Friday, January 22, 2016

Internet Explorer 11 and Cache-Control: no-store - bug or feature?

We spent a considerable amount of time today. IE11 wouldn't render awesome fonts, why? Because we were protecting the privacy of our users and because we were stopping hackers from pulling sensitive information stored in users computers. In short IE11 will not render awesome fonts if you use the below header:
Cache-Control: no-store
The "solution" is to set a max-age for Cache-Control only when fonts are requested. This is an example of "let us please those that do not care much about security affecting those that do care". In my opinion this is an IE11 bug and I would certainly ban this browser until fixed from accessing any application that should comply with privacy laws.

Saturday, December 19, 2015

Serving local files with a simple http file server built on NodeJS

Sometimes we want to share some files in a local network or we want to host quick local app demos for others to play with or we are forced to have files served by http to test tooling like it was my case this time.

I was playing with Git Patch Viewer chrome extension to see how specific patch files were shown but the extension wouldn't parse local file:// referenced resources.

I have published the most simple http file server I could build to address this issue. Probably you can share a better/shorter way?

Wednesday, December 02, 2015

On BI: Spring Tomcat Impersonation audit

The amount of intelligence you can pull from logs is unlimited. In a typical log like the below we see a session but we have no idea who is editing the employee. Furthermore the employee might be edited under impersonation.
2015-11-07 22:15:05,845 INFO [com.sample.web.filter.LoggingFilter doFilter] - 172.16.2.41 AD3A60A51885B74F2AC2B02F5BDD3AC0.node1 /employee/204187 192.168.0.43
We can easily see filtering by the sessionid if a user was impersonated and list both the real user and the impersonated user with the below awk script: We get now something like:
2015-11-07 22:15:05,845 192.168.0.43 AD3A60A51885B74F2AC2B02F5BDD3AC0.node1 impersonator@sample.com impersonated@sample.com /employee/204187
Note that if you are logging all params as part of the URL regardless if it is POST or GET you could be saving a lot of time. If you are using JSON payload most likely things will get a little more complicated as you might want to extract specific fields from the payload but overall you could extract a lot of business intelligence from logs just using the veteran awk.

Friday, November 20, 2015

Web site incorrectly rendering a font in italics at least in Windows Chrome browser

If your browser (I have seen it in Windows Chrome) incorrectly renders a specific font in italics you might be facing a corrupted font.

The first thing to do in order to resolve this issue is to determine the font being used. This is something you can find easily from chrome inspector (right click on an incorrectly rendered in italics word) which will reveal the current applied style including the font.

Once you know the font type then go to http://www.cssfontstack.com/ and select that font. Most likely it will be looking also in italics. See below how the whole page renders in italics:



This means that the particular font is corrupted as a result of a corrupted program installation or uninstallation.

To correct the issue just delete the font from C:\Windows\Fonts and bring it back again from a working machine (the file is a ttf which contains bold, italics, narrow and other combinations for example arial.ttf).

Saturday, November 14, 2015

On Protractor: End to End (e2e) tests should fail if there are javascript errors

End to End (e2e) tests should fail if there are javascript errors. They most likely won't cover all the application functionality, but many (if not most) of the regressions we encounter in production are related to javascript errors. Here is how to stop your continuous delivery pipeline if there is a single javascript error at runtime. Note that at a minimum smoke e2e tests should exist meaning that all of your views should be tested at least expecting to render html, not having unexpected logical errors and not having javascript errors. Webdriver allows us to get a hold of the browser console log. This means we can detect if there are javascript errors at runtime and make our tests fail. For more info see https://github.com/angular/protractor/blob/master/docs/faq.md#how-can-i-get-hold-of-the-browsers-console. Protractor makes our lifes easier though. All we need to do is to include the below configuration in protractor.conf.js:
...
exports.config = {
  ...
  plugins: [{
    path: 'node_modules/protractor-console-plugin',
    failOnWarning: true,
    failOnError: true
  }],
  ...
...
// To test the solution just force a JS error that does not stop your test from passing. // For example adding a simple script tag in your index.html:
  <script>
    console.undefinedMethod('will never run');
  </script>
After the test is run you get:
Plugin: /usr/local/lib/node_modules/protractor/plugins/console/index.js (teardown) Fail: Console output SEVERE: https://doma.in:port/path/ 72:17 Uncaught TypeError: console.undefinedMethod is not a function [launcher] 0 instance(s) of WebDriver still running [launcher] chrome #1 failed 1 test(s) [launcher] overall: 1 failed spec(s) [launcher] Process exited with error code 1

Tuesday, November 10, 2015

Find all javascript files except those below a directory

Very useful specially for those dealing with nodejs where we want to avoid searching for "node_modules"
find ./ -not -path "*node_modules*" -name "*.js"

Friday, October 30, 2015

Find out apache module version

It took me sometime to find out a way to determine the version number of any apache module. Basically the 'strings' command can extract the existing strings in the shared library and with grep we can use the regex "${mod_name}/[0-9]\.[0-9]" where mod_name is a variable containing the name of the module. I am omitting the real version numbers below for security reasons:
$ strings /usr/lib/apache2/modules/mod_pagespeed.so \
    | grep "mod_pagespeed/[0-9]\.[0-9]"
mod_pagespeed/w.x.y.z
$ strings /usr/lib/apache2/modules/mod_ssl.so \
    | grep "mod_ssl/[0-9]\.[0-9]"
mod_ssl/x.y.x

Followers