Amazon and Microsoft allow Google indexing files in Blob Storage

Microsoft and Amazon are giants in the cloud storage business. With Microsoft’s Azure platform, and Amazon’s AWS, they dominate the cloud file storage market. Both of these companies take security and privacy seriously, ensuring customers that the data they upload to cloud is safe. This is why it was such a shock to find that they both allow Google to index the files in the blob storage.

Although this was discovered by a security researcher in 2011, it has recently garnered the attention of security professionals on twitter. Mikko Hypponen of F-Secure pointed his followers to try out the “bug” by searching for content on Azure Blob Store with the words “Confidential” in it:

That search query site:core.windows.net "confidential" yields some very interesting results:

To search for content in Amazon’s AWS storage, use the query:

site:http://s3.amazonaws.com "confidential"

You can also search for specific types of files, for example:
site:http://s3.amazonaws.com filetype:xls password
site:http://s3.amazonaws.com filetype:xls secret
site:http://s3.amazonaws.com "TOP SECRET"

How to Test a Pull Request

When someone creates a pull request, it’s your responsibility to either accept the changes and merge it to your repository, or reject the changes and close the pull request. These days, Continuous Integration Development involves automation engines like Jenkins or TeamCity that monitor your source repository and can trigger builds for pull requests to ensure the resulting merge will run. However, it is a good idea to test the pull request locally.

To test pull request code locally follow these steps:

  1. Open git bash and ensure your working directory is clean by running git status
  2. get a copy of the PR by typing git fetch upstream pull/<id>/head:<branch>. for example you would type git fetch upstream pull/123/head:branch-name if you were testing Pull Request number 123 from branch called branch-name.
  3. Now that you have a copy of the branch, switch to it using git checkout branch-name. Your directory will now be an exact copy of the PR. Be sure to tell the author about any bugs or suggestions, as you cannot add your own changes to a pull request directly.
  4. When you are done checking out their work, use git checkout master to return to your local version of the source code.

Kotlin is now an officially supported language for Android

The I/O news is starting to turn to developer-centric topics, and one of the more significant things to come out of the keynote is an official declaration that Google is now officially supporting Kotlin as a first-class language for developing Android apps. Starting with Android Studio 3.0, Kotlin is included out-of-the-box, so there are no additional setup steps or add-ons to install.

Kotlin was created by JetBrains and officially released early last year. It gained popularity largely because it runs on the Java Virtual Machine and can be used alongside java to build apps. This means developers can take existing code and easily build new features or replace Java code in pieces. Since Kotlin is dependent on Java, it means both languages will continue to be supported.

Google will now contribute to the further growth of Kotlin and build new tools directly into Android Studio to make it even more useful.

To learn more about Kotlin, check out the sessions titled Intro to Kotlin at 10:30 on Friday and Life is great and everything will be ok, Kotlin is here at 2:30. Also, check out the dedicated Kotlin website.

Source: Kotlin BlogAndroid Dev Blog

Flutter: Google’s new mobile SDK

Google has released a new cross platform Software Development Kit (SDK) for developing iOS and Android apps. With the stated goal of enabling development of “high-performance, high-fidelity, apps for iOS and Android, from a single codebase”, Google has officially entered the cross platform development arena.

Flutter is still in early-stage, and not being recommended for developing production applications at this time. It is also missing a whole set of features offered by any other SDK like accessibility, text input, localization, and more. The pre-release was published in December of 2015, and there has been no new releases on their GitHub since then. It is not clear how well supported this new SDK will be, but it does look promising.

To develop apps in Flutter, you need to learn Google’s Dart programming language. Dart has a very c# like syntax, so it is relatively easy to pick up for people with Java or C# experience. The following code snippet shows how to write a method and call it in Dart


// Define a function.
printNumber(num aNumber) {
  print('The number is $aNumber.'); // Print to console.
}

// This is where the app starts executing.
main() {
  var number = 42; // Declare and initialize a variable.
  printNumber(number); // Call a function.
}

In the coming months, we will be posting tutorials on how to get started with Flutter to build apps.

References

1. Flutter
2. Dart

Adding Rolling Logs capability to Spring Boot

Introduction

Spring Boot has LoggingSystem abstraction, which means you can use any Logging library you prefer.
Due to this constraint, Spring Boot only provides basic properties that can be written in your application.properties or application.yml files.

Spring Boot allows you to set the logging levels and location of log (file or console) from your configuration file. For example:

logging.level.org.springframework.web=DEBUG
logging.level.org.hibernate=ERROR
logging:
  file: log/application.log
  level:
    ROOT: INFO
    org.springframework.web.filter.CommonsRequestLoggingFilter: DEBUG
    com.fullstacktrace.logDemo: DEBUG

Rolling Logs

To configure more advanced or fine-grained settings for logging, you must provide it in native configuration format.
Spring Boot will pick up the native configuration from the default location. For logback that location is classpath: logback.xml . You can also overwrite this location by setting the logging.config property

logging:
  config: classpath:logback-local.xml

To set Rolling Logs, you need to provide the setttings in logback.xml file:

<configuration>
 <include resource="org/springframework/boot/logging/logback/defaults.xml"/>
 <springProperty scope="context" name="springAppName" source="spring.application.name"/>
 <!-- You can override this to have a custom pattern -->
 <property name="CONSOLE_LOG_PATTERN"
 value="%clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx}"/>

 <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
 <file>log/application.log</file>
 <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
 <!-- daily rollover -->
 <fileNamePattern>application.%d{yyyy-MM-dd}.log</fileNamePattern>

 <!-- keep 90 days' worth of history capped at 3GB total size -->
 <maxHistory>90</maxHistory>
 <totalSizeCap>3GB</totalSizeCap>

 </rollingPolicy>

 <encoder>
 <pattern>${CONSOLE_LOG_PATTERN}}</pattern>
 </encoder>
 </appender>
 <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
 <encoder>
 <pattern>${CONSOLE_LOG_PATTERN}</pattern>
 </encoder>
 </appender>
 <logger name="org.springframework.web.filter.CommonsRequestLoggingFilter">
 <appender-ref ref="FILE"/>
 </logger>
 <logger name="com.fullstacktrace.net">
 <appender-ref ref="FILE"/>
 </logger>
 <root level="INFO">
 <appender-ref ref="STDOUT"/>
 </root>

</configuration>

You can find more advanced logback setttings here

References

1. Spring Boot Docs
2. LogBack Docs

Getting 3 months free access to Plural Sight

PluralSight is a great resource to keep up to date with new technologies, or picking up new skills. Plural Sight offers courses ranging from Angular to Azure certification training. However, all of this comes with a steep yearly subscription cost. If you sign up for the trial, you can only watch a few hours of the lessons, not enough to make the decision to sign up for the membership.

If you are looking to try out plural sight, you can sign up for the Visual Studio Dev Essentials, and get free 3 MONTH access to the plural sight library, amongst other goodies.

There are three other educational resources that you can try out for a 3 month trial basis absolutely free through the site:

Opsgility: Online training and microsoft azure certification paths.

Linux Academy: Unlimited access to advanced online training and certification courses for 3 months.

WinintellectNOW: On-demand training for software developers: .NET, Xamarin, C#, JavaScript, Angular, Azure, and much more.

Click Here to Access the Visual Studio Dev Essentials Deal

Missing References for new Project

When you start a new Xamarin Forms project using Visual Studio, you often see a bunch of errors regarding missing dependencies. You might see something like:

Error CS0246: The type or namespace name 'Xamarin' could not be found (are you missing a using directive or an assembly reference?) (CS0246)

There are a few things you can do to quickly resolve this issue:
1. Right click on Solution and select Rebuild Solution.
2. Close the project, and re-open it.
3. Go to Package Manager Console and attempt to update the dependencies.
4. Manually add the missing dependencies by right clicking on References and selecting Add References in the Solution Explorer.

NPM Setting corporate Proxy

If you work at any mid-large sized corporation, you are most likely working behind a proxy. In order to build your node projects, you have to set proxy for npm to make requests through.

npm config set proxy http://your.company.proxy.com:8080/  
npm config set https-proxy https://your.company.proxy.com:8080/  
npm config set strict-ssl false

The first two set the http and https proxies, while the last command turns the strict ssl off.

Jackson ObjectMapper 101

Jackson is a JSON processing library for Java. The code below will create an object mapper outputting JSON in pretty format and have case insensitive fields.

ObjectMapper mapper = new ObjectMapper();
mapper.configure(SerializationFeature.INDENT_OUTPUT, true);
mapper.configure(MapperFeature.ACCEPT_CASE_INSENSITIVE_PROPERTIES, true);

Jackson Wiki containing additional features: