Today a friend (Amr Eldib) asked a question on Facebook that I think a few of you may have as well:

security-lock

I’ve never setup a Virtual Private Server out in the open on the Internet, and I was wondering how safe it would be?

I prefer Windows, because it’s what I know.

It’s intended to run all kinds of applications, blog, CMS, Wiki, file sync, photo storage, etc.

From your experience, what safety/security steps I need to pay attention to?

Does the security of the server depend on the applications or the OS, or both?

I had a relatively short and simple answer to this question. I’m sharing it here with you pretty much as-is.

My Answer

If you are looking for affordable host, I’ve always recommended SoftSys Hosting.

For most hosts, the server is locked down by default. Any OS will be subject to vulnerabilities though, so, make sure you have latest Windows updates (it’s OK to have Windows 2008 R2 instead of 2012 R2, might be better actually due to less resources it uses, any OS that’s not out of support should be OK).

The most common attacks are usually random attacks, the attacks that go to random servers trying to open default port numbers, default usernames and weak passwords, and try to identify / guess what software is installed on the server, and use the known vulnerabilities that exist in that software, in the hope that you didn’t have these patched.

Things you can do are removing/disabling accounts with default names like Administrator, etc., changing default port numbers for things like SQL DBMS and FTP / SSH if you use any, making sure things like SQL DBMS do NOT allow remote connections in the first place.

Also the application can be a thread. For example, hMailServer uses OpenSSL, so you need the latest version to make sure you don’t have OpenSSL hole. WordPress now installs minor/security updates automatically but you always want to check, and maybe even be careful what plugins you use.

Apply same rule to similar software packages.

, ,

Hey there,
Welcome to Issue 3 of the newsletter. If you want to check the previous editions, you can go to gurustop.net/newsletter. You can access a particular issue like, for Issue 2 you go to gurustop.net/newsletter/2.

This time I have played a bit with the schedule and the order of sections. The idea is to experience different ways and hear your feedback on what works better. either on twitter or by email (simply replying to this message).

SEO — News

Video: Google will render JavaScript by end of the year
During AngularJS NYC usrgroup for September 2014, Brad Green, a Google engineering manager working on Angular.JS among other things said that Google crawler will render all JavaScript by the end of this year, and their should be tooling for checking that in Google Webmaster Tools as well – Discuss on reddit.

Angular.JS — Libraries

bind once for Angular.JS < 1.3
A set of directives that allow you to bind values to the UI only once instead of watching for model changes to update the UI. This is particularly useful when you have a long readonly list inside ng-repeat where most properties are unlikely to change until the entire list changes (and then the whole template will be re-rendered).
The concept is now native in Angular.JS 1.3, and there are other libraries that try to enhance it, like angular-watch-require and angular-watch-when.

overmind.js
If you use require.js and want to have lazy-loaded modules with it, there are several tries out there that get that sort of thing done. If all you want though is just lazy loaded modules that are loaded and bootstrapped on the fly when a certain route tree is matched (like areas in ASP​.NET MVC Areas or Rails Namespaces). Might be good for large Angular.JS apps. It also has been mentioned on the Adventures in Angular podcast.

JavaScript — MVC Frameworks

MVC Architecture
A very nice article about how we don’t exactly implement MVC as 3 parts, Model, View, and Controller. We usually had other parts too. I think the closest way to how I implement MVC is the last picture in the article.

Why I Don’t Want Your JavaScript Framework but I Love You
If you are in the mood of reading about what homework you may want to do before you actually go ahead and use a JavaScript framework, this could be a good read.

JavaScript — Ember.JS

I have a few links for Ember.JS this time that it will feel like I’m moving to it, although I’m not, I still find its innovation very inspiring as you’ll see below.

Mistakes I Made in My First Ember Project
If you have been following the newsletter for a bit, you know I value knowing how other SPA/MVC/MV* frameworks solve the same problems that Angular.JS solves. I think this knowledge is beneficial regardless of the framework because many of the issues have equivalent in every framework, and thinking about different approaches can really help you get the most out of whatever framework you use.

Event Delegation in Ember.JS – StackOverflow
When you use ng-click inside ng-repeat in Angular.JS, it doesn’t usually set one event handler for the parent of the element and use event bubbling to set it, although you can do it yourself via a directive. It was interesting to find out randomly via StackOverflow that event bubbling is how Ember.JS works by default!

Building rich single-page application with Ember.js
Historically, one of the things that stopped many people from learning Ember.JS was how hard it was to get to understand its pieces. This is now changing a lot (or may I say changed?) with better documentation and more great guides, like this one, which was very simple and lovely to browse.

JavaScript — ES6

Traceur is Awesome! … but still a little Painful
Don’t be turned off by the title. Traceur is a nice tool from Google to compile ES6 code to ES5 code that can run in any ES5 browser (most browsers, and even older ones can be polyfilled). This post describes what the experience is like when using it (.NET people might find using TypeScript a better option for its VS integration though, although it’s not not exactly ES6, you can sometimes go even crazier with some F# mix).

JavaScript — Debugging / Performance

Video: Advanced Debugging Techniques with Chrome
A must see video of what goodies exist in Google Chrome dev tools (including some of the relatively new features like new enhancements to emulation), this is probably a must-watch video for you. I have been using the tools for years and found quite a few things I didn’t know before.

JS Parse and Execution Time
When you use a framework (quite often you should), there’s only so much you can control in terms of performance. This article examines the time it takes to parse and execute jQuery on so many browsers and devices. It has some interesting observations, like how the total times vary like crazy between different devices, and how device hardware is still the major determinator is hardware rather than software (OS or browser).

Security – HTTPS

I think we are in the (very?) early days that will lead to all websites running HTTPS by default. Apart from privacy concerns, SCARY attacks, there’s also industry leaders push and relative ease of implementation. But it’s not something that everyone needs to worry about just yet.

SSL and SEO: Don’t Panic
There are a few messages that I want to send from sharing this:
1. Google announced they will consider SSL as one of its many ranking factors
2. This doesn’t mean you should freak out if you are not using SSL (the point of the link above)
3. But SSL is worth it anyway, as in most recent hardware and software (including IIS 8 and maybe 7.5) it’s already fast (the traditional old concern about SSL, apart from cost for tiny websites).

Slides: Is TLS fast yet?
If you are thinking about implementing HTTPS and worried about CPU performance, your server documentation documentation should tell you whether there are significant performance overhead (I checked some common ones and they were all saying nothing to worry about). This presentation helps assure the same idea.

Cloudflare – Introducing Universal SSL
The well known CDN provider Cloudflare announces availability of SSL services for all their plans, including their free plan. They serve files in HTTPS, and can be configured to pull assets (as source files to publish on the CDN) from HTTPS URLs as well. Here’s a basic write up of how to use it.

Security — General

Waxing Poetic with SwiftOnSecurity
I didn’t plan to make this newsletter mostly about security as it ended up being, but this story that reminds us of how some users can be so vulnerable in a way we can’t blame them for, is quite a good read.

Microsoft — Windows 10

Video: Windows 10: Enterprise Features & Core Experience for Businesses
You must have seen a ton of Windows 10 videos already, for me, this was pretty much the deepest one of them that related to me as a developer and showed the philosophy of the product.
One fun moment in the beginning of the video was giving a reason for the name, Windows 10 (instead of Windows 9), apart from considering Windows 8.1 as 9 (if you want) which the video didn’t suggest, it said that the main idea was calling it Windows One, similar to Xbox One and One Drive, etc. Windows One was taken as Windows 1, so they went for Windows 10! (if this is silly still – I think it was meant to be more funny than true-, I promise the rest of the video isn’t).

Video: Scott Hanselman Detailed Windows 10 Tour in just 8 Minutes
Scott is very well known in the ASP​.NET developer community as his work at Microsoft is mainly around that community and ASP​.NET MVPs, etc. He is a great person and speaker. His Windows videos are not something that he does for work, which makes them even greater and more realistic.

Windows 10 Insider Program / Preview
Just in case you missed the URL to get the technical preview! I have heard a few positive comments from some of those who played with it, especially on a Surface laptop (of course).

Apple / IPhone / iOS — Quick Links

iPhone 6 Screens Demystified
Also check their iPhone resolutions guide

iOS 8, thoroughly reviewed
Very long / detailed review

Video: Steve Jobs introduces WiFi to the masses with a hula hoop!

JavaScript — Quick Links

Promises in the Google APIs JavaScript Client Library
Google’s JavaScript SDK now return promises, for easier integration into promises-all-the-things!

Bye Bye Javascript Promises!
async/await like code in JS?

rcss.js
A JavaScript library to generate responsive stylesheets.

Explorations In Automatically Fixing JavaScript Linting-errors
By Addy Osmani from Google

Calculating Standard Deviation with Array.map and Array.reduce, In JavaScript
A bit of a different challenge

More from @Meligy / GuruStop

Thanks a lot for making it that far. If you like what I brought you, let’s connect in even more ways!

Follow me on twitter — @Meligy

Check The Newsletter Archive — http://gurustop.net/newsletter

Get friends to receive the newsletter — http://gurustop.net/newsletter/signup

Remember that you can just reply to this email or mention me on twitter to tell me what you feel needs to change in next issue.

Until then,

, , , , ,

Hi again,
It has been a little bit over a week and it’s time for the 2nd issue of this newsletter. YAY!

If you missed out on the previous letter, you can still read it online at http://gurustop.net/newsletter/1. As you could guess, all issues become available on http://gurustop.net/newsletter, although after a few exclusive hours for the subscribers of the newsletter itself.

Also, I’d like to thank those who commented on the newsletter on twitter. By the way, as always, I’m still looking for feedback and ideas for the newsletter.

Enough talking, let’s see this issue’s picks (you may want to ensure images are enabled for this message)…

F# — Issue Special

F# is THE functional language for the .NET framework, with some hybrid features for when you want to produce easier to consume code for, say, C#. You’ll see now why I put it first this week.

F# Workshop
This is from the very nice F# workshop I attended on Tuesday night, by @JorgeFioranelli. All source code and suggested material from the workshop are available in this repository. The workshop was brilliant BTW, if you are in Australia, tweet to @Readify and tell them to get him to deliver a dev breakfast on it again, or … something – if in Sydney check @FSharpSydney usergroup.

Angular.JS — 1.3 & Beyond

AngularJS 1.3 Improves HTML Forms
A pretty small and very nice summary of the ng-model and validation improvements in Angular.JS 1.3

The Future of AngularJS
Angular.JS 1.3 drops support for IE8, Angular.JS 2.0 (not very soon) will drop support for IE 9, and will have built-in support for things like local storage, etc, and will have something like ngData module (sounds like Ember Data), and all will be written in ES6 (distribution will be converted to normal ES5). More future insights in the post.

Angular.JS — Custom Directives

akatov/angular-contenteditable
A nice directive for when you want a contenteditable DIV instead of a textarea, or custom editor library.

JavaScript — React.JS

React.JS is a JavaScript library from Facebook for building client applications similarly to Angular, except it has it’s own ways of doing weird things like embedding HTML in JavaScript files -.jsx files-, which you may reject very quickly, although I remember many rejected custom attributes and custom elements when Angular.JS first came out!

Building dynamic forms with Facebook React
I have been hearing good feedback about react, but never cared enough to look deep what development using it looks like. This small tutorial is the equivalent of a small forms demo in Angular.JS, so was good to get a very quick feel of the different way.

CSS — SASS / LESS

Slides: Supercharge CSS with SASS
One of these goodie oldies. I saw these presentation slides while transitioning from LESS to SASS and while they aren’t updated to the latest version of SASS (I think), they were a very good reference of all SASS features and got me hooked on how powerful the language is.

Support for BEM modules in Sass 3.3
BEM is a way of writing simple selectors even for hierarchies, for example .container .title becomes .content--title (the benefits are around having faster matching selectors & easier specificity management). This is usually hard in LESS and SASS if you use the nesting features because they write the complex selectors for you. This post shows what goodies SASS 3.3 will have for supporting BEM-style selectors.

Medium’s CSS
Some insight on how the social blogging platform, Medium, maintain CSS. Good tips on evolving legacy / bad CSS code basis.

Agile — Project Lifecycle

Pic: The Project Paradox
The project paradox refers to: Making the biggest decisions when knowledge is at it’s absolute lowest.

ASP​.NET — C#

C# 6.0 What’s New
A very nice article by Filip Ekberg / @fekberg on all the features that are sure to make it in C# 6, and even which features are like to make it (or not).

Container Usage Guidelines
Some good tips when using IoC containers. should help you have nicer code and avoid performance/behaviour surprises.

ASP​.NET — vNext

Video: An Introduction to ASP​.NET vNext
I haven’t seen this video myself yet, but I saw Mads Kristensen / @mkristensen from the Visual Studio team and the creator of Web Essentials extension call it the best presentation on it he watched so far (the video is dated September 11), so, I’m using this newsletter as a note-to-self to watch it myself :)

ASP​.NET — Web API

Book: Designing Evolvable Web APIs with ASP.NET
This book by Glenn Block is a must read for most web developers IMHO, even if you are not writing ASP​.NET applications or using it’s WebAPI framework. It covers all the HTTP protocol and web request lifecycle fundamentals that a web developer needs to know and are often overlooked, and shows all the different approaches people in the REST world talk about for building APIs and when to use which. A great book!

Android — OS Compatibility

ChromeOS-apk
This one promises to “Run Android APKs in Chrome OS OR Chrome in OS X, Linux and Windows”. Big promise, and there must be ctaches, but probably worth having a look I guess.

Linux — Security

Bash Vulnerability Affected Configurations & Workaround
A vulnerability has been discovered in bash. Sounds scary, a bit like heartbleed in OpenSSL. Apart from what the vulnerability is, this Red Hat report shows what situations you might be exposed to it, and what workarounds you may apply. For other official vendor patches, check the relevant OS from “Platform advisories” section of this vulnerability analysis post.

Linux — Git / Fun

Pic: Go home LinkedIn, you’re drunk
Does Linus Torvalds (creator of Git) know about.. um… Git?

More from @Meligy / GuruStop

Follow me on twitter — @Meligy

Check The Newsletter Archive — http://gurustop.net/newsletter

Get friends to receive the newsletter — http://gurustop.net/newsletter/signup

Hello there!
Welcome to the first issue of this Angular.JS and web-dev newsletter. The newsletter is going to be a weekly collection of programming related findings that I find interesting throughout the week.

As the first issue, and I knew a few of you have been on the list for more than a week. The links for today’s issue are going to be from my findings in the last couple of weeks.

The different sections and links are going to evolve in the coming issues. Maybe add more of this, less of that, merge/split things, etc. — You can tell me how you want the newsletter changed on twitter or by email.

Angular.JS — New & Hot

Angular.JS Changelog (New 1.2.x & 1.3.x Releases)
Did you know that there are 2 release candidates of Angular.JS 1.3 out already? RC0 and RC1. RC2 is very close to the corner too, and the last 1.2.x version is 1.2.24. Use the page to stay updated about Angular.JS version progress.

Adventures in Angular, The Podcast
A nice podcast just for Angular.JS stuff (co-hosted by John Papa). There’re 7 episodes out already with topics like the history of Angular.JS (1st episode, I bet more details than you know), how to learn it and teach it, running meetups for Angular.JS, build processes, etc. Each episode includes some special resources picks as well.

Angular.JS — Resources

Video: AngularJS Fundamentals In 60-ish Minutes
Oldie but a goodie! This is the main resource I give to everyone who wants to learn Angular.JS. Once you get all the main conecepts

Common Problems & Solutions When Using Select Elements With Angular.JS
If there is one small part of Angular.JS that’s completely missed up, it’s the select element directive and its corresponding ng-options. It’s very hard to do simple things like have an option pre-selected without having it replaced by an empty option you didn’t add in the 1st place. That’s why this post, which shows all the select problems solved with some non-well-known tricks is the most read post in my blog today (you can skip the video at the end).

AngularAgility
I’m not sure how popular this library is, but it can be quite useful if you are using forms a lot in Angular.JS. It generates form fields for you using Bootstrap styles, but you don’t have to use it this way. I only use one part of this library which is generating validation error labels, and showing them smartly. By smartly I mean showing error only when the field has been edited or the user tried to submit the form, etc. That’s where I find it very useful.

ng-book, The Book
From the same guy behind ng-newsletter articles, this seems to be the best Angular.JS currently available.

JavaScript — ECMAScript 6

Video: Douglas Crockford – The Better Parts
This video from April Douglas talks about ES 6 and other changes happening to JavaScript, and to his own opinions, like this alternative to object.create() that he now uses. It’s also such a fun video like other videos from Douglas usually are.

ECMAScript 6 modules: the final syntax
The final ECMAScript 6 modules syntax was agreed on in July this year. This post gives an overview of how modules work in ECMAScript 6. Pro Tip: Explore the blog when you are there, it’s a great JS source.

Collecting and Iterating, the ES6 Way
The post talks about collections in ES 6, but it also has several links to learning other areas of the language, and also to es6-shim.

JavaScript — Libraries

Flot Charts (JavaScript Library)
In my current project I needed to display a bar chart where bars show in green or gray based on some criteria. I needed IE 8 support so something like d3 wasn’t an option. Then I found Flot, and although the API was quite very verbose, I was able to achieve what I wanted. While I can’t share the project code, here’s the prototype I created to test it.

Node.JS

Learning Gulp
A nice visual tutorial for learning Gulp task runner.

ASP​.NET

ASP​.NET vNext Community Standup
ASP​.NET team is working on a complete rewrite of the framework in the next version. It should be able to work on Mac in production, and have autocomplete in Sublime Text, use Grunt or Gulp to combine and minify CSS / JS. Scott Hanselman started a weekly Google Hangout with the team to show what they work on that week.

What is the significance of ASP​.NET vNext? (Quick 6 points)
Whether you are someone who really likes or really dislikes ASP​.NET as it is now, in this post I have a quick summary of why the new complete rewrite in next version should be really good.

Introducing Gulp, Grunt, Bower, and npm support for Visual Studio
Microsoft decided to stop making fights that make no sense. Most clinet-side libraries are on Bower package manager not Microsoft’s Nuget Package Manager, so, they decided to support that in Visual Studio, first as an extension to VS 2013, and then soon as part of the product in VS vNext. They also support Grunt / Gulp (so, they didn’t try to declare a winner). I talk about these plans in my blog as well.

Git

GitHub Flow Like a Pro with these 13 Git Aliases
A nice blog post by Phil Haack from Github on using git aliases when following Github flow.

Git pretty
A flow chart for showing which git commands you might want to use in different cases.

UI / Design

Grunt Email Design Workflow
A Grunt workflow for designing and testing HTML email templates with SCSS. I haven’t played with this myself (so no, it’s not used to produce this email), but it’s kinda promising. I already use SCSS and use PreMailer.NET to inline CSS in emails sent from the applications I develop.

UI Gradients
A nice tool for gradient hero content inspirations for any landing page you might be creating.

Design Tips for Developers
Since we devs ending up mocking with designs a lot of the time, these are targeted resources for helping with that.

More from @Meligy / GuruStop

Follow me on twitter — @Meligy

Check The Newsletter Archive — http://gurustop.net/newsletter

Get friends to receive the newsletter — http://gurustop.net/newsletter/signup

, , , , , ,

The Question:

This is a question I found recently on Quora:

What is the significance of ASP.NET vNext?

I do not have much info on the topic more than watching some relevant TechEd videos, etc, but I managed to provide an answer and thought it might be good material for a quick blog post:

The Answer

Several things:

  • Real cross OS support. Microsoft is testing it even under Mono on Mac OS.

  • Much lighter framework, meaning it’s faster, and can handle more requests per second using the same hardware

  • Highly imporved compilation speed and workflow. Speed is due to compiling in memory not to disk), this ends a real slow productivity killer in large projects, the workflow improves as developers just save a file, refresh the browser and get the changes just like in JavaScript, CSS, etc

  • New codebase, meaning less need to know which defaults you need to change to get the behavior of a version that fixes a bug in a previous version, more testing-friendly APIs, etc

  • Better Node.JS integration, allows ASP .NET developers to easily get access to JS tools available at Bower package manager for example

  • New and clean replacement of MSBUILD (for ASP .NET only), allowing developers to easily write tasks similar to grunt, etc instead of complex and limiting MSBUILD tasks.

More Info

The best resource for ASP.NET vNext is simply http://asp.net/vnext – you can also check this video linked from that page:

, ,