My interesting links email is something I send out to my colleagues, well, when I’ve found stuff of interest.

“On two occasions I have been asked, ‘Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?’ I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question.”
– Charles Babbage

• Sitecore hangs on startup when using MongoDB – http://kamsar.net/index.php/2016/09/Sitecore-hangs-on-startup-when-using-MongoDB/
• Eyecatching – “We recently hit a milestone with more than half of Chrome desktop page loads now served over HTTPS” – https://scotthelme.co.uk/the-encryted-web-is-coming/
• …and in January Chrome will start reporting all HTTP pages as being ‘Insecure’ – https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html

To be honest, I now believe we should not be building sites which aren’t served over HTTPS. It’s more secure, faster, ranked higher in Google search results, and Chrome won’t mark it as insecure. ‘Nuff said.

• This matches my opinions on Email address validation… https://hackernoon.com/the-100-correct-way-to-validate-email-addresses-7c4818f24643#.8ack9vboj
• Evil Genius – http://thedailywtf.com/articles/pointless-revenge
• Dependency Injection in Sitecore 8.2 http://kamsar.net/index.php/2016/08/Dependency-Injection-in-Sitecore-8-2/ Interesting, and scroll down to the bit about about Web Forms for Marketers…

My interesting links email is something I send out to my colleagues, well, when I’ve found stuff of interest.

• Subresource Integrity (SRI) – We could start using this right now (and why do we not use CDNs more?) https://www.troyhunt.com/protecting-your-embedded-content-with-subresource-integrity-sri/
• Why HTTPS is faster than HTTP (well, sort of) and why Andy is now excited (yes, excited) about IIS 10 https://www.troyhunt.com/i-wanna-go-fast-https-massive-speed-advantage/
  Interesting (if long) article about the use of cloudflare and things…
• https://www.troyhunt.com/cloudflare-ssl-and-unhealthy-security-absolutism/ (Why don’t we use CDNs and cloudflare and things?)
• This is about ‘Serverless computing’, but look – AZURE FUNCTIONS! TIMED JOBS! Finally! http://www.hanselman.com/blog/WhatIsServerlessComputingExploringAzureFunctions.aspx Very cool example. Find faces in an image and draw rectangles around them.

My interesting links email is something I send out to my colleagues, well, when I’ve found stuff of interest.

• Nifty Sitecore Developer Plugin for Chome – https://chrome.google.com/webstore/detail/sitecore-developer-tool/cmbppbejihcnbngefandoljljdppnlda
• Securing your Sitecore cookies for HTTPS Only – https://andrewwburns.com/2016/10/21/secure-your-sitecore-cookies/
• Taming your analytics data in Sitecore – by filtering anonymous users. (That 60Gb analytics database will thank you) – http://sitecoreart.martinrayenglish.com/2016/10/taming-your-sitecore-analytics-index-by.html
• Exploring Application Insights for disconnected or connected deep telemetry in ASP.NET Apps (Snappy Title. Apparently, App Insights can be used in an Offline mode, too) – http://www.hanselman.com/blog/ExploringApplicationInsightsForDisconnectedOrConnectedDeepTelemetryInASPNETApps.aspx
• Azure Functions look good – and an interesting use-case too. – https://www.troyhunt.com/azure-functions-in-practice/
  New CSP directive to make Subresource Integrity mandatory (`require-sri-for`) – https://frederik-braun.com/new-csp-directive-to-make-subresource-integrity-mandatory-require-sri-for.html
• Fixing the problem of Mixed mode warnings… https://scotthelme.co.uk/fixing-mixed-content-with-csp/ and https://developers.google.com/web/fundamentals/security/prevent-mixed-content/fixing-mixed-content?hl=en
• The government adding a CSP header to .GOV.UK (Bit old, still interesting) – https://gdstechnology.blog.gov.uk/2015/02/12/experimenting-with-content-security-policy-on-gov-uk/

My interesting links email is something I send out to my colleagues, well, when I’ve found stuff of interest.

• A very interesting post mortem of a 34 minute outage on Stack Overflow. It’s worth a look. http://stackstatus.net/post/147710624694/outage-postmortem-july-20-2016 TL:DR; Inefficient Regexes are inefficient and Health checking the load balancer took all pages out of rotation all at once.
• An analysis of the top 1 million sites HTTP usage… https://scotthelme.co.uk/alexa-top-1-million-crawl-aug-2016/
• How copy and paste could kill a lot of sites: https://scotthelme.co.uk/death-by-copy-paste/
• Related to the above, the requirements for HSTS preloading… https://hstspreload.appspot.com/
• A lucid criticism of Scrum – or at least, how it is implemented sometimes. http://okigiveup.net/not-big-fan-of-scrum/

My interesting links email is something I send out to my colleagues, well, when I’ve found stuff of interest. This one is quite old (December 2015).

• A hacked site that would’ve been entirely safe if it used a CSP: http://arstechnica.com/security/2015/11/hey-readers-digest-your-site-has-been-attacking-visitors-for-days/ – We should make sure we use these. Just sayin’.
• Azure have added SQL Database Threat Detection… http://www.troyhunt.com/2015/12/the-ongoing-scourge-that-is-sql.html Worth a read. The short form – Azure can try to detect SQL injection attacks. It won’t stop it, but it should detect it.
• This is a headline I never thought I’d see: http://arstechnica.com/security/2015/12/internet-connected-hello-barbie-doll-gets-bitten-by-nasty-poodle-crypto-bug/

Idle thought for the day – should we include in our sites/pages details of ‘how to contact us if you find a vulnerability’?