A brief analysis of the NCSC’s “Top 1000 Passwords” list

2018-05-16 Andy BurnspasswordsLeave a comment

So, the NCSC has been running a study on the prevalence of the ‘Top 1000 Passwords’. It’s useful stuff, but I wondered – just how frequent are these passwords? How can they know? Where did this list come from?

I noticed, for example, that the list included baseball, which I gather is a degenerate form of rounders. It’s certainly not what I’d expect on a UK-centric list of passwords. Similarly, chicago, and redsox were unlikely. (There are, however, cricket and wanker, so it isn’t an entirely Americanised list).

I also noticed some passwords – like rasdzv3 – that I couldn’t see any obvious reason for being particularly popular.

Anyway – I wondered – how frequent are these? What was the most frequent? Continue reading “A brief analysis of the NCSC’s “Top 1000 Passwords” list” →

Use Sitecore Image Resizing even for Background-Images

2018-04-202018-04-18 Andy BurnsMediaLeave a comment

Recently, I’ve looked at two Sitecore sites (not written by me!) where areas of the page (<div> tags) have a background image set by inline-CSS. For example, something like this:

Which has markup like this:

Okay, what’s wrong with this? Continue reading “Use Sitecore Image Resizing even for Background-Images” →

UK Postcode Validation Regex

2018-04-10 Andy BurnsPostcodesLeave a comment

So, the Government offer us a regex to validate UK postcodes. According to Wikipedia it should be:

^([Gg][Ii][Rr] 0[Aa]{2})|((([A-Za-z][0-9]{1,2})|(([A-Za-z][A-Ha-hJ-Yj-y][0-9]{1,2})|(([A-Za-z][0-9][A-Za-z])|([A-Za-z][A-Ha-hJ-Yj-y][0-9]?[A-Za-z])))) [0-9][A-Za-z]{2})$

Nice. That’s not complicated, is it? Continue reading “UK Postcode Validation Regex” →

Chrome – OTS parsing error: invalid version tag

2018-03-132018-03-13 Andy BurnsHTTPLeave a comment

I saw this weird warning in Chrome’s DevTools while looking at a site:

OTS parsing error: invalid version tag

Uh-huh. That’s a bit strange. Unable to download fonts? What caused that?

Well, I tried going to the font’s URL – and got the ‘Page Not Found’ page! Well, that’s annoying – but a 404 page is clearly not a font.

However, this site’s error pages return HTTP 200 – so Chrome expects a font…

Make sure your error pages return a correct HTTP status code. If you don’t, it can cause problems. Normally, I find that it’s false positives on automated penetration tests, but this is a new and exciting variation.

Scott Helme on SSL Certificates…

2018-03-122018-03-09 Andy BurnsSSL1 Comment

Scott Helme has posted a number of interesting blog posts recently:

I mean, he’s a bit of a LetsEncrypt fan, but equally, their certificates are as good as others, and EV Certs and SSL Warranties do seem to be sources of revenue generation, rather than offering something useful.

What I’d really like is an easy way to use LetsEncrypt with IIS; for a long time it has seemed like a second-class citizen. Or maybe scripting is just more awkward in Windows. Either way, it’d be great to have simple tooling to support automatically renewing IIS site certs.

Then we could reduced certificate lifetimes and overcome the problems of the broken revocation process in certificates.

Statically add a Rendering to a layout

2018-03-092018-03-09 Andy BurnsMVC, renderingsLeave a comment

Recently I stumbled across this excellent note from Nathanael Mann – Did you really mean .Controller() in Sitecore MVC? – it’s worth a read.

The short form – you’ll want to use:

@Html.Sitecore().Rendering("[GUID of the Rendering]", new { Cacheable=true, Cache_VaryByData=true })

… so you don’t skip caching.

Sitecore – The type or namespace name ‘WebViewPage’ could not be found

2018-03-08 Andy BurnswebconfigLeave a comment

A gentle note to myself – If I suddenly start getting errors from Sitecore of the form:

Exception: System.InvalidOperationException
Message: Error while rendering view: ‘/Views/Common/Layouts/WebLayout.cshtml’ (model: ‘Sitecore.Mvc.Presentation.RenderingModel, Sitecore.Mvc’).

Exception: System.Web.HttpCompileException
Message: c:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\root\4f078900\f158f9a6\App_Web_weblayout.cshtml.b31435e0.agxyl06t.0.cs(44): error CS0246: The type or namespace name ‘WebViewPage’ could not be found (are you missing a using directive or an assembly reference?)

… check that you’ve not delete the /Views/Web.config file. Again.

I keep causing this when I clear out my Views folder of old, obsolete, or test views.

Andy Burns' Blog

Whatever I'm working on