4 posts categorized "techstacks tools"


Techstacks Tools Site Updated to v0.9.4

I recently uploaded some updates to the techstacks tools site.  Nothing too substantial changed.  I cleaned up some more of my atrocious HTML and fixed a problem with failures in Bling and SMPing when sitemap pings were being requested from Google and Yahoo.  Although success responses were being received, the app was generating an Illegal Argument exception and logging the success as failures as a result.  

Moreover has officially been removed from the list of search engines that accept sitemap.xml pings.  Ask.com has not been removed yet but their site has been generating Connection Refused messages for me for quite a while.  I notified their customer support organization so, hopefully, it will start working again.

Bling has received a preliminary new feature: PubSubHubbub pings.  Right now, the only hub being notified of your site's new content updates is Google's PubSubHubbub Reference Server, but I'm still investigating whether it is feasible to introduce any additional ones.  If anyone knows of any pubsubhubbub hubs out there that do not require some kind of subscription, drop me a note in the comments below with the submission URL.  I'm thinking of adding in some of the hubs from the major blog hosts but some additional testing will need to be done first.  If I'm hosting a blog on TypePad, I wouldn't want to necessarily ping WordPress.com's hub, for example.  

The Techstacks Tools site still makes use of groovy, the HttpBuilder module, the gaelyk framework, and all running on google app engine.  


Scanning for Unsafe URLs - Update 2

This post is sort of a big deal for me because it is the 300th post to this blog.  I'm happy to have reached this particular milestone and want to thank everyone taking the time to visit it and especially thank all of you who have subscribed to my RSS feeds and who are following the site updates on twitter. Additional milestones reached over the past week include an all-time high 75 subscribers to the blog's RSS feed.  This week, the Techstacks Howto's site should reach it's 10,000th page view since the site launched in September 2009 and sometime in August, this blog should reach it's 100,000th page view since re-launching under TypePad roughly 13 months ago.

Saturday's post about updates to my Tools site briefly touched upon BadUrlChk, which I will now cover in more detail here.

PCI Scanners are now testing for unsafe URLs.  The original "Scanning for Unsafe URLs" post introduced a Perl script, which is still a work in progress, that tests many well known, unsafe URLs that we web site administrators don't necessarily want exposed to the Internet-at-large.  Although I think Perl is really cool and I want to get really good at it, a lot of my scripts make use of additional CPAN modules that many folks don't want to necessarily install on their own personal workstations.  The scripts that I've written in groovy also make use of third-party modules.  The Techstacks Tools site exists as a hosted site for people who just want to run the test without having to worry about installing perl or groovy or any of the third party modules that I like to use.

BadUrlChk is a port of the Perl script from the original article.  The output is the same right now but it is running on Google AppEngine and makes use of the Gaelyk framework and HTTPBuilder.  All you need to do is plug in a URL and the scanner will output success or failure messages.  If you've got a vulnerability reporting that the ColdFusion Administrator console is open and running the tool confirms this, re-run the tool after remediation of the vulnerability.  It should then report that ColdFusion console access fails.

Presently, the script and the hosted version running on the Tools site are not completely ready and should be considered early beta.  You can get a pretty good idea of whether or not a small sample of well known, unsafe URLs are open to the Internet but the tools do not presently handle redirection well nor do they handle Authentication responses from the web server.  I'm still working on that.  Sites that redirect can result in a lot of false positives so I'm working on some false positive handlers as well.  

The nice thing about command line scripts is output is easy to handle.  The trouble with them is that they don't always translate well on a web site.  I'm working to see if there is a better way to display this output.


tools.techstacks.com Updates

It isn't the prettiest site out on the Internet but I've published some updates to the tools.techstacks.com site.  The site now displays in iphones, ipods, and android phones.  It doesn't look great but this version of the site is more of a learning experience for me in writing html webapps for handheld devices.  It would not have been possible without the assistance of the O'Reilly published book, "Building iPhone Apps with HTML, CSS, and JavaScript: Making App Store Apps Without Objective-C or Cocoa " by Jonathan Stark. I would love to test it with my blackberry but my service is so poor at home, testing would literally take hours. 

The Techstacks Tools site is still powered by gaelyk, httpbuilder, and google app engine, I've tried to clean up as much of the HTML as I was able to find and separated the content from the presentation a little more.  The version of gaelyk the site runs on is 0.3.3 and appengine version for java is 1.3.5.  

Finally, this update includes my first stab at a tool for administrators, BadUrlChk.  More on this tool in the next post, which will be a milestone post for this blog—post number 300!