Applications built on the once-ubiquitous trio of AngularJS 1.x, Bootstrap 3, and jQuery are sitting on a security precipice. With official support and security patches for these versions long since sunsetted, businesses and developers are exposed to a growing number of unpatched vulnerabilities, leaving their systems and users ripe for exploitation.

The core of the problem lies in the end-of-life (EOL) status of these foundational web development tools. AngularJS 1.x reached its EOL on December 31, 2021. Similarly, Bootstrap 3 has been unsupported since July 2019, and while jQuery is still actively developed, older versions are no longer maintained. This means that any new security flaws discovered in these legacy versions will remain unaddressed by their original creators, creating a permanent window of opportunity for attackers.

AngularJS 1.x: A Playground for Attackers

AngularJS 1.x, in particular, presents a significant attack surface. Its architecture, especially the powerful and flexible nature of its two-way data binding and expression evaluation, has been a source of numerous security headaches.
Key vulnerabilities include:

• Cross-Site Scripting (XSS): This is the most critical and prevalent risk in AngularJS 1.x. Attackers can inject malicious scripts into web pages viewed by other users. The framework's $sce (Strict Contextual Escaping) service was introduced to mitigate this, but improper use or bypassing it can easily lead to XSS. Sandbox bypass vulnerabilities have also been discovered and patched in the past, but with no new patches, any newly found bypasses will leave applications vulnerable.
• Template Injection: AngularJS templates are powerful, and if an attacker can control any part of a template, they can execute arbitrary JavaScript. This is a significant risk, especially in applications that dynamically generate templates based on user input.
• Cross-Site Request Forgery (CSRF): While AngularJS has built-in CSRF protection mechanisms, they require proper server-side implementation. Misconfiguration or a lack of server-side validation can render these protections useless.

Bootstrap 3: Outdated and Exposed

Bootstrap 3, while primarily a CSS framework, is not immune to security vulnerabilities, especially in its JavaScript components.

The most significant risks associated with using this outdated version include:

• Cross-Site Scripting (XSS) in JavaScript Components: Several XSS vulnerabilities have been discovered in Bootstrap 3's JavaScript plugins, such as the tooltip and popover components. These flaws allow attackers to inject malicious code through data attributes. For instance, CVE-2019-8331 highlighted an XSS vulnerability in the data-template attribute of tooltips and popovers.
• Dependency on Outdated jQuery: Bootstrap 3 relies on older versions of jQuery, which themselves have a host of un-patched vulnerabilities. This creates a chain of risk, where a vulnerability in the underlying dependency can compromise the entire application.

jQuery: A Legacy of Vulnerabilities

jQuery, being one of the most widely used JavaScript libraries in history, has a long list of documented vulnerabilities in its older versions. Relying on an outdated version of jQuery, as many AngularJS 1.x and Bootstrap 3 applications do, exposes a project to:

• Cross-Site Scripting (XSS): Numerous XSS vulnerabilities have been patched in newer jQuery versions. Older versions are susceptible to attacks where malicious input can be executed as code when manipulated with certain jQuery functions. CVE-2020-11022 and CVE-2020-11023 are notable examples of XSS flaws in versions prior to 3.5.0.
• Prototype Pollution: This is a serious vulnerability where an attacker can modify the Object.prototype. This can lead to a variety of other security issues, including the bypass of security controls and denial of service. CVE-2019-11358 is a well-known prototype pollution vulnerability in jQuery versions before 3.4.0.
• Denial of Service (DoS): Certain vulnerabilities in older jQuery versions could allow an attacker to crash a user's browser or cause the application to become unresponsive.

The Unseen Danger: Lack of Security Patches

Beyond the specific, documented vulnerabilities, the most significant risk is the absence of ongoing security support. The cybersecurity landscape is constantly evolving, with new attack techniques and vulnerabilities being discovered daily. Without a dedicated team actively monitoring and patching these legacy libraries, applications built upon them are defenceless against these emerging threats.

Mitigation Strategies: A Necessary Evolution

For organizations still running applications on this outdated stack, the primary recommendation is to migrate to a modern, supported framework. Newer versions of Angular, React, or Vue.js offer more robust security features and active communities that promptly address vulnerabilities.
For those unable to undertake an immediate, full-scale migration, other options include:

• Upgrading to the latest minor versions: While not a complete solution, ensuring you are on the absolute latest available point release of AngularJS 1.x, Bootstrap 3, and a more recent, secure version of jQuery can mitigate some known vulnerabilities.
• Extended Long-Term Support (ELTS): Several third-party vendors offer commercial ELTS for AngularJS, providing security patches for a fee. This can be a stop-gap measure to keep applications secure while planning a longer-term migration strategy.
• Thorough Security Audits and Penetration Testing: Regularly engaging security professionals to audit the application can help identify and mitigate vulnerabilities specific to the codebase and its dependencies.
• Implementing a Web Application Firewall (WAF): A WAF can provide a layer of protection by filtering and monitoring HTTP traffic between the application and the internet, potentially blocking common attacks.

In conclusion, while AngularJS 1.x, Bootstrap 3, and older versions of jQuery were instrumental in shaping the modern web, their time has passed. Continuing to build and maintain applications on this unsupported foundation is a significant and unnecessary security risk. The question for businesses is not if a vulnerability will be exploited, but when. Proactive migration and modernisation are the only truly effective long - term solutions.

References

• https://tuxcare.com/blog/still-rocking-the-classics-a-pragmatists-guide-to-angularjs-support-in-the-enterprise
• https://www.herodevs.com/blog-posts/the-state-of-angularjs-in-2025
• https://www.valencynetworks.com/kb/how-to-fix-vulnerable-jquery-javascript-library.html
• https://blog.getbootstrap.com/2019/07/24/lts-plan
• https://nvd.nist.gov/vuln/detail/cve-2019-8331
• https://nvd.nist.gov/vuln/detail/cve-2020-11022
• https://nvd.nist.gov/vuln/detail/cve-2020-11023
• https://nvd.nist.gov/vuln/detail/cve-2019-11358
• https://my.f5.com/manage/s/article/K000141463
• https://via.studio/journal/bootstrap-3-vulnerabilityhttps://www.icesoft.org/wiki/display/ICE/jQuery+Security+Vulnerability+Mitigation

You may have noticed that when installing Ubuntu form a USB disk, that it created a default mount point on your disk that is only about 20% of the full capacity of the disk.

Perhaps 100 or 200GB of your 1TB disk.

Using the command lsblk you might see your main partition being much larger than the logical volume mounted to it.

Below, you can see disk a partition 3 sda3 is 553GB, but the logical volume ubuntu--vg-ubuntu--lv attached to root / is only 100GB.

If you didn't notice this happen, or perhaps weren't sure it was safe to change the defaults during the guided installation process, you'll probably want to fix that now to get access to your full disk!

Using various command-line tools, you can resize your volume easily.

1. Check the current size of the logical volume using df (or duf if you have it installed):
df -hT /dev/mapper/ubuntu--vg-ubuntu--lv

2. Check if you can actually perform the resize, buy testing the command first (with the -t option):
sudo lvresize -tvl +100%FREE /dev/mapper/ubuntu--vg-ubuntu--lv

3. Resize the logical volume for real:
sudo lvresize -vl +100%FREE /dev/mapper/ubuntu--vg-ubuntu--lv

4. Resize the filesystem to match:
sudo resize2fs -p /dev/mapper/ubuntu--vg-ubuntu--lv

5. Finally, check the size of the logical volume to ensure everything was successful:
df -hT /dev/mapper/ubuntu--vg-ubuntu--lv

Using the df or duf command, you see an overvie of your new disk layout:

When deploying pi-hole via docker on your Linux or Mac machine, there's a high probability that port 53 is already being used to resolve DNS requests via your local machine to an upstream server, and as such you can not bind your docker container to port 53 on the host.

You'll likely see the error:
listen tcp4 0.0.0.0:53: bind: address already in use

To find what is using port 53 you can execute:
sudo lsof -i -P -n | grep LISTEN
on Linux, or on Mac:
sudo lsof -i :53

You can be 99.9% sure that systemd-resolved on Linux (or mDNSResponseder on Mac) is what is listening to port 53.

Before diving in and disabling your local DNS resolver, you probably want to consider moving Pi-Hole to it's own VLAN instead. This will ensure it gets its own interface on your network and will make discover of clients better in the pi-hole itself.

To do that, you'll want to add a Macvlan.

Macvlan network driver

All about using Macvlan to make your containers appear like physical machines on the network

Docker Documentation

To do this, you can add a new "network" section to your docker-compose.yml:

networks:
  vlan:
    enable_ipv6: true
    driver: macvlan
    driver_opts:
      parent: eno1
    ipam:
      config:
        - subnet: 192.168.1.0/24
          gateway: 192.168.1.1
          ip_range: 192.168.1.1/24 # this must not overlap with your DHCP range
        - subnet: 2001:db8:3333::/64
          gateway: 2001:db8:3333::1

You can now use this new VLAN in your main pi-hole service configuration:

services:
  pihole:
  ...
    networks:
      vlan:
        ipv4_address: 192.168.1.10

Here, you just need to specify the actual IP address you want to assign your Pi-Hole. This will now be the IP address of your new Pi-Hole DNS Server.
You can access the Pi-Hole admin cosole here too. e.g:
`http://192.168.1.10/admin`

Option 2

If you really want to disable your local DNS resolver, or you're not quite comfortable with Docker VLANs yet, you can go ahead and do that.

Be aware however, this may have other side-effects if you even remove or shut down your pi-hole container. (i.e. you'll loose the ability to resolve domains by name.)

So, to go ahead and disable it, you can use these 2 commands:

sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved.service

Now you have port 53 open, but no DNS configured for your host.

To fix that, you need to edit /etc/resolv.conf and add your upstream DNS nameserver IP address. e.g.:

nameserver 1.1.1.1

If you have another name-server in that file, just comment it out in case you need to remember the original value.
Once your pi-hole docker container is up and running, you can change the DNS server of your host to localhost, as you are binding port 53 to the host machine. Again, change /etc/resolv.conf like this:

nameserver 127.0.0.1

Have a look at the official Docker Pi-Hole documentation for more information on configuration options, running pi-hole as a DHCP server etc.

GitHub - pi-hole/docker-pi-hole: Pi-hole in a docker container

Pi-hole in a docker container. Contribute to pi-hole/docker-pi-hole development by creating an account on GitHub.

GitHubpi-hole

I've started using WSL pretty regularly now that our development process has gone cross-platform by default. I still love developing on Windows, and even though my entire tool-chain is available on a Mac, I prefer the customisation of both hardware and software that comes with the PC platform.

That being said, i also love linux, and would use it daily if it fit into our corporate environment. So, I use WSL and al it's glory to back up my dev environment. It's pretty great and fits into my existing Windows dev environment well now.

So, here are a couple of awesome command line tools I use regularly, and how to install them.

I'll be adding to this list form time to time so come back if you'd like to see if I replace these tools with anything new from time to time.

1. nala - front-end for apt
2. duf - Disk Filesystem utility
3. btop - system resource monitor

1) nala

"nala" is an alternative front end to APT (libapt-pkg) that has really great interface and command line gui, including progress graphs, tables etc. It lso supports paralel downloads and filters out the guf messages that perhaps don't help all that much - especially helpful for users new to Linux and apt that don't understand the complexities and nuances of apt.

GitHub - volitank/nala: a wrapper for the apt package manager.

a wrapper for the apt package manager. Contribute to volitank/nala development by creating an account on GitHub.

GitHubvolitank

Volian Linux / nala · GitLab

GitLab.com

GitLab

Installation

Installation is different depending on the distro and version of Linux you're running - you require Ubuntu 21+ for example, <= 18 is not supported.

Head over to the Volian WIKI for installation instructions.
Alternatively, see the Volian GitLab Releases page for downloads.

2) duf

GitHub - muesli/duf: Disk Usage/Free Utility - a better ‘df’ alternative

Disk Usage/Free Utility - a better ‘df’ alternative - GitHub - muesli/duf: Disk Usage/Free Utility - a better ‘df’ alternative

GitHubmuesli

"duf" is a visually updated version of the "df" (Disk Filesystem) command and checks disk usage and statistics.

Installation

If you're using Ubuntu (or any Debian based distro) you can install duf by downloading the .deb package directly from GitHub using wget:

* Be sure to check for the latest version in the releases page first - just replace the URL below with the latest.

wget https://github.com/muesli/duf/releases/download/v0.8.1/duf_0.8.1_linux_amd64.deb

Then, install the package with dpkg:

sudo dpkg -i duf_0.8.1_linux_amd64.deb

If you'd like to remove the downloaded package after successful install, simply run:
rm -rf duf_0.8.1_linux_amd64.deb

3) btop++

You'll probably know top as a useful system resource monitoring tool for the command line in Linux.

You may even use htop

Check out the btop++ repository on GitHub:

GitHub - aristocratos/btop: A monitor of resources

A monitor of resources. Contribute to aristocratos/btop development by creating an account on GitHub.

GitHubaristocratos

Installation

To install btop++ from the command line, simply download the latest version from the GitHub repo (be sure to check for the latest release from the release page).

You want the _x64_64_linux_musl version...

wget https://github.com/aristocratos/btop/releases/download/v1.2.8/btop-x86_64-linux-musl.tbz

Then, unzip the bin/btop folder from the archive to a new folder under `/usr/local/bin:

sudo tar xf btop-x86_64-linux-musl.tbz -C /usr/local bin/btop

You can now simply run btop to see your new system monitor. Remember it's ctrl+c to exit.

Most command line users, even the newbies, will have see the use of ipconfig for reading details of network interfeaces and their respective configuration. However, the configuration of most devices only applies to the connection to the internal network. If you need to know the IP Address of your external (public facing) internet gateway, you'll need to do a little more work.

Sure there are plenty of webistes that can give you this information (even our website has a tool: https://neurotechnics.com/tools/ipinfo). And searching google for the phrase what is my ip address will give you the answer as a google information card (along with about 1.8 trillion other results).

DOS / Bash (Windows and Linux)

From the Command Prompt (or within a batch/cmd script) you can use the built-in nslookup command:

nslookup myip.opendns.com resolver1.opendns.com

However, this is a little more verbose than need in an automation context.
To simplify, we probably need to parse the output, which in abatch file can be tedious. So, lets use CURL to call a remote API. (** Yes, curl should work out of the box in recent versions of windows).

We can talk to various web-api's for this... api.ipify.org, ipinfo.io and ifconfig.me are the two I use interchangeably.

C:\> curl https://ipinfo.io/ip
123.123.123.123

C:\>curl https://ifconfig.me/ip
123.123.123.123

Update: api.ipify.org DOES NOT have any tracking whatsoever (other than resolving your IP address). I highly recommend this service:

c:\> curl https://api.ipify.org
123.123.123.123

PowerShell (Windows and Linux)

If you prefer using PowerShell, you can use Invoke-WebRequest to call one of the many remote websites or API's that will give you the information you need:

PS> Invoke-WebRequest ifconfig.me/ip

The Invoke-WebRequest command will return a formatted PowerShell output containing a summary of the http-response from the server.

The Content property contains the information we're interested in. You can use the response data as is, or you can retrieve the Content property only, by specifying the command line:

PS C:\> (Invoke-WebRequest ifconfig.me/ip).Content
123.123.123.123
PS C:\>

Configuring GPG to sign Git commits isn't trivial, especially if you need integration with an IDE such as VSCode or SourceTree.

Fortunately there's a straight forward set of steps you can take.

Install required software

You can skip any steps you've already completed, but in general you'll need to install the following:

• Git - https://git-scm.com/download/win
• GnuPG (GPG4Win) - https://gpg4win.org/download.html

Generate a new key

If you already have a PGP/GPG key you'd like to use, you can skip this step, if not follow the instructions here about generating a new GPG Key:

Generating a new GPG key - GitHub Docs

If you don’t have an existing GPG key, you can generate a new GPG key to use for signing commits and tags.

GitHub Docs

Backup, backup and re-backup

For most use cases, the secret key need not be exported and should not distributed.  In order to create a backup key, use the export-backup option:

$ gpg --output backupkeys.pgp --armor --export-secret-keys --export-options export-backup jane.smith@email.com 

This will export all necessary information to restore the secrets  keys including the trust database information.  Make sure you store your backup secret keys in a secure physical location.

If this key is important to you, I recommend printing out the key on paper using paperkey, then optionally laminate it, and place the paper key in a fireproof/waterproof safe.

Export your public key

To export your public key, you'll first need to figure out your keys ID:
gpg --list-secure-keys --key-id-format LONG

$ gpg --list-secret-keys --key-id-format LONG
# /c/Users/jsmith/.gnupg/secring.gpg
# ----------------------------------
# sec   rsa4096/DA03396D49F620F3 2021-02-11 [SC] [expires: 2023-02-11]
#       802DB710FC9A7C5E4D9A6FA7DA03396D49F620F3
# uid                 [ultimate] Jane Smith <jane.smith@email.com>

Although you can use the full Thumbprint of the key (802DB710FC9A7C5E4D9A6FA7DA03396D49F620F3) you can also simply use the shorter Key ID (DA03396D49F620F3).

Next you'll need to dump the public key:

$ gpg --armor --export DA03396D49F620F3
# Prints the GPG key ID, in ASCII armor format, e.g.:

-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGAk90sBEADC3l4nHixxcQ7XDbfWPs799uS92H25Z5g6SOJT6grqi+jRz425
gw4WBuZtRTrwz0zglpXkaVuCZMQT1vMrzxUbK1t/nv+SQyh0URr+wYFFCJcvpoce
dS00bQ9urOwaqXnIRuH2JnMUbTPPhp3BQJdrOFp46Itc1bURFd1ZRqoLgD/OItuu
nxP8Ncekdy1BdJJM94Mag+wEYoPfa8Q3qSeYU7zMr62KW+TGN8zNkBjEgWbq9nRT
dvm0GoqgVyBgWwffbPEgNHnFuDaCPWvkQ3bUr6vpGQewG2J8TsHYtRnOP5pkuX7A
wLcMq8zzKg79b53jpXHCVmdr91QsH5z4Ah630fjZTprFtfWzQrwolvRlH4v92vx7
PRRttasuQrjNjXY6BN9T4pQyKiepBMdTKhElLHVTZiiELxhoDBvRLznTqEelBflM
ZagoQLbXTE1F6C+l6/S8SCp1qJlBym6fVQG1tn91rxcC+RJqC99TBRYeL5xiNfp9
foZ4I0b8dg0UzsxC5cIHLxYThE3BKPR9y42BrLcG3zAxBrE3APWVJWPPN3epmaCZ
BIZMagCi4NaV6yxmT86Q37ByKiKm7Q+C1eYivGHHY/n01rvAr5NFkFVMbCBLyjaK
9ORaK9wFIMAcAvD6G3ls+yG+wMO6HKd1zWVR9GOGwCFRPAKv6XO78PZsSQARAQAB
tCBKYW1lcyBQcmljZSA8anByaWNlMjFAZ21haWwuY29tPokCVAQTAQgAPhYhBIAt
txD8mnxeTZpvp9oDOW1J9iDzBQJgJPdLAhsDBQkDwmcABQsJCAcCBhUKCQgLAgQW
AgMBAh4BAheAAAoJENoDOW1J9iDz7jQP/itHQ/Lg0t0fh9GkoV9YB2gR/Ap7tDUo
Bzt9loP+qCBHT00oo/fCDYxC3qJBpvjm7A0WpRzNEvWmwnEKAZMIRrDKVY2dU/Pq
tXuwhubvCwE0hFAnkIE88tZnbmRDYcwc9o2cqEYqakDjpupKZB2FhnV2qs8+yip6
1p2vJPi+ZtDUp8H12iqvfEBgLPAUi3NLyn2vk/koi7o4ir3Pd7o7MALaCujK6XO1
brEXVSeINGojejms+nXvbGFti/tYY1xVDmbOyA/CoJ+/Zx5Bu5yVlzpJJIZEaMwW
+GGrXS4ldZziP6F5VbKBapvDWuocK0m6qGUhVr76NND6BDJHWb4DdIYc59XEr2Pg
lJHcl1WBIR+xrtuzrKmJ+O2Fliq9NqSpT3UY7SwtZk6FEV6abbkIsFl1S8IGabf+
nMLbFce0TQ7qIjcfJEE7YyXWSNs1pHRPGNGMb+DGlhwvZZzLMu/XEoeNMErhXn1C
0EcNld2gyI9fjqlZw+GMFANFoRrhtIqs7b8jSunZs67s+SAah9IJMxiZMCMBh342
xskXrlKJvfcyosUBWZVlyRn149YsPbAAxPqGTLVFd1F/KaG2Bw6p8wZCXt+4jCSp
3fTa3q9PLswGsyT4XxWEdUVURMiT0qKW2J0DzXOYWr9EBwcayQBaALlMRNJe8+oT
vec6OdfFMLDh
=+nnP
-----END PGP PUBLIC KEY BLOCK-----

Copy this whole output (including the -----BEGIN PGP PUBLIC KEY BLOCK----- and -----END PGP PUBLIC KEY BLOCK-----, and everything in between). This is your public key... You need to register this key with GitHub.

Register you keys with GitHub

Open https://github.com/settings/keys
then click "New GPG key", paste your public key and click "Add GPG key"

(full instructions how to add GPG keys to GitHub in the link below):

Adding a new GPG key to your GitHub account - GitHub Docs

To configure your GitHub account to use your new (or existing) GPG key, you’ll also need to add it to your GitHub account.

GitHub Docs

Tell git to sign your commits!

This next command will instruct git to automatically sign all commits. It modified your global .gitconfig file. If you'd like to automatically sign commits to only the current repository, simply remove the --global from the commands below.

$ git config --global user.signingkey DA03396D49F620F3
$ git config --global commit.gpgsign true

Then, you have to tell git which GPG program you want it to use:

$ git config --global gpg.program "/c/Program Files (x86)/GnuPG/bin/gpg.exe"

Optionally, you may need to disable TTY if your IDE doesn't like talking to gpg properly:

$ echo 'no-tty' >> ~/.gnupg/gpg.conf

If you're using SourceTree, ensure that it's set to use the system git (that you just installed)

Are we done yet?

If everything's configured properly, the next time you commit anything in your git IDE, you should be asked  to provide the password for th eGPG key you're signing with:

If you do, you're done. If not, have a look through the references below. You might be doing something different to me, or require extra steps for your IDE or version of git / gpg.

References

Managing commit signature verification - GitHub Docs

You can sign your work locally using GPG or S/MIME. GitHub will verify these signatures so other people will know that your commits come from a trusted source. GitHub will automatically sign commits you make using the GitHub web interface.

GitHub Docs

If you're using SourceTree on a Mac, you don't need to go to these lengths at all. See:

https://confluence.atlassian.com/sourcetreekb/setup-gpg-to-sign-commits-within-sourcetree-765397791.html

So, most console applications seemingly terminate instantly when they receive a CTRL+C, but occasionally you may notice that some have a termination message, or take an unusually long time to terminate. This is probably due to the application winding itself up cleanly without corrupting anything that was in-progress.

This becomes especially important you're manipulating the file-system, talking to an external system, or dealing with threads that need to finish before you can just arbitrarily exit your process.

So, first of all, how do you detect a CTRL+C?
Using a delegate function to attach a handler to the Console.CancelKeyPress event. You can do this in a few ways, but the two most common are inline or defining an actual function.

Inline:

class Program
{
    // cancelled: Used for determining if a cancel has been requested
    // "volatile" ensures concurrent threads get the latest value of an object
    private static volatile bool cancelled = false;

    public static void Main()
    {
        Console.CancelKeyPress += delegate (object sender, ConsoleCancelEventArgs args) {
            args.Cancel = true;
            Program.cancelled = true;
            Console.Log("CANCEL command received! Cleaning up. please wait...");
        };
    }
}

or, as a function:

class Program
{
    // cancelled: Used for determining if a cancel has been requested
    private static volatile bool cancelled = false;

    public static void Main()
    {
        Console.CancelKeyPress += new ConsoleCancelEventHandler(myHandler);
    }

    protected static void myHandler(object sender, ConsoleCancelEventArgs args)
    {
        args.Cancel = true;
        Program.cancelled = true;
        Console.Log("CANCEL command received! Cleaning up. please wait...");
    }
}

That's it. That's the handler that set's you up for gracefully handling program termination.

Once the handler has been defined, you can read the user defined Program.cancelled boolean property at any time to check if the user has requested termination of the running process.

For example, in your user-defined "Run" function you might do this:

private static void Run()
{
    var data = ReadSomeDataData(); // takes a few seconds to complete
    
    if (Program.cancelled) return; // Check if we received CRTL+C
    
    ProcessSomeData(data); // Might take several hours to complete.
}

The Run function simply loads some data, and processes it, however if the user tries to terminate using CTRL+C the process is halted before the second half of the process begins.

The ReadSomeData() function might check for termination as well, however we'll get into the ProcessSomeData() function as it gets more complicated once we begin updating things.

/**
 * A long running process that spawns multiple threads.
 */
private static void ProcessSomeData(List<MyDataObject> data)
{
    var maxThreadCount = Math.Max(1, Math.Min(Environment.ProcessorCount, 4)));
    var opts = new ParallelOptions {
        MaxDegreeOfParallelism = maxThreadCount
    };
    
    // For each item in the list, process as many as we can in parallel threads.
    Parallel.ForEach(data, ProcessDataItem);
}

Interestingly, this function does not check for process termination. Instead, it's simply responsible for spawnign a Parallel threaded loop of data processing functions.

The reason it can't check for temination, is that the only function here that really does anything is the "ForEach" and it doesn't have a callback. Interestingly, a Parallel.ForEach cant be "broken" (using break/`continue` etc.) you need to exit the current iteration fo the function using return and prevent further iterations of the ForEach loop by setting the stopped state of the Parallel.

You could inline the "Func<>" but for the sake of simplcity I'm using a regular function.

So, inside the ProcessDataItem() function, which may be being called for different data items simultaneously in multiple threads, we need to check

private static void ProcessDataItem( MyDataObject item, ParallelLoopState state)
{
    // ...do some small calculations or data manipulation
    var data = PreProcessItemData(item);
    
    // check for cancellation
    if (Program.cancelled)
    {
    	state.Stop();
    	return; // nothing has been written, so we can safely return
    }
    
    // Do some actual manipulation of a DB or the filesystem.
    var result = WriteData(data);
    
    // Check for cancellation here, but DO NOT return.
    // The second half of this process needs to complete
    // or the data will be out of sync.
    if (Program.cancelled)
    {
    	state.Stop();
    }
    
    // Another arbitrary data processing function
    var journalData = PostProcessResult(result);
    var success = WriteJournalData(journalData);
    
    // We're at the end of the function,
    // but, if the user has requested termination,
    // we still set the stopped state, so a new
    // loop of the ForEach does not begin after this one.
    if (Program.cancelled)
    {
    	state.Stop();
        // "return;" is not required here, but we may
        // add more code after this check later.
        return;
	}
}

Terminating individual loops of this function will in turn end the ForEach parallel processing. This will in turn eventually return control to the Main() function and your program will end normally, safely, and hopefully without any corruption of half-processed events..

See also:

Console.CancelKeyPress Event (System)

Occurs when the Control modifier key (Ctrl) and either the C console key (C) or the Break key are pressed simultaneously (Ctrl+C or Ctrl+Break).

Microsoft Docsdotnet-bot

Write a simple parallel program using Parallel.ForEach

In this article, learn how to enable data parallelism in .NET. Write a Parallel.ForEach loop over any IEnumerable or IEnumerable data source.

Microsoft DocsIEvangelist

On occasion, and especially if I switch branches in git, my Visual Studio projects will load without any of the dependencies they rely on (generally in the packages folder*). Telling Visual Studio to restore all packages in various ways (including a full re-build) always seems to fail... Visual Studio's package manager thinks everything is already up to date... which it clearly is not.

So, command line to the rescue. You have two options:

• Use nuget.exe
• Use the Package Manager Console in Visual Studio (recommended)

Using NuGet

From the command line, you can run the following nuget.exe command for each project:

nuget install packages.config

Or with NuGet 2.7 you can restore all packages in the solution using the command:

nuget restore YourSolution.sln

Both of these will pull down the packages.

Note: Your project files will not be modified when running this command, so your project should already have references to any applicable NuGet packages. If this is not the case then you can use Visual Studio to install the packages.

With NuGet 2.7, and above, Visual Studio will automatically restore missing NuGet packages when you build your solution so there is no need to use NuGet.exe.

To update all packages in your solution, first restore them, and then you can either use NuGet.exe to update the packages, or you can update the packages from the Package Manager Console window within Visual Studio (see below), or finally you can use the Manage Packages dialog.

From the command line you can update packages in the solution to the latest version available from https://nuget.org

nuget update YourSolution.sln

Note: this will not run any PowerShell scripts in any NuGet packages.

Using Package Manager Console

First, make sure you have the Package Manager Console open (Tools > NuGet Package Manager > Package Manager Console) and enter the following command:

Update-Package -reinstall

Attempting to gather dependency information for multiple packages with respect to project 'openid', targeting '.NETFramework,Version=v4.7.2'
Gathering dependency information took 1.57 min
Attempting to resolve dependencies for multiple packages.
Resolving dependency information took 0 ms
Resolving actions install multiple packages
etc...

If you need to only update packages for a specific project (rather than the whole solution) just use the following:

Update-Package -reinstall -project [ProjectName]

If you're using the newer Package Reference method of including packages in your project (as opposed to the packages.config file method) you probably won't suffer this problem as the solution keeps references to the packages internally.

See also:

NuGet Package Restore

See an overview of how NuGet restores packages a project depends on, including how to disable restore and constrain versions.

Microsoft LearnJonDouglas

Reinstalling and Updating NuGet Packages

Details on when it’s necessary to reinstall and update packages, as with broken package references in Visual Studio.

Microsoft LearnJonDouglas

How do I get NuGet to install/update all the packages in the packages.config?

I have a solution with multiple projects in it. Most of the third party references are missing, yet there are packages.config file for each project. How do I get NuGet to install/update all the pa...

Stack OverflowSamuel Goldenbaum

The new Ad Reveal browser extension for Chrome and Firefox has been officially released.

You can find it now on the add-on stores for Firefox:
https://addons.mozilla.org/en-US/firefox/addon/ad-reveal/
and chrome:
https://chrome.google.com/webstore/detail/ad-reveal/jlbfnlnkmapanbohikbcnlpgpjdpnndc

The first few versions will remain quite simple with hard-coded inline/disguised/native advertising post highlighting and low-lighting. Promotional posts will be marked with a red side-bar and an icon indicating Ad Reveal has detected promotional or sponsored material, and fade the content into the background slightly.

Currently works with: Facebook, Twitter, Reddit, Pinterest, Ebay, and Google search, and there will be many more to follow.

Coming soon will be the ability to enable/disable the extension for individual domains, customize the extensions visual effect for individual domains (colors, fade effect etc.), as well as the ability for advanced users to add custom selectors to highlight their own advertisements not covered by the built-in site gallery.

Additional sites on the radar for the next version:

• Feedly
• Product Hunt

Stay Tuned.

Guest access in SMB2 will be disabled by default in Windows Server 2019.

According to microsoft (see: https://support.microsoft.com/en-us/help/4046019/guest-access-in-smb2-disabled-by-default-in-windows-10-and-windows-ser)

In Windows 10, version 1709, Windows 10, version 1903, Windows  Server, version 1709, Windows  Server, version 1903, and Windows Server  2019, the SMB2 client no longer allows the following actions:
 * Guest account access to a remote server;
 * Fallback to the Guest account after invalid credentials are provided;

Resolution:

If you want to enable insecure guest access, you can configure the following Group Policy settings (Select Edit Group Policy from the control panel), and navigate to:

> ComputerConfiguration
> Administrative templates
> Network
> Lanman Workstation

Here there should be an entry called Enable insecure guest logons

Double click this settings entry to change its configuration. Change this setting from Not configured to Enabled.

That's it. You should now have access to your guest network shares.

Note: By enabling insecure guest logons, this setting reduces the security of Windows clients.

Occasionally, when copying folders from remote servers, or when accessing a symbolic link directly on a file server, you may see the following error:

The symbolic link cannot be followed because its type is disabled

This is because by default remote to remote symbolic links are disabled. You can enable it with fsutil.
See: https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/fsutil

To view the current status of the Symlink settings on your system, execute the following command from an elevated (administrator) command prompt:
fsutil behavior query SymlinkEvaluation

C:\>fsutil behavior query SymlinkEvaluation

Local to local symbolic links are enabled.
Local to remote symbolic links are enabled.
Remote to local symbolic links are disabled.
Remote to remote symbolic links are disabled.

You'll notice the last line of the response to the above command notes that
Remote to remote symbolic links are disabled.

In order to enable remote to remote symbolic links, enter the following command:

C:\>fsutil behavior set SymlinkEvaluation R2R:1

You won't see any response if the command was successful. To check that the setting has been updated, enter the evaluation query again:

C:\>fsutil behavior query SymlinkEvaluation

Local to local symbolic links are enabled.
Local to remote symbolic links are enabled.
Remote to local symbolic links are disabled.
Remote to remote symbolic links are enabled.

If you also need to enable remote to local link evaluation, you can substitute R2R:1 with R2L:1 in the set behavior command.
(fsutil behavior set SymlinkEvaluation R2L:1)

We use a lot of virtualization technology in our stack, particularly during development. It just makes life easier. However, there are times when problems arise purely from the fact we're testing the latest tech.

Most recently, we upgraded all of our VM's to the latest Linux (Some are Debian, some are Ubuntu). Immediately, we noticed that the new machines cou;dn't connect to the nwtork... They appeared to be conected properly, they even have a DHCP allocated IP Address, but they just don't have a connection.

Turns out the network interfaces were not being initialised properly:

Failed to start Raise network interfaces
See 'systemctl status networking.service' for details

After some research, it appears that the issue is related to the Predictable-Network-Interface-Names from systemd/udev.

In order to resolve the issue, we created a new file 10-rename-network.rules in /etc/udev/rules.d/ with a rule in it to attach a specific name to the network interface matching the MAC address of the Network Interface Card (NIC):

sudo vi /etc/udev/rules.d/10-rename-network.rules

and add the following content to it:

SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="ff:ff:ff:ff:ff:ff", NAME="eth0"

where:
eth0 = desired network interface name, used in /etc/network/interfaces or /etc/network/interfaces.d/setup;
ff:ff:ff:ff:ff:ff = hardware mac address of the network device;

Additionally, you'll need to execute the following to generate a new boot/initrd image:

update-initramfs -u

and, reboot...

sudo shutdown -r now

et violla, you have yourself a connected vm.

So you've just pushed your local branch to a remote branch, but then realized that one of the commits should not be there, or that there was some unacceptable typo in it. No problem, you can fix it. But you should do it rather fast before anyone fetches the bad commits, or you won't be very popular with them for a while ;)

If you need to keep the history of your repository intact, you basically have two options (with a third workaround):

Option 1: Update your repository with a new commit

For a simple correction in one, or even a handful, of file, simply remove or fix the bad file(s) in a new commit and push it to the remote repository. This is the easiest (and non-destructive) way to correct an error, and should suffice in most cases. This way your original (bad) commit will remain but you will have a complete history.

Option 2: "Revert" the commit

If you need to back out every single change in all files in a single commit, you can do this easily by executing a revert.

This is a good alternative to the first option above, when you just need to do a bulk undo of the previously (or at any point in the past) committed changes.

Reverting a commit means to create a new commit, that undoes all changes made in the commit you are reverting.

As with option 1, your history will remain intact.

To do this simple specify the revert command, noting the hash of the commit you wish to undo. Git will handle the rest:

$ git revert 7c63649

Option 3 - Rewrite History

It should be noted that rewriting history can wreak havoc on other users if you have a very large developer base all referencing your repository. Especially if it is highly active and people rely on staying up to date... You should generally avoid history rewriting for this reason. Your new version of history cannot be pulled like would normally be the case. If other users are referencing commits in the future of your newly created view of the code-base, they will have some serious work on their hands if they need to merge changes already completed in their local repositories.

However, sometimes you do want to rewrite the history. Be it because of leaked sensitive information, to get rid of some very large files that should not have been there in the first place, or just because you want a clean history (I certainly do).

I usually also do a lot of very heavy history rewriting when converting some repository from Subversion or Mercurial over to Git, be it to enforce internal LF line endings, fixing committer names and email addresses or to completely delete some large folders from all revisions. I recently also had to rewrite a large git repository to get rid of some corruption in an early commit that started causing more and more problems.

Yes, you should avoid rewriting history which already passed into other forks if possible, but the world does not end if you do nevertheless. For example you can still cherry-pick commits between the histories, e.g. to fetch some pull requests on top of the old history.

In open-source projects, always contact the repository maintainer first before doing any history rewriting. There are maintainers that do not allow any rewriting in general and block any non-fast-forward pushes. Others prefer doing such rewritings themselves.

Case 1: Delete the last commit

Deleting the last commit is the easiest case. Let's say we have a remote origin with branch master that currently points to commit dd61ab32. We want to remove the top commit. Translated to git terminology, we want to force the master branch of the origin remote repository to the parent of dd61ab32 (x^ points to the parent of x):

$ git push origin +dd61ab32^:master

Where git interprets hhhhhhh^ as the parent of the commit you wish to reverse and + as a forced non-fast-forward push. If you have the master branch checked out locally, you can also do it in two simpler steps: First reset the branch to the parent of the current commit, then force-push it to the remote.

$ git reset HEAD^ --hard
$ git push origin -f

Case 2: Delete the second last commit

Let's say the bad commit dd61ab32 is not the top commit, but a slightly older one, e.g. the second last one. We want to remove it, but keep all commits that followed it. In other words, we want to rewrite the history and force the result back to origin/master. The easiest way to rewrite history is to do an interactive rebase down to the parent of the offending commit:

$ git rebase -i 7c63649^

This will open an editor and show a list of all commits since the commit we want to get rid of:

pick dd61ab32
pick dsadhj278
...etc...

Simply remove the line with the offending commit, likely that will be the first line (vi: delete current line = dd). Save and close the editor (vi: press :wq and return). Resolve any conflicts if there are any, and your local branch should be fixed. Force it to the remote and you're done:

$ git push origin -f

Case 3: Fix a typo in one of the commits

This works almost exactly the same way as case 2, but instead of removing the line with the bad commit, simply replace its pick with edit and save/exit. Rebase will then stop at that commit, put the changes into the index and then let you change it as you like. Commit the change and continue the rebase (git will tell you how to keep the commit message and author if you want). Then push the changes as described above. The same way you can even split commits into smaller ones, or merge commits together.

If you're in an authenticated network environment, an intranet or other workplace environment where you need to authenticate using NTLM, you've probably been frustrated by the situation where you need to enter your windows credentials a dozen or more times a day, even though you're already logged into the network itself, in order to access resources on your corporate intranet - Webmail, time-sheets, documents, HR and probably many others. Why can't the browser just know who you are and authenticate you automatically.

Turns out it can.

Firefox, Chrome/IE do it slightly differently, but it's essentially the same process. You just need to whitelist the domain names you need to allow automatic authentication to, and let windows save your credentials.

IE (and Chrome)

Internet Explorer supports Integrated Windows Authentication (IWA) out-of-the-box, but may need additional configuration due to the network or domain environment.

In Active Directory (AD) environments, the default authentication protocol for IWA is Kerberos, with a fall back to NTLM. Chrome uses windows settings for all of it's security policies, so when you configure IE, chrome will comply and work automatically.

In windows 10 you can simply hit your start button and search for "Internet Options" - It's a control panel menu. Alternatively, you can open Internet Explorer, and select "Settings" (the gear), "Internet Options".
From here, select either Local Intranet or Trusted Sites and click the Sites button to edit the sites options, then click Advanced to edit the list of urls for the zone.

Then, add the domains you'd like to trust for authentication to this list.

That's basically all you have to do. Of course, you also need to have your credentials stored by windows in order to allow automatic authentication. Normally, logging into the network will do this, however if the intranet site or proxy you're connecting to hasn't been used before, you may need to manually add the credentials to windows.

To do this, you simply need to open the "Credential Manager" (either from search, or control panel), Select the Windows Credentials option at the top and add a new credential for the domain you're connecting to. Simple.

Firefox

Firefox is (comparatively) much easier to configure. Although Firefox supports Kerberos/NTLM authentication protocols, it must be manually configured to work correctly. Firefox doesn't use the concept of security zones like IE, however it won't automatically present credentials to any host unless explicitly configured. By default, Firefox rejects all SPNEGO (Simple and Protected GSS-API Negotiation) challenges from any Web server, including the IWA Adapter. What this means is that you will be presented with a login prompt every time they visit a site that uses this authentication method, even when you are already logged into your network.

Firefox must be manually configured for a whitelist of sites permitted to exchange SPNEGO protocol messages with the browser.

To authenticate Firefox, you have to modify 3 parameters.

1. Open a new tab and navigate to the page about:config (in the address bar);
2. Add your uris (separate with ,) in the following 3 parameters:

network.automatic-ntlm-auth.trusted-uris
network.negotiate-auth.delegation-uris
network.negotiate-auth.trusted-uris

and add the URL of your intranet domain, or proxy redirection page, like
https://intranet,https://intranet.neurotechnics.local,https://myproxy.local

3. Modify signon.autologin.proxy to be true

We finally began the process of updating our Windows 10 desktops to version 1709 (Fall Creators Update) today, and what happened... all of our in-developement websites stopped working.
Pretty much every application pool crashed as soon as we accessed each site for the first time, showing a 503: Service Unavailable error.

In the windows event logs there was the following error event:

Source: IIS-W3SVC-WP
Event ID: 2307

The worker process for application pool 'DefaultAppPool'
encountered an error 'Cannot read configuration file'
trying to read configuration data from file '\\?\<EMPTY>', line number '0'.
The data field contains the error code.

ApplicationPool: DefaultAppPool 
ConfigException: Cannot read configuration file  
FileName: \\?\<EMPTY> 
LineNumber: 0 
            02000000 

Yup, nothing to do but google it.
So, many many people are having hte same prblem.
Turns out it's a known issue. (Who'd have thought.)
Apparently, many users are getting a WAS event 5189 error instead.

To cut a long story short, the official resolution is to execute the following command line operations in a PowerShell windows (With admin rights - "Run as administrator"):

Stop-Service -Force WAS
Remove-Item -Recurse -Force C:\inetpub\temp\appPools\*
Start-Service W3SVC

For the official explanation, including cause and resolution details, see this official Microsoft Support KB article:
https://support.microsoft.com/en-us/help/4050891/error-http-503-and-was-event-5189-from-web-applications-on-windows-10

Update:

Thanks to Bokkeman for pointing out in the comments that the Powershell script has obviously had a few problems, and Microsoft now recommend simply purging the entire folder using a regular command prompt.

"To resolve this problem, manually delete the symbolic links that are created by Windows Update. To do this, follow these steps."

Note Symbolic links can be deleted the same as regular files.

1. Open a Command Prompt window by using the Run as administrator option.
2. Run the following commands:

net stop WAS /y
rmdir /s /q C:\inetpub\temp\appPools
net start W3SVC