Sunday, November 17, 2013

rvm and ruby for some beEF on OSX

There are many articles, some of them did not work for me and may not work for you… This is what I have made to succeed:

# uninstall all previous trials of rvm (modify .bash_profile and remove)
rm -rf .rvm*
# latest stable in my time was 2.0.0-p247
curl -L https://get.rvm.io | bash -s stable --ruby
# obviously this install does not modify profile
source ~/.rvm/scripts/rvm
# just looking
rvm list known
ruby --version
# switch from apples version ruby 1.8.7 to "latest"
rvm use ruby-2.0.0-p247
#
rvm gemset create beef
rvm use ruby-2.0.0-p247@beef
# swich to cloned source 
cd ~/beef/
# make ruby in this folder to be 2.0.0
echo 'rvm use ruby-2.0.0-p247@beef' > .rvmrc
# install
bundle install

# run
source ~/.rvm/scripts/rvm
rvmsudo ./beef

Monday, July 29, 2013

git whatever --recursive (submodules)

Git submodules are pain in the ... some commands support --recursive but not all. In this case, this snipped can help:
git-recursive(){
 git "$@"
 git submodule foreach --recursive \
  git "$@" 
}
any improvements are welcomed ;-)

Thursday, July 18, 2013

DBA_TAB_COLS and friends

Table                Scope                Types     Hidden_Cols_Filtered
----------------------------------------------------------------------
DBA_TAB_COLS        in the database      T,W,C      No
DBA_TAB_COLUMNS     in the database      T,W,C      Yes

ALL_TAB_COLS        accessible to user   T,W,C      No
ALL_TAB_COLUMNS     accessible to user   T,W,C      Yes

USER_TAB_COLS       owned by user        T,W,C      No
USER_TAB_COLUMNS    owned by user        T,W,C      Yes




all_table_cols  mistype of ALL_TAB_COLS
user_table_cols mistype of USER_TAB_COLS

Wednesday, July 10, 2013

How much is Twitter Button (on OTN)

Just another funny fact: for such a small button down on the page, grey and almost invisible
you pay 27K on transfer ?
Sorry, just playing with Charles (before uninstalling this annoying freeware) from my Mac. Oh, refer(r)er is http://www.oracle.com/technetwork/index.html

Oracle and JQuery

Just a funny payload from todays random sniffing:
/*!
######################################################

# JQUERY.JS

# OCOM GLOBAL ASSET RELEASE: v3.3.2

# BUILD DATE: TUE JUN 25 01:03:40 UTC 2013

# COPYRIGHT ORACLE CORP 2013 [UNLESS STATED OTHERWISE]

# ANY CHANGES MADE TO THIS FILE WILL BE OVERWRITTEN!
# DO NOT MODIFY THIS FILE ON STAGE OR PRODUCTION. ALL
# CHANGES OR ADDITIONS TO THIS FILE MUST BE SUBMITTED
# TO WEBSTANDARDS_WW -AT- ORACLE.COM

######################################################
*/

/*! jQuery v1.7.1 jquery.com | jquery.org/license */
(function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cv(a){if(!ck[a]){var b=c.body,d=f("<"+a+">").appendTo(b),
......

Spring Config Files, Locations, Names and Structures

Quickly finding all spring config files
spring-configs(){
 git grep --name-only "http://www.springframework.org/" -- '*.xml' 
}
Now let's compare several "boilerplate, demo, sample projects" (just from what I have on my hd):

PetClinic: https://github.com/SpringSource/spring-petclinic/

src/main/resources/spring/business-config.xml
src/main/resources/spring/datasource-config.xml
src/main/resources/spring/mvc-core-config.xml
src/main/resources/spring/mvc-view-config.xml
src/main/resources/spring/tools-config.xml
src/test/java/org/springframework/samples/petclinic/web/VisitsViewTests-config.xml

STS Wizard generated project (Templated Project, MVC)

src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml
src/main/webapp/WEB-INF/spring/root-context.xml

STS Wizard generated project (Templated Project, Utility)

src/main/resources/META-INF/spring/app-context.xml
src/test/resources/x/y/z/ExampleConfigurationTests-context.xml

Spring Roo Project (STS Wizard)

src/main/resources/META-INF/spring/applicationContext.xml

DI Styles (SpringSourceDemonstration) https://github.com/cbeams/distyles.git

style-1-xml/src/main/com/bank/config/app-config.xml
style-2-namespace/src/main/com/bank/config/app-config.xml
style-3-autowired/src/main/com/bank/config/app-config.xml
style-5-hybrid/src/main/com/bank/config/app-config.xml
More Projects, Explanations and some Wrapup comming soon.

Thursday, July 4, 2013

XmlHttpRequest (XHR) and HTTP Redirects (testcase)

This is results of XHR behaviour in IE and Chrome regarding redirects. Enjoy.
Credits: dojo@gratex.com

Monday, June 24, 2013

Life Behind Proxy - gradle

today, brought another challenge, making gradlew/gradle working from behind corporate proxy. Solution/Failure article comming soon I hope. Update: 23:11 I gave up, proxy scanning makes all unusable, instead of configuring proxy changing repository URL to local nexus.
sed -i "s;repo.springsource.org/libs-milestone;nexushost/nexus/content/groups/public;" build.gradle
TODO: some "global" remapping line in .m2 ? without touching each build.gradle ?

Tuesday, June 11, 2013

webmessaging, postMessage and naive properties access

Sometimes I tend to put debug codes to dump method arguments. My favorite construction is
console.debug("dumpEvent:", evt); 
instead of often seen:
console.debug("dumpEvent:"+evt);
However, using this code is not a good idea with cross domain integration code:
win.global.addEventListener("message", dumpEvent);
function dumpEvent(evt) {
 // this will raise some errors in console
 // Blocked a frame with origin "http://a" from accessing 
 // a frame with origin "http://b". 
 // Protocols, domains, and ports must match.
 console.debug("dumpEvent", evt); // not a good idea
}

win.global.addEventListener("message", dumpEventProperties);
function dumpEventProperties(evt) {
 // this shall work, dump only properies specified in: 
 // http://www.w3.org/TR/webmessaging/
 console.debug("dumpEvent", {
  data : evt.data,
  origin : evt.origin,
  lastEventId : evt.lastEventId,
  //source : evt.source, //and this is the cause of problem ;-)
  ports : evt.ports
 });
}
So be aware, sometimes your logging statements can produce errors as well ;-)

Sunday, April 7, 2013

Wednesday, April 3, 2013

Good book: The Tangled Web: A Guide to Securing Modern Web Applications

http://lcamtuf.coredump.cx/tangled/

Style is different (less details and i miss concrete proofs, tests, tables from original material (). Excellent. Thanx for nice (night) reading.

RQL - resource query language - playground

Friends of mine have created an experimental playground for RQL - Resource Query Language. You can enter the source JSON, query (in RQL) and also create own operators. It contain some predefined samples with associated predefined queries. Shall live here: http://rql-engine.eu01.aws.af.cm/ and here are some screenshots:

Monday, April 1, 2013

a list apart (1st april joke ?)

all titles cropped ? on all my OSX browsers ? April joke ?

Thursday, March 14, 2013

Getting Started with OAuth 2.0

im sorry to say that, orailly is usually a good book publisher but Getting Started with OAuth 2.0 is imho one really bad book . no added value when compared to original specification. about the same size of pages. just changed ascii art diagrams to ugly graphics and added samples. really not good reading. if spent money already, skip to appendix directly and dont forget to read this as well http://hueniverse.com/2010/09/oauth-2-0-without-signatures-is-bad-for-the-web/

Sunday, January 13, 2013

dojo-declare - performance

http://jsperf.com/dojo-declare I would expect some slow down but not this big. Need to investigate. Any collaboration appreciated. Construction:

Sunday, January 6, 2013

Wednesday, January 2, 2013

dojo/dom-class vs. native classList

1) html 5 supports classList
http://davidwalsh.name/classlist

2) dojo implementation is not using these native methods, and is slow compared to native variants:
http://jsperf.com/native-dojo-class-manipulation-v-html5/7

Here is (my) draft of improvement: 
http://jsperf.com/native-dojo-class-manipulation-v-html5/8
(last method "Has Class - Dojo - with feature detection" and naive has(), contains1() methods)

Native support detection issue is also mentioned in bug discussions (currently closed as 'rejected'):
http://bugs.dojotoolkit.org/ticket/11465

More, it is marked as "posterity" in latest source code (line 43):

https://github.com/dojo/dojo/blob/master/dom-class.js



3) Many HTML5 support detections are still missing in has.js: 

IMHO, about classList, only pull request from brianforbes, 2 years old (quite ugly):
https://github.com/bryanforbes/has.js/commit/c2711e28989c0b838ea5d121915de3dad6952b0b

 
For the beginning, we are comparing:
Has Class - Dojo
domClass.contains("single_class", "a_class");
Has Class - HTML5
document.getElementById("single_class").classList.contains("a_class");
classList contains with dojo byId
dom.byId("single_class").classList.contains("a_class");
Has Class - Dojo - with feature detection
domClass.contains1("single_class", "a_class");

http://jsperf.com/native-dojo-class-manipulation-v-html5/8