Friday, August 28, 2015

Difference between Map and Filter

Notes

  • You can prettify your JSON output by passing null and the number of spaces to indent.
  • Another useful high order function you can use is reduce which combines the elements of an array to a single value.
  • The logic that each function (map, filter reduce) calls to manipulate the original array of data is called a closure. Note that there is no formal function declaration and no function name for a closure.


This work is licensed under the Creative Commons Attribution 3.0 Unported License.

Wednesday, August 12, 2015

Revert Commit into a Branch

Suppose you accidentally push file changes in the form of a git commit to your master branch, but you intended to first create a branch of those changes and push the branch.

Here's how to fix that....

git reset HEAD~1 --hard                                        # move the head back before your commit
git push -f                                                    # make git accept it
git fetch                                                      # get latest 
git reset origin/master                                        # undo non-pushed commit
git checkout -b NEW_BRANCH_NAME                                # create new branch for file changes
git stash save 'moving committed changes to NEW_BRANCH_NAME'   # workstation looks like it did before you made changes
git cherry-pick COMMIT_HASH                                    # grab your changes via cherry-pick
git push -u origin NEW_BRANCH_NAME                             # push NEW_BRANCH_NAME with changes to remote repo


You will probably want to run make note of the git hash created by the original commit BEFORE running these commands. You can run the following to get that hash value: $ git log

This assumes you want to push your changes into a NEW_BRANCH_NAME, which will likely get merged into the master branch after a pull request and code review.

Assuming this works, you should delete the stash you made using $ git stash drop

References

Is it possible to retroactively turn a set of commits into a branch?
Squash my last X commits together using Git

This work is licensed under the Creative Commons Attribution 3.0 Unported License.

Friday, July 17, 2015

Regex for example.com (not www.example.com)

I had a failing test that indicated that I had some sample code in my source.

So, I needed a nifty regex to find it.

Failing Test

A test failed with the following message:


Authenticate User and get his Role
cookies: [ 'name=undefined; Domain=.example.com; Path=/admin; Secure',
  'session=7bi4j6U2VYleeAC_kLseiA.IBKutIFH6iuag66-hrWwyVf175J6NaJICEkgMLC1gl9OrWpvpNTpv-SQ3QJCJe_VfB4MBwjIkpwNgwEM8R99qp6qNm0CXYqbdjaq6_R7PB-O2Vm-cFavjZEohzkNVVnYjlu3BDWFU17y4ENZaMNADXiZ150Pf_nGvdoVZmNFiZh2ysiIk0eRmSOiLEJtkWyj84btuBew0ylUKLn0ywRlnFBllKm4X8_GrCaWxRCFG6iS9T76r_X9PDb9BQKC6eZB2hQRKsykidJ3OY-G5PC_GJwS_LGlgYwP25-0BP8V1524LCvEZ3w5qZBX2kmCxrpwVA4ycls1F4fz3XSDLCyOnxO9rYpP2JYwjfYhkgV71-JNBogeVdVDL_JqWDTjZJZLDPrOp4ZmESrh6kI3n_f6zuxaWvuYK-c31_icvWm_g1eXmpKo4CVB0-Vv6EYuDuh5tS9y4yybr9mMrnZaSwHpyTp6YBsd9i0H6cyHZ7YiyIQCVa30We0iTa335arKG2zG.1437151277357.3600000.UePJmiwfcRyceI0eQ32BbXyekHbzvQ1tk5tP2_8O7T8; path=/; expires=Fri, 17 Jul 2015 17:41:18 GMT; httponly' ]


Searching for ".example.com"

Searching for ".example.com" yielded too many results because there were a lot of "www.example.com" strings found.

Magic Regex

This regular expression did the trick:

^(?=.*example.com)(?!.*www).*


It says, "Give me everything that matches "example.com" but does not also contain "www".



This work is licensed under the Creative Commons Attribution 3.0 Unported License.

Wednesday, July 15, 2015

The Philosophy of Success at Work

Quotes

Here are some related quotes from some notable people:


“To be is to do.” — Socrates
“To do is to be.” — Jean-Paul Sartre

“The way to be is to do.” — Dale Carnegie
“The way to do is to be.” — Leo-tzu, Chinese philosopher

“We act as though comfort and luxury were the chief requirements of life. All that we need to make us happy is something to be enthusiastic about.” —  Albert Einstein

“Success consists of going from failure to failure without loss of enthusiasm.” — Winston Churchill

“Nothing great was ever achieved without enthusiasm.” — Ralph Waldo Emerson



I think they are all correct.

Reflection

You need to be in at least two of the circles above to stay employed.

You need to be in all three of the circles to thrive at work.

At the heart of success in your endeavors is your enthusiasm.

So, find what you truly enjoy doing, deliver good work and be nice and you will be successful at it.



This work is licensed under the Creative Commons Attribution 3.0 Unported License.

Wednesday, July 8, 2015

Upgrade Node.js to Avoid DoS Attack

TL;DR

If your are running Node.js v0.11.0 to v0.12.5 then you need to upgrade to v0.12.6 ASAP.



That's typically what happens with buffer exploits.

The Exploit

A bug in the way the V8 engine decodes UTF strings has been discovered. This impacts Node at the Buffer to UTF8 String conversion and can cause a process to crash. The security concern comes from the fact that a lot of data from outside of an application is delivered to Node via this mechanism which means that users can potentially deliver specially crafted input data that can cause an application to crash when it goes through this path. We know that most networking and filesystem operations are impacted as would be many user-land uses of Buffer to UTF8 String conversion.

Buffers

Here's some background information on how buffers work in NodeJS.

Buffers are instances of the Buffer class in node, which is designed to handle raw binary data. Each buffer corresponds to some raw memory allocated outside V8. Buffers act somewhat like arrays of integers, but aren’t resizable and have a whole bunch of methods specifically for binary data. In addition, the “integers” in a buffer each represent a byte and so are limited to values from 0 to 255 (2^8 – 1), inclusive.

There are a few ways to create new buffers:


var buffer = new Buffer(8);


This buffer is uninitialized and contains 8 bytes.


var buffer = new Buffer([ 8, 6, 7, 5, 3, 0, 9]);


This initializes the buffer to the contents of this array. Keep in mind that the contents of the array are integers representing bytes.


var buffer = new Buffer("I'm a string!", "utf-8")

Writing to Buffers

Given that there is already a buffer created:


var buffer = new Buffer(16);


We can start writing strings to it:


buffer.write("Hello", "utf-8")


The first argument to buffer.write is the string to write to the buffer, and the second argument is the string encoding. It happens to default to utf-8 so this argument is extraneous.

buffer.write returned 5. This means that we wrote to five bytes of the buffer. The fact that the string “Hello” is also 5 characters long is coincidental, since each character just happened to be 8 bits apiece. This is useful if you want to complete the message:


buffer.write(" world!", 5, "utf-8")


When buffer.write has 3 arguments, the second argument indicates an offset, or the index of the buffer to start writing at.

Reading from Buffers

Probably the most common way to read buffers is to use the toString method, since many buffers contain text:


buffer.toString('utf-8')
'Hello world!u0000�kt'


Again, the first argument is the encoding. In this case, it can be seen that not the entire buffer was used! Luckily, because we know how many bytes we’ve written to the buffer, we can simply add more arguments to “stringify” the slice that’s actually interesting:


buffer.toString("utf-8", 0, 12)
'Hello world!'

Using Buffers in the Browser

The Buffer exploit mainly affects backend server running NodeJS (or old versions of IO.JS), but the use of Buffers is not limited to the backend.

You can work also with buffers in the Browser by using: https://github.com/toots/buffer-browserify.

However, its performance is poor, mainly due to Buffer design decisions.

Equivalent functionality, with better performance metrics, in the browser is provided by TypedArrays or https://github.com/chrisdickinson/bops.

bops

bops presents a JavaScript API for working with binary data that will work exactly the same in supported browsers and in node. due to the way that Buffer is implemented in node it is impossible to take code written against the Buffer API and make it work on top of binary data structures (Array Buffers and Typed Arrays) in the browser.

Instead, you have to fake the API on top of Object, but Object isn't designed for holding raw binary data and will be really slow/memory inefficient for many common binary use cases (parsing files, writing files, etc).

Upgrade NodeJS

If your target operating system is OSX, then you probably have 3 main packages to consider:
  • NodeJS
  • NPM
... and probably these as well:
  • Homebrew
  • NVM

If you're a Homebrew user and you installed node via Homebrew, there are issues with the way Homebrew and NPM work together stemming from the fact that both homebrew and npm are package management solutions.

If you're a Homebrew user and you installed node via Homebrew, there is a major philosophical issue with the way Homebrew and NPM work together.

There are many ways to install these packages.

Read this article for my suggested solution (that does not require you to use sudo permissions): Cleanly Install NVM, NodeJS and NPM.

References

http://lexsheehan.blogspot.com/2015/04/cleanly-install-nvm-node-and-npm.html
http://blog.nodejs.org/2015/07/03/node-v0-12-6-stable/
http://blog.nodejs.org/vulnerability/
https://github.com/toots/buffer-browserify
https://github.com/chrisdickinson/bops
http://www.read.seas.harvard.edu/~kohler/class/05f-osp/notes/lec19.html
http://jsdevs.com/how-to-use-buffers-in-node-js/

This work is licensed under the Creative Commons Attribution 3.0 Unported License.

Tuesday, May 19, 2015

Microsoft IE8 End Of Life

Microsoft recommends customers plan to migrate to one of the above supported operating systems and browser combinations by January 12, 2016.



IE8 Issues

HTML5 CSS3 Incompatibilities

Remember having to insert the following into your head tag to help fix the lack of support IE8 has for html5 tags and CSS3 properties? (or using Modernizer)


<!--[if lt IE 8]>
      <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
      <script src="https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"></script>
<![endif]-->

Missing functions

Remember having to use es5-shim because IE8 did not implement lastIndexOf, map, filter, every, forEach, etc. functions?

Security Vulnerabilities

Did you know the IE8 has over 500 known security vulnerabilities? (that will never get fixed)

IE8's continued reliance on ActiveX makes it vulnerable to the core.

Unforgiving Parser

Back in the days of IE5, IE was very forgiving when it came to HTML syntax.

IE8 is unforgiving in regards to HTML syntax and javascript.

I'm not saying that I approve of a lax enforcement of standards, but I do recall how quickly a web developer could crank out a web application when the user base were all IE users. Not so for IE8.

In many cases, IE8 would make your site break, even if it were coded perfectly.

Good bye, IE8. (and good riddance!)

p.s. Unbelievably, IE8 was actually somewhat better than IE7.

References

https://github.com/es-shims/es5-shim
https://support.microsoft.com/en-us/gp/microsoft-internet-explorer
http://www.zdnet.com/article/australian-retailer-charges-customers-ie-7-tax/

This work is licensed under the Creative Commons Attribution 3.0 Unported License.

Wednesday, May 6, 2015

We're doing emergency maintenance to recover the site (github.com)

How many companies depend on github.com?

What is your mitigation strategy when things go wrong?

Today, github had a major outage.

Granted, github was only down for under 30 minutes or less, but that can still wreak havoc for scripts that depend on github and don't have 30 minute+ retries built in.

Between approx. 7:40 a.m. and 7:54 a.m. EST, if you were to try to reach any resource with github.com in the url this is what you'd see:



GitHub Status





References

https://status.github.com/messages
https://twitter.com/githubstatus

This work is licensed under the Creative Commons Attribution 3.0 Unported License.