Category: open source

Book Review: Instant Mock testing with PowerMock

By , Sunday 5th January 2014 7:23 pm

I was recently asked to review “Instant Mock testing with PowerMock” by PacktPub. Part of their “instant” series which aims to get you up and running with a project quickly. My review follows.

Continue reading 'Book Review: Instant Mock testing with PowerMock'»

Protecting node.js from BEAST TLS attack

By , Friday 7th June 2013 6:56 pm
Copyright Disney, I don't think they'll sue me. Thanks for the image.

Copyright Disney, I don’t think they’ll sue me. Thanks for the image.

After reading Eric Martindale‘s very useful blog post on “Mitigating TLS BEAST attack in node.js” I decided to implement this for pinitto.me in order to increase security of the site.

After implementing the suggested code I then attempted to test the SSL setup via SSLLabs.  Sadly the report came back showing that pinitto.me was still vulnerable to BEAST attacks.

A BEAST (or Browser Exploit Against SSL/TSL) attack is an attack where a third party can silently decrypt communications between a browser and a server. This is performed by attacking a weakness in CBC (cipher block chaining) discovered back in 2006 but with a practical exploit not found until late 2011.

BEAST attacks are not possible on TLS versions greater than 1.0 but as this version is currently the most predominant on the internet such attacks are possible on most unprotected servers.

The documentation on SSLLabs.com suggested a different set of ciphers to those suggested by Eric and so after implementing these pinitto.me is now reported to not be vunerable to these attacks, yey!

The code for setting up a HTTPS server on node.js therefore becomes:

var https = require('https')
  , fs = require('fs')

var options = {
   key: fs.readFileSync(config.ssl.key, 'utf8'),
   cert: fs.readFileSync(config.ssl.cert, 'utf8'),
   ca: fs.readFileSync(config.ssl.ca, 'utf8'),
   ciphers: 'ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH',
   honorCipherOrder: true
}

https.createServer(options, function (req, res) {
  res.writeHead(200)
  res.end("Hello World!")
}).listen(443)

Notes

XMPP-FTW now supports Superfeedr

By , Sunday 12th May 2013 5:07 pm

Summary

As of version 0.9.0 xmpp-ftw now supports the Superfeedr XMPP API. If you don’t know what Superfeedr is then read this shamelessly stolen description from Crunchbase:

Superfeedr fetches and parses RSS or Atom feeds on behalf of its users and then pushes them the new entries in these feeds. Superfeedr implements most of the current Real-time technologies and guarantees an entry detection time inferior to 15 min. Superfeedr has both an XMPP and a PubSubHubbub API.Read more: http://www.crunchbase.com/company/superfeedr#ixzz2T6A0Grml

The XMPP-FTW interface to Superfeedr is built off their documentation which can be found here: http://superfeedr.com/documentation#pubsubhubbub.

Continue reading 'XMPP-FTW now supports Superfeedr'»

Expose github README.md at a path using express middleware

By , Sunday 24th March 2013 10:33 pm

I’ve just published the first version of a new middleware package I’ve written to expose your project’s README.md via express.

To install simply run:

npm i --save express-middleware-readme.md

Continue reading 'Expose github README.md at a path using express middleware'»

Talking at the first XMPPUK Event – March 2013

By , Wednesday 13th March 2013 8:37 pm

We had the inaugural XMPP/realtime meetup held at Mozilla London on the 13th March which was sponsored by my employer Surevine.

At Surevine we believe that XMPP has a very important place in the future of the web and this goes hand-in-hand with realtime technologies too which is why we’ve started this meetup which will hopefully grow into its own entity.

I’ve written a blog post up on the Surevine website about the event which I suggest you read if you are interested. This also contains details about finding out more about the event and where to get information on future planned events too.

Continue reading 'Talking at the first XMPPUK Event – March 2013'»

Talking at London Node User Group (LNUG) – Feburary 2013

By , Wednesday 27th February 2013 8:18 pm

At the Feburary London Node User Group (LNUG) I had a chance to speak about one of my new projects pinitto.me. Pinitto.me is an open source infinite virtual corkboard application that I created over a weekend around christmas to help with planning days for myself and colleagues at Surevine.

Continue reading 'Talking at London Node User Group (LNUG) – Feburary 2013'»

Install a better version of GIT on Amazon EC2 default instance

By , Monday 14th January 2013 10:27 am

I was doing some development on an Amazon default EC2 instance and wanted to commit some changes back to a repository using `git commit -p`, flag ‘-p’ not recognised, boo!

Turns out the default version of GIT that comes with the EC2 instances is 1.7.4.X. I’m not sure (and can’t easily find) what version the patch feature was added to `git commit`, but I have an install of 1.7.7.X available and it appears to be in there  (update – git commit patch added in 1.7.6).

Anyway I had a quick look around the interwebs to find a repo/rpm for a newer version of GIT so I could make my patch commit. I eventually discovered that version 1.8.0.1 is sitting in the ‘amzn-preview‘ repository which is sitting on the box already. In order to upgrade GIT therefore you simply do:

sudo yum install --enablerepo=amzn-preview git

This will get you a more recent version, and the very useful patch feature.

An error has occurred: {“bytesParsed”:0,”code”:”HPE_INVALID_CONSTANT”}

By , Saturday 12th January 2013 2:38 pm

From bdc.co.uk

I’ve been writing a new application in Nodejs, using websockets (socket.io), this application is deployed using the PaaS Nodejitsu.  Everything has been going great and I’ve been surprised how easy it has been to create a realtime application using socket.io. Deployment has also been a breeze with Nodejitsu’s tools.  I develop on a Linux machine myself but the other day I passed the details to someone using a windows machine running internet explorer.  The application stopped working with an error message, a redeploy didn’t help. The error I was presented with was as follows:;

An error has occurred: {“bytesParsed”:0,”code”:”HPE_INVALID_CONSTANT”}

As I haven’t uploaded any new code in about a week I made the incorrect assumption that something had gone wrong on nodejitsu’s side and so dropped them a tweet to let them know as they are still in beta as far as I understand.

Within 90 minutes I’d got a reply from Nuno Job (@dscape) from Nodejitsu letting me know that there was an issue with Internet Explorer, socket.io, and Joyent’s servers. He also included a workaround, and a link with further details. Excellent support!

From what I’ve understood the proxies used at Joyent don’t like non-HTTP response (from the flashsocket) and so prevent any further connections to the domain (please correct me in the comments if incorrect).

The solution is to turn off flashsocket as a transport when configuring socket.io as follows:

var io = require('socket.io').listen(80);

io.configure(function(){
    io.set('transports', [
        'websocket',
        'htmlfile',
        'xhr-polling',
        'jsonp-polling'
    ]);
});

See: https://github.com/LearnBoost/Socket.IO/wiki/Configuring-Socket.IO

I hope this helps anyone that comes across the same issue, the original solution/explanation came from http://blog.dreamflashstudio.com/2012/08/nodejitsu-on-joyent/.

With this in place the app sprung back into life. I just really need to report to users with browsers that don’t implement websockets that they need to use something more modern…

 

 

 

 

Realtime and XMPP in Portland, Oregon

By , Tuesday 6th November 2012 11:54 am

At the end of October I got a chance to attend the awesome Realtime conference 2012 as well as the XMPP Summit in Portland, Oregon. It was an immense week and I had the chance to meet some great people and learn about some awesome tech,

I’ve written a post up about this on Surevine’s (my employers) blog: Realtime conference 2012 and XMPP Summit.

 

 

Running your own open federated social network from your home for just $25

By , Monday 3rd September 2012 9:00 am

What is the RaspberryPi?

Raspberry Pi image from wikipedia – http://en.wikipedia.org/wiki/Raspberry_Pi

The Raspberry Pi is a small (credit card) sized computer which costs around the £25 mark. Originally envisioned to help bring back proper IT skills to schools (rather than just how to use Microsoft Office suite and alike), just like when children of the 70’s – 90’s were growing up (I just caught the tail end of it).

The ability to not only see the hardware but to mess around with the software running it without fear of breaking it. I learned many of my computer skills from continually breaking my father’s beloved PCs as a child and then hurriedly fixing them before he found out, I’m sure if I tried I could still even run off some MSCDEX lines :)

These little devices, since launch, have been near impossible to get hold of on a short timescale for they have been gobbled up by the developer community and those who remember playing with computers in the long distant past. There is a huge number of projects coming out using this little board and, more importantly, there’s even 8-year old kids generating their own programs (read: games) using it.

My first board is used to run a media server using xbian but one of the projects I was really looking forward to was running the software for an open source project I help out on (professionally and personally) and get my own open-federated social network running from the depths of my basement (more on that below).

For more information please see: Raspberry Pi – About Us

Continue reading 'Running your own open federated social network from your home for just $25'»

Panorama Theme by Themocracy

1 visitors online now
0 guests, 1 bots, 0 members
Max visitors today: 4 at 02:06 am UTC
This month: 16 at 07-08-2017 06:57 am UTC
This year: 45 at 02-01-2017 10:28 pm UTC
All time: 130 at 28-03-2011 10:40 pm UTC