One deep dive with haproxy and I have handed it complete control of all my certificates.

* One bind statement with every single cert file I own, and haproxy is instantly handling every host’s SSL handshaking using SNI
* It is handling dynamic conversion of http requests to https
* It has removed the need for https on any webserver on the secured LAN
* It allows incredibly flexible load balancing via host, port, url, etc etc
* It is easy to set up to use ssl best practices, so every one of your websites instantly gets A+ ratings on ssl labs

Unbelievable, I’m stunned.

Here’s all I needed to get ssl labs A+ ratings:

global

    # MDM NO SSLv3!  Good ciphers!
    ssl-default-bind-options no-sslv3 no-tls-tickets force-tlsv12
    ssl-default-bind-ciphers AES128+EECDH:AES128+EDH

frontend ....

  # MDM We need to provide an HSTS header to get A+ at ssllabs!
  http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
      
  reqadd X-Forwarded-Proto:\ https

Also needed this in wordpress wp-config.php:

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
       $_SERVER['HTTPS']='on';

Wow you wouldn’t think this would be difficult…

For mailto:
- Make sure you are logged in to Gmail and the active window is your main Gmail page (or nothing will happen).
- Copy/paste this into the address bar:
javascript:navigator.registerProtocolHandler("mailto","https://mail.google.com/mail/?extsrc=mailto&url=%s","Gmail")
- Add the javascript: to the front again if needed, because when you pasted it, Chrome probably trimmed everything before and including the colon. Then hit enter.
It also works for webcal:
- Make sure you are on your Google Calendar page (or nothing will happen).
- Copy/paste this into the address bar:
javascript:navigator.registerProtocolHandler("webcal","https://www.google.com/calendar/render?cid=%s","Google Calendar")
- Add the javascript: to the front again if it got automatically trimmed. Then hit enter.

You can directly delete iterators while looping through associative containers like set and map:

    for(auto itue = usersByEmail_.begin(), itue_end = usersBySecret_.end(); itue != itue_end; ) 
    {
        if ((*itue)->bDeleted())
        { 
            // NOTE We could do more cleanup work here if needed.
            itue = usersByEmail_.erase(itue);

        } else ++itue;
    }

With sequential containers like vector, you should use the erase-remove idiom. Here’s an example for my multi-indexed sets of pointers that uses a lambda to keep the code tight. runsByRank_ is of my sorted_vector type:

    runsByRank_.erase(
        remove_if(
            runsByRank_.begin(), runsByRank_.end(),    
            []( StockRun*& psr )
            { 
                // NOTE We could do more cleanup work here if needed.
                return psr->bDeleted(); 
            }
        ),
        runsByRank_.end()
    );

I’ll try to get my quick-http skeleton app updated with these best practices soon. As of now it does not include any delayed-deletion pattern.

When an unauthenticated user accesses a protected resource of my API server, I want to immediately redirect them to the login page.  Research has indicated that the server should send the client an HTTP 302 page with the url.  Experimentation has shown that you can successfully set cookies. The cookie can be used to hold the url to re-redirect the user back to the original request after authenticating. Nice.

Here’s the header to send from the server:

    const string cstr_HTML_302_HEADER1 = "HTTP/1.1 302 Moved Temporarily\r\nLocation: ";
    const string cstr_HTML_HEADER2 = "\r\n\r\n";
    // ....
        string cookie_header = "\r\n";
        cookie_header += "Set-Cookie: .... ";
        *response << cstr_HTML_302_HEADER1 << "/v1/login.html" << cookie_header << cstr_HTML_HEADER2;

The publicly available version of quick-http on github needs a refresh, hopefully I'll have some time soon to move a large set of new code there that uses Simple Web Server, HTTP 302 redirects, user authentication, etc.

A friend of mine asked for help to do a complicated data pivot on a few thousand rows of data.  We discussed it and agreed that we probably needed to walk each row and do an algorithmic summation on the fly.

My first instinct was to fire up Windows and dust off the old VBA cobwebs in my mind.  Fortunately that didn’t last long, and I reached for a far more comfortable friend, SQL.  The final SQL wasn’t terribly simple, but wasn’t terribly complicated either.  And it was a total linux solution, always the more pleasant solution.  And totally gui, too, for all you folks who get hives when you have to bang at a terminal.  

• Open excel sheet in LibreOffice
• Copy columns of interest into a new sheet
• Save As -> Text CSV
• Create a sqlitebrowser database
• Import the CSV file as a new table

BAM, easy, powerful, free, cheap, fast, win, win, win!

I ended up using this sql, the key is sqlite’s group_concat(), which just jams a whole query into one field, ha, boom.

SELECT a.email
 , group_concat(d.Dates) AS Dates
 , group_concat(d.Values) ASValues
FROM (select * from TestData ORDER BY email,Dates) AS a
inner JOIN TestData AS d ON d.email = a.email
GROUP BY a.email;

Then I copied the tabular result of the query, and pasted into the LibreOffice sheet, which asked me how to import.  Delimited by tab and comma, and then always recheck “select text delimiter” and use a comma.  And the cells fill right up.

All is full of light.