|
I'm trying to install node and some packages, following tutorials etc.  That's a snippet of my package list to show that I do have browserify installed. Now, when I try and run browserify I get a "command not found" error. I'm new to this so I probably screwed something up / don't know what I'm doing.
|
#
?
Oct 23, 2015 16:11
|
|
|
|
| # ? May 16, 2024 10:47 |
|
|
Boosh! posted:I'm trying to install node and some packages, following tutorials etc. Did you use the -g flag when you did "npm install" so it would add it to your path? e: run "npm root -g" to see where your global packages are located, then check if browserify is in that directory.
|
|
#
?
Oct 23, 2015 16:26
|
|
|
fuf posted:Did you use the -g flag when you did "npm install" so it would add it to your path? I installed everything globally at first, when that didn't work I installed it locally to a directory. I have a snapshot of my server pre node install so blowing it up won't be an issue. running root -g gives me: /home/web/.node_modules_global/lib/node_modules but browserify i definitely in there.
|
|
#
?
Oct 23, 2015 16:34
|
|
|
Boosh! posted:I installed everything globally at first, when that didn't work I installed it locally to a directory. I have a snapshot of my server pre node install so blowing it up won't be an issue. Try adding this to the end of your .bashrc file in your home directory: code:
|
|
#
?
Oct 23, 2015 16:43
|
|
|
Omits-Bagels posted:I'm 100% cool with paying a developer to poke around for a bit and let me know the best way to move forward. Any recommendations on where to look for quality help? Pay for PMs or post your email address and someone from here will probably get in touch 
|
|
#
?
Oct 23, 2015 16:48
|
|
|
fuf posted:Pay for PMs or post your email address and someone from here will probably get in touch doh. jfeess at gmail
|
|
#
?
Oct 23, 2015 17:13
|
|
|
Can someone point me to a starting point on how to optimize a bloated template? My designer started from a prebuilt template but it's massively slow on mobile devices, especially when scrolling.
|
|
#
?
Oct 23, 2015 20:17
|
|
|
HardDisk posted:Can someone point me to a starting point on how to optimize a bloated template? My designer started from a prebuilt template but it's massively slow on mobile devices, especially when scrolling. Just blame the devices 
|
|
#
?
Oct 23, 2015 20:23
|
|
|
Maybe I can do that.
|
|
#
?
Oct 23, 2015 20:34
|
|
|
I've gotten into a situation where I'm dealing with a large system but I'm highly suspicious of it having some SQL injection vulnerabilities. I don't have time to inspect all the loop-de-loop code so I wanted to try and automate the process, as then we can run a regular audit and see if Joe Idiot Developer has added any blatantly vulnerable code we missed during review. For the automated testing I can use sqlmap, and feed it some raw request files (-r) which point to all the endpoints we want audited. It'll take a while, but it'll certainly do the job. To get a list the endpoints, the only way I can see to do it is for a tester to walk around the site in Chrome and build up a fat list in the Net tab, and then dump those to an HAR json file. What I'm wondering is; is there a tool out there which can parse the content of the HAR into a series of raw requests I can then feed to sqlmap, or is there a better way to build the list of requests (a different interceptor maybe)? Has anyone else done this and can give me any pointers? If not, I'll just make something to parse the file, catalog/group the URLs and dump some request targets, it just feels like this is something someone must have already done.
|
|
#
?
Oct 27, 2015 04:22
|
|
|
foreach (JSON.parse(<file.har>).entries as e) { console.log(e.url); }, dump that out as one per line?
|
|
#
?
Oct 27, 2015 05:58
|
|
|
Is there a "So you're launching an SPA" type guide to protecting a newly launched site? The subject of fail2ban came up in the Raspberry Pi thread (RPi's have nothing to do with this question, I'm hosting on a VPS) and it made me realize that beyond getting my new site up and running and locking down the firewall, I haven't implemented anything to proactively guard against anything nefarious.
IAmKale fucked around with this message at 15:41 on Oct 27, 2015 |
|
#
?
Oct 27, 2015 15:03
|
|
|
Karthe posted:Is there a "So you're launching an SPA" type guide to protecting a newly launched site? The subject of fail2ban came up in the Raspberry Pi thread (RPi's have nothing to do with this question, I'm hosting on a VPS) and it made me realize that beyond getting my new site up and running and locking down the firewall, I haven't implemented anything to proactively guard against anything nefarious. https://stackoverflow.com/questions/20963273/spa-best-practices-for-authentication-and-session-management https://security.stackexchange.com/questions/41239/do-spa-applications-have-different-security-considerations-than-html5-sites
|
|
#
?
Oct 27, 2015 17:43
|
|
|
Biowarfare posted:foreach (JSON.parse(<file.har>).entries as e) { console.log(e.url); }, dump that out as one per line? Well yes, but no. It's not quite as simple as just running it against a list of URLs. For a GET request that's an OK way to go, but for POST we need to provide the extra data. Our system will also be paying attention to the Accept and Cookie data. It looks like sqlmap is happy to do that given a Request Header input file, but if I'm using HAR then I need to convert it back to a request header file with all those extra elements. I thought about using Fiddler which can dump the Request files directly, but the problem is I want to collate/cherry-pick the requests from various tester sessions, to create an audit batch that's run periodically. I found this list of HAR Resources which includes httpsnippet which is a HAR converter tool. It doesn't look like it'll natively dump a Request file, but I can probably add that functionality easily enough. Again, this feels like a simple thing that someone has surely sorted out already, but I guess most people use Fiddler for this. I'd much rather have a programmable solution.
|
|
#
?
Oct 28, 2015 00:32
|
|
|
.
Ahernia fucked around with this message at 08:30 on Aug 7, 2018 |
|
#
?
Oct 28, 2015 15:54
|
|
|
Ahernia posted:We have lots of websites under a modestly sized Visual Studio solution due to shared code. One of our team is responsible for fairly frequent SASS stylesheet updates to change backgrounds and other minor things across the sites. I'm thinking of moving the SASS assets out of the Visual Studio solution and creating a completely separate project (tooling, build and deployment chain etc) just for the SASS/CSS, which would deploy onto our CDN. Has anyone got any experience of a workflow like that? Am I just creating more work for little gain? My thought is that the dev can just churn through the style updates without having to interact with the projects as a whole, and could experiment with tooling and deployment processes without having to be a good neighbour to the other projects. I think VS2015 has support for task runners now, so if you have those set up to deploy to a CDN and do your experimentation there's no need to leave the solution. I run VS2013 so I don't get built-in task runners; I just have a command prompt open to run gulp tasks if I need to. An added bonus to this is that I can easily work with TFS and our task management this way.
|
|
#
?
Oct 28, 2015 17:09
|
|
|
chami posted:I think VS2015 has support for task runners now, so if you have those set up to deploy to a CDN and do your experimentation there's no need to leave the solution. I run VS2013 so I don't get built-in task runners; I just have a command prompt open to run gulp tasks if I need to. An added bonus to this is that I can easily work with TFS and our task management this way. I've never tried, but I'd be surprised if you couldn't run gulp or whatever node-based tool you want in a build event.
|
|
#
?
Oct 28, 2015 18:52
|
|
|
We have a client for whom we built a flat file microsite several years ago. Originally it was only 5-6 pages so we opted to just make them as individual PHP files. Since then feature-creep has been such that the site has around 40 or so pages now still using PHP files. Since the client can't edit these every single little copy change is a royal pain to the point that this year they spent 150% of their budget because we have to make every single little tweak for them. I repeatedly prompted them to get a CMS for the site instead so they can make these changes themselves. Initially they agreed but just changed their minds, opting to pester us instead for each and every text change because 'budget' 
|
|
#
?
Oct 29, 2015 12:54
|
|
|
nexus6 posted:We have a client for whom we built a flat file microsite several years ago. Originally it was only 5-6 pages so we opted to just make them as individual PHP files. Since then feature-creep has been such that the site has around 40 or so pages now still using PHP files. Since the client can't edit these every single little copy change is a royal pain to the point that this year they spent 150% of their budget because we have to make every single little tweak for them. Charge them more money or tell them when they go over budget, their changes become low priority. And let them know again that using a CMS means all their copy changes will be instant instead of waiting a longer and longer time for your team to get around to uploading the low priority changes.
|
|
#
?
Oct 29, 2015 13:57
|
|
|
I'll counter and say "who cares?" Your company is making money either way, right?
|
|
#
?
Oct 29, 2015 14:00
|
|
|
Fire them and never look back.Blinkz0rz posted:I'll counter and say "who cares?" Your company is making money either way, right? Or this, sadly. I had a very similar client for years who annoyed the hell out of me, but they paid their bills on time. It was hard to say goodbye to an easy couple hundred bucks a month. Ultimately my prices went up and they disappeared.
|
|
#
?
Oct 29, 2015 16:32
|
|
|
Blinkz0rz posted:I'll counter and say "who cares?" Your company is making money either way, right? Yeah, that's my bosses' position. Unfortunately it doesn't translate to more money for me, but it does translate to more work and more frustration for me. Besides, it's not like I'm proposing a CMS because it will make their lives harder or cost them more in the long run. It benefits everybody. I never really agree with the 'we're still getting paid' argument because, while it is true, it means I don't have time to work on other projects. We can't fit in other, potentially higher-paying clients if I'm slammed editing PHP files every day. On a more general note it kinda stunts my professional growth, and the business' growth, if all I'm doing is minor copy edits that take up my time instead of learning something new. obstipator posted:Charge them more money or tell them when they go over budget, their changes become low priority. And let them know again that using a CMS means all their copy changes will be instant instead of waiting a longer and longer time for your team to get around to uploading the low priority changes. Yeah, we've tried that. This is the third year of them running the site, the third year of me proposing a CMS instead and the third year they do over budget because "It's just a few tweaks, that's not expensive right?"
|
|
#
?
Oct 29, 2015 16:43
|
|
|
nexus6 posted:On a more general note it kinda stunts my professional growth, and the business' growth, if all I'm doing is minor copy edits that take up my time instead of learning something new. Obviously I don't know all the particulars of the project, but surely there's something you can do that can improve your own workflow while being transparent to the client. Moving to a CMS and having them do things themselves is a big deal, but maybe you could learn some kind of template engine or other method for externalizing copy somewhere that's not embedded in the pages, or you could write yourself some kind of page generator/updater script from scratch. I bet you can find room to improve your own workflow, while learning something new in the process.
|
|
#
?
Oct 29, 2015 19:04
|
|
|
Spraynard Kruger posted:Obviously I don't know all the particulars of the project, but surely there's something you can do that can improve your own workflow while being transparent to the client. Moving to a CMS and having them do things themselves is a big deal, but maybe you could learn some kind of template engine or other method for externalizing copy somewhere that's not embedded in the pages, or you could write yourself some kind of page generator/updater script from scratch. I bet you can find room to improve your own workflow, while learning something new in the process. I agree and my next post was going to ask for any recommendations for flat and/or minimal CMS options. There seem to be quite a few so does anybody have any experience/opinions one way or the other?
|
|
#
?
Oct 29, 2015 20:29
|
|
|
nexus6 posted:I agree and my next post was going to ask for any recommendations for flat and/or minimal CMS options. There seem to be quite a few so does anybody have any experience/opinions one way or the other? If you're using PHP I've built a few sites with Sculpin (https://sculpin.io/). Its really simple, utilises Composer etc.
|
|
#
?
Oct 29, 2015 20:42
|
|
|
nexus6 posted:We have a client for whom we built a flat file microsite several years ago. As you said, the problem was less with the client wanting small things done all the time, and more that the quality of code was sketchy so it was both annoying to update and a risk to use as a service provider, as if something bad happened we'd be held responsible. We started by taking obstipator's suggested route. We had clients on say 4 hours pre-agreed support time, and anything over that had to be authorised by the client, and work that feel into that "overage" bracket was made super-low priority behind everything else. We also did a combination of palming the bad code off to a junior, asking them to point out the bad stuff and take note and let us know what they thought, as a training exercise. Anything that was a bit more complex/annoying we round-robin'd in the team so we didn't all get depressed working on garbage. Eventually we did a combination of: 1. Raised our minimum maintenance agreement hours from 4 to 8. Most clients happy to bleed money into small updates decided the expenditure wasn't worth it. We also did this because 4 hours a month really wasn't enough time to do anything worthwhile. With 8 hours they could accrue time over a series of months and then splash out in month 3 and redevelop something every quarter. 2. Raised our rates. Combined with the above a lot of cheap clients dropped off, even ones requesting ad-hoc work only. This is the most risky option as it affects everyone you work with. 3. Fired the clients. This was done to minimise risk in any of the following situations: 3a. The client was a black-hole for morale. If this was the personality of the client we'd first try transferring them to a different rep, if things didn't improve we'd shunt them to a project manager. If the project manager felt they were a lost cause we'd fire them, often providing a referral to another company. 3b. The clients site was a risk to us. Usually this was due to critical security flaws or in two cases we had clients doing illegal poo poo like storing CCs. We urged them to commence redevelopment inside 3 months. If we hadn't had a down-payment on a proposed redevelopment plan at the 3 month mark, we fired them outright and provided our reasons in a very detailed "you realise you'll put yourselves out of business if you keep doing this" email. The above policies are good to have at a company-level, but if you can't persuade the client to redevelop anything then the best I can suggest is each time you go into the code to do content updates, don't just pick at the HTML. Instead, try to find a way to make your life easier the next time you have to come in and do an update. This might be as simple as swapping out the phone number shown on every page for a PHP tag that loads it from a library file, or moving some of the content HTML to the head of a file in a PHP segment. Eventually you might end up with something that looks like a template on each page, and that way it'll be so much easier to plug it into a CMS system (like WP or Sculptin) and shazam, your pain is ended. But yeah, if you can spare the time, go with what Heskie suggested and try to use Sculptin. I hear it's super awesome.
|
|
#
?
Oct 30, 2015 00:05
|
|
|
v1nce posted:Awesome post Thanks for the suggestions We are currently using rudimentary PHP templating where possible, like a single header.php, footer.php and navigation.php that is included on each page. It can be improved though, for example each page still has hardcoded page titles and meta tags so I might look into a better way to do that. The main problems with this particular client are
|
|
#
?
Oct 30, 2015 12:41
|
|
|
nexus6 posted:They are a government agency so I'm led to understand that their budget fluctuates wildly. Additionally I think there is even a chance that they might not get budget at all in which case the project could end. I guess this makes it difficult for them to make a call on redeveloping the site if it may come to pass that it doesn't even get approved at all. Ah, this makes a lot more sense now. Getting a budget for a big project can be a huge pain in the rear end depending on exactly which government you're dealing with, and I'm sure they'd have to justify it and really argue for it.  says they have a yearly budget for "communications" which is where their money for edits comes from and they doubt they could get a bigger chunk to redo the site. And again, depending on which government, a project like that would likely need an open RFP and there could be requirements about who they sign with (ie. lowest bidder, minority or woman owned, etc.), so if they want to continue working with your firm specifically, they could be fearful about being forced to work with someone else on a new website.Government work is a huge hassle.
|
|
#
?
Oct 30, 2015 15:59
|
|
|
kedo posted:Government work is a huge hassle. Amen to that. One of our government contracts is up soon and we're transferring the sites over to another agency 
|
|
#
?
Oct 30, 2015 16:48
|
|
|
I'm building a page where the user selects a department in a <SELECT> (SEL_Department) and that in turn shows a list of positions (in a second <SELECT>— SEL_Position— divided into <OPTGROUP>s for the departments) within that department. I've got this coded such that I use jQuery to hide() SEL_Position and every <OPTGROUP> within it, only showing SEL_Position when the user selects a department from SEL_Department. Depending on that, it then uses show() to make visible the chosen <OPTGROUP>. This works in Chrome but apparently show() and hide() don't work in Internet Explorer. Is there a better way to do this that'll work cross-browser and won't make me build two different version of SEL_Position?
|
|
#
?
Oct 31, 2015 23:45
|
|
|
ManiacClown posted:I'm building a page where the user selects a department in a <SELECT> (SEL_Department) and that in turn shows a list of positions (in a second <SELECT>— SEL_Position— divided into <OPTGROUP>s for the departments) within that department. I've got this coded such that I use jQuery to hide() SEL_Position and every <OPTGROUP> within it, only showing SEL_Position when the user selects a department from SEL_Department. Depending on that, it then uses show() to make visible the chosen <OPTGROUP>. This works in Chrome but apparently show() and hide() don't work in Internet Explorer. Is there a better way to do this that'll work cross-browser and won't make me build two different version of SEL_Position? Keep the positions in a javascript object and when somebody picks a department, remove all OPTIONS of the position picker and repopulate it with new options based on the department.
|
|
#
?
Nov 1, 2015 02:11
|
|
|
Has the Famous JS framework improved since its stillborn release last year? I've got someone wanting me to work with it but I remember it being a hot mess at release. I noticed scrolling works now so there's evidently been some work done on it. Is it worth using these days?
|
|
#
?
Nov 2, 2015 14:20
|
|
|
Looking for any direction with creating what I think is a simple CRUD app. Tons of these exist in various languages but I'm having a hard time locating or figuring out the easiest way to also include a designer in it. Something very similar to Zoho Creator: https://www.zoho.com/creator/ is the goal. I'm going to deploy this to a person that has zero database/coding ability so they need to be able to update it on their own. Edit: something like https://www.knackhq.com/features/ is also very similar to what I'm after minus that $40/m price tag. Any thoughts? poxin fucked around with this message at 15:51 on Nov 3, 2015 |
|
#
?
Nov 3, 2015 15:38
|
|
|
I have a security question regarding security with a database and logging in. I'm using PHP and mySQL, but the concept of how to do this best probably matters the most. I have a table of users that have auto-incrementing ID's, email address and encrypted password. The emails in the user database require that they are unique. When they log in, first the code checks if there actually is a user by the name of their email address they typed in, and then it checks if the password is correct by adding the correct salts by fetching them on another table according to their user ID, and adding them to the password and seeing if it's the same as the irreversible encrypted password stored on the database. The password stuff is all good, but now I want to get extra secure by reversibly encrypting all the users info, including their username which is their email address. The encryption it will use is openssl_encrypt, and all users will have their own IV stored on a table that matches their user ID. My problem is that my user lookup will no longer work if their email address is encrypted with their own unique ID. I can't know which IV they use until their user ID is looked up. Please give me advice or ideas.
|
|
#
?
Nov 3, 2015 20:39
|
|
|
LP0 ON FIRE posted:I have a security question regarding security with a database and logging in. I'm using PHP and mySQL, but the concept of how to do this best probably matters the most. You could create a hash of each email address as well as the ID for the respective user in a separate table. Hash the incoming email address, match it to the hash in the table and use that ID to find the respective user and grab their IV decrypt the user data.
|
|
#
?
Nov 3, 2015 20:43
|
|
|
LP0 ON FIRE posted:I have a security question regarding security with a database and logging in. I'm using PHP and mySQL, but the concept of how to do this best probably matters the most. How does encrypting the data help secure anything if the IV is also in the same database?
|
|
#
?
Nov 3, 2015 20:45
|
|
|
DarkLotus posted:You could create a hash of each email address as well as the ID for the respective user in a separate table. Thank you, this would probably work great. Skandranon posted:How does encrypting the data help secure anything if the IV is also in the same database? Good point. These will be stored in a separate database when the site is live.
|
|
#
?
Nov 3, 2015 20:53
|
|
|
No wait. Hashing doesn't guarantee a unique value. I know the chances are extremely small, but it doesn't seem right to me.
|
|
#
?
Nov 3, 2015 21:06
|
|
|
LP0 ON FIRE posted:No wait. Hashing doesn't guarantee a unique value. I know the chances are extremely small, but it doesn't seem right to me. It's fine.
|
|
#
?
Nov 3, 2015 21:38
|
|
|
|
| # ? May 16, 2024 10:47 |
|
|
LP0 ON FIRE posted:No wait. Hashing doesn't guarantee a unique value. I know the chances are extremely small, but it doesn't seem right to me. When a user is added or changes their email address and you create the new hash, make sure it doesn't exist, if it does create a new one until it is unique.
|
|
#
?
Nov 3, 2015 21:39
|
|