Setting up global constants on Angular 2 enviroment

Do you use different API calls on dev, test and production in your Angular 2 application?

If so, you can use CLI ‘./environments/’.  At build time, environments/environment will be replaced by environments/environment.dev.ts or environments/environment.prod.ts, depending on the current CLI environment. You can also add as many environments here as you like. Just remember to define them at ‘./angular-cli.json’.

To reference in your code just use:

import { environment } from ‘../environments/environment’;

And then simply declare and use:

environment: any = environment;

environment.APIURL; // URL to web API

 

 

Difference between Virtual Machine and Docker

Docker containers wrap a piece of software in a complete filesystem that contains everything needed to run: code, runtime, system tools, system libraries – anything that can be installed on a server. This guarantees that the software will always run the same, regardless of its environment.

This illustration Source: https://www.docker.com/what-docker shows quite well how it is different from normal Virtual Machine (OK, Hypervisor can be installed on bare metal/infrastructure so but the illustration does give an idea).

virtual-machine-compare-docker

A full virtualized system gets its own set of resources allocated to it, and does minimal sharing. You get more isolation, but it is much heavier (requires more resources). With docker you get less isolation, but the containers are lightweight (require fewer resources). So you could easily run thousands of containers on a host, and it won’t even blink.

There are pros and cons for each type of virtualized system. If you want full isolation with guaranteed resources, a full VM is the way to go. If you just want to isolate processes from each other and want to run a ton of them on a reasonably sized host, then Docker is your friend.

My Skype account was hacked, it was sending spam containing Baidu links

I consider myself quite “hack proof” when it comes to web. I use Password Manager, I don’t use same passwords (but I used to). I never open files that I receive in mail. If I need to do something really critical I have virtual machine that I boot up that runs plain Linux with no extras installed. But still I got hacked… how is this possible?

Background

Last Friday around 14:45 while working on my Mac, I suddenly started to get messages from many of my contacts saying: “What is this link?”, “Hi JP, long time…”
I started to look previous messages and I saw a link to Baidu. I panicked. I signed off from Skype immediately and started to think what the h…. has happen? My first thought was a malware. But I have not installed anything special recently. But I immediately started full virus scan and took computer out of web. I opened my Windows machine and started to Google answers. Strange thing was that I was not allowed to delete Baidu links from my message history. Usually in Skype I am able to delete messages I send. This sounded fishy as it looked like it is not actually “me” who send those messages.

So what happen?

After Googling I found online many comments and posts dating all the way back to 2015 having similar experience with Skype. One of the best threads I was able to find was in Skype forum in Security, Privacy, Trust and Safety -channel.

It turns out Skype and Microsoft are having a critical issue as hackers are able to log in into out Microsoft Accounts using Skype name and Password without Two-Factor-Authentication. This is for all “non merged” accounts (Remember, Microsoft bought Skype and then decided to merge logins with Microsoft). Skype login’s are added to the Microsoft account as a login option without informing people and “Enabled” it by default.

I was using my @outlook.com account to login to my Skype on my computers and phone. But there was still the original Skype username “jpkeisala” enabled with full access and I had not changed password of that username for ages. This same username used to be a username that I was using for many services back in the day. So I look at which sites has been hacked by https://haveibeenpwned.com/ and https://www.leakedsource.com/ and yes… Quite a few.

Ok, now I was sure that this is not malware but hacking. So I went to check https://account.live.com/Activity for susipcious activites and report to support page.

skype-hacked-from-buenos-aires
Bingo! I have not been Buenos Aires, Argentina. Someone is using my login.

So, now I have to change my password and find out how to avoid this in the future.

Solution

Based on my empirical investigation, you (probably) don’t have malware or virus, your username and password is hacked and spam links are sent from web and not from your computer. You need to reset password on Microsoft and deselect Skype name.

Secure your account

  1. Login into https://account.microsoft.com with your Microsoft Account
  2. Go to “Security and Privacy”
  3. Under “Account Security”, select “More security settings”
  4. Under “Sign-in preferences”, select “Change sign-in preferences”
  5. Deselect “Skype name”
  6. Press [Save]
  7. And if not already done, enable “Two-step verification”
  8. In https://account.microsoft.com/ Change your password.

Clean up spam messages

To clean up spam from your contact you can go to web.skype.com, it’s possible to delete messages there. I had ~200 contacts and I had to clean them up one by one. Phew…

I will update this post if I still have issues.

Headless CMS

I have been coining an idea for a while about headless CMS. Naturally, it turns out that my idea is not that unique. In fact there is already a startups like http://www.contentful.comhttp://www.prismic.iohttp://www.osmek.comhttp://www.cloudcms.comhttp://www.webhook.com far away on this development.
Idea of Headless CMS surfaced again when I have been looking these static site generators. I found couple of weeks ago Grav, Grav is no-db cms. Basically every page is created as markdown editor on a tree structure on the disk. Then the site runs on top of HTTPHeader generating routing based on the structure on the disk. Grav is built on Symfony (PHP). Benefits on this approach is to be able to provide base structure for a site using markdown that is very similar to static site generators but it can also extended by hooking to database for example if you run a pizzeria you may have “static” content on markdown files and booking a table functionality on database driven. It also has backoffice as a plugin, so you get admin where editor can manage markdown files. Naturally, pages are file based you can have backoffice anywhere and then just have runtime and markdown files deployed to live server. This makes it more secure.  Anyway, Grav is worth of checking out if you are interested to look “different” thinking how to create a CMS.
Anywhoooo… back to headless CMS. I was considering since the internet is built more and more from Web Components. How hard would it be to build in Angular2 based CMS that has no serverside techology dependencies, instead it runs solely on JSON api. Though, I do need some kind of JSON store like Firebase to keep things hooked together.

Application Pool Identity folder permissions in Sitecore

windows-server

ApplicationPoolIdentity is the best practice to use in IIS7. It is a dynamically created, unprivileged account. To add file system security for a particular application pool see IIS.net’s “Application Pool Identities”.

Here is a quick guide how to add rights to correct AppPool -profile on Windows Explorer

  1. Open Windows Explorer
  2. Select Sitecore installation directory.
  3. Right click the file and select “Properties”
  4. Select the “Security” tab
  5. Click the “Edit” and then “Add” button
  6. Click the “Locations” button and make sure you select thelocal machine. (Not the Windows domain if the server belongs to one.)
  7. Enter “IIS AppPool\Sitecore” in the “Enter the object names to select:” text box. (Don’t forget to change “Sitecore” here to whatever you named your application pool.)
  8. Click the “Check Names” button and click “OK”.

Refer to Sitecore Installation and Security guide for proper settings.

Visual Studio Code extensions for Angular 2 development

Here are two extensions that I have found great for developing on Angular 2.


AutoImport

Automatically finds, parses and provides code actions for all available imports. Only currently works with files in your folder and TypeScript.

https://marketplace.visualstudio.com/items?itemName=steoates.autoimport

ext install autoimport

2yrf1xesbv

Angular 2 TypeScript Snippets for VS Code

This extension for Visual Studio Code adds snippets for Angular 2 for TypeScript and HTML.

https://github.com/johnpapa/vscode-angular2-snippets

use-extension

Facebook at Work as Intranet

I kind of like status update boards as a concept for an Intranet much more than a “portal” or “brochure website”. For example customer I have been working recently has intranet that is default starting page on the corporate machines. On this particular “static” website by far the most popular page on that Intranet is lunch menu, then on distant followers pages like password for guest WIFI etc…
Another customer I have uses SharePoint as Intranet. This portal is maintained by corporate communication with standard marketing jargon. Neither of these Intranets gives employees any way to interact except perhaps a comment field in the news. I have never really been big fan of Intranet sites. Even though back in 2001-2003 I was building Intranet / KM product. My disbelieve for Intranets is mostly because they simply don’t seem to work as intended. I think where Intranets go wrong is when they start to listen requirements from all stakeholders. Then they end up something that is completely unusable Microsoft Sharepoint solution. Just because “Intranet of course has to have granular rights and it should be configurable in the browser”.
But I do think Intranets could work if Intranet would be thought as flat organization instead of rigid departments and groups. Don’t get me wrong, I think security should be there but why not having it like a social network. One service that I am looking forward to test it is Facebook at Work.
groups

This “facebook wall” where people could post whatever they want it would make the site more alive and certainly more relevant. Perhaps by default employee is subscribed to all departments but on time s/he could filter her feed list with only things that she thinks is interesting to her personally and professionally.

There are few other functionalities in Intranets that are must have features like a file share and knowledge base. With knowledge base I mean what HR writes like guides etc. that is occationaly visited. Often this is regarded as wiki or simple pages. Then there is also file share that is a place to share docs. Usually, these are made way too complicated (I am thinking you Sharepoint!) because that is what is “requirement” but really it does not need to be like that?

Learning rsync

rsync_logorsync is a widely-used utility to keep copies of a file on two computer systems. It is commonly found on Unix-like systems and functions as both afile synchronization and file transfer program. The rsync algorithm, a type of delta encoding, is used to minimize network usage. Zlib may be used for additional compression, and SSH or stunnel can be used for data security.

How to use ‘cp’ command to exclude a specific directory?

I found rsync when I was trying to copy all files except “x” and “y” files and directories. You are able to do that as following:

rsync -av --progress sourcefolder /destinationfolder --exclude thefoldertoexclude

Notice that you can add many –excludes like:

rsync -av --progress sourcefolder /destinationfolder --exclude thefoldertoexclude --exclude anotherfoldertoexclude

Found some great samples by Ramesh Natarajan I have copied few below with a link to more samples.

Example 1. Synchronize Two Directories in a Local Server

To sync two directories in a local computer, use the following rsync -zvr command.

$ rsync -zvr /var/opt/installation/inventory/ /root/temp

In the above rsync example:

  • -z is to enable compression
  • -v verbose
  • -r indicates recursive

Example 2. Preserve timestamps during Sync using rsync -a

 

rsync option -a indicates archive mode. -a option does the following,

  • Recursive mode
  • Preserves symbolic links
  • Preserves permissions
  • Preserves timestamp
  • Preserves owner and group

Now, executing the same command provided in example 1 (But with the rsync option -a) as shown below:

$ rsync -azv /var/opt/installation/inventory/ /root/temp/

Example 3. Synchronize Only One File

To copy only one file, specify the file name to rsync command, as shown below.

$ rsync -v /var/lib/rpm/Pubkeys /root/temp/

More samples at:

 

How to Backup Linux? 15 rsync Command Examples

6 rsync Examples to Exclude Multiple Files and Directories using exclude-from