dagrek

Found another issue crop up with a firewall rule change that opened up and RDP availability RDP should be configured using strong encryption methods or use SSL as the privacy and integrity provider. To configure RDP encryption methods, launched in mmc.exe to run the  'Terminal Services Configuration' or 'Remote Desktop Session Host Configuration' snap-in. The 'Terminal Services Configuration' or 'Remote Desktop Session Host Configuration' properties dialog box General tab for the Encryption Level 'High' should be selected. See more here for Windows 2008 R2 basically Start> Administrative Tools> Remote Desktop Services> Remote Desktop Session Host Configuration Click on Connection Click General Tab Change Security FROM Negotiate to SSL(TLS 1.0) Click Encryption Level to “High” A restart may be required (hopefully you won't get kicked out)

If there's one thing I don't like it is people confusing a date with a timestamp, and how a lazy bit of development can ruin a load of data. Here is a simple query inserting data to a timestamp I found in a system where all the created dates were truncated because of the incorrect syntax. Bad one which was in use: insert into testdate values (<cfqueryparam cfsqltype="cf_sql_date" value="#createodbcdatetime(now())#">); Result :  2015-09-29 00:00:00.000 Best One (easiest to read) insert into testdate values(getdate() ); Result : 2015-09-29 10:10:09.880 Not great (no binding) insert into testdate values(#createodbcdatetime(now())#); Result :  2015-09-29 10:14:44.000 What the bad one should have been insert into testdate values(<cfqueryparam cfsqltype=" cf_sql_timestamp " value="#createodbcdatetime(now())#">)

With reference to the following articles on conversionxl: http://conversionxl.com/which-color-converts-the-best/ http://conversionxl.com/ux-hacks-to-increase-revenue/  While it is not necessarily about whether Red is best or Green or Orange, it highlights that Call to action is more important than a colour A color is more important than having none From experience, I'd have to say if you can split test different colors separately to a different design then you will be able to choose colors you like ! With the improving of a checkout purchase funnel, it is fairly standard fair: Save Orders  Save Customers (though don't "make them" create an account - https://www.youtube.com/watch?v=3Sk7cOqB9Dk Save Credit Cards (be aware of your PCI requirements) Don't have cryptic error messages (break it down, is it wrong, invalid, unkown) Layout the screen in an appropriate manner for different devices (responsive is clear the best design pattern here).  Ma

Weird issue, used to use a few cgi.https comparison with "on" as per  https://msdn.microsoft.com/en-us/library/ms524602(v=vs.90).aspx which indicates it would be populated with on or off in IIS. In Chrome 43 this used to return the value on for https and off for http, in chrome 44 the value has change to 1 for all traffic (https and http), nothing in the release notes from what I can see at  https://chromium.googlesource.com/chromium/src/+log/43.0.2357.134..44.0.2403.89?pretty=fuller&n=10000 Update: Google acknowledge the issue and fixed it see http://src.chromium.org/viewvc/blink?view=revision&revision=199090 The "number" of websites the release broke is funny, as I would think it is "a lot", WooCommerce apparently was broken, as was any PHP or ColdFusion code using the cgi.https comparison. Just as an FYI, I'm not sure what php.net did to their website in response, but their main google SERP says https://www.php.net which is unre

Just found that if you have a website and it rotates; then it won't resize properly on landscape with the following viewport <meta name="viewport" content="width=device-width"> You need to specify the initial scale: <meta name="viewport" content="width=device-width, initial-scale=1.0"> This seems to be mainly an IOS thing. To see the acutal sizes of viewports, see this link : http://viewportsizes.com/ Different Properties available are as follows: Property Description width The width of the virtual viewport of the device. device-width The physical width of the device screen. height The height of the virtual viewport of the device. device-height The physical height of the device screen. initial-scale The initial zoom when visiting the page, 1.0 does not zoom. minimum-scale The minimum amount the visitor can zoom on the page, 1.0 does not zoom. maximum-scale The maximum amount the visitor can zoom on the page,

There is a flag in URLScan 3 to stop URL Scan redirecting dodgy requests and instead sending back a 404 response quickly, this is "UseFastPathReject=1" (by default it is 0) The issue outlined: http://www.securityfocus.com/bid/7767/info The fix explained: http://www.securityfocus.com/archive/1/323389

As part of a PCI Compliance audit, I recently ran a scan on a database using software call Card Recon. A little odd thing occurred. At a point in the past, a row of data in a column, which had been dropped from the database schema, contained a single test credit card number. However, the Card Recon software showed that the data was still there in the database file (this was a SQL Database) in the form of a SQL Ghost Record. A Ghost Record can appear when running a delete or insert command and when running delete and insert in different queries but related by the same indexed data, you can read all about it over at Ghost "Rows" Buster in  SQL Server on Technet. It's basically a record somewhere in the database file, but not directly in a database table and is living in a bit of spare fragmented space somewhere and this needs to be cleaned up. Following this procedure managed to remove the Ghost Record: Convert the database to Simple (only so the transactio

Looping through October dates in 2015 for Sydney Australia, I was finding it weird that I had 32 days ! I'm fairly sure that wasn't how the rhyme went. Anyway, looking into it, turned out that when starting at 1/10/2015 and adding 1 day til the end of the month, you ended up with 1,2,3,3,4 - see an extra day there which seems like Sat showed up twice. Turns out, there appears to be a big in the "Spring Forward" part of the Javascript engin there where Midnight on 4/10/2015 is interpreted as actually being 3/10/2015 at 23:00, go figure. In reverse, 5/4/2015 ("Fall Back") was displayed as 5/4/2015 at 1AM!!!! See the quirks below which appears in Chrome; try on an iPhone to see for yourself. Of course it was already asked over there on at stackoverflow. Date TimeZone Offset Month Day Of Month Time UTC Hours Sun Apr 05 2015 00:00:00 GMT+1100 (AUS Eastern Daylight Time) -660 3 5 1428152400000 13 Sun Apr 05 2015 01:00:00 GMT+1100 (AUS Eastern Dayli

HTTP to HTTPS While change and references in programs to relevant scripts is always straightforward (an odd variable here and there will fix a full site); making the change from non-SSL (http) to a fully SSL (https) website can prove time consuming if you don't want every link on the page to go click-click (redirect to SSL version). Of course the click-click makes sure everyone gets to the write URL with some rewrite rules, it doesn't actually solve the problem of the incorrect content in the first place (contained in the CMS). So, simple solution is to use a scheme-less URI (some poeple call this a protocol relative URL) What is this? All href links, includes, img src attributes etc should exclude the protocol http; instead just using //yourdomain.com instead of http://yourdomain.com This is important as you may initially not have your https site enabled (duplicate content), but you can prepare or change all the href / img src etc links in your CMS and you'll be right

Nice short function using Google's DNS and Java DnsContextFactory. Based on a script I saw here Note; a trailing space fails here; so make sure that doesn't waste some time of your day when validating. <cffunction name="validateEmailAndMXRecord" returntype="Struct">      <cfargument name="emailAddress" required="true">     <cfargument name="checkMXRecord" required="false" default="true">     <cfscript>     var env = CreateObject("java", "java.util.Hashtable");     var dirContext = CreateObject("java", "javax.naming.directory.InitialDirContext");     var type = ArrayNew(1);     var attributes = "";     var atribEnum = "";     var stReturn = StructNew();     </cfscript>     <cfif isvalid("email", arguments.emailAddress)><!--- basic validation (possibly not good to rely on this.) --

In order to improved your Security grading of your SSL implementation (and get an A grade from  https://www.ssllabs.com/ssltest/ ) You can use IIS Crypto  which will help you disable the bad protocls, ciphers and hashes There is a nice powershell script available here:  https://www.hass.de/content/setup-your-iis-ssl-perfect-forward-secrecy-and-tls-12 The final battle is to order the SSL Cipher Suite (again IIS Crypto can help with this). https://en.wikipedia.org/wiki/Forward_secrecy Based on IIS Crypto; I had to run the following  New-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002' -name 'Functions' -value 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE

There are issues with CSS displays for iphones and mobile devices where the browsers are increasing the size of seemingly random pieces of content. This occurs when the browser tries to shrink the content into the screen size. This is resolved by starting development in a greenfield site with the normalize.css which resets the defaults to so that you can start from scratch and build consistent CSS! The main issue turns out to be the CSS attribute  -webkit-text-size-adjust  which will be reset to 100% (there are similar attributes  -ms-text-size-adjust for the other browser types). Of course best practice would be to not use any px measurements also so that the screen can shrink and expand naturally.

Now often I've got to product different date ranges of reports (ok always), such as quarterly, monthly, weekly (starting on a Monday!) and by Financial Year. With application programmers liking to build massive amounts of code to loop through dates and repeatedly query the database where as I like to be able to see the data before I design any reports, I was always copy pasting a CTE query template I had for day by day, month by month etc reports. After losing my template, I decided to write the template as a function return a table data type, which then lets me just select the function in my query like so; select vdr.theRangeStart, vdr.theRangeEnd from viewDateRange('MONTH', '20121105', '20130605') vdr Note that the results of this look odd at the start and the end; which is by design; theRangeStart        theRangeEnd 2012-11-05 00:00:00.000    2012-12-01 00:00:00.000 2012-12-01 00:00:00.000    2013-01-01 00:00:00.000 2013-01-01 00:00:00.000    2013-02-01 0

The ColdFusion calls to external systems will just hang around FOREVER waiting for a reply, until the server just gives up! This is because like any good application software, it can't really be sure that it "should" be able to terminate any connection it is waiting for in case it is waiting for something really important (maybe a booking receipt, or credit card payment receipt!!). Clearly some will be outside your control, but when a dodgy SQL query has gone ape, you can always kill that on the database and release the ColdFusion thread and everything will return to normal. Find the session in SQL like so:  select sq.text,r.session_id,r.status,r.command,r.cpu_time,r.total_elapsed_time from sys.dm_exec_requests r cross apply sys.dm_exec_sql_text(sql_handle) AS sq Then issue the KILL command. KILL 59 -- where 59 is the value from session_id.

While testing an application against Adobe ColdFusion vs Railo 4.2.1 ; everything went quite well except for a simple piece of inline SQL for an a legacy appication with a bit HashBytes encryption. Nothing too fancy there, just comparing Hashed String with an inputted string, like so:  .... where hashedkey =HashBytes('SHA1', <cfqueryparam cfsqltype="cf_sql_varchar" value="#variables.unhashedkey#">) Except... The input of HashBytes is a binary. Adobe CF, created the hashedkey (elsewhere) with a cfqueryparam type of  cf_sql_varchar but not cast/ converted as a binary. There was no cf_sql_nvarchar which was added in CF10,   Railo came back with a different results here running this code on each environment: <cfquery name="qryInteresting" datasource="datasource"> select hashbytes('SHA1', 'poodle') nocfqueryparam , hashbytes('SHA1', cast('poodle' as varchar(50) ) ) nocfqueryparamC

While http://www.red-gate.com/ provides some good search functionality (for FREE) for looking through the objects for reference code, I used to use the " FindMyData_String " procedure below (I would give a reference and amend the post if I could find where it came from). This was a blunt tool, which I never really changed or modified and only pointed me in the right direction to where the data might be. Now I use http://www.apexsql.com/sql_tools_search.aspx ; this is FREE and awesome; you can select the database, tables, type of columns, dateformate etc etc, and it is very fast. just download it and check it out on your dev machine. It will tell you the column and the value so you can see exactly what you are looking for. Blunt Tool for searching all tables ALTER PROCEDURE [dbo].[FindMyData_String] @DataToFind NVARCHAR(4000), @ExactMatch BIT = 0 AS SET NOCOUNT ON DECLARE @Temp TABLE(RowId INT IDENTITY(1,1), SchemaName sysname, TableName sysname, ColumnName SysNa

Oracle's package syntax is a nice way of packaging sets of functions/ procedures etc, however when a package is updated, that brings everything down. If you have a cached JDBC connection, that causes even more problems as you have to recycle the connections. On SQL, there is no package, and thus you could end up with hundreds if not thousands of little procedures and functions. A good trick is to use schemas to organize them: this example will return 2 queries; could also use input output parameters create schema [myutils]; create procedure [ myutils ].[aFewQueries] @someid int output ,@someid2 int output as begin --  set nocount on; added to prevent extra result sets from interfering with SELECT statements. set nocount on; -- Insert statements for procedure here select * from table1 where id = @someid; select * from  table2_other where  id = @someid ;  select  @someid2  = 5; end go In ColdFusion you could neatly call this like so: <cfstoredpr

When you have those pesky common commands you have to use in almost all windows, you can change the default empty template like so Open (or wherever the installation is) C:\Program Files\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\SqlWorkbenchProjectItems\Sql\Sqlfile.SQL And add in your defaults; my usual is: select @@SERVERNAME, @@SERVICENAME,@@VERSION, current_user, SYSTEM_USER

Whilst encountering people inputting technically correct email address, but generally not correct (there is no gmail.com.au etc), was looking around for an MX validation, particularly important for eCommerce guest checkouts when receipt emails are just not arriving. Dominic Sayers example in PHP (ported in Java also) seems to be one of the top ones, but kept replying with invalid MX records (probably my fault) and it is written PHP, which didn't suit my needs, see https://code.google.com/p/isemail/ Also attempted this guys implementation in ColdFusion of the above one, but didn't quite work for me either:  https://gist.github.com/JamoCA/72cdcb77246ea0ee5820 When checking how the PHP was actually written; noticed a function called dns_get_record in PHP, haven't seen that one in ColdFusion, had a root round, found Pete Freitag example at http://www.petefreitag.com/item/487.cfm Modifed that slighlty for my own needs, using Google's Public DNS ; ended up with below (

Sometimes you have to send a mail from a server that is not your mail server (ie an application server). To make sure big ISPs know you are doing the right thing, you have to set up SPF records - see  http://www.openspf.org/SPF_Record_Syntax This will then ensure that your application server is permitted to send on behalf of the proper mail domain. Most common is if you use a EDM provider; there is a good write up here at Campaign Monitor  http://help.campaignmonitor.com/topic.aspx?t=88

Quick fire way to get new data into a SQL table using bulk load: C:\>bcp thedatabase.dbo.thetable format nul -t -n -f thetable.fmt -U  yourusername  -P yourpassword USE thedatabase GO BULK INSERT thetable FROM 'C:\thetabelnewdata.dat' WITH (FORMATFILE = 'C:\thetable.fmt'); GO SELECT * FROM thetable go How does the .fmt file look? ( http://msdn.microsoft.com/en-us/library/ms191516.aspx ) Lots of different values, but here is one example 10.0 9 1 SQLCHAR 0 1 "\"" 0 first_double_quote SQL_Latin1_General_CP1_CI_AS 2 SQLCHAR 0 20 "\",\"" 1 ip_from "" 3 SQLCHAR 0 20 "\",\"" 2 ip_to "" 4 SQLCHAR 0 2 "\",\"" 3 country_code SQL_Latin1_General_CP1_CI_AS 5 SQLCHAR 0 64 "\",\"" 4 country_name SQL_Latin1_General_CP1_CI_AS 6 SQLCHAR 0 128 "\",\"" 5 region_name SQL_Latin1_General_CP1_CI_AS 7 SQLCHAR 0 128 "\",\"

Found this online, then forgot but used it for a funny treat on a sales system when they hit a huge target <style> .barrel_roll { -webkit-transition: -webkit-transform 4s ease; -webkit-transform: rotate(360deg); -moz-transition: -moz-transform 4s ease; -moz-transform: rotate(360deg); -o-transition: -o-transform 4s ease; -o-transform: rotate(360deg); transition: transform 4s ease; transform: rotate(360deg); } </style> <script> $(function() { /* code here */ document.getElementsByTagName('body')[0].className='barrel_roll'; }); </script> Thanks to whoever wrote it first; sorry I can't remember where it came from.