I just started experimenting with the .NET framework and I noticed that when I run:
dotnet list packagein the JavaScript Debug Terminal of VS Code I get all my packages as I should but they have strange Links attached to some of them that lead to scam sites.
ex:
> Windows.EntityFrameworkCore.SQlite --> ww1 .entityframework.com which is a shitty site pretending to be .NET hiring developers.
....
enter image description here
I tried running anti virus scans and cleanups. Nothing detected.
I tested on PowerShell, GitBash and Cmd terminals. Nothing, only happens in the JavaScript Debug Terminal
I tried disabling all my VS Code extensions (including the built-in ones) except the JavaScript debugger to see if its coming form another extension. Still there.
I have heard of extension vulnerabilities and VS Code Hacks but this is a built-in plugin.
Has this happened to anyone?
VSCode is configured to attempt to parse strings from any output that could represent a valid URL and present the option to you as a clickable link for convenience.
Since .tools is a valid TLD, it thinks the string Microsoft.EntityFrameworkCore.Tools is referencing the URL http://microsoft.entityframeworkcore.tools/ which it seems has been parked by an unscrupulous individual or organization. You as the developer should understand that this is a namespace reference and not a URL, and thus there is no value in clicking it.
This is not indicative of any sort of malware or any real malfeasance.
Related
My nw.js app suddenly stopped working on Windows 10 with the following error;
Failed to load extension from {path}. Default locale is defined but default data couldn't be loaded.
Structure & manifest
_locales
en
js/i18n.js
Manifest
"default_language": "en"
I don't know what windows has changed recently but it has been working solidly on previous versions of Windows for years. I've updated the country tag as per available language packs for windows here and chromium tags but still no luck.
According to this thread :
"I use Chrome and stopped updating it once they made tabbed-options
mandatory. I also keep my User Data folder in a non-default location.
When this bug started, I used the --single-process trick for a while
but as mwalsher said, it stopped working when they messed with the Web
Store. I used but hate the manual method outlined above, so what I did
was to simply move my User Data folder to a FAT32 partition. Problem
solved; now I can successfully install packed extensions from an older
version of Chromium, running in normal mode, to a non-default User
Data folder. Even better, thanks to a system I set up
(http://superuser.com/questions/196886/how-to-relocate-chrome-profile-but-also-make-new-links-open-with-the-relocated-p/257706#257706),
it was /extremely/ easy to change it (I had only to change a single
byte and reboot)."
..
"Change the security permissions of the temp directory might fix this
problem. On my computer, the temp directory only has 3 full control
user (My Account, System, Administrators) at beginning. I manually
give everyone full control to this folder (maybe adding list
permission only also works). However it doesn't work immediately,
until next day I restart the computer with great surprise.
..
As a workaround, --no-sandbox might work. Note that this is just as
unsafe as --single-process, so be careful when using it.
..
..
perform a "chrome://restart
Try this first:
..I restarted Chrome and tried to install it again, and now it
installed cleanly..
I just started using laravel's lumen and managed to make it work both locally and on a server, when I was about to start exploring it, my index.php consisted in just:
$app = require __DIR__."/../lumenTest/bootstrap/app.php";
$app->run($app->make('request'));
echo $myundefinedvariable;
Which displays a ErrorException: Undefined variable: myundefinedvariable, but inside the "...at Application->Laravel\Lumen\Concerns{closure}" window I can see a giant wall of text with stuff like:
... 'APP_KEY' => 'fake0BqKgHeC72EmT7039B6pDCsJ90key' , ..., 'DB_PASSWORD' => 'secret', ...
And my first thoughts were, maybe it is because im running it localy with XAMPP or something, so I went and tried it on the server and the same thing happened.
Is it normal that sensitive data from my .env file gets shown to everyone after doing any php error?
Is there a way to avoid this happening? (different than not having any PHP errors, because I tend to have them a lot).
Additional info:
PHP version 7.1.12
Lumen (5.6.1) (Laravel Components 5.6.*)
The directory "lumenTest" is one level above my www or public and there is where the .env is located, the site is on a Linux server shared host
No, that's not normal. Professional developers consider this an amaturistic behavior. That's the exact reason why companies don't even consider using Laravel.
Many people (including me) already notified them that this is really not-done, but the developers don't really seem to care. In fact it's the only framework in the world that thinks it's OK to print critical information in a debug page. Surely a visitor should never see stack traces, sql queries, pieces of code... But environment variables are confidential and should never end up in a HTTP response.
The best advice I have is to use a professional MVC framework like ASP.net, codeigniter, or yii, since there's no telling what the Laravel devs also think is OK to do...
If on the other hand you do decide to use Laravel anyway, there's a package that counters this: https://github.com/GlaivePro/Hidevara
It's real easy to setup, just make sure you don't forget the app->extend instruction.
On a production server you must not run "composer install" but instead "composer instal --no-dev". This way filp/whoops will (should, hopefully) not be installed and cannot be triggered.
For professional development, i surely recommend not to use Laravel since the bar of what they think is acceptable seems to be very low.
As a sidenote: the developers claim that nothing can go wrong when APP_DEBUG=false, but incidents in the past have shown that the whoops handler can be triggered when debug mode is disabled. https://www.google.com/amp/s/blog.hacken.io/dangers-of-laravel-debug-mode-enabled%3fhs_amp=true
Yes, if you have debug mode enabled, any sort of data relating to an error can be displayed. This certainly would include sensitive data that would be useful when debugging.
For production, you want all errors to be privately logged, not publicly displayed. For this reason, you will want debug=false in your .env file.
If this is happening while debug mode is already set to false, you will want to configure the hiding/logging of errors at the server level.
An article on Chrome OS that I read here:
https://medium.com/#JamesCridland/review-five-months-with-a-chromebook-for-web-development-writing-and-more-8adf36b4a061
says:
"Update: Above, I mention that I use SSH and vi to do my programming work. And I did. Except I don’t any more. It turns out that one of the newer updates added direct SFTP access into the Files app (the equivalent of Explorer or Finder), so that my development box appears simply as another drive on my Chromebook. And Caret is an excellent programmer’s editor. So now I have a proper programmer’s editor (as well as the SSH terminal I need to put those changes live)."
Ok. But, when I go into Chrome OS's files app, the apparent way 'mount' my equiv of his
'development box' is via 'add new services', which is launching a webstore-app named 'SFTP' (whose icon is a blue folder outline with "SFTP" on it). i,e.:
https://chrome.google.com/webstore/detail/sftp-file-system/gbheifiifcfekkamhepkeogobihicgmn?hl=en
(My equiv of his 'development box' I'm assuming to be my web-server at bluehost.com, where I currently use Firefox's FireFTP extension, on Win-10.)
I can't get this 3-stars webstore 'SFTP' app (authored by someone from Japan) to authenticate me into my bluehost acc't. So, now I'm wondering whether
this 'SFTP' app is even the right thing to have installed, due to all the one- and two-star showstopper reviews. One typical review by a guy named Tim says:
"It's a nice try, but I really wish someone who knows what they're doing would make this service. It looks like it works but if you drill down more than a few folders deep on the remote filesystem, operations slow to a crawl."
Similarly, the two clients ('sFTP client' and 'sFTP client Lite) also have such low ratings, that my gut says that Google has failed to deliver a robust web-developer infrastructure.
Come on Google...you need to implement this stuff under your own logo.
Am I missing something???
Probably should advertise this functionality better :), but the Secure Shell App supports mounting via SFTP so it will appear in the Files app.
Steps to use:
Install Secure Shell Chrome extension.
Launch the extension (look for it in the bar to the right of the omnibox/browser URL bar -- it'll have a black terminal icon).
Enter the connection details to create a new profile.
Give it a description like "user#foo.com".
Instead of clicking "Connect" in the bottom right, click "Mount".
Authenticate with the server (keys/pass/whatever).
Once it finishes, it'll now be visible in the Files app.
If you suspend/resume the system or otherwise logout/reboot, you'll need to relaunch Secure Shell, select the saved profile, and then click "Mount" again. We probably should make this a bit smoother, but that's how it works currently.
No, not an answer yet...just more wishlist stuff:
Ok, more recent info about the Firefox browser's "FireFTP" addon:
It no longer works on the (new) std Firefox browser, as of a couple of
weeks ago when version 57.0 was released. (No biggie tho...a goggle revealed
a new-to-me browser called 'Waterfox' and it nicely supports FireFTP and the
other addons that Firefox dropped support for.)
So a bit more research yielded only yet more 'mumble-mode' confusion: it revealed that FireFTP is open source...located here:
https://github.com/mimecuvalo/fireftp
(So I submitted a new 'issue' there and asked about porting it to Chrome.)
I'm desperate, and recently test-drove Google's new Pixelbook.
(Sigh...nothing inspirational came of that...I give it one-thumb-down rating.
Here's my notes from that experience:
------------ Review notes of Pixelbook: ----------------------
Google didn’t think to include a USB-C to USB-A adapter. (A $2 item. e.g.)
https://www.amazon.com/Remax-USB3-1-Female-Adapter-Silver/dp/B01MCSRSKN/
That was my 'showstopper'...like a few other reviewers said...it's not well
thought out / matured. To me it feels more like a gimmick, than a product.
At a minimum, it rates my newest hashtag: #NRFPT (not ready for prime time).
I found no obvious way to disable the touchpad, when using a mouse.
In fact, no other reviewers expressed interest in using a mouse. (???)
Lastly, my favorite kind of Android apps are 'widgets', and I see no signs
that it has occurred to Google to allow Chrome-OS's desktop/background to
host any widgets.
Ok, I'm still in mumble-mode...and still in search of a FTP/SFTP GUI client for
the Chrome browser / Chrome-OS that is the quality of FireFTP.
Enable Linux(beta) on your chromebook. Then you can do whatever you want like on others linux machine.
A simple sftp connection command
sftp [user#]host
Enable linux and mount with sshfs
sudo apt install sshfs
then
sshfs -o reconnect,ServerAliveInterval=15,ServerAliveCountMax=3 user#xxx.xxx.xxx.xxx:/remotedir localdir
or with key auth
sshfs -o reconnect,ServerAliveInterval=15,ServerAliveCountMax=3,IdentityFile=~/.ssh/id_rsa user#xxx.xxx.xxx.xxx:/remotedir localdir
These will reconnect after resuming from sleep
I just deployed a website into IIS 7 (about which I am woefully ignorant), and upon trying to build the site, I receive this error. I did a little googleing and I saw an article that said I should put system.web.extensions.dll into the /bin. But, I also saw an article saying not to do that. I tried it anyway, but I just received a different error ('Resource cannot be found').
I am totally clueless as to what else to try
Can you use the "Publish" command in Visual Studio to publish directly to the site? If not, then use that command to publish to a similar site on your machine, then copy it to the customer site.
You should also look into the IIS Web Deployment Tool. It can copy an entire site, including IIS settings and any databases. It will be built into VS2010.
Go to control panel, then programs, turn windows features on or off, scroll down to Microsoft.net framework 3.5.1 expand, make sure both sub options are selected, this might help your issue.
I want to launch the browser in a different process when a particular link is clicked on the page. When I checked the net I found the following tip: http://www.dslreports.com/faq/3849 . But there we have to change the registry. Is there any simple way of doing this without touching the registry?
If you use the Google Chrome browser, each new window or tab runs in a separate process. Internet Explorer version 8 will do the same (it's currently in the second beta round).
Earlier versions of IE will run a new window in a separate process if it is launched from, say, the Start menu or the command line, or a link in an email (but not by clicking a link within IE). I imagine you could create a proxy that the client would run through, which would intercept the links you care about and launch them by running a command line request. That seems like more trouble than mucking with the registry though (assuming that registry change still works -- looks like your link is from 2002).
I don't believe this is possible unless you change the client computer setup or software it's running.
Why do you want to do this?