One of the big things in IT security in recent times has been the successful attacks black-hats have launched against the infrastructure of cryptography. As we all come to rely on encrypted communications more and more, the vulnerabilities in old ciphers have become more of a problem to us developers and administrators. Vulnerabilities like Drown and Poodle are just two examples of a trend which means we all now have to worry about how our crypto is configured before we allow the internet to see a server.
But whenever you tie down security more tightly you risk causing problems when software relies on the thing you've just disabled...
I spent some time recently investigating why certain aspects of the Coveo for Sitecore search framework were broken on a client's server, and the answer ended up being directly related to crypto security. Here's what happened:
With the release of Sitecore 8.2 Update 1 last week, we finally have support for running our Sitecore solutions as Azure Web App Services without the need for the Sitecore Azure Module. As someone who had never tried a PaaS deployment with the old module, this brings a load of interesting benefits, but also has a few challenges to get your head around. I've spent a bit of time experimenting, and discovered a few things that you might want to read up on before you dive in.
Every website needs to be able to deal with requests for pages which don't exist – some sort of 404 handling is a feature of pretty much every Sitecore project. But, as I discovered when sorting out an issue on a client's site recently, it's a bit of code which can bite if you're not careful...
Wild times in the Sitecore world, as the release of v8.2 is has brought a load of new features. One I'm particularly pleased about is that there is now an official NuGet feed for your Sitecore references. I've been asking pretty much every Sitecore employee I've spoken to about doing this for years now, and finally it's here.
So now I've read the release notes and finished a quick chair dance of joy, it's time to dive in and see what it's all about...
Following on from last week's "how to host private NuGet feeds in Visual Studio Online", this week we'll build on that to get some code to compile and some Sitecore.FakeDB tests to run and Hedgehog TDS to generate a deployment package in the cloud build.
While I've read plenty of articles in the past about configuring build servers for Sitecore projects, I've not seen much written about using Visual Studio Online. (Or "Team Foundation Services", or whatever it's called this week) Since the company I work for are in the process of transitioning all their development infrastructure to Azure, trying to get hosted builds working in VSO seemed like a userful area of research for me. This is the first part of what will probably turn into a few posts on the topic of how I got to the point of being able to run a hosted build for a Sitecore / TDS / FakeDB solution...
A colleague of mine has been looking at some custom page events and reporting in Sitecore 8.1 recently. One thing which came to light during this work is that some of the personalisation rule code in the product didn't appear to work as expected. In case anyone else is looking at this aspect of the software, he's a summary of the issue we were seeing, in the hope that it can help you avoid the time we spent looking into this:
Sitecore config patches are great, right? We (should) all be using them to ensure that our changes in configuration don't get stomped on when we upgrade, or install new modules. But like any bit of technology, they can sometimes cause problems. Here's an example of one I saw recently, in the hope it can save others from similar issues:
Every so often, every developer finds themselves having to parse data out of text. There are loads of ways of approaching this task, but a lot of pretty unsatisfactory solutions start from "I'll just split up the text by whitespace" or "Hey, let's use regular expressions!". You all remember what regular expressions lead to, right?
As someone who's always on the lookout for something interesting and new to experiment with, I came across an alternative approach to parsing text recently. A blog post I read (I forget what it was, or I'd give credit) linked to the Sprache project on GitHub. This is a text parsing library which lets you construct the descriptions of the text to parse using Linq-style expressions.
So I thought I'd invent an idea for an experimental project to test this out...
Recently I was looking into how custom caching might improve the performance of Layouts in Sitecore. But one important aspect of the concept of improving performance with tricks like that which I didn't discuss was how you can work out places where caching will give you benefits...