time, James's nine and ten are represented as "the system is atomic/monolithic" and "the system is finished" respectively.

Anchor and Hexo

Anchor is a mobile application that allows you to podcast and Hexo is a node.js framework that allows for a lot of CoffeeScript and Jade/Pug plugins. Anchor and Hexo are nothing alike, no one should confuse them, and, moreover, only a fool would associate the two or even mention them in a sentence together.

Sunday, October 14, 2018

What is EntityEntry?

Did you know that when you add something to a DbContext the Add method is not a void method? Behold:

EntityEntry<Cat> fuzzy = dbContext.Cats.Add(new Cat()
{
   Name = "Fuzzy",
   NumberOfLives = 9
});

 
 

Page 186 of "ASP.NET Core 2 and Angular 5" by Valerio De Sanctis pointed this out to me. The example code then does nothing with the EntityEntry so I don't really know why I could care yet. Maybe I could do...

int id = fuzzy.Entity.Id;

 
 

...downstream of the add to fish back out the unique id that just got created for the record at the database.

Today is the first day of snow in the Twin Cities!

It's here. I hope my Texas* ass is ready for this. My feet were getting damp when I was walking around in it earlier. I guess I need to buy some better shoes.

I have prepared some. I bought the seasonal affective disorder lamp here and just yesterday I bought a boring book to read (The Art of SEO: Mastering Search Engine Optimization by Eric Enge, Stephan Spencer, and Jessie C. Stricchiola) ceremonially by it.

*I was born in Florida and spent my first twelve years there, but I consider by myself pseudoTexas as I lived there for thirty-one years after Florida.

Thursday, October 11, 2018

Add a certificate to your laptop with C#!

public void SaveCert(byte[] bytes, string name)
{
   X509Certificate2 x509Certificate2 = new X509Certificate2(bytes);
   x509Certificate2.FriendlyName = name;
   X509Store x509Store = new X509Store(StoreName.TrustedPublisher,
         StoreLocation.LocalMachine);
   x509Store.Open(OpenFlags.ReadWrite);
   x509Store.Add(x509Certificate2);
   x509Store.Close();
}

Wednesday, October 10, 2018

an intelligent agent

...in artificial intelligence...

  • is a process
  • is independent, runs by itself
  • can react to a situation
  • has actions it can turn to to handle a situation

ELMAH stands for Error Logging Modules and Handlers

It is a way to log errors in the .NET space. I guess you could pick this instead of log4net.

Python's json.update() makes me happy

yin = {'Content-Type': 'application/json'}
yang = {'X-Venafi-Api-Key': 'e1636470-bace-4c3a-bd2b-fa4132ca2d4b'}
yin.update(yang)

 
 

yin is going to end up with this in it:

{
   'Content-Type': 'application/json',
   'X-Venafi-Api-Key': 'e1636470-bace-4c3a-bd2b-fa4132ca2d4b'
}

How do I merely make a GET call with a WebClient in older C#?

using (WebClient webClient = new WebClient())
{
   webClient.Headers.Add("X-Venafi-Api-Key", myToken);
   byte[] response = webClient.DownloadData(myUrl + "authorize/checkvalid");
   JObject json = (JObject)JsonConvert.DeserializeObject(Encoding.UTF8
         .GetString(response));

Guid ids versus numeric ids in EF Core Code First implementations.

Per page 185 of "ASP.NET Core 2 and Angular 5" by Valerio De Sanctis a string type id with the Key and Required attributes slapped on it as seen here will end up making a Guid type id at the database as best as I can tell. You assign Guids to these in C# and do a .ToString() on them to make it work. If you use an int type id I think it will make an auto-incrementing numeric key which you will not assign on the C# side of things. It should populate itself.

Tuesday, October 9, 2018

Cannot start service W3SVC on computer

iisreset in PowerShell fixes this.

 
 

Addendum 10/10/2018: This maybe fixes things. Run PowerShell as Administrator or you won't get far.

Google+ is to be done away with by August of next year.

No one uses it and now there turns out to be a security hole in it. Lame! I have been using it heavily in that everything I tweet also becomes a Google+ post. It may be worthless for social media but it has an SEO quality to it.

Monday, October 8, 2018

Get the Distinguished Name for an X509Certificate2 type certificate in C#.

If the X509Certificate2 object were named certificate...

string name = certificate.GetNameInfo(X509NameType.DnsName, false);

 
 

You need this name to renew a certificate via Venafi's API! Honestly, you may need a full-qualified distinguished name and I am still working on that. The Distinguished Name can be referred to as DNs (distinguished names) and here DNs is not to be confused with DNS which stands for Domain Name Services.

 
 

Addendum 10/10/2018: The fully qualified distinguished name is what is needed at Venafi and in the case of Venafi the code above is no good. Perhaps the code above is legitimate in other circumstances. I'm not sure. A fully qualified distinguished name at Venafi is going to look like a folder path with a series of things separated by double backslashes. \\VED\\Policy\\ is always how it starts and then there is probably another three chunks (the first of which denotes an account and middlemost being "Certificates") followed finally by the friendly name for the certificate at the end. There is no trailing slash even though there is a leading slash. It is alright to have spaces in the names.

Sunday, October 7, 2018

I saw Brett Hazen speak on Elasticsearch at TCDNUG Thursday night.

As best as I could tell in listening to Brett talk in Elasticsearch you have indexes that hold data. In version 6.4, the most recent, you can jam two different bits of data into an index but that is going away in version 7 to make the indexes and the goodies they store a bit more dictionaryesque. Elasticsearch doesn't want you to jam a table full of stuff into an index. Elasticsearch makes up the E in the ELK stack wherein the L is for Logstash which puts data into Elasticsearch and the K for Kibana which is sort of a UI for Elasticsearch which includes some charting for SSRS-flavored stuff. Brett is working for General Mills doing big data work to help others determine what parts of their big data they should care about. Using Impala to crawl a data lake (a repository of NoSQL stored data) with Elasticsearch Brett found it desirable to have an autocomplete for a search field. There are analyzers to help with this that have zero or more character filters and there are four kinds of suggesters. The completion suggester just works on prefix using mathematical formulas wearing the "finite state transducer" moniker. What is the "finite state transducer" exactly? Brett suggested that he looked into it and that it's just too much to understand. At some point things become magic and if Brett can't explain it I'm honestly not going to go looking into it either. I am betting that I won't get it either. The context suggester is an extension of the completion suggester. It allows for further filtering either by category or by geolocation. The term suggester allows for a numeric value for how many characters can be off in a single word while still matching on an index. There is basically a one character mix up between viola and voilà so if you type in voilà I think that you'd find viola assuming an "edit distance" of 1 (or greater) and then you'd be saying "Voilà, there's the viola." aloud in a happy tune. Don't strum up an edit distance of 10 or 20 or you'll match on everything. Be careful how you play. The phrase suggester allows you to specify n number of grams for matching against a specific word and in this regard it really isn't much different than how the term suggester behaves, however you may instead specify n number of shingles for matching against a phrase and therein lies its distinction. Amazon has Elasticsearch as a service. Azure doesn't but it used to have "Azure Search" which just wrapped Elasticsearch. It may still have this. Elasticsearch was portrayed as superior to Lucene which is less easy to work with. The Twin Cities .NET User Group meets at ILM Professional Services (wherein ILM stands for imagination, learning, mentoring) and after Brett Hazen spoke a William Austin demoed a product called OzCode which is a new sponsor of TCDNUG. OzCode helps you debug in Visual Studio. If you are stopped at breakpoint and there is a collection of thousands of things to increment through, it will break it up into chunks for you. You may search across all chunks with a textbox and pick properties of the object to reveal with the Reveal feature and revealed properties will appear as you browse the collections before you drill into a specific object to look at the properties. Basically, you have a name for an object from the outside looking in. I guess this is a variant of this trick. What is more, OzCode will, when highlighting a breakpoint in the familiar yellow, highlight things that resolve to true in green and things that resolve to false in red as seen here:

Saturday, October 6, 2018

dotnet update

...as a PowerShell command may untangle messed up NuGet package conflicts. Page 181 of "ASP.NET Core 2 and Angular 5" by Valerio De Sanctis suggests you try this if you are trying this and you bump into NuGet errors.

There was a mentor/mentee night at AngularMN Wednesday night.

Without a formal public speaking by a speaker, we the crowd just broke into little groups as seen in the photo here. As before this was at the virtuwell office in St. Paul and Black Sheep Coal Fired Pizza did the pizza. What are some of the new things that I learned in being mentored? Vue is kinda like an advanced AngularJS at its most elaborate and in its simplest form it is something you can just jam into script html tags as a code block like jQuery. It may be progressively adopted in that you may start out with simple ghetto implementations and stair step into something like AngularJS that is a little bit better than AngularJS. IBM no longer requires that applicants have a four year degree! NLP is natural language processing. This is the algorithmic art of making sense of human language for chatbots and such. Recursion is the looping over something (incrementing through a list/array/collection) in big O puzzles. Frontend Masters, local to Minnesota, has a bunch of hands on frontend trainings and are beginning to break with their namesake and have some backend stuff too in the shape of Node.js trainings. The praises of these guys were sung! They have more of a niche focus than say Pluralsight which is a swath of everything. At Pluralsight there may be five different Angular courses by five different instructors varying in degrees of quality, but at Frontend Masters there is just one dedicated individual for a technology, be it Angular or something else. Also the Frontend Masters trainings make you do little projects while you stop the videos and work on your own some. In a live training the students will just be given a window of time to complete an assigned task. In the GitHub web interface, you may click on your avatar at the upper right, then pick "Your profile" next, and finally pick "Customize your pinned repositories" at the page that appears at its upper right. This will allow you to select repositories from your own repositories to pin and your pinned repositories are to show off your best work. React with TypeScript is becoming a thing. The JSX templates of React now have a TSX sister. The X stands for XML in both cases (as is the case in .docx, .xlsx, and .pptx files but opposed to the x in .aspx which has been retrofitted to mean extended after originally meaning nothing). Both of these can get kinda dirty. Code mishmashes with markup in a manner akin to Classic ASP or PHP, all in one file, though apparently it's not as awful as either of those two old technologies. It was suggested that React is of the V part of MVC. In both React and Angular you want to take data in and have events go out and if you fight that way of doing things in either framework you will have a performance hit.

Friday, October 5, 2018

There is no try/catch error handling in Classic ASP.

This kinda touches on that some. This stuff is just bad, bad, bad.

X-Venafi-Api-Key

This is the name of the HTTP header to use to pass the authentication token (a guid) on to every API call for Venafi's API that is not the upfront call to get a token with a username and password. This keeps a pseudosession of a limited window of time and keeps us from having to hand in our username and password every time. This is mentioned at the bottom of page 53 of the Venafi Trust Protection Platform 18.1 Developer's Guide.

Thursday, October 4, 2018

An implementation of SerializationBinder in C# can allow for some safeguards.

It somehow tries to guarantee type safety of that which it helps to deserializer I think. This has an example. I don't understand it yet.

Enterprise Data Storage Systems (EDSS)

Back up your data. Protect your data. Do it big and in a big boy way. That is this acronym.

I think one of the differences between an HP WebInspect scan and an HP Fortify Audit Workbench scan is that the former is done against a web site and the later crawls code fed to it.

The WebInspect way is one of penetration testing. You try to break in from the outside and see if you can get the app to redirect stupid places, expose stupid error messages, etc.

more notes from Java training

This follows up on this:

  • If you right-click on the topmost folder in Red Hat JBoss Developer Studio and pick "Export..." you may put your code into a .jar file which is double-clickable to be run like an .exe. The Java Decompiler is a tool for seeing what Java is in a .jar file.
  • Static methods in cannot reference instance variables.
  • The final keyword is like the const keyword in C#.
  • The transient keyword means "ignore this when serializing" more or less. This was actually skipped in the training I saw and I had to Google it.
  • Instead of the colon for inheritance/implementations in C#, we have the extends keyword for inheriting from a class and the implements keyword for implementing an interface.
  • Abstract classes may implement interfaces while not hydrating all of their methods without a compiler error.
  • The synchronized keyword is for the multithread stuff in Java. The code here is creating a lock around foo and making the stuff in the synchronized code block happen on a separate thread where, beyond the immediate method that would hold this code, the baz instance variable on the class is set to: "qux"
    string foo = "Bar";
    synchronized(foo){
       this.baz = "qux";
    }
  • If yin is of type Yang here, we will get the affirmation. Note that the type check will not work with a null value even if Yang was used in the variable declaration.
    if (yin instanceof Yang)
       System.out.println("affirmation");
    }
  • There are different kinds of exceptions in Java just like in C#.
    throw NullPointerException("yikes!");
  • The += stuff in C# is in Java too and there is also *=, -=, /=, and %= though I cannot imagine ever using these. All of the other operators so far look the same as those of C#.
  • The substring in Java is like the Substring in C# and the indexOf in Java is like the indexOf in JavaScript, finding a numeric value for where in a string a match starts.
  • There is the concept of private constructors in Java and these make a class impossible to instantiate. Basically you use the static keyword at a method and to make the class wrapping it static too you have a private constructor.
  • If you print an object you'll get a hash code. Two objects made from the same class with have two different hash codes.
  • do {
       counter = counter + 1;
       System.out.println("working");
    } while (counter < 13);

    Do you see the difference between having a judgment at the end of a loop as above or at the beginning like so:
    while (counter < 13) {
       counter = counter + 1;
       System.out.println("working");
    }

 
 

Addendum 10/2/2019: My mother would have referred to the thing at the top of the last bullet as a "do loop" in her IBM days.

Make a first migration in an EF Core application.

After you set up the connection string you need to do this. Pages 178 and 179 of "ASP.NET Core 2 and Angular 5" by Valerio De Sanctis touch on this. First open (in Notepad) the .csproj file for the appropriate project that has Microsoft.EntityFrameworkCore line items (Microsoft.EntityFrameworkCore, Microsoft.EntityFrameworkCore.SqlServer, Microsoft.EntityFrameworkCore.SqlServer.Design, Microsoft.EntityFrameworkCore.Tools, Microsoft.EntityFrameworkCore.Tools.DotNet) in the ItemGroup XML block and change PackageReference to DotNetCliToolReference for each one. This may need to bleed up to the UI project in Onion Architecture which really sucks. Maybe there is a way out of that. I don't know yet. Anyhow, then run the PowerShell shell as Administrator and navigate to the folder holding Startup.cs and run then commands:

  1. dotnet restore
  2. dotnet ef
  3. dotnet ef migrations add "Initial" -o "OneFolderDeep\AnotherFolder"

 
 

Addendum 10/6/2018: There may be more than one ItemGroup block in the .csproj file.

Grab URL line variables in Classic ASP, replace characters in them, and then make a new URL with them.

dim yin
dim yang
yin = Request.QueryString("yin")
yang = Request.QueryString("yang")
yin = Replace(yin,"&amp;", "&")
yang = Replace(yang,"&amp;", "&")
dim whereToGo
whereToGo = "someplaceelse.asp?yin=" & yin & "&yang=" & yang

 
 

There is a capital letter at the beginning of True or False boolean values while we are talking about Classic ASP.

Wednesday, October 3, 2018

How do I use a connection string with Entity Framework in a .NET Core application?

Your connection string, per page 178 of "ASP.NET Core 2 and Angular 5" by Valerio De Sanctis, should get referenced in a doctored-up ConfigureServices method in Startup.cs like so:

public void ConfigureServices(IServiceCollection services)
{
   services.AddMvc();
   services.AddEntityFrameworkSqlServer();
   services.AddDbContext<OurDbContext>(x =>
         x.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
}

 
 

This means having a using declaration like so:

using Microsoft.EntityFrameworkCore;

 
 

You will also need a using declaration to loop in your DbContext implementation.

How to set the X-Frame-Options for a .NET application.

For older apps that have the Web.config you can do this per this:

      <httpProtocol>
         <customHeaders>
            <add name="X-Frame-Options" value="DENY" />
         </customHeaders>
      </httpProtocol>
   </system.webServer>
</configuration>

 
 

For the modern .NET Core stuff you can do this per this:

public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
   app.Use(async (context, next) =>
   {
      context.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN");
      await next();
   });
   
   app.UseMvc();
}

 
 

The link immediately above also suggests you may set a rule at an .htaccess file to estable the X-Frame-Options rules like so:

Header append X-FRAME-OPTIONS "SAMEORIGIN"

I watched the beginning of a chunk of training on Java today.

In the folder for a version of the JDK there will be a javac.exe file and this file is the compiler. You may use it to convert your code to an executable. If you want to run your code however, you use a version of the JRE. When you open Red Hat JBoss Developer Studio and create a new project you will be prompted to pick a version of the JRE to use. When you right-click on class in Red Hat JBoss Developer Studio and pick "Java Application" from under the "Run As" menu it will attempt to run the method with this signature:

public static void main(string[] args) {

 
 

Looks a lot like C#, huh? The packages should be named in all lowercase letters by convention and the classes in Pascal case just like in C#. At the top of a class inside of a package, the package will be called out like it's the immediate namespace like so:

package foo;

 
 

...assuming a package named foo. If we have a variable named bar, we could print its contents like so:

System.out.println(bar);

 
 

...and something tricky with this is that we have to instantiate bar first if bar is a local variable (or else the compiler will squawk), but we do not have to instantiate bar first if bar is an instance variable. The training I saw drew distinctions between instance, local, and static variables. Static variables are the same thing they are in C#. The concepts of instance and local variables could apply to C# too, I just haven't personally heard these terms thrown about in that space. Variables that are just inside of an instance class (without being inside of one of its methods) which have property accessors at the beginning of their definitions, i.e. class-wide variables in an instance class, are instance variables. Variable nested inside of a method with no property accessors are local variables, local to that method.

Tuesday, October 2, 2018

You have probably noticed that "Select Top 1000 Rows" behaves quite a bit differently than "Edit Top 200 Rows" in SSMS 2016.

You can see both of these as options when you right-click on a table in the Object Explorer, but only the edit option allows for editing the rows. Note, once you have an edit window open there will be a square button that says "SQL" on it (the "Show SQL Pane" button)at the upper left that you may click to expose the select query for editable rows. Ctrl-3 toggles this pane open and closed too. You may edit the SQL and then press an "Execute SQL" button that is three icons to the right of the "Show SQL Pane" button to make the rows update. Ctrl-R does the trick too. The "Execute SQL" button's icon is a rightward pointing blue arrow (well, triangle... like a "Play" icon) by two overlapping database tables.

Change the permissions on an assembly in T-SQL.

This has this example:

ALTER ASSEMBLY ComplexNumber WITH PERMISSION_SET =
      EXTERNAL_ACCESS;

 
 

In the Object Explorer in SSMS (Microsoft SQL Server Management Studio) 2016 under a database you will find "Programmability" and under "Programmability" you will find "Assemblies" which will represent encrypted sprocs (stored procedures) and functions from a 3rd party. If a Wonderbox assembly is misbehaving, it may be wise to set it's permissions to something else and then set it back again. This seems to kick a sleeping dog awake.

Add the connection string to a modern .NET Core application at the appsettings.json file.

"ASP.NET Core 2 and Angular 5" by Valerio De Sanctis suggests leading everything else like so:

{
   "ConnectionStrings": {
      "DefaultConnection": "server=.\\JAESCHKE;database=Packt;Integrated
            Security=true;"
   },
   "Logging": {

New session in IE 11

Under the "File" menu in Internet Explorer 11 in addition to "New tab" and "New window" lies "New session" and this third option will open a new window with, yes, a new session. If you are testing through an IIS proxy server and the proxy server can route to one of three IIS webservers, you might disable two webservers (make the AppPool for each unavailable) to ensure that you hit webserver A when hitting the proxy server and then make a second pass through to webserver B with A and C disabled. When you make the switchover, it might be wise to use the "New session" trick to get rid of any A-record-to-IP-address association lingering.

Insecure Transport

When you see this term in HP Fortify's reporting, it probably just means that the web site scanned does not have an SSL certificate. Traffic is traveling over http:// and not https:// and all sorts of bad is associated with that.

Monday, October 1, 2018

Griffon

It's an MVC (Model-View-Controller) framework for the Java space.

five things to unicode encode to prevent SQL injection attacks in web forms applications

HP Fortify itself suggests you can beat most SQL injection attacks at URL line variables in web forms applications by cleaning the strings handed in like so:

string clean = dirty.Replace("&", "&amp;").Replace("\"", "&quot;").Replace(">",
      "&gt;").Replace("<", "&lt;").Replace("'", "&apos;");

'tools.jar' seems to be not in IDEA classpath. Please ensure JAVA_HOME points to JDK rather than JRE.

This appeared in a dialog box titled "JDK Required" after I installed IntelliJ IDEA 2016.1.4. I guess I need to go dig up the JDK next. I installed version 2018.1.4 and it put some stuff at C:\Program Files\Java. Maybe I need to find the right JDK and get it installed there too. By the way the IDEA in IntelliJ IDEA stands for integrated development environment application in lieu of just integrated development environment which is what IDE stands for. We have the IDEA acronym just to be silly.