Weakly Reachable

... until the collector arrives ...

This "blog" is really just a scratchpad of mine. There is not much of general interest here. Most of the content is scribbled down "live" as I discover things I want to remember. I rarely go back to correct mistakes in older entries. You have been warned :)

2017-05-24

Obsolete Cookie Support in Java

The current HTTP cookie specification is RFC 6265, published back in 2011. It obsoletes RFC 2965 (from 2000) which in turn obsoletes RFC 2109 (1997). RFC 6265 retired support for the pseudo-cookies whose names start with a dollar sign. Such cookies used to be interpreted as cookie attributes (e.g. Path, Version etc). Web servers will now often reject requests containing cookie names that start with "$".

Unfortunately, the Java HTTP client does not yet support RFC 6265 (as of version 8). It still implements RFC 2965 (and supports RFC 2109). In particular, it generates $-prefixed pseudo-cookies and is thus incompatible with many contemporary servers. The incompatibility may manifest as 400 Bad Request errors, and even then only when using secure protocols where HTTP message syntax checking is more stringent.

Use the Apache client instead.

2016-08-15

Windows RDP vs. Password Changes

On Windows, there is an obscure security policy that prohibits changing one's password for the first time through Remote Desktop. Normally, one can type CTRL-ALT-DEL to bring up a menu that, among other things, allows a password change. When logged in remotely using RDP, the key chord is CTRL-ALT-END. However, Windows can detect this situation, and if the very first password change is attempted after using CTRL-ALT-END then it will be rejected as "access denied". There is a work-around, though:

  1. Bring up the onscreen keyboard (OSK.EXE).
  2. Type CTRL-ALT using the regular keyboard.
  3. Press DEL on the onscreen keyboard.
  4. The password change function will now operate normally (i.e. no "access denied").

This is helpful on virtual machines where remote access is the only possibility. The purpose of this strange security policy remains unclear.

Windows Event Logs: Command-line Access

The following Windows command will extract events from the Security log on the machine somehost provided those events have the ID 4624 (login) and are for the user someuser:

wevtutil ^
  query-events ^
  /r:somehost ^
  Security ^
  /q:"Event[System[EventID=4624] and EventData[Data[@Name='TargetUserName']='someuser']]"
The query syntax is described as being XPath that operates upon the XML representation of the events. Beware that it is a actually weird subset of XPath that does not recognize ., .., /, or //. Also, the generated XML results are free-standing fragments for each event (i.e. not wrapped by a parent element and thus not well-formed XML).

2016-06-23

Dependency Injection Frameworks

System requirements that justify the use of a dependency injection framework:

  1. The system has at least 64 components whose implementations must be selectable at run-time by editing an external text file.
  2. The development team is not permitted to know the application initialization sequence.

:)

Blog Archive