Is it possible to use latest OWASP CRS rules in CloudArmor - google-cloud-armor

CloudArmor appears to use OWASP CRS 3.0.1 rules which are now pretty dated (last update around 4 years ago). CRS is now on V3.3 and V3.4 is in development.
Is there a way to take the new rules from coreruleset Github Repo and import into CloudArmor? Does Google have plans to update to the newer set by default?
Main driver is that some of the rules are very dated or unworkable. For example scanner detection triggers on "python-requests" as a User-Agent and this is no longer checked for in latest V3.3 ruleset.

If this has not been solved yet: I think Google does not give you the chance to pick for yourself.
Also, it's a commercial support question that should probably be directed there.

Related

Since Softbank Robotics Store Closed, how can I add additional language to Pepper?

Previously, languages are supported and installable via 'Store' page.
Softbank Robotics closed the community and store page (store shows 503 error.).
Is there any way to download and install additional language?
The new SoftBank store is available at https://command-center.softbankrobotics.com/. Although not well documented, the language packs seem to be available there. First, the access needs to be approved by the support.
For NAOqi 2.8 and earlier, there is still this store, but I do not know how limited it is.

Is there a wiki software with stick notes functionality built in?

I am looking for a wiki software with sticky notes or post note functionality built in.
I come across Zim, but it didn't support post note functionality.
So ever time , i need to capture notes from 7-notes and need manually port them to wiki software.
Kindly put your thoughts if you come across any such software
I know that is possible enable "sticky notes" on PmWiki. Here the post.
The others Wiki have plugin. For example: BoltWire(http://www.boltwire.com/extend/plugins/stickynotes)

Django A/B Split Testing Packages (None I've found are well-documented and up-to-date.)

There are two main schools of thought for doing A/B (Split) Testing:
Javascript-based solutions such as Optimizely, Google Analytics Content Experiments.
Server-side solutions such as Django-AB, Splango, and django-lean. (Also, writing your own.)
My understanding is that Javascript-based solutions are spectacular for "which color button converts better," but not so great for switching out entire page layouts, and completely unworkable for trying out large functional changes such as the sequence of pages in a funnel.
That leads me towards a server-side solution. I'm not crazy about coding my own, and will do so only if there is no other option. I'm trying to add value by improving the core functionality of my site, not by creating a better split-testing framework.
The Django apps I've found for split testing are various mixtures of unmaintained, undocumented, documented incorrectly, and incompatible with Django 1.5. This surprises me, because the Django and Python communities seem to have a strong focus on good documentation. I'm also very surprised that none of the testing frameworks I've tried has been compatible with Django 1.5 -- is testing not as core a part of the philosophy in the Django/Python world as it is in Rails?
Here's what I've found:
Splango https://github.com/shimon/Splango -- Not compatible with Django 1.5 (although most compatibility bugs I found were trivial to fix). Largely un-touched since October 2010, except for a fix August 2012 which claims to make sure templates get included in the install. Since templates don't get included in the install when Splango is installed via PyPI, either the fix didn't work or didn't get submitted to PyPI. Documentation is largely accurate, but doesn't completely cover how to set up tests and get reports. It tells you how to configure the template to gather the data, but there appears to be additional steps required in the admin interface which are completely undocumented, and I'm not sure I've done them properly.
Django-lean. Original at https://bitbucket.org/akoha/django-lean has not been updated since July 2010. There is an apparently "blessed" fork at https://github.com/anandhenry2002/django-lean which has not been changed since May 2012, when it was copied over from the original. The original's documentation is incorrect in ways that make following the examples impossible. (Though you can probably muddle your way through, as I did.) The new version's documentation has formatting problems that make it difficult to read on github. (This appears to be because it's the unchanged documentation from the old project, and BitBucket syntax doesn't work on Github.) The django-lean Google Group has not had a message since July 2012.
django-mini-lean https://github.com/DanAncona/django-mini-lean -- Updated as recently as February 2013, but undocumented.
Leaner - https://bitbucket.org/brianjinwright/leaner -- Last updated July 2012, and no docs.
Django-AB -- Last updated May 2009. Is not a package, and can't be installed via PIP or PyPI. After placing the checkout in my django app folder (and renaming the folder to ab) and following the installation instructions, I get an error loading the template loader that I have not tracked down further.
So far Splango appears to be the winner, as I've actually been able to get it more-or-less working (by manually installing the templates, and then editing them to fix Django 1.5 incompatibilities).
Can anyone point me to anything I've missed?
You have missed this app : https://github.com/mixcloud/django-experiments + https://github.com/disqus/gargoyle/
And then there's waffle: http://waffle.readthedocs.org/
It's simple, updated, maintained, but not very feature rich, it doesn't have any analytics/reporting stuff integrated. But then again, google analytics or mixpanel type of service is better for this.
I first looked at Django-AB and that is almost what I wanted, but I couldn't get it to work either. After looking at django-experiments and deciding I didn't want to mess around with redis yet, I decided to roll my own. I've tried to package it up nicely and make it easy to use for the beginner. It's super basic.
https://github.com/crobertsbmw/RobertsAB
You can swap out entirely different page layouts with Google Analytics Experiments (their default experiment setup will redirect users to a different URL for each variation you have), although in general its much easier to interpret why something is more successful if you test smaller things against each other.
You are right that testing different funnels and user flows against each other using Google Analytics would require a lot of manual setup; although theoretically you could do it by swapping out different links and tracking your users with UTM campaigns.
For smaller A/B tests within the same page, I ended up using Google Analytics Experiments and writing a custom Django CMS plugin for adding a few variant options to a template, which queries the Google Analytics API and displays the correct variant using Javascript.

Migrating from ColdFusion MX7 to ColdFusion 9. Any issues?

I'm planning a migration on a server from ColdFusion MX7 to ColdFusion 9. Does anyone know which steps I should take in order to achieve this without major issues? I can't find anything on the web that talks about this and I don't want to jump into this task without knowing what I'm up against.
Any suggestions, link to articles, etc. would be very much appreciated.
Thank you!
By and large, Adobe (and Macromedia before them) have gone to great lengths to ensure backward compatibility where appropriate; so the rule of thumb is that you should be fine.
First and foremost, I would make use of ColdFusion's Code Compatibility Analyzer. It is available as part of the free Developer Edition, if you want to check before upgrading.
You can find it in the ColdFusion Administrator, in the Debugging & Logging section, as "Code Analyzer".
As it says on that page:
The Code Compatibility Analyzer helps migrate your applications to ColdFusion from earlier versions of ColdFusion.
The Code Compatibility Analyzer reviews the CFML pages that you specify and informs you of any potential compatibility issues. It detects unsupported and deprecated CFML features, and outlines the required implementation changes that ensure a smooth migration.
If the Analyzer doesn't find any issues, I would then encourage you to install the developer edition and run your unit tests. (You have unit tests, right?)
If you don't have unit tests, your only other option is just to test everything manually. Good luck!
One final approach is to read the release notes for versions 8 and 9, as well as the 8.1 and 9.1 point-releases. Adobe and Macromedia were meticulous about documenting precisely what changed, which should prove helpful for you. The release notes are available as PDF for both versions 8 and 9 from Adobe.
We've just recently completed the exact same upgrade, going from CF 7 to CF 9. We didn't encounter any major issues even with old application dating back to CF 5.
As Adam pointed out the Code Compatibility Analyzer is great to find potential issues such as new signatures for existing functions or scoping problem with the new local scope.
You don't want any errors as those as sure to break with CF 9, after fixing the errors you should be left with a bunch of warnings, check them to make sure it will still do what you intended. You should not ignore them and make sure you understand the implication of ignoring one.
This page by Josh Adam's http://blog.joshuaadams.com/index.cfm/2008/9/4/Upgrading-from-ColdFusion-MX-to-ColdFusion-8 has a lot of good resource on upgrading CF in general. It's for CF 7 to CF 8 but most of it still applies to CF 9.
Before starting, the most important step of all would be to backup everything. You'll want a quick way to go back to CF 7 if you ever need to so you should have a copy of the unmodified code, configurations and CFusionMX/jRun directory. I just ended up ghosting the machine in case.

Is OpenBD or Railo a viable replacement for ColdFusion?

Has anyone here had any experience with running OpenBD or Railo in production? We have some legacy CF6.1 apps that need to be hosted somewhere and I'm wondering if OpenBD or Railo is stable enough for production use, won't require a great deal effort to migrate to, etc.
I'll chime in as the 'Adobe' guy and say that yes, both OpenBD and Railo are viable CFML engines. The main hurdles are around CFML compatibility. For the last decade Allaire/Macomedia/Adobe has been driving the CFML standard, but we've formed an open CFML Advisory board made up of various experts in the field to help drive the future of the language.
Today it seems that ColdFusion 7 is the foundational standard. From there the CFML standard seems to splinter between vendors. ColdFusion 8 added a number of exclusive features that haven't been added to the other engines and vice-versa with Railo and OpenBD. In the future, the CFML Advisory should solve this problem.
Using ColdFusion as the standard, I find the following two link to be the best places to understand the compatibility differences.
OpenBD Compatibility
Railo Compatability
Here is the url for the CFML Advisory group. They just started the site so there isn't too much info up there yet.
OpenCFML.org
The CFML compatibility in Railo is a major focus for us. If there are things in Railo that aren't compatible with Adobe CF, then please let us know about them and then we'll try to fix them asap. We are of course trying to get all the requirements of the CFML Advisory Committee implemented in Railo 3.1.x so that we can call ourselves CFML 2009 compatible.
AFAIK an engine should implement the core and the extended core to be called CFML 2009 compatible, but I guess the Advisory Committee hasn't agreed on this. In fact the vendors (like we are) should obey these standards and implement them accordingly.
If of course you experience any problems, just let the Railo Google group know or contact us at www.getrailo.com
Gert Franz
Railo Professional Open Source
Both are on par with CFMX 7 compatability so you shouldn't have any problems migrating a cf6.1 site to either.
Be for warned through that OpenBD DOES NOT support the CFDOCUMENT tag so PDF generation is going to be a problem. Railo on the other hand does.
Railo has an express version, which doesn't require an install and makes it real easy to see if an existing application works with it or not.
OpenBD also has a download and ready to run version, though I haven't tried it out, it should be as easy to setup as the Railo Express version.
It seems that there is project started for OpenBD to integrate the Flying Saucer project as a replacement for CFDOCUMENT support. More can be found here about this.
Absolutely! Both are enterprise class solutions and shouldn't pose too many problems. As rip747 mentions there are copies you can download to quickly test your applications compatibility.
As for performance it's generally believed that Railo is the fastest of the three engines while BlueDragon is the slowest. Although it's not currently in production I'm developing an application against Railo 3.0 and intend to deploy to Railo 3.1 once it's released.
Support for cfdocument will be included in the next "major" versioned release of OpenBD.
Just to give folks a bit of background on cfdocument support in OpenBD, a commercial library was used for cfdocument in New Atlanta BlueDragon, so that had to be removed when OpenBD went open source. The "hooks" are still in the OpenBD engine, however, so it's really just a matter of implementing the underlying functionality using an open source document engine, of which there are many.
I think replacedirect.nl recently migrated their webshop to railo.
Railo virtually has no documentation. It does not seem to be a priority for the core team, they have not managed the Railo open source project well. It is a case of lost momentum due to incompetency.
Railo is quite difficult to deploy on account of very weak documentation and consequently cannot be taken seriously. Furthermore the tag and function tags are empty when you scroll down to usage examples. This open source project and the team running it are a joke, completely out of touch with the recurrinfg complaints of install/config difficulties over the past 2 years.
Stick with Adobe Coldfusion which has good documentation or switch to another language.
Rob, mind if I try to solve your problem by providing a different solution than your question asks?
In that you mention an interest in hosting, just keep in mind that if you mean shared hosting, then you don't need to worry about the cost of the CFML engine. That will be born by the hosting provider, and amortized over the folks on the server. As such, you will find many low- (and even no-) cost CF hosting providers running on Adobe CF (and you'll find a range of them running different versions to suit one's taste, from CF 6, 7, 8, or 9, as I write today.)
There are various lists of CF hosting providers. I offer one (and also provide pointers to still other lists) at a category of my CF411 site: http://www.cf411.com/#cfhost