nginx as ingress for Docker composeg  

By Stephan Wissel | 11/16/23 1:57 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

nginx as ingress for Docker compose - In June I wrote about how to use Docker & nginx to deliver statically rendered brotli files for your web (frontend) application. It improves delivery quite a bid, but left me wonder: isn't there too much static WebServer involved? Double hop to deliver static files.

TOTP and vert.x  

By Stephan Wissel | 2/7/23 9:13 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

TOTP and vert.x - Time-based one-time passwords (TOTP) are a common security feature in Identity Providers (IdP). There are use cases beyond IdP, mine was 'Understanding what it takes'). TOTP interaction You have two phases: enrollment and use. During enrollment a secret is generated and (typically) presented as QR Code. A user points one of the many Authenticator apps to it and gets a numeric code that changes once a minute. When you use it, you pick the current number and paste it into the provided field. The backend validates the correctness with some time leeway. What it is not Typically when enrolling you also get recovery codes, sometimes called scratch codes. They are NOT part of TOTP and implementation is site specific and not standardized. An implementer might choose to check your recovery codes when your TOTP fails or provide a separate interaction using those. The initial confirmation, is actually the first instance of "use" and one could have a successful enrollment without it. This is depending on the implementation. It isn't foolproof. An attacker could trick you into typing your TOTP code into a spoofed form or just hijack your session (cookie). That's why responsible web apps run a tight security with CSP and TLS (and once browser support is better Permission Policy)

Please wait until that HTTP service is ready  

By Stephan Wissel | 1/3/23 10:17 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Our brave new world of containers and microservices runs on a combination of YAML and shell scripts. Getting them to run in the desired sequence can be a challenge. When ready isn't ready All container environments have a 'depends' clause, so the container runtime can determine the correct startup startup sequence for the zoo of containers comprising the application to be launched. Each container will usually signal when it is ready. However ready can mean different things to different applications. In the container world it should be: the service is available. However it could be: service was successfully started, but might be busy with house keeping. In the later case the start scripts of the dependent services need to do their own waiting

Domino Administration Back to Basics Part 2 - Networking  

By Stephan Wissel | 2/4/20 7:37 PM | Infrastructure - Notes / Domino | Added by Kenio Carvalho

Domino Administration Back to Basics Part 2 - Networking - In Part 1 we learned about the marvelous world of Notes Names, X400 and the perils of messing with certificates. One big difference to X509 is the (almost) absence of certificate Command Line tools that can be so much fun. Domino Networking - protocols as you like it Domino predates the rise of TCP.

Domino Administration - Back to Basics (Part 1) Certificates  

By Stephan Wissel | 2/4/20 5:44 PM | Infrastructure - Notes / Domino | Added by Oliver Busse

Domino Administration - Back to Basics (Part 1) Certificates - Domino is different, a lot of its concepts predate the internet and quite often inspired the standards. This is not an step-by-step instruction, but an introduction into concepts. The 'step by step' approach is another story for another time.

Serving Single Page Applications with Domino  

By Stephan Wissel | 1/11/17 3:23 AM | Infrastructure - Notes / Domino | Added by John Oldenburger

Single Page Applications (SPA) are all the rage. They get developed with AngularJS, ReactJS or {insert-your-framework-of-choice}. How does Domino fit into the picture with its integrated http stack, authentication and database? The answer isn't very straight forward.

The totally inofficial guide to Verse on Premises  

By Stephan Wissel | 1/3/17 5:02 PM | Infrastructure - Notes / Domino | Added by Oliver Busse

Now that CNGD8ML is upon us, it is story time. Read about the why, who, what and what to watch out for. To successfully deploy Verse, make sure to carefully read and implement the installation instructions. The availability of Verse makes Domino the most versatile eMail platform around, offering you the choice of: Notes Client, Outlook, POP2, IMAP4, iNotes, Verse, iOS, Android.

Domino meets RXJava  

By Stephan Wissel | 9/13/16 6:13 AM | Infrastructure - Notes / Domino | Added by John Oldenburger

Verse on premises (VoP) is nearing its second beta release and fellow Notes experts are wondering if they need to install Apache Solr as part of the VoP deployment. There was a lengthy, high quality discussion and quite some effort evaluating alternatives. In conclusion it was decided to deliver the subset of Solr capabilities needed for VoP as series of OSGi plugins to the Domino server.

Domino, Extlib, GRUNT, JSON and Yeoman  

By Stephan Wissel | 10/29/15 9:58 PM | Infrastructure - Notes / Domino | Added by Oliver Busse

With a few tweaks and clever setup, you can have web developers deliver front-ends for Domino without ever touching it. Contemporary web development workflows separate front-end and back-end through a JSON API and HTTP (that's 21st century 3270 for you). The approach in these workflows is to treat the webserver as source of static files (HTML, CSS, JS) and JSON payload data being shuffled back and forth. This article describes how my development setup makes all this work with Domino and Domino designer.

email Dashboard for the rest of us - Part 2  

By Stephan Wissel | 4/12/15 2:50 AM | Infrastructure - Notes / Domino | Added by Johnny Oldenburger

In Part 1 I introduced a potential set of Java interfaces for the dashboard. In this installment I'll have a look on how to extract this data from a mail database. There are several considerations to be taken into account. Since I have more than a hammer, I can split the data retrieval into different tooling.

email Dashboard for the rest of us - Part 1  

By Stephan Wissel | 4/11/15 11:08 AM | Infrastructure - Notes / Domino | Added by Johnny Oldenburger

One of the cool new features of IBM Verse is the Collaboration Dashboard. Unfortunately not all of us can switch to Verse overnight, so I asked myself: can I have a dashboard in the trusted old Notes 9.0 client? For a collaboration dashboard I see 3 types of data: collaborators, summary data and detail data.

Application Migration vs. XPage enablement  

By Stephan Wissel | 12/1/14 6:15 AM | Infrastructure - Notes / Domino | Added by Johnny Oldenburger

In a recent customer discussion a claim was made: "If Notes client application don't automagically can be converted into XPages applications, then we very well can migrate to another platform, it is just the same". An interesting claim, I'll subject it to a reality check. In any case it is a good idea to revisit your investment in your existing applications first.

Poking around the iNotes HTTP API (Part 3) - retrieve message meta data  

By Stephan Wissel | 12/1/14 12:33 AM | Infrastructure - Notes / Domino | Added by Johnny Oldenburger

So far we learned about the URLs, how to retrieve the Outline that contains folders and views and how to utilize JavaScript to deal with an API tha hadn't been designed for language neutral access. This part will deal with the retrieval of messages. There are quite some formats, strategies and tweaks to consider.

Poking around the iNotes HTTP API (Part 2) - Fun with Rhino  

By Stephan Wissel | 11/27/14 2:44 PM | Infrastructure - Notes / Domino | Added by Johnny Oldenburger

The iNotes HTTP API wasn't designed for consumption outside the iNotes web client. This becomes apparent when looking at Form=l_GetOutline_JSON or Form=l_JSVars that return JavaScript and not JSON! The difference? JSON contains data only, while JavaScript contains function definitions too.

Poking around the iNotes HTTP API (Part 1)  

By Stephan Wissel | 11/24/14 4:06 PM | Infrastructure - Notes / Domino | Added by Johnny Oldenburger

With the rise of web applications, something interesting happened: applications gained an observable API. Delivered over HTTP(s) with a few commands (GET, POST etc.) it became easier to find out "what is going on". So anything flowing over HTTP is effectively an API.

Last usage of a mail file - for all users  

By Stephan Wissel | 11/21/14 11:20 AM | Infrastructure - Notes / Domino | Added by Johnny Oldenburger

My admin is getting a little rusty. When I was asked: "How can I indentify a dormant mailbox?" I couldn't name a place in admin where to look. Of course, there is the NotesDatabase.LastModified property, but that would get updated on a design refresh too. So I asked innocently: "dormant, how?"

Providing user information in JSON  

By Stephan Wissel | 11/20/14 6:23 AM | Infrastructure - Notes / Domino | Added by Johnny Oldenburger

In the MUSE project we encountered the need to retrieve user information in JSON format. Easy done one would think. The trouble starts, when you have multiple directories and you need reasonable speed. Sometimes falling back to @Fomulas gives you what you need, fast and easy. @NameLookup knows where to look and you don't need any extra configuration.

Mustache Helper for Domino  

By Stephan Wissel | 11/16/14 11:04 AM | Infrastructure - Notes / Domino | Added by Johnny Oldenburger

Previously we had a look, how to use Mustache with the CKEditor to have an editing environment for templates. I glossed over the part where to store and how to use these templates. Let me continue there. I'll store the template in Notes documents and use an application managed bean to transform a document (and later other things) using these templates.

Rethinking the MimeDocument data source  

By Stephan Wissel | 9/1/14 12:42 PM | Infrastructure - Notes / Domino | Added by Oliver Busse

Tim (we miss you) and Jesse had the idea to store beans in Mime documents, which became an OpenNTF project. I love that idea and was musing how to make it more "domino like". In its binary format, a serialized bean can't be used for showing view data, nor can one be sure that it can be transported or deserialized other than through the same class version as the creator (this is why Serialized wants to have a serialid.

Notes addressbook sync with IBM SmartCloud  

By Stephan Wissel | 9/20/13 12:23 AM | Infrastructure - Notes / Domino | Added by Niklas Heidloff

Every organisation has its little secrets. The running joke about IBM is, that the secret are the products.

Starting Domino on Linux using UPSTART  

By Stephan Wissel | 9/25/12 8:48 AM | Infrastructure - Notes / Domino | Added by Niklas Heidloff

When running Domino on a proper platform (AIX, Solaris, Linux) starting and stopping the Domino server was left to customizing a script from a technote or a Redbook's FTP site, as far as official IBM resouces go. Of course the professional source is Daniel Nashed's ultimate Domino startup script.

XSS Vulnerabilities in Domino  

By Stephan Wissel | 9/6/12 12:00 PM | Infrastructure - Notes / Domino | Added by

An IBM Technote updated on 15 Aug 2012 points to a set of XSS vulnerabilities in the Lotus Domino server.