The story about Applet, Load balancer and HTTPONLY

Our application requires Load balancer stickiness (affinity).

We were investigating a problem that our Applet that was trying to connect to the application server behind a load balancer was having difficulties, it seems as if the request was routed to different App server without sticking to one app server

It was very interesting, all the web applications were working and 0nlt the applet failed

After few hours of investigation using Fiddler, we have found that the load balancer was configured to have the cookie set as HTTPONLY (very Secured).

The problem is that by declaring the cookie as HTTPONLY, it is not visible to JS but also to Applets.

Apparently Applets DO NOT support HTTPONLY cookies.

The key support element was to record a working session in the lab and a non working session on the customer environment and compare –> that way you can pinpoint the issue easily, even without knowledge.

Hope this saves you few hours

Its all about the version

last week I downloaded couple of good frameworks I am going to use more and more for the client side:

• CoffeeScript – I was skeptic at start, but I am addicted now
• KnockOutJS – MVVM, its all about two way binding
• BackBone – MVC, utilities and good app design
• KnockBack – takes the good of KnockOutJS & BackBone and combine them together

 

I started to write a simple code that will show list of items (Customer name and severity) and allow the user to double click on the customer name / Severity text so that it will become editable

It took me 10 min to write it and 4 hours to debug why it was not working

 

CoffeeScript code:

TicketViewModel = (ticket) ->
    @customer_name = kb.observable(ticket, {key: 'CustomerName', write: ((text) -> ticket.save({CustomerName: text}))}, this)
    @editingCustomerName = ko.observable(false)
    @editCustomerName = (event) => @editingCustomerName(true)

    @severity = kb.observable(ticket, {key: 'Severity', write: ((text) -> ticket.save({Severity: text}))}, this)
    @editingSeverity = ko.observable(false)
    @editSeverity = (event) => @editingSeverity(true)
    @destroyTodo = => model.destroy()        
    @

TicketListViewModel = (tickets) ->
    @tickets = ko.observableArray([])
    @collection_observable = kb.collectionObservable(tickets, @tickets, { view_model_constructor: TicketViewModel })
    @removeTicket = (ticket) => 
        @tickets.remove(ticket)
        @
    @

app_view_model =
    tickets_list: new TicketListViewModel(tickets)

 

HTML:

<ul class="ticket-list" data-bind="foreach: tickets_list.tickets">
    <li>
        <div class="ticket">
            <span class="ticket-customer" data-bind="text: customer_name, visible: !editingCustomerName(), dblclick: editCustomerName"></span>
            <input data-bind="value: customer_name, visible: editingCustomerName, hasfocus: editingCustomerName" />
            <span class="ticket-severity" data-bind="text: severity, visible: !editingSeverity(), dblclick: editSeverity"></span>
            <select  data-bind="value: severity, visible: editingSeverity, hasfocus: editingSeverity">
                <option value="P1">P1</option>
                <option value="P2">P2</option>
                <option value="P3">P3</option>
            </select>
            <a href="#" data-bind="click: $parent.removeTicket">Delete me</a>            
        </div>
    </li>
</ul>

 

I had two problems:

• The click event was not binded to my function on my model



• After fixing it, When clicking the function didn’t get as first parameter the current item

to make a long story short I had two key problems

• The context I was looping on was the root rather than the collection, so I had to specifically write the function name with its parent , so instead of “$parent.removeTicket” I had to write “$root.tickets_list.removeTicket”



• the version of KnockoutJS that is delivered with KnockBack is OLD! and didn’t have support of passing the current item

I need to find a better way to share code…. any suggestions?

Tips when working with web designers

I have few suggestions for you to focus more on your next work with web designer that should save you time and money (based on my experience)

• you should decide if you want static min width or fluid (stretches) – this will change the web designer entire work. choosing fluid is harder and requires more time
• Make sure that all the mockups work and move from one page to the other, this will ensure you really see the flow of movement in the site and you can use this mockup to show your investors something realistic quickly
• Use latest JQuery – sometimes the web designers use old version that will cause you more work later
• For forms make sure you also show the validation errors – this is crucial because playing later with the validation styles by your self will take you time or money if you will outsource it again
• Use HTML5 – there is NO reason not to use (use the relevant shim for old browsers)
• I really think your site should start with some standard template like boilerplate
• It is your responsibility to test the site on all browsers! (personally I think you should NOT support IE6 )
• Don’t forget the sample you got from web designer got static text with static width, you should make sure you test the design using larger text
• to support localization, your design should support RTL also (by using relevant classes without any tweaks from your side), although it doesn’t look important at start , not doing it now will cause you to pay more later

Hope this works for you

The story of a 32 bit application pool and 64 bit IIS manager UI

Yesterday I spent more than 4 hours to troubleshoot a weird situation that one of my web applications (32 bit) couldn’t get valid session state,

From the error it seems as if the session state was disabled, so I started looking at several areas in the IIS Manager to validate session state is active (I started with the root configuration of the entire computer)

I started with “Session State” options in the asp.net section and it looked ok

So I continued to “Pages and Controls” options in the asp.net section – and than I saw it was set as false!!! (unlike the default)

So I fixed it and restarted IIS to be on the safe side, and nothing was fixed it was still behaving as if the session state is off!

3 hours passed while I was comparing the ApplicationHost.Config to other system I have and everything looked ok (including modules, order, etc).

Than after discussing this with another friend of mine it came to me that it could be that the UI is a 64 bit application and as such it updates the 64 bit default web.config under %SYSTEMROOT%\Microsoft.NET\Framework64\v2.0.50727\CONFIG

Don’t forget our application is a 32 bit meaning the configuration it has, actually inherit from the 32 bit default root web.config which is found under %SYSTEMROOT%\Microsoft.NET\Framework\v2.0.50727\CONFIG

So I have checked the 32 bit web.config and indeed I saw that the session state was disabled.

After I update this file everything started to work.

So in essence if you application is a 32 bit – you shouldn’t use the INETMGR coz it will show you wrong values (inheritance is from the 64 bit rather than 32 bit root web.config)

by the way, Look at this link for a very good reference for the entire configuration files (including all the sections)

I can’t believe it but today I installed a Trojan

Yes, it happened to me too! (st-u-pid)

I got email from “USPS” claiming that a delivery was delayed because no one was at home (and actually I was really expecting one to come)

So I clicked on the link to see the PDF, but few seconds after I ran it i knew that I am doomed!

The file was called usps_ship_receipt.pid (NOT PDF) and its actually executable (the text you see on first link actually has a link to a different URL: http://habilitas.de/files/usps_ship_receipt.pif  <DontClick/>)

When running it, it spawns a new process that start tracking the system (called NTVDM.exe and another tmp exe that runs in the windows\temp)

it looks like this trojan is opening a socket in listen mode and also broadcast the server address to random target servers over the internet that include s15229459.onlinehome-server.info:80, ip143.gohost.kz:80, etc

Amazingly – OfficeScan doesn’t find this Trojan!

Damn it!

SQL Performance related to ASYNC_NETWORK_IO

If your application is working with SQL and you face performance problems, I guess one of the things you do is to try and see the current processes in SQL

If by running “select spid,blocked,lastwaittype,cpu,physical_io, memusage,status, cmd from master..sysprocesses” you see process that is waiting on ASYNC_NETWORK_IO than this means that you have network or client application problem that is causing SQL to not be able to flush its data (in general, client is not working fast enough to get the data and the buffer are filled)

In this blog post I would like to focus on network issues and I assume your application is good.

To ensure your network is correct check the following:

• Your NIC has latest firmware
• Your NIC is set to specific speed and duplex – this is because from time to time we see problems that are related to card that detected the wrong speed / duplex mode, suggest to have it set to the maximum your network can hold
• Your NIC is working properly – no errors in event viewer or general problem in system that looks as related to network
• the component that are involved in the communication between client and server work correctly (Router, Hubs, etc) – check that you don’t have packet loss

Hope tis post will save you few hours

BTW good link

NETFLIX is down

I am having some quality issues with NETFLIX, and when I went to their site I pressed on the “report quality issues”, this is the page I got

Now I know HA is hard but its worth it, one more time this will happen for more than 10 min, I am moving to other company.