Posts

Showing posts from 2013

Review: The 5 Love Languages

Image
A mindmap review of the excellent book. Flash version can be found here

Issues with IE Compatibility

Be aware of the difference between the Browser Mode vs. Document Mode. Browser Mode is controlled by the client browser - is affected primarily by "Compatibility View" settings as well as domain  Document Mode is controlled by the web server, and/ or the web page  Using IE 8-9, some strange behaviour has been observed. Enabling Compatibility View (for either intranet, all websites) would result in the following for affected sites: IE conditional comments would detect IE7 User-agent sent would be IE7 (compatible) Browser mode would show IE 9 Compatibility View Document mode would be IE 7 standard The above behaviour would not be affected by X-UA-Compatible meta-tags within the page.  However, sending X-UA-Compatible HTTP header would alter the behaviour as follows: IE conditional comments would detect IE9 User-agent sent would be IE7 (compatible) Browser mode would show IE 9 Compatibility View Document mode would depend on the value of the  X-

Use Case Realisation in UML

Image
This is a sample of a use case realisation ( design-level ) for a use case “ View the Dashboard ”. The implementation uses ASP.NET MVC and the design is documented in the following UML diagrams. This is an experiment whereby I produced the design in UML for a new developer to implement the use case. The following Sequence Diagram documents the initial web request to display the empty Dashboard. The following Sequence Diagram documents subsequent web requests to display the search result. The next Sequence Diagram specifies the implementation of DashBoardCntrl::retrievePlanListFromCache . The final is the View-Of-Participating-Class (VOPC) diagram for this use case realisation.

When is a Sequence Number Not Sequential?

A sequence number or an identity column guarantees the following: Number served is unique. Number served is sequential (ascending order) - Identity columns guarantees this; sequence number in Oracle RAC mode doesn't, unless ORDER is used. However: It does not guarantee the sequence is gap-free Sequence number/ identity columns do not partake in transactions Number loss/ gaps happen due to the following: Served number does not get utilised (typically due to transaction rollback) Server restart/ failures - database servers tend to cache sequences in memory for performance reasons. E.g. Oracle Sequence number set-up to be CACHEd in memory. According to Oracle 11gR2 Database Documentation : for the Sequence database concept, use of Oracle Sequence does not guarantee gap-free set of numbers.   If your application requires a gap-free set of numbers, then you cannot use Oracle sequences . You must serialize activities in the database using your own developed cod

Psychology Behind Dishonesty

Image
An appreciation to why people are dishonest. Flash version can be found here .

How to determine if you've been blocked by a WhatsApp contact

According to the legal clauses in WhatsApp, such blocks have been made non-deterministic to protect privacy. However, by experimentation, you'd notice the following when you've been blocked: unable to see the "online" or "last seen" of the contact. Described here messages sent to the party does not get delivered - indicated by 1 tick instead of 2 unable to create a group with the party - An error message appears "Error while adding participant... not authorized to add this contact" The first 2 indicators are explained in WhatsApp's FAQ . Of interest is: We have made this intentionally ambiguous in order to protect your privacy when you block someone. Thus, we cannot tell you if you are being blocked by someone else, since this is a violation of that person's privacy  However, the 3 indicator above (not mentioned by WhatsApp) appears to be a very strong indicator that you've been blocked by the contact.

HTTP Redirection

According to the HTTP specs, there are a number of HTTP codes used to redirect browser clients.   301 Moved Permanently : Permanent redirect. Document has moved permanently, future requests to use the redirected URL instead. Response is cacheable. Modern browsers change the HTTP method to a GET with the exception of IE (which preserves HTTP HEAD, DELETE method). 302 Found : Temporary redirect. To be superseded by 303 and 307. Response may be cached if headers allow for it. Most modern browsers treat this as 303 with the exception of IE (which treats it as 307). 303 See Other : Request should be redirected to a GET regardless of the original request method. The response must not be cached. Supported by all modern browsers. 307 Temporary Redirect : Temporary redirect. Request should be redirected to the redirected URL. The original request method is to be preserved and a POST request should be re-posted. Response may be cached if headers allow for it. Supported by all mod

Valid Email Addresses

A valid email address as of this form:   local-part @ domain-part In particular, the local part is required to be one of the following: dot-atom quoted string a combination of the above. E.g. my.name.is."Johannes Kuah"@example.com   Dot-Atom A string of ASCII characters excluding the following special characters :  whitespace ( ) < > @ , ; : \ " . [ ]   Quoted String A string of ASCII characters including the above special characters enclosed within normal ASCII quotation marks ("). However, the backslash \ and quotation mark " must also be preceded by a backslash \   References http://tools.ietf.org/html/rfc2822#section-3.4 http://tools.ietf.org/html/rfc3696#page-5

Performance Counters for .NET

A little dated by now. From Windows 2000 Resource Kit: http://technet.microsoft.com/en-us/library/cc938609.aspx http://technet.microsoft.com/en-us/library/cc940375.aspx http://technet.microsoft.com/en-us/library/cc938586.aspx http://technet.microsoft.com/en-us/library/bb734903.aspx For .NET http://www.symantec.com/business/support/index?page=content&id=HOWTO9722 From Windows 2003: http://technet.microsoft.com/en-us/library/cc779038(WS.10).aspx

Cookie, Security, OWASP

We just had a Security Assessment for our web applications. Some points of interest follows: Cookie XSS security: Where possible, all cookies should be configured to be httpOnly . This is to prevent client-side scripts or applets from accessing the cookie. Incidentally, this is the default for ASP.NET session cookie and cannot be changed via httpCookies element in Web.Config: <httpCookies httpOnlyCookies="true"/> Prevent MITM from accessing the session: Ensure that the session cookie is delivered over secured HTTP session (TLS). Setting the cookie as secure d indicates to the browser that the cookie should only be sent over a secured channel. To configure the httpCookies element: <httpCookies requireSSL="true" /> Note that Forms and Session cookies have slightly different behaviour with Forms cookie being more secured and more configurable. Interestingly, setting requireSSL to true for Forms cookie mandates that the communication channel to

How to put up Maintenance Page for ASP.NET Web Application in IIS

Put in a static file named app_offline.htm in the root of the site. Afterwhich, all requests for that site will be served from this file. Technically, what happens is that the entire application domain will be stopped and unloaded, all without performing an IIS reset. Note the following caveats: Any error in the Web.Config may result in the app_offline.htm page not showing up! The file (app_offline.htm) must be of at least 512 bytes for it to take effect for IE browser. Otherwise, IE would display a “Friendly Error" message by default. The effect of this file is that the server will serve out a HTTP response bearing this header: HTTP/1.1 503 Service Unavailable

Internet Explorer Compatibility View

The newer Internet Explorer comes with the F12 Developer Tools wherein you find the Browser Mode and the Document Mode. Difference between the Browser Mode and the Document Mode Document Mode is something that the web server can control. By specifying the HTTP header, the HTML meta-tags, or the DocType declaration, the Document Mode changes accordingly. See my earlier article . However, the Browser Mode cannot be changed by the server. What really happens when IE Compatibility View is activated? when IE Compatibility View is activated, the HTTP user-agent header is changed to that of IE7. The user-agent sent by the browsers follows: IE Browser Mode User-Agent IE10 Mozilla/ 5.0 (compatible; MSIE 10.0 ; Windows NT 6.1; Trident/6.0) IE9 Mozilla/ 5.0 (compatible; MSIE 9.0 ; Windows NT 6.1; Trident/5.0) IE8 Mozilla/ 4.0 (compatible; MSIE 8.0 ; Windows NT 6.1; Trident/4.0) IE7 Mozilla/ 4.0 (compatible; MSIE 7.0 ; Windows NT 6.1) IE10 WinPhone Mozilla/ 5.0 (comp