Here is a pretty cool video of 18 months of Git commits using the Gource tool which is a software version control visualization tool.
Try to see it in full screen and at 1024p HD quality:
Friday, 14 June 2013
Wednesday, 12 June 2013
More TeamMentor UI Javascript trace and debug views
On the topic of TeamMentor UI debug helpers (see Opening up TeamMentor’s Javascript Trace Viewer which hooks TM method calls) here are a couple other useful options:
Opening up TeamMentor’s Javascript Trace Viewer which hooks TM method calls
If you are trying to debug (or understand) the TeamMentor’s Javascript layer, there are a number of debugging tools and options (in the /Javascript/TM/Settings.js file) that might help you:
Tuesday, 11 June 2013
Trying out NCrunch
Intrigued by Kofi’s NCrunch and TeamMentor post, and since today I had to write a number of Unit Tests, I decided to give NCrunch a test drive.
I downloaded the MSI, the install was smooth and next time I opened up VisualStudio there was a new NCrunch menu available:
I downloaded the MSI, the install was smooth and next time I opened up VisualStudio there was a new NCrunch menu available:
Changing the way User Sessions are handled by TeamMentor (will be 3.3 Release HotFix 3)
One feature we introduced in TeamMentor 3.3 was the limitation of only allowing one user session to be active at any given time.
This had the nice side effect of 'preventing user account reuse'.
In practice, this meant that TM users had to stop using shared accounts (like the admin account), which was a good thing.
But, it created nasty side effects where the user can only be logged in once across all its devices. And an even worse side-effect happened when we implemented a SSO solution for a client, and we realized that for the cases where there was one SSO token shared across multiple users, we would have to create an TM account per user session!
So we went back to the Concurrent Logins Have Broken issue, reopened it and changed it priority to P0 (which means that this will be another 3.3 HotFix)
The rest of this post shows the workflow that I took when making the code 3.3 HotFix #3 changes, testing them and pushing the new version to GitHub.
This had the nice side effect of 'preventing user account reuse'.
In practice, this meant that TM users had to stop using shared accounts (like the admin account), which was a good thing.
But, it created nasty side effects where the user can only be logged in once across all its devices. And an even worse side-effect happened when we implemented a SSO solution for a client, and we realized that for the cases where there was one SSO token shared across multiple users, we would have to create an TM account per user session!
So we went back to the Concurrent Logins Have Broken issue, reopened it and changed it priority to P0 (which means that this will be another 3.3 HotFix)
The rest of this post shows the workflow that I took when making the code 3.3 HotFix #3 changes, testing them and pushing the new version to GitHub.
Fixing a couple bugs and pushing new TeamMentor 3.4 Dev Version (from 4 to 5)
This post shows one way to use GitHub to update the main development branch of TeamMentor.
At the moment TeamMentor/Dev repo is at version 3.3 – Dev 4
At the moment TeamMentor/Dev repo is at version 3.3 – Dev 4
The day CodingLab.org was born
After brainstorming about the idea of 'Open Library' for my RaspberryPi, Arduino, BeagleBone, Pyhton, CodeClub books and materials on the Chiswick High Road with Sarah (my wife), she come up with the name of Coding Lab, as a better way to present the concept to local venues (with the added idea of doing regular/monthly lab sessions in there).
So I:
So I:
- did a quick DNS search,
- found that CodingLab.org was available,
- registered it,
- created a GitHub repository for it https://github.com/O2platform/CodingLab
- added some GitHub Pages
Creating TeamMentor release 3.3.2 (3.2 version with HotFix 2)
Now that the two P0 issues are marked as fixed (after a round of QA):
Monday, 10 June 2013
'Open Library' for my RaspberryPi, Arduino, BeagleBone, Pyhton, CodeClub books and materials on the Chiswick High Road
Yesterday I 'dropped' 10 Python books to a friend's kid house with a 'take a look at these books and pick one that make sense to you' workflow (they are trying to use a RaspeberryPI and learn how to code in Python)
Later that day one of the kids asked me '... can we keep two?..' , which is always a good sign :)
This got me thinking that that some of my books (I have lot of them) deserve to be shared with more kids :)
Maybe I could have them 'somewhere' on the local Chiswick High Road (West London) as a kind of 'Public Geek Library' for kids (and adults).
This could also be a great location to put information about CodeClub and examples of what I'm creating with the kids that I am teaching every Wednesday.
Later that day one of the kids asked me '... can we keep two?..' , which is always a good sign :)
This got me thinking that that some of my books (I have lot of them) deserve to be shared with more kids :)
Maybe I could have them 'somewhere' on the local Chiswick High Road (West London) as a kind of 'Public Geek Library' for kids (and adults).
This could also be a great location to put information about CodeClub and examples of what I'm creating with the kids that I am teaching every Wednesday.
Sunday, 9 June 2013
Installing Ignite’s OpenFire and Spark (IM server and client)
When testing HuBot, I needed an IM server and client
Since the HuBot install article that I was following recommended OpenFire and Spark, I decided to give it a test drive.
Here is how I installed and set it up on a local VM.
The first step was to get OpenFire from the Ignite's website:
Since the HuBot install article that I was following recommended OpenFire and Spark, I decided to give it a test drive.
Here is how I installed and set it up on a local VM.
The first step was to get OpenFire from the Ignite's website:
A constant source of confusion: Simplicity
From this reddit I found the really interesting and thought provoking (long) post on A constant source of confusion: Simplicity
Simplicity is a topic that really matters to me, and is something that always try to do when writing code or creating APIs (like the ones in the O2 Platform, FluentSharp or TeamMentor).
That post has some great references, which are well worth a read:
Simplicity is a topic that really matters to me, and is something that always try to do when writing code or creating APIs (like the ones in the O2 Platform, FluentSharp or TeamMentor).
That post has some great references, which are well worth a read:
- Software engineering: An Idea Whose Time Has Come and Gone? - by the author of the Controlling Software Projects: Management, Measurement, and Estimation book and the one that said “You can’t control what you can’t measure.” (something the author now doesn't believe is correct)
- Worse is better - ( Wikipedia quote)"Worse is better, also called the New Jersey style, was conceived by Richard P. Gabriel to describe the dynamics of software acceptance, but it has broader application. The idea is that quality does not necessarily increase with functionality. There is a point where less functionality ("worse") is a preferable option ("better") in terms of practicality and usability. Software that is limited, but simple to use, may be more appealing to the user and market than the reverse...." :
- Dreaming in Code: Two Dozen Programmers, Three Years, 4,732 Bugs, and One Quest for Transcendent Software
Saturday, 8 June 2013
What is Privacy all about? ... its about 'not being surprised'
Privacy is one of those subjective topics that is hard to talk about, because everybody seems to have a different definition of it (which depends on culture, personal experience, current/past jobs and state-of-mind.
Recently I found a Seth Godin post (while reading Whatcha Gonna Do with That Duck? in the toilet) which really provided a great explanation of privacy.
The post happens to also be online (People don't truly care about privacy) and here is the key part:
Recently I found a Seth Godin post (while reading Whatcha Gonna Do with That Duck? in the toilet) which really provided a great explanation of privacy.
The post happens to also be online (People don't truly care about privacy) and here is the key part:
Friday, 7 June 2013
Why the need to enable the use of OWASP chapter funds
I just send the text below to the OWASP Leaders list, which was part of this thread
My answer was to Tim's comment and I started a new thread with it
-------------
Tim's solution (see below) is great and we should apply it now (using data from the last year). The only thing I would change is to remove the C (soft cap) and P (hard cap). This would have a net positive result for all chapters (and not move the money to the 'OWASP mothership' which is a very sensitive topic).
My answer was to Tim's comment and I started a new thread with it
-------------
Tim's solution (see below) is great and we should apply it now (using data from the last year). The only thing I would change is to remove the C (soft cap) and P (hard cap). This would have a net positive result for all chapters (and not move the money to the 'OWASP mothership' which is a very sensitive topic).
For the ones really interested in this thread/topic, you should read the amazing Seth Godin's post Non-profits have a charter to be innovators which really explains why OWASP (as an organisation) as the DUTY and moral responsibility to spend its available funds, to experiment, to get things done, etc....)
OWASP is Hiring a FT Event Manager (35k USD)
Sarah Baso just posted the email below to the OWASP-leaders list which is a great move for OWASP.
-
OWASP Leaders -
We are looking for a motivated professional to take on management of OWASP Events.
Applications are being accepted until June 21, 2013 with interviews immediately following with a final decision made by July 5, 2013.
How to apply: Email a cover letter and resume with your name and the position you are applying for in the subject line to owasp.foundation@owasp.org.
Please help us spread the word about the position by posting to your chapter/project lists, adding to applicable job boards, or forwarding to any individuals that you think would be interested.
Help out with WebGoat .NET development
If you are looking for a great project to learn about ASP.NET, C# and Web Application Security, WebGoat .NET is a great place to start.
Please grab the code (here or here), read the current issues and join the mailing list
See my WebGoat.NET in Action (and how I set-it up) post if you need help setting it up.
And please fell free to invite others to join the party :)
Please grab the code (here or here), read the current issues and join the mailing list
See my WebGoat.NET in Action (and how I set-it up) post if you need help setting it up.
And please fell free to invite others to join the party :)
13 Great Quotes from Steve Jobs
I like the fact that I can relate to most and am actively involved in executing them.
For example ... the idea that when we start working on something it tend to be very complex, and it is only by working on it 'over and over again' that it becomes simple, easy to use and useful (for a wide audience) ... is exactly how I approach the development of the O2 Platform and TeamMentor
For example ... the idea that when we start working on something it tend to be very complex, and it is only by working on it 'over and over again' that it becomes simple, easy to use and useful (for a wide audience) ... is exactly how I approach the development of the O2 Platform and TeamMentor
Controlling Selenium and Chrome WebDriver from a C# REPL GUI (while fixing UnitTest)
When I was Running TeamMentor WebAutomation UnitTests locally (using Selenium and ChromeDriver), there were a number of TeamMentor's UnitTests that failed, and could not be fixed with simple changes or re-execution
This post shows how I used the O2 Platform's FluentSharp REPL script_Me capabilities to debug the problem and find a solution.
This post shows how I used the O2 Platform's FluentSharp REPL script_Me capabilities to debug the problem and find a solution.
Running TeamMentor WebAutomation UnitTests locally (using Selenium and ChromeDriver)
If you want to run the TeamMentor's WebAutomation UnitTests (for example to see how we use Selenium and the multiple WebDrivers, like ChromeDriver), there are couple gotchas that you will need to take into account.
This post shows how I went from a git clone to a full execution of all unit tests.
This post shows how I went from a git clone to a full execution of all unit tests.
Wednesday, 5 June 2013
Adding Markdown support to TeamMentor's Article 'view and edit workflow'
After Adding MarkdownDeep Web Editor and Editing/Viewing an TeamMentor Article, the next step was to add Markdown support to the main TeamMentor's Article rendering and editing workflow.
Since all the heavy lifting was already done, adding these capabilities was relatively easy to do with the code that can be see on the 2ead06cf1098872849f8e1d68fb3215e2668f502 commit:
Since all the heavy lifting was already done, adding these capabilities was relatively easy to do with the code that can be see on the 2ead06cf1098872849f8e1d68fb3215e2668f502 commit:
Adding MarkdownDeep browser-based Markdown 'Edit and Preview' capabilities to TeamMentor (and editing an TM Article)
After Adding MarkDown support to TeamMentor using MarkDownDeep, where I got MarkdownDeep to work on the backend (ie server-side markdown transformation), the next step was to add client-side viewing and editing (i.e browser-side markdown transformation).
Although there is a MarkdownDeep NuGet package with the client-side coed, I wanted to put the files in a specific location, so I manually added the html, JS and CSs files into the TM’s Javascript folder:
Although there is a MarkdownDeep NuGet package with the client-side coed, I wanted to put the files in a specific location, so I manually added the html, JS and CSs files into the TM’s Javascript folder:
Adding MarkDown support to TeamMentor using MarkDownDeep
After adding ASP.NET MVC 4.0 in TeamMentor (with simple Controller, View and master Layout) I was ready to add Markdown support to TeamMentor.
I chose MarkdownDeep after reviewing the multiple Markdown C# and JavaScript APIs currently available (for more details see the references section at the end of this post)
My first step was to go NuGet and choose the MarkDownDeep - .NET Only Edition package:
I chose MarkdownDeep after reviewing the multiple Markdown C# and JavaScript APIs currently available (for more details see the references section at the end of this post)
My first step was to go NuGet and choose the MarkDownDeep - .NET Only Edition package:
Using ASP.NET MVC 4.0 in TeamMentor (with simple Controller, View and master Layout)
On TeamMentor's 3.3. release we added support for C# RazorEngine and System.Web.Razor.
For 3.4 release, there is requirement to add Markdown support (see next post). Since the API that I want to use (MarkdownDeep) works really well with ASP.NET MVC 4.0, here is how I added ASP.NET MVC 4.0 support to TeamMentor.
The process was quite smooth, and I was able to quickly get it up and running.
It all started with NuGet where I added this package
For 3.4 release, there is requirement to add Markdown support (see next post). Since the API that I want to use (MarkdownDeep) works really well with ASP.NET MVC 4.0, here is how I added ASP.NET MVC 4.0 support to TeamMentor.
The process was quite smooth, and I was able to quickly get it up and running.
It all started with NuGet where I added this package
Tuesday, 4 June 2013
WebGoat.NET in Action (and how I set-it up)
For the OWASP EU Tour London event I showed the WebGoat.NET vulnerable web app (which is a .NET variation of the highly successful Java-based OWASP WebGoat project).
Here are (draft) notes on my efforts to get WebGoat.Net up and running (which might help help others since there is very little documentation about this great new OWASP Project)
After cloning from https://github.com/jerryhoff/WebGoat.NET and using the code from the https://github.com/jerryhoff/WebGoat.NET/tree/new-lessons branch (note that there is now the https://github.com/OWASP/WebGoat.NET repo, which is a better home for this code), I was able to get WebGoat.Net running (see below the probs I had to solve), and here is what the first page looks like:
Here are (draft) notes on my efforts to get WebGoat.Net up and running (which might help help others since there is very little documentation about this great new OWASP Project)
After cloning from https://github.com/jerryhoff/WebGoat.NET and using the code from the https://github.com/jerryhoff/WebGoat.NET/tree/new-lessons branch (note that there is now the https://github.com/OWASP/WebGoat.NET repo, which is a better home for this code), I was able to get WebGoat.Net running (see below the probs I had to solve), and here is what the first page looks like:
View ESAPI 11 Encodings methods in real-time via an ASP.NET Web Page
In the Another step in the use of ESAPI and AppSensor Jars from .Net/C# (using Jni4Net) I posted the screenshots below, which are such a big step forward that I'm creating this separate blog post to expand the idea a little bit :)
One of the things that I always wanted to do with ESAPI , was to have programmatic access to the multiple ESAPI encodings methods, since I believe they are a great example of the type of encodings capabilities that are needed in order to safely consume data provided by (potentially malicious) users.
ESAPI provides a number of sepecific methods to encode a string (each focused on a particular use case)
One of the things that I always wanted to do with ESAPI , was to have programmatic access to the multiple ESAPI encodings methods, since I believe they are a great example of the type of encodings capabilities that are needed in order to safely consume data provided by (potentially malicious) users.
ESAPI provides a number of sepecific methods to encode a string (each focused on a particular use case)
- encodeForHTML
- encodeForHTMLAttribute
- encodeForCSS
- encodeForJavascript
- encodeForVBScript
- encodeForLDAP
- encodeForDN
- encodeForXPath
- encodeForXML
- encodeForXmlAttribute
- encodeForURL
Another step in the use of ESAPI and AppSensor Jars from .Net/C# (using Jni4Net)
Yesterday at the OWASP EU Tour London Chapter event meeting I presented the next step of my research on using ESAPI and AppSensor inside a .NET application like TeamMentor (using Jni4Net to allow the JVM to work side by side with the CLR).
The source code of the demo I presented is posted to the github.com:DinisCruz/TeamMentor_3_3_AppSensor repo, and this post shows a number of screenshots of what is in there.
I used TeamMentor’s TBot C# and AngularJS pages to create the prototypes (since it is very easy and fast to code in that enviroment)
The source code of the demo I presented is posted to the github.com:DinisCruz/TeamMentor_3_3_AppSensor repo, and this post shows a number of screenshots of what is in there.
I used TeamMentor’s TBot C# and AngularJS pages to create the prototypes (since it is very easy and fast to code in that enviroment)
Subscribe to:
Posts (Atom)