Posts

Showing posts from 2017

service designer guide for http status - check this out !!! :)

Image

Angular2 - No http post or get until you call subscribe.

Sometimes rxjs can be so lazy. Nothing happens until you call 'subscribe'.

When you are making a http request get or post, you might find out that there's no outgoing http request. Does the code below looks familiar, well..... you will get it if you call subscribe.  :/ This is a gotcha for many people.

Javascript / Typescript rest and spread operators

To make it easier, rest and spread operator basically helps to merge all your function parameter together. In the past, we use something like

myfunction.apply(null, myAgumentList)

With rest and spread we can easily

function log(...a) {
   console.log(a);
}

log(1,2,3,4,5); // outputs [1, 2, 3, 4, 5] array

Notice we're assigning myArguments at the back. 

let myArguments = ['x', 'y', 3]

log(1,2, myArguments); // outputs [1, 2, ['x', 'y', 3]] 2 different array 

log(1,2, ...myArguments); // outputs [1, 2, 'x', 'y', 3] 1 array


Notice we're assigning myArguments at the front. 

log(...myArguments,1,2 ); // outputs [ 'x', 'y', 3, 1, 2] essentially a single array.








Angular2 providers with useClass purpose

Might be wondering what is the purpose the useClass construct as shown here
[{ provide:Logger, useClass:Logger}This provides a way for Angular2 to find and use the proper class / providers. Think of it as a key / value matching approach. Some people uses mock logger service by specifying useClass : BetterLogger.

Difference between NativeElement and DebugElement in Angular2 test

Image
What is the difference between native element and debugElement in Auglar2 test?

Short answer :-

DebugElement contains method / function to query or test an Angular2 component html elements

NativeElement is the html itself.

Have a look at the diagram below. The first is debug element while the last item is native element itself.



ESNext

Wanting to find out more about ESNext ....check this link out

https://github.com/tc39/proposals



typescript async and await

Typescript has it now... async and await.

SqlDependency not firing, you're not the only ones. :)

8 years old, i tried using SqlDependency and it failed badly. Today i have another go at it for some weird reasons.

Anyways, if you're having problem with SqlDependency, you're not alone. Try to use this solution instead.  The only thing I don't like about it is, change response is given in XML.

Try SqlDependencyEx instead.

https://github.com/dyatchenko/ServiceBrokerListener

Typescript allow initializer to create and instantiate an instance

The keyword partial transform fields into optional.




So we're able to initialize our object instance this way.




Pretty cool eh..



if your ngFor or ngIf not working - You might not have Common Module imported

import { CommonModule } from '@angular/common';

@NgModule({   imports: [     RouterModule.forRoot(appRoutes), HttpModule, ReactiveFormsModule, CommonModule   ],   declarations: [AddPersonComponent, SearchComponent, ListComponent],   providers: [PersonService],   exports: [     RouterModule   ] })

angular2 call service via OnNgInit

If you need to call a service, please do it via OnNgInit instead of using constructor. If you doing unit testing, your code might not work.
As shown in the code below :

classSomeServiceimplementsOnInit { constructor(privatehttp:Http) { } ngOnInit() { // this should hit mocked backendthis.http.get("dummmy url").subscribe(v=> { console.log('constructor subscribe hit'); }); } someMethod() { // this should hit mocked backendthis.http.get("anotherurl").subscribe(v=> { console.log('some method called subscribe hit'); }); } }

angularjs2 common stuff that i always forgets

Providers

@NgModule
{
   providers : []  // providers
}
providers array provide a dependency injection layer between ngmodule and other child components. A child component will typically traverse to the parent to look for a provider - a singleton service or in plain language a class with a tasks like news feed service or http service.

if you specify providers in a child component, this service will be instantiated as a separate instance.


BrowserModule 

This module provides services for running and opening browser. What type of services?
Always import BrowerModule in the root AppModule.ts.


@Input and @Output

Passing data using @Input  (Property passing with [] )  and @Output (event passing with ()  )

Custom Directive 

You essentially can still create custom directive in Angular2.

@Pipe 

@Pipe - custom, stateless and stateful pipe










c# recursive Fibonacci implementation. Not a very efficient solution.

javascript function * declaration

Did you know that if you defined your javasscript function  like function *, you're basically creating a iterator function.

var myIterable ={} myIterable[Symbol.iterator]=function*(){ // i want a iterator here! :)yield1;yield2;yield3;};[...myIterable]// [1, 2, 3]

Awesome site for REST Api designs ....

http://www.restapitutorial.com/lessons/httpmethods.html

Asp.net core security

Enable SSL in ASP.Net Core 


To enable SSL just add [RequireHttps] attribute on top of your controller or use the following code to secure your entire site with enableSSL.


    if (!_env.IsDevelopment())
            {
                services.AddMvc(options =>
                {
                    options.Filters.Add(typeof(RequireHttpsAttribute));
                });
            }


Reason we are defecting if environment is development is due to IISExpress who uses non standard https port for development purposes.



Redirection

According to OWASP, Unvalidated Redirects and Forwards are one of the most common attacks n real life.

With just a single line of code we're able to stop redirection (must always appear after UseStaticFiles. When we're creating an API, we don't redirect  that often. By having this UseRedictValidation, we're able to monitor http redirection and throws an error if it arises.

First off, you need the following nuget packages :-

Install-Package NWebsec.AspNetCo…

dotnet core 1.0.1 upgrading from old xproj files

Did you know that to upgrade xproj to csproj in dotnet core, all you need to do is run

dotnet migrate

However, you need to use vs2017 to work with this new project.

I tried remove and added the new project using vs2015 but its throwing ms build errors.





vs2017 forcing migration -

Image
If you ever wanted to force vs2017 to migrate exising .net core project, all you gotta do is, right click on the project and choose "reload project". It will automatically migrate all your .xproj to .csproj. Please install your sdk tho.




So the bottom line is,

1. no more xproj,  there is only csproj.

2. global.json becomes { "projects" : ["src", "test"] }



Using LiteIde for Golang

I think LiteIde is definitely the editor to use for GoLang. Tried installing different plugins for vscode but unfortunately it is not so useful.

Go download and try LiteIde.

working with messages in mule

Image
When using mule, it is very common to set and access variables, sessions variable and property along our flow. What are the differences between :-

a) variable - data that exist and last from start to end of a flow unless over-written. Accessed using #[flowVars]

c) session - a lasting location for storing values. Accessed by using #[sessionVars]

d) property - are message header information

e) message payload - is the mule message sent to user and move from flow to flow. It could made up of message inflow (accessed using #[message.inboundProperties] and message outflow #[message.outboundProperties].

f) message events

The best way to test this out is to create a flow that makes use of these basic mule construct.

Let's start off with variable. From the flow below we grab input from http and save it to a variable. Then we create a choice flow to see if the variable is "reece". If yes, branch up and set result to 111, else 222.






If we have a look at the "set variable"…

How CORS works in plain english?

Image
CORS is used to control access to a remote resource, for example api.foo.com. If we hosted a webpage on site www.foo.com, we can configure remote resource, api.foo.com and tell it should entertain request coming from www.foo.com.

If you make a request from "evil.com" to api.foo.com, you will not be able to do so. Because we never really configure that to happen.

So we have,

www.foo.com --> making GET request to --> api.foo.com.

if www.foo.com is allowed requested to the site, we will  get some response that look like this.


 Request from api.foo.com


=> OPTIONS https://api.foo.com/products - HEADERS - Origin: http://www.foo.com Access-Control-Request-Method: GET Response from api.foo.com


<= HTTP/1.1 204 No Content - RESPONSE HEADERS - Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Headers: Api-Key Access-Control-Allow-Origin: http://www.foo.com Content-Length: 0 From here, we can see that "Access-Control-Allow…

Mule API Gateway vs Mule Runtime

Pretty confusing to me at first, as i would have thought mule Runtime host mule API Gateway. While that's definitely not the case, API Gateway connects with API Manager to enforce and apply policies / settings like throttling, security, CORS to your back end services. These enforcement are based on sa specific apps.

Mule Runtime is where all your application gets hosted and run. It takes incoming request, runs the specific flows and returns results.








Tutorial : Mule Creating a simplest flow using Http and Groovy component

Image
In this example, we're going to create the simplest Mule app flow. Our flow basically consist of a Http and a Groovy component which looks like this :-






Using Groovy is optional and entirely up to developers to choose. If you're using it for simple and not so complicated task, then it is fine. Otherwise, Java gives you ability to debug through the code.
Groovy does give you direct access to message which you otherwise need to call getMessage() - [if you are to use java component ].

And here is our script looks like :-



User submits are request like this, http://localhost:3004/?username='jeremy'.

If it is jeremy, great, if not it returns invalid user.

For beginners, it's pretty hard to know what message property and types that are available.
Perhaps picture below would give a better way for newbies to work with mule in the future.











Tutorial : Mule Creating a simplest flow using Http and Java component

Image
In this example, we're going to create the simplest Mule app flow. Our flow basically consist of a Http and a Java component which looks like this :-


User basically connects to something like this :- http://localhost:3003/?username=jeremy.

Query parameter called ussername get pass into java's class and returns "jeremy" or "unknow user" depending on the string passed.

Here is what our java class looks like :-




From the code above, our java class implements mule class callable and we attempted to extract username parameter from 'http.query.params' which is a Map object type. With this, we proceed to get our value by calling get Map's method 

Well, that's it. Done! :)







Mule - unit testing with munit getting dependencies right

Sometime trying to get the right dependencies for Mule Munit test can be a challenge. Not something  you wanna wrestle.

So here is a quick list of dependencies that you need.:-




Complete pom.xml configuration are given below :-





Could not find a declaration file for module 'react-redux'.

If you encounter this error, it is most likely that you don't have typings installed. All you have to do is run the following command and restart Vs Code

npm install --save @types/react-redux

force maven to re-download repository jar / dependencies

This happens alot in maven development. Somehow your repository has lost your .jar files and all you get is .lastupdate. To force it to redownload all these dependencies, you need to run the following command :-

mvn dependency:purge-local-repository

using mule cxf component

This is by far the coolest way to create a web service, using mule CXF. CXF is a component that allows you to easily create and expose a web service using Mule runtime.

Just create normal java interface and implements it. Cook up some Mule connector and you're good to publish your web service.

Lets create your interface.



Lets create your class. Notice we're not annotating it with @webservice.




Finish it up with the following Mule script :-



After this, we just have to consume this service and gets a return results.

setting response header connection to close

After some really time consuming effort to try to set header connection to "close" with WebAPI, i finally resorted to  good old all powerful nodejs.

Using the code below and fire away. It is able to accept incoming request from any port. Done! :)


using panda to find value matching certain criteria.

Say you have the following dataframe read into panda.

Id | F1    | F2      | Class
0  | True | True   | 0
0  | True | True   | 1
0  | True | True   | 0
0  | True | True   | 1

To select all the class with value 0 in a data frame, you can use

data.loc[data['Class'] == 0]

Class column name is case sensitive. You won't get anything out of using data['class'].


Easy to understand Confusing matrix link

Best link i have found to understand what is confusion matrix. This confusion matrix becomes not so confusing. :)




Mule Http Client Request logging

Best piece of logging i found - literally no code modification. Just add the following code in your log4j configuration file and all your logs will be revealed. :)



<AsyncLogger name="org.mule.module.http.internal.HttpMessageLogger" level="DEBUG" />
<AsyncLogger name="com.ning.http" level="DEBUG" />

Getting started with Credit Card Detection using xgBoost

One fine day i came across this article. Curiously wanted to see if this works, i found a way to quickly setup your machine to run it using docker. Yeap you can setup and run it in 30 minutes time.

All you have to do is install docker and run the following command


docker pull continuumio/anaconda docker run -i -t continuumio/anaconda /bin/bash This install anaconda with python 2.7. Don't worry about this version. Its all good plus xgboost works only on this version.

Additional library you might need to install are

conda install -c bioconda xgboost=0.6a2

conda install pyqt=4
After that, just run python and you can run all the command given in the article.

django serving static files

In order to serve static files, you need to configure settings.py.  In this example, say we are hosting our static files under a folder called 'static' (and app) with a filename called index.html.


TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
        'DIRS': ['static', 'app'],
        'APP_DIRS': True,
        'OPTIONS': {
            'context_processors': [
                'django.template.context_processors.debug',
                'django.template.context_processors.request',
                'django.contrib.auth.context_processors.auth',
                'django.contrib.messages.context_processors.messages',
            ],
        },
    },
]

And finally set your "urls.py" 
from django.conf.urls import url from django.views.generic.base import TemplateView
urlpatterns = [     #url(r'^$', views.index, name='index2…

adventureWorks unable attach to a SQL server

if you ever get an 'permission' issue trying to attach adventureWorks to your Sql Server, the solution would probably be this.

Right click on your 'adventureWorks.mdf' file -> Properties-> Security -> Give full control access.

That's it!

Golang Revel Web Framework for Windows installation

This is a guide to help setup Revel GoLang webframework on Windows.

So first thing you gotta do is install, golang here.

Next up, goto Revel website and follow


go get github.com/revel/cmd/revel It will install to "C:\Users\DefaultUserFolder\go\bin". So please add this to your PATH manually instead of the installation folder which is C:\Go. 

When you run the command above, you most likely don't need to run :- go build or go install.

Time to go! :)

php with local server

Just type the following command and we're god to go :

php -S localhost:8080

Running XGBoost with R Studio

Image
Let's say we are trying to use xgboost to make prediction about our data and here is a sample data that we're going to be using :-





Some terminology before moving on. R uses the term label to say, this is our expected output when we're building our model. Yes, it is really confusing. A label to becomes final output of our predictions.



Basically what we're trying to find is relation between smoking and high sugar intake will lead to a person having disease.  These are fake data of course.  There are people who smokes and eat as much choc as they like,  they still look sharp. (not me tho)

First we will create these data using R. Code example shows we're loading some libraries and then create a data frame called  'a'. Next it convert 'a' into a data table 'd'.

require(xgboost) require(Matrix) require(data.table) if (!require('vcd')) install.packages('vcd') a = data.frame(id=c(1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17, 18, 19…

bootstrap grid system col-sm-offset

Image
Regardless of what, that offset is to say "hey, leave some gaps/space" for me. For example, say we have a grid of col-sm-10 and i specify col-sm-offset-2, that gives me something like a full grid with 2 2 column is reserved for spacing.

This is a good way to see this would be looking at example below :-



Was abit confusing, initially but I guess offset would have been ok.

Running R code on the web

Definitely a good thing to have when learning R. Here you can run R code online.


git reverse commit is great.....

I found myself looking at a long list of commits which i need to remove. So i fire up my SourceTree and zoom in on list of commits that i need to undo. Right click on it and choose reverse commit. All the check-ins for that commit is gone.

That's it. :)

network file copy using python

The power of python and shutil that comes with copyfile and allows you to do network filecopy.

Check out the code here and yeap it is that simple :-


Outlook doesn't support css list-item disc or simply bullet

Tried incorporating bullet disc in an HTML Email attachment and didn't show anything in Outlook. :(
Guess the only solution is to have disc as embedded attachments.

php final keyword to make your class rock solid and can't be extended

This is a feature that i didn't know exist in PHP. Final keyword.

setting up laravel in windows

Please make sure you have php5 and composer installed.  It's best you install it under C:\php directory because most settings assume that we follow this.

Next run the following command,
composer globalrequire"laravel/installer"
If you encounter error saying that you are using an insecure connection, then issue the following command from command prompt.

composer config -g secure-http false

Next you need to create a laravel application by using the following statement. Here we just created an app called 'blog'
laravel newblog Please change directory into blog and issue the following command
composer install Many text will say that you will be able to run from the local development server....well that's not the case. Issue the following command first, You need to make sure you have enabled extension :- openssl and mbstrings. Open up your php.ini file and look under the section 'extensions' and begin to modify it. Otherwise this won't work.  
copy .env.…

Playing with PHP

I was having a go at some of the feature of PHP especially around class, traits, interface and properties. Some take aways are :-

a) php don't support multiple returns

b) php support single inheritance (extends) and multiple interface (implements) - that's pretty straight forward

c) php traits are quick way to add feature and functionality. Haven't tested with unit testing yet which can be pretty interesting. Not forgetting multiple traits can be used.

d) autonomous class loading - looked at it but not sure what it brings


scapy traceroute

Traceroute often used to discover path to destination when packets hops from router to router.  It sends a short live packet out and then waits for ICMP response. Repeating and incrementing TTL each time until a destination is reached.

Traceroute comes in different flavours :

a) Tcp trace route - Is becoming more popular because TCP are not block by network administrator. Sometimes when UDP used, it ends up to firewall and stops there. If TCP is used, it would make a step further.

b) Intrace - Still reading up on this.

c) Traceroute - normally traceroute uses UDP on Linux and ICMP on Windows.








Setting up Scapy for Python 3.

Image
Please note : I tried installing it on Windows 10 but I'm getting library exceptions being reported. So I installed it on Docker Ubuntu instead.

Scapy all Pen tester to easily create their own tools for network analysis.

Please download Scapy from here.  Please note : This requires Python3.

There are some setup instruction which allows you to manually install or through pip.

If you're sitting behind the firewall, you might get need to run the following commands :-

'python setup.py install'

That's probably it. But if you encounter issue like 'unable to find wpcap.dll', just http://www.winpcap.org/ and install winpcap.exe

Fire up python from command prompt and issue the following command to test your installation.

from scapy.all import *

send(IP(dst='www.google.com')/ICMP())


You can see that 1 packet is being sent out.




Powersploit - Metasploit in Powershell

If you ever decide to try Powersploit , chances are your antivirus will automatically remove those files. :(

But if you decide to proceed (by disabling your AntiVirus - at your own risk) then just copy the entire folder in your Powershell installation module, which could be something like this :-

C:\Program Files (x86)\WindowsPowerShell\Modules

To get started with it, following instruction in README.MD in each subfolders.
For example, if you're going to try out Recon modules,  follow instruction here.

Empire Powershell Installation

Stumble upon a project called Empire Powershell. It is like a Metasploit that targets system running Powershell. I am not sure why i think it can run on Windows. So you guess it, I tried install it on Windows and it failed. Lots of question mark at this point.

A bit of Googling, finally I got it installed on my Linux box. Hurray!

It's pretty easy to setup. Just run install.sh on a folder called setup. After that, run Empire.

Now i can build my empire and kick start my evil plan to dominate the powershell world





Some thoughts on PHP Object injection

I was reading PHP Object injection coming from Security Cafe . While I do think it works but I don't think anyone would be writing code like that - codes that allows users to pass what object to serialized

Take for me is, understand how the underlying system work and lock down features that is insecure accessible to users..




application of fibonacci number

As we all know fibonacci number goes something like this,

1,1,2,3,5,8,13,21,34 ...blah blah blah.

One of the area of application is convert km to miles and vice versa. If you want to

a) km to miles = read from left to right
b) miles to km = read from right to left

It work except for 1. :) Cuz 1 miles is 0.6 km. Close enuff tho if we apply rounding rules.

python loop through subdirectories

Probably one of the weirdest python code i have ever seen to loop through files in a directory. But i think its pretty efficient.


for subdir, dirs, files in os.walk("."):
    for file in files:
        print os.path.join(subdir, file)


-Yay! prints all the files in a directory.

ionic framework image assets location

Where is the location of image asset in Ionic Framework?
Answer  :  www\images

This where you should place your images assets

Task scheduler : Executing powershell script from a specific folder

Image
Say you have a powershell scripts that reference other .net assemblies in a folder and you need to have a task scheduler to run it, you might run into "unable to find reference type" error. 
The solution is really simple, basically run powershell, change directory to the folder and execute your script. 
Here is a quick way to do it via a windows batch file and you probably have something like this setup. 



And then here comes the scripts. What this scripts does is, start powershell, use push-location to change directory and then execute your script. Noticed I added a "-noexit" flag to stop powershell to close execution window.





activemq - buggy and causes strange behaviour

I guess ActiveMq is a pretty famous but it is also buggy. I have issues like messages not being return entirely. I don't know where the messages went. If i tries to do a second read (using QueryBrowser), I get those messages again.

If you load balance it, you need to be reading it off 2 different ports and DO NOT expect messages to be return ordered by timestamps.

More challenges that other people have experienced before :-

http://stackoverflow.com/questions/19262898/why-activemq-receiver-class-can-not-receive-all-the-message-from-sender-class

(CORS) Cross origin issue with Laravel API

You might get a cross site origin error when trying to consume a web api which returns json data. This normally happens when your browser tries to make a request to an external site  / location.

A quick work around for this would be adding extra headers as shown in code below:


docker : folder sharing on windows

To share a folder / volume using Docker, you need to understand the layers involved. There are 3 main layers - which are

Host (Your machine) -> Docker (a virtual machine using Oracle VM called default / or your Windows Hypervisor )  -> Image (the image you download from Docker hub for example hello-world or ubuntu.


Virtual machine configuration 

Using Oracle virtual machine, shutdown default virtual machine if it is already running. The click on Properties->Shared Folder->Add your share location as shown below :-

In this example, you're sharing /c/blog -> c:\tmp\laravel\blog


Running the container

Next, we will mount the volume to a container path /var/www/laravel. What's going on is we're trying to mount virtual machine shared folder (indirectly host machine share folder) to a container folder.

docker run -p 8000:80 -p 443:443 -v /c/blog/:/var/www/laravel/ -d eboraas/laravel

I think many people got confused with providing a windows directory here. (-v /c/blog…

Google cloud bitnami LAMP mysql data password

Image
After you spin up a Bitnami LAMP server and you might wonder what is the mysql database password .....well, just go into Google Console and open up details of your LAMP server.

Then look under bitnami-based password as shown below :-



After that try ssh into your LAMP server and then login to mysql with the password above :-

mysql -u root -p

powershell : get date from epoch / linux date

This is going to be a relatively short post and here's the code get a datetime from epoch time. The $time parameter looks something like 1485810174


Deploying Laravel on Google Cloud

Since Google Cloud Platform Bitnami LAMP comes ready with composer and Laravel, we can drive straight in, after you spin up a new LAMP virtual machine.

The public directory accessible to the world is htdocs.

Lets change directory to htdocs by issuing this command "cd htdocs"

Run the following command
composer globalrequire"laravel/installer" Next, we will create a application using the command below: -

$HOME/.composer/vendor/bin/laravel new blog

Please note that this will create a directory called blog under htdocs.

Important! Ensure a folder called storage is writable by

cd blog

Then issue the following command

chmod -R o+w storage

Fire up your brower and browse to the following link
http://your-lamp-server-ip/blog/public/index.php Your laravel page will fire up. :)







Project WAH - (What Happened Here)

WAH - (What Happened Here) - Is a project that allows developer to figure what's going on with an application during runtime. For example, if an application crash, we wanted to find out why.
Unfortunately most of the it time, we ask did you enable logging, read through the logs and find out its root cost and finally cross check that with source code. This takes up alot of time
Instead of using the traditional logging, it allows developer for ask the app what actually happened and why it crash. Yeap, something like interrogation - but with more intelligent way.




Powershell script to read all the queue available on a host

The following codes gets a list of queue listed on activeMq Host server using NMS Provider.

Docs on deploying LAMP apps to Google Cloud

Apparently the following links provide good information on deploying PHP based application.

https://docs.bitnami.com/google/infrastructure/lamp/

So what is supported in this LAMP package?

Php scripting language, Apache Web Server, MySQl, MariaDB, phpMyAdmin.

It also support Zend Framework, Symfony, CodeIgniter, CakePhp, Smarty and Laravel. So essentially you can dive straight into development.

google cloud platform : using the lamp stack

when i first install my LAMP stack on Google cloud, I am at a loss trying to find my way  through. The only thing available was ssh. What if  i wanted to install Laravel?

Thankfully it came with "Composer" - PHP dependency manager. I was able to fire up my ssh and just install Laravel using the following command :-

composer globalrequire"laravel/installer=~1.1"
Phew that's was easy

Once you have installed that, $HOME/.composer/vendor/bin/laravel new blog

And you have just created your first project :)


powershell gotchas :- Use global variable / function when you have event in your code

Did you know that its a good idea to use global function and variables when you use event in your code.

Have a look at example below :-



You will not be able to call GetActiveQueueMessage function and your script just dies.

Key take from this is, if you have event, any variable or function you're referring to, please make sure its defined on global or script scope.

Otherwise, you pretty much get uninitialized or empty variable everywhere.