Showing posts from August, 2019

Recent Http2/DOS attack

Recent Http2/DOS attack

CVE-2019-9511 HTTP/2 Data DribbleCVE-2019-9512 HTTP/2 Ping FloodCVE-2019-9513 HTTP/2 Resource LoopCVE-2019-9514 HTTP/2 Reset FloodCVE-2019-9515 HTTP/2 Settings FloodCVE-2019-9516 HTTP/2 0-Length Headers LeakCVE-2019-9518 HTTP/2 Request Data/Header Flood

Nextjs - How do you handle onclick which do something

You can use the following codes to do it :-

Whitelisting Azure event hub

To decide which event hub to whitelist, you can use the following command to get some legit ip address


nexjts - how i deploy it on a docker container running nginx

You need to have something like prod setup below :-

Next, run your docker container and mount it to a nginx default folder,

sudo docker run  -p 8008:80 -v $(pwd):/usr/share/nginx/html nginx

Fire up your browser and then type localhost:8008

Azure autoscaling - how it works from my observation

This is my observation with scaling out app service plan in an ASE environment.

How long does it takes to scale?
30 to 40 min to scale up one instance. Your service plan status will be pending.

Where do you view your metrics / logs?
Go to app insights in your function app or apps. For some reason it is not updated

What metric to choose?

That depends. For my case, I have to scale function app. So i set it scale if function app execution count is greater than 8. I noticed that regardless of how many instance you already running, for example you have 3 instance, as long as function app execution is 8 then it will scale up to 4 instance.

It is not like function app execution unit shared by current 3 instances. If you have 9 function app, then you get a new instance.

Off course it differ depending on metrics types.

Event hubs

As i push more load to event hubs, partitioning is pretty much fixed. If you have 2 VM, then those functionapp will be processing the same partition. Process wpw3 is…

Scaling with metrics

To get a list of metrics supported, please go here.

Azure functions plans types

Typically we can have service plan configuration as follows when setting our terraform azurerm_app_service_plan's kind configuration. These settings are :-

a) App - isolated. Scaling out is manual / autoscale control by your service plan

b) FunctionApp - free, sometimes it goes into idle mode.

c) Linux

d) Windows

These plans dictates how your functions app scales.  Scale controller helps you to decide how your functions app get scaled. It the condition could varies depending on the type of function app trigger that you're running.

For example, if you're running event hub, your app can scale depending on number of messages.

Here's some interesting service limit for scaling out

-Consumption plan - event driven 

-Premium plan - event driven 

-App service - manual / auto (depends on how you configure your service plan) 

Max Instances

-Consumption plan - 200 - think this is going to back fire. Imagine you have 200 instance creating new connection to your database .

-Premium pla…

Azure event hub namespace connection string or event hub connection string?

It depends, if you have the requirement to write to say different event hub in the namespace then event hub namespace connection string. The problem could be if your connection string is compromised then the application can potentially send to all your event queue. It is always better to have finer control. :)

So I would use event hub based connection string.

terraform creating rule for auto scaling for service plan

It seems like terraform just doesn't like to create a rule. But if you go and create manually in the portal, giving it a name, then terraform auto scaling service plan works.

Here is my terraform :-

Some point to note - I have to use "azurerm_app_service_plan" tags here as oppose to manually copy and pasting the resource id.  And remember to create a rule called "devspapptest-Autoscale-9680" so terraform would be able to find it.

So strange ......

To work with what metrics are available, go here. Also don't forget to go, App Service Plan -> Scale out -> Json to try to match or copy some of the operator values or statistic used. It is like you can copy and paste it into your terraform code.

Terraform secret rule of thumb - keyvault has to depend on policy :)

Did you know when you create a new secret, you need to add "depend_on", to associate it to a key policy. That means Vault -> Policy -> Secret (you need to specifically add "depend_on" in your secret resource provisioning section.

Understanding TLS and its cipher suite - Part 1

Key exchange algorithmsprotect information required to create shared keys. These algorithms are asymmetric (public key algorithms) and perform well for relatively small amounts of data.
Bulk encryption algorithms encrypt messages exchanged between clients and servers. These algorithms are symmetric and perform well for large amounts of data. Message authentication algorithms generate message hashes and signatures that ensure the integrity of a message. Other scheme used here includes HMAC.

MAC - Common message authentication scheme are HMAC, OMACCBC-MAC and PMAC. Newer and better ones would be AES-GCM and ChaCha2, Poly1305

Setup azure function app to a service plan

Yes, sometimes you do need alot of testing to make sure you get this right.
Let's say you already setup a ASE (isolated environment) and then you would like to associate that single service plan (resource group A) to a function app in resource group B.

How do you do that?

With Az Powershell?

azure service plan - scaling out and scaling up

Scaling up means increasing your computing resources like instead of running your app using 4G, you are saying I want to run it on a 16 G machine.

Scaling out means increase number of VM to run your existing application. You may have 1 vm running your app right now, lets increase this to say 2 or 4. A limit of 100, if you're on a isolated plan.

How does this related to a Service plan? Well, service plan controls the scaling of your resources.

nextjs optimization

Lazy loading module is achieve through

Lazy loading components

terraform azurerm_app_service_plan

This is to create an application web service and a service plan. Not to be confused with App Service Environment.

Some useful port in Azure

Some ports that you will often work with in Azure.

UsePortsHTTP/HTTPS80, 443FTP/FTPS21, 990, 10001-10020Visual Studio remote debugging4020, 4022, 4024Web Deploy service8172

ASE app service plan - 1 instance per service plan

Did you know that in ASE, one service plan typically means you are running atleast 1 vm?
Well, you know now.... that's going to cost.

Probably merge all into a single service plan.. :)

Also, turning on diagnostic logging is expensive

react : functionalcomponent vs class component

Was playing around with Nextjs and the code that keeps on popping up are Functional component (as shown in code below).

The difference between functional and class component.

Functional component 

Class component 

nexts - pushing client side javascript

When using SSR, you probably need to push some client side code. This requires some manual configuration.

First you need a folder called static (it has to be static, otherwise it won't work), place your javascipt code in it and then from your index.js or index.tsx.

And oh, you need to "Reload that page" / F5

Microsoft Seal - Setting up your docker on Ubuntu

If you're thinking of working with Microsoft Seal library, then get your hands dirty with a Linux build.

To setup your dev environment

docker run -it /bin/bash

Then start to install

apt-get install update

 apt-get install software-properties-common
 apt-get install cmake
 apt-get install git
 apt-get install g++

 git clone
Build the goodies 
cd native/src cmake . make sudo make install cd ../.. Don't forget the samples..... good fun :)
cd native/examples cmake . make cd ../..

warning: Error disabling address space randomization: Operation not permitted

When trying to run gdb on a docker, i got this nice error :-

This is a solution, which i will try later ..  :)

docker run --cap-add=SYS_PTRACE --security-opt seccomp=unconfined


Solution : apt-get install g++

PALISADE - Library Compile for Linux Ubuntu

Get the tools 

apt-get install software-properties-common sudo add-apt-repository ppa:george-edison55/cmake-3.x sudo apt-get updatesudo apt-get install cmakesudo apt-get install g++sudo apt-get install git
Clone the repo

git clone

Configure and build 

Go into your cloned dircectory

./configure ./make

Azure - how do you upload your react assets (actually for any assets) into static storage web enabled account

This is the script that i used to deploy my react assets from azure devops into azure storage account :

Webdeploy to ASE environment breaks after forcing TLS / SSL upgrade

If your deployment suddenly stops working when someone set to TLS 1.2/1.3 or prevent TLS 1.0 from being used.

Then devops code deployment will keep on complaining that it was cut off from the tcp stream.

Enabling debug for Azure Dev ops

Set the variable name System.Debug  to true

Enable c# with c++ dll debugging options in visual studio

In your c# project, right click -> Properties -> Debug -> Enable Native Code debugging. You're all set.

az cli - setting variable on a windows machine build

Did you know that you need to use the following command to set variable if you're using Azure DevOps Az Cli running on a Windows machine?

For /f %%i in ('az keyvault secret show --vault-name "Your-KeyVault-Name" --name "Your-Secret-Name" --query "value"') do set "password=%%i"
Don't ask me why..just weird