Tuesday, November 30, 2004

365.aspx

Lycos attempts to fight SPAM with DDOS

Fighting evil with evil.


BBC reports on Lycos latest attempt to fight SPAM:  The Make LOVE not war screen saver (Flash needed)


The idea is pretty simple:



  • Scan SPAM for link to web sites

  • Manually verify that the web site sells spam goods

  • Let the screen savers send tons of request to the spam web sites

Each client only generates 3-4MB of traffic but Lycos expects to generate terabytes of traffic making the spammers pay extra for high bandwidth usage. If it makes them "hurt where it counts" I guess it does some good but I still think it's better to stop SPAM before it leaves your LAN. Their approach doesn't stop spam and it doesn't even prevent it from coming to your inbox and breaking your balls. All it does is generate loads of traffic and make their web site slower. The spammers will continue to send mails as fast as before but the client who paid for the "direct e-mail marketing" will pay dearly as he gets hits by the Lycos DDOS.


Wonder how long it takes for the biggest spammers to sue Lycos?


Via [SmartMobs]

Sunday, November 28, 2004

363.aspx

.NET CF DataSet performance using XML, text and CSV

I want a fast storage for my secrets that is easy to synchronize with a PC. The obvious choice would be a DataSet serialized to an XML file. It's fast on a PC but my SMS Manager slows down on the Pocket PC when the DB grows. The password manager will be used for reading in 99% of the case so I set up a simple test suite on the PPC to test the performance of the different file formats I was considering:



  • Text array: reads a line and does a .Split() using tab as the separator. Creates a  2 dimensional array (rows/fields in row)
  • CSV array: parses CSV file and creates a  2 dimensional array (rows/fields in row)
  • XML dataset: uses the ReadXml() method of the DataSet object
  • CSV dataset: parses a CSV file and builds a DataSet in memory


Example test routine (XML DataSet):


openFileDialog.Filter = "XML Test|*.xml";
if (DialogResult.OK == openFileDialog.ShowDialog())
{
    string fileName = openFileDialog.FileName;
    int startTick = Environment.TickCount;        
 
    System.Data.DataSet ds = new System.Data.DataSet();
    ds.ReadXml(fileName);            
    int ticks = Environment.TickCount - startTick;
    System.Windows.Forms.MessageBox.Show("Time taken: " + 
            ticks + " ms");
}

I know that DataSets serialized to XML are slow on .NET Compact Framework but I had no idea they were this slow:


The test were run with 1.000 records on a H3870.  I repeated the tests with 100, 1.000 and 10.000 records with similar results.



I find it strange that my CSV version is almost 3 times faster than the text version that does a simple Split(). This is the Text reader core:


StreamReader sr = File.OpenText(fileName);
String input;
while ((input = sr.ReadLine()) != null )
{
    rows.Add (input.Split(fieldSeparators));
}
sr.Close();

The text version is slightly faster than the CSV version the first time it is run (not shown in my graphs). I guess this is because the String class is pre-jitted.
I have decided use the CSV DataSet for several reasons:



  • It gives me all the features of DataSets I would otherwise have to implement myself for the array versions: sort, filter, search
  • It has less start up overhead for the first call (728 ms vs 2.218 ms for XML)
  • It has acceptable performance up to 10.000 records (6.303 ms vs 36.513 ms for XML)


I will play with encryption support next.

Friday, November 26, 2004

361.aspx

A Password manager for my PC and Pocket PC

I always use strong passwords which means they are close to impossible to remember. I can store my 200+ passwords and other "secrets" encrypted on a my PC but I sometimes need them on my Pocket PC as well.


Password Safe meets most of my requirements:



  • It's free and comes with source code 

  • Pocket PC and PC version

  • Copy password to clipboard without displaying it

  • Auto paste/type in the PC version

  • Tray icon

  • Strong encryption

  • All data protected (i.e. there is no clear text data in the file) by a single master password

  • Simple and fast to use

  • Import text or csv

The latest PC version, 2.0.7, is perfect but it is not compatible with the latest Pocket PC version which is stuck at 1.9.2. The old 1.9.2 version for the PC is missing some of the must have features:



  • Tray icon

  • Auto type

  • Import (I am -not- retyping 200+ items)

So, the options are:



  • Update the open source Pocket PC version to 2.0.7

  • Write my own

The Pocket PC version is written in C++ using MFC which I haven't used in a while so it should be faster, and more interesting, to write one from scratch. So, I will implement my own password manager in .NET and post post code sniplets as I write the core parts of the application that may be interesting for other people as well:



  • Fast encrypted DataSets on the Pocket PC

  • Clipboard integration on the Pocket PC

Tuesday, November 23, 2004

355.aspx

Safe online banking with two factor authentication

Cool idea: authenticating large bank transfers via SMS.



ASB and Bank Direct's internet banking customers will need to have their cellphone close to hand if they want to use the net to transfer more than $2500 into another account from December.
ASB technology and operations group general manager Clayton Wakefield announced the banks would be the first in New Zealand to implement a "two factor authentication" system to shut out online fraudsters, unveiling details of the service on Friday.


After logging on to internet banking, customers who want to remit more than $2500 into a third party account will receive an eight-digit text message to their cellphone, which they will need to enter online within three minutes to complete the transaction.


Italy is still far behind but things are improving:



  • CartaSi (credit cards) sends SMS alerts in seconds when your credit card is used.

  • BMP (banking) is increasing its security by requiring you to enter a code from a pre-generated list in addition to the user name and password for any online transaction.

Via [Schneier on Security]

353.aspx

Pocket PC .NET CF development tips & tricks

The new Optimize Your Pocket PC Development with the .NET Compact Framework article in the December 2004 MSDN Magazine has several usefully .NET CF tips and tricks:



  • Tips for making programming in the .NET Compact Framework environment easier

  • Tricks for making your Pocket PC-based apps run faster

  • Important .NET Compact Framework classes

  • .NET Compact Framework windowing issues

Full source code available on line

Monday, November 22, 2004

350.aspx

Avalon Community Technical Preview

"Avalon" is the code name for the presentation subsystem class libraries in WinFX. MSDN Subscribers can download the November 2004 Community Technical Preview. It runs on Windows XP as well as Windows 2k3. It requires .NET 2.0 beta which I already have on my machine for another cool beta: MSH


More information on the MSDN article on Avalon November 2004 Community Technical Preview and the Avalon news groups:



Update: Forgot to add XamlPad which allows you to play with XAML after installing Avalon.


Via [frankarr] and [simplegeek]

Friday, November 19, 2004

344.aspx

Skulls Trojan on Symbian

Not the first trojan for Symbian phones but one of the first that is out in the wild. From the F-Secure report on the Skulls Trojan



This trojan has been distributed on some Symbian shareware download sites as "Extended Theme Manager" by "Tee-222". If you see it, don't install it on your phone. It will make you're phone useless and it will prevent it from booting up. Recovery could get tricky, especially if you don't have a third-party file manager software already installed on your phone.


The most obvious symptom of the trojan is that the typical programs on the phone won't work any more, and that their icons get replaced with a a picture of a skull. See below:



Thanks for the tip Marco

Wednesday, November 17, 2004

339.aspx

Free Visual Studio.NET Industry Partner DVD

Free Visual Stuido.NET Industry Partner Product DVD ships, for free, to U.S., Canada, Europe, Africa, and the Middle East



Order this free DVD and receive over 65 tools, components and languages from Visual Studio Industry Partners. These full version and evaluation products can help save you time and money building applications for Microsoft Windows, mobile devices, the Web, and Web services.


Via [jacobcy's WebLog

Monday, November 15, 2004

332.aspx

SonyEricsson on the future of the mobile web

SonyEricsson on the future of the mobile web. Some key points from the document:



  • In 2006 we expect most phones to have a mobile Web browser that is able to render almost any Web page on the Internet. WAP is history and, from a technology point of view, the mobile Web has converged with the de facto Internet standards.

  • The main new trends are


    • Music (over the air download and personal radio)

    • Imaging (Photo services and photo albums)

  • We expect more animations and multimedia being integrated into mobile Web portals, and the combination of all Web technologies (SVG, SMIL, XHTML, CSS, and ECMAScript) is the key to a standard solution for Web applications.

  • Push services are on the rise on the Internet, based on the de facto standard RSS. We believe that RSS has a great potential in mobile phones, as a technology to automatically provide updated content to users - accessing the Web without browsing.

Overall I agree and wish that all mobile devices would agree on xhtml with javascript as the standard. The phones -today- are too slow to display rich contents as they take 4-5 seconds too render a page after it has received all data. Add javascript and complex css formatting and you have time to go for a coffee. Navigating in old plain text wap mode is still a lot faster than navigating in xhtml mode.


Using RSS for push would be great as there are tons of feeds around. It would make it possible for anyone to create push services for mobile devices. Today push services are limited to a selected few that have the resources to send Wap Push or MMS. It only makes sense if the phone can see the post pointed to by the RSS though. It's possible too render a RSS summary on a device but most RSS feeds point to blogs that have "complex" layout that can't be rendered on a small device. They look ugly on a device like the Pocket PC that have an enormous screen compared to most mobile devices.


Phones also have to become a lot smarter and have more storage to figure out which posts it has seen already. Thinking about it, it could delegate this task to a feed server that keeps track of the items viewed by a particular SIM (assuming that SIM decides which posts are new, regardless of the device it is in). A bit like a Bloglines on steroids that provides one (or more) RSS feeds that give you new/unread items and keeps track of which items you read.

330.aspx

Asynchronous vs synchronous msxml 4 http call

One site I work on has been ported from ASP to ASP.NET. Many clients have a bookmark to the old ASP page which does not exist anymore. Redirection is possible but it is slow over mobile networks like GSM/GPRS/UTMS. To work around the problem I have implemented an ASP page that does a http GET request to the correct ASP.NET page on the localhost and sends the result back to the user.


This is the core:


    Public Sub getURL(ByVal sURL)
        '**
        'Purpose: Request the url and send the output to the end user
        Dim oRequest
        Dim sUserAgent
        Dim sAccept
        oRequest = Server.CreateObject("MSXML2.ServerXMLHTTP.4.0")
 
        'prepare the request
        On Error Resume Next
        oRequest.open("GET", sURL, True)
 
        sUserAgent = Request.ServerVariables("HTTP_USER_AGENT")
        sAccept = Request.ServerVariables("HTTP_ACCEPT")
        If sUserAgent <> "" Then oRequest.setRequestHeader("User-Agent", sUserAgent)
        If sAccept <> "" Then oRequest.setRequestHeader("Accept", sAccept)
 
        'send and wait for reply
        oRequest.send()
        oRequest.waitForResponse(HTTP_REQUEST_TIMEOUT)
 
        'Check if ther is an error
        lRequestError = err.number
        On Error GoTo 0
        If lRequestError <> 0 Then handleError(ERROR_REQUEST_FAILED)
        If oRequest.readyState <> 4 Then  '4 => request complete
            oRequest.abort()
            handleError(ERROR_REQUEST_TIMEOUT) 'Does Response.End()
        End If
 
        'Send the response back to the user
        Response.ContentType = oRequest.getResponseHeader("Content-Type")
        Response.Expires = oRequest.getResponseHeader("Expires")
        Response.Write(oRequest.responseText)
        oRequest = Nothing
    End Sub

I have a strange problem in a Win2k3 environment with a lot of machines in NLB. When page1.asp calls page1.aspx I see the following time taken fields in the IIS log:
Page1.asp: 50 ms
Page1.aspx: 29995 ms


These results are impossible as page1.asp executes page1.aspx and waits for page1.aspx to complete output before it sends it to the client. So the call time of Page1.aspx must be lower than the call tome of Page1.asp. It seems like the aspx page waits for the asp page to close the connection somehow. The interesting thing is that it does not have this problem if it calls a remote server.


We found the fix but I haven't managed to epxlain to myself why it works. I guess the asynchronous thread causes problems, but why the heck does it only cause problems when going to localhost?


The fix is to make the request synchronously by changing the code like this:


        'prepare the request
        On Error Resume Next
        oRequest.open("GET", sURL, True False)
 
        sUserAgent = Request.ServerVariables("HTTP_USER_AGENT")
        sAccept = Request.ServerVariables("HTTP_ACCEPT")
        If sUserAgent <> "" Then oRequest.setRequestHeader("User-Agent", sUserAgent)
        If sAccept <> "" Then oRequest.setRequestHeader("Accept", sAccept)
 
        'send and wait for reply
        oRequest.send()
        oRequest.waitForResponse(HTTP_REQUEST_TIMEOUT)
 
        'Check if ther is an error
        lRequestError = err.number
        On Error GoTo 0
        If lRequestError <> 0 Then handleError(ERROR_REQUEST_FAILED)
        If oRequest.readyState <> 4 Then  '4 => request complete
            oRequest.abort()
            handleError(ERROR_REQUEST_TIMEOUT) 'Does Response.End()
        End If

Explanations are more than welcome.

Friday, November 12, 2004

322.aspx

CopySourceAsHTML version 1.2.1

Version 1.2.1 of CopySourceAsHTML has just been released. It fixes the problem I had in an earlier post, so I can cut and past directly in .text without having to go via the source view. Using the "Embed Styles" option the source code looks just great:


///
/// The main entry point for the application.
/// 
static void Main(string[] args)
{
    System.Console.WriteLine("Cool Or What?");
}

 


Now that Vodafonelive! has released I should have time to post some more source code :-)


Thanks for the tip Colin.

Thursday, November 11, 2004

318.aspx

#egilh project 12: UI hotkey checker

When: Mid 90s


What: Duplicate hotkey checker for menus and dialog boxes


While localizing software it's easy to make mistakes. I covered some of them in the Windows 95 post. A common issue in crowded menus and dialogs are duplicate hotkeys. Especially as the development team continues to change the menus and dialog boxes.


Finding them in testing is difficult for several reasons:



  • It is difficult to bring up all the possible dialog boxes. Some of them are only displayed with special hardware or in special conditions like 'low on disk space'.
  • You have to pay a lot of attention. It is hard to spot duplicate hot keys in a crowded dialog box. It is even harder to spot truncated text as labels may 'word wrap' or truncate at a natural point.

The good news was that all menus, dialogs and strings (selected by the developers) were stored in the 'resource section of  .exe, .dll, etc files. Visual Studio etc can open the files to view and edit the resources. Win32 introduced the resource APIs which made it possible to access the resources without having to parse the file structures documented in MSDN.


Using the new features of Win32 and some file format info I wrote a tool that extracted all the menus and dialog box and cycled through all the items in each file and generated a report of all the errors. The hotkey for each item (preceded by a &) was compared against all the other hotkeys in the same dialog box. Menus were a bit more complex as it also checked against the parent menu.


A completely automatic system like the one I implemented catches all the cases above, but it is not perfect as it is not able to catch bugs in menus/dialog boxes generated at runtime. My boss later wrote a window monitor that checked windows displayed on the screen at runtime.


Lessons learned:



  • Windows resource APIs and resource file formats

Wednesday, November 10, 2004

310.aspx

Vodafone live! is live!

We just released the new version of vodafone live! in Italy. Some external systems, like the games download, are not up and running yet but the portal works like a charm.


It looks a bit boring as a static image but is a real beauty with some the latest devices like the Samsung Z107, SonyEricsson Z1010, Nokia 6630 that support animated images.


Enjoy

Monday, November 8, 2004

307.aspx

Microsoft Windows Command Shell

Finally a real command shell under Windows. The new Microsoft Shell (MSH), code named Monad, is available as a beta distributed separately from Longhorn. It runs on XP, Win2k and Win2k3 with the latest Windows patches and the .NET 2.0 beta.


There are plenty of news, but the most important one is that the output of commands are objects, not text. This means that you can write 



get-process | where { $_.cpu -gt 10 }


to filter processes that takes more than 10% cpu without having to parse the output of the processes command. It also means that the script does not break if the output format change. The output can of course be serialized to xml and csv as well as plain text.


Plenty of cool new scripting stuff to have fun with, like the switch statement with regular expression support:



switch -regex ($var)
{ "word2"  {"Multi-match Exact " + $_ }
   "word.*" {"Multi-match Exact1 " + $_ }
   default  {"Multi-match Default " + $_; break}
 }


You can create variables of any .NET type linke or .NET/ActiveX objects:



$idx=[int]1
$books=[xml]"Davinci Code"
$dtStart=[System.DateTime]"2004/11/08"
$wsh = new-object -ActiveXObject "WScript.Shell"



I got a bit nostalgic trying some of the commands. Things are a lot more *nix like. Dir is an alias of get-childitem and returns the following



d---s   nov 08 16.25             Cookies
d-r--   nov 08 15.59             My Documents
d-r--   gen 21 19.02             Start Menu


Even the help is man-like: get-help dir



NAME
  get-childitem
 
SYNOPSIS
 
  get-childitem [[-Path] pathname] [-Recurse] [-Include includeFilter]
   [-Exclude excludeFilter] [-Filter filter] [-Force] [-Names]
  get-childitem [[-Path] pathname] -Relationship relationshipName [-Property p
  roperty]
     
 
SHORT DESCRIPTION
 
  Retrieves the child items of the specified location(s) in a drive.
  When -Relationship is specified, retrieves the available targets for the rel
  ationship.
..
 
EXAMPLES
  $ gch . * -exclude [a-e]*,*.dll -recurse -name
  Find all the names underneath the current location that don't start with the
   letters "a" through "e" or end with ".dll"


Jon's Radio has several examples of the cool stuff you can do with MSH. .


How to get it:



  • Go to http://beta.microsoft.com/
  • Log in with your passport account
  • Click the "If Microsoft issued you a guest account id"..
  • Enter the following Guest ID: mshPDC
  • Fill in the survey and wait


More info:



Via [Jon's Radio]

305.aspx

Microsoft ACT standalone installation

Microsoft ACT is great for stress testing web sites. The only "problem" is that you have to install Visual Studio .NET in order to use it. I use it frequently on my dev machine but some times it is useful have it on a remote machine for stress testing directly in a pre-production environment. The steps below shows how you can copy your local ACT installation to a standalone computer.


Pre-requisite: Internet Explorer 6.0


Steps by step instructions:



  • Copy the C:\Program Files\Microsoft ACT directory from you dev PC to the same directory on the remote machine

  • Create the Act.Reg and Register.cmd files below

  • Execute Register.cmd

  • Create a local user: ACTUser with the "User" rights

  • Set the Identify of the following COM objects to ACTUser (using dcomcnfg):


    • Application Center Test Broker

    • Application Center Test Controller

  • Give full control to ACTUser on the following WMI namespace using "Computer Management": Root/CIMV2/Application/MicrosoftACT


== Save as Register.cmd ==
c:
cd "C:\Program Files\Microsoft ACT"
regedit -s act.reg
for %%i in (*.dll) do regsvr32 /s %%i
ACTBroker.exe -regserver
actcontroller.exe -regserver
ACTRegMof.exe -i "C:\Program Files\Microsoft ACT\actnamespace.mof"
ACTRegMof.exe -i "C:\Program Files\Microsoft ACT\actbroker.mof"
ACTRegMof.exe -i "C:\Program Files\Microsoft ACT\actcontroller.mof"



== Save as Act.Reg ==
Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ACT]
"AppPath"="C:\\Program Files\\Microsoft ACT\\"
"ProductCode"="{E05F0409-0E9A-48A1-AC04-E35E3033604A}"
"Feature"="AppCenter_Test_for_VS.NET"
"Version"="1.0.0536"


Disclaimer: Follow the instructions at your own risk and make sure you have a working backup!

Wednesday, November 3, 2004

301.aspx

Burying old code

It really bugs me when I find buried source code; large chunks of comments around old code that is not used anymore and will never be used again. It's just confusing. Delete the garbage and use a version control system to get the old code if you ever needed it again.


LexisNexis has a great idea for “taking care“ of old code; Programmers hold funerals for old code



DAYTON, Ohio - Among the tiny graves on Blocker Hill, the wind echoes with the tortured cries of computer programmers.  Beneath the eight grave markers, and perhaps in a rumored unmarked grave nearby, lie reams of paper printouts of code for software that has left this mortal operating system
The cemetery is a quirky tradition among the programmers at LexisNexis, which provides online legal and business information.  Rather than simply delete programs that are retired or replaced, they print them out for a proper send-off — not always with fond regards.

"Some things die gracefully and other things we've had to kill," Perseghetti said. He said workers had to "drive a stake" through the heart of a poorly performing program named CCI, which received an ignominious burial beneath an emblem of a pig.


I know several candidates that are in poor health and should be "taken care of" ASAP. I'll bring the garlic to make sure they never come back!

300.aspx

XMLSpy 2005

The XMLSpy 2005 family was released for download earlier this week. They support the XSLT 2.0, XPath 2.0 and XQuery drafts. Other new XMLSpy 2005 features are; automated function building, Eclipse integration, relational database content editing, and visual management of complex schemas:


Maybe I should convince my boss to buy it so I get an iPod:



While supplies last, you’ll get a free 20GB Apple iPod with every purchase of the Altova Enterprise XML Suite plus the one or two year Altova Support and Maintenance Package (SMP) from Altova or its subsidiaries. So, for example, if you purchase a five pack of licenses for your development team, you’ll receive five free iPods – one for each new user on your team! Certain export limitations and legal restrictions apply. See http://www.altova.com/ipod_promo.html for details.

299.aspx

Ingres r3 for Windows and Linux open source download


Ingres r3 was released as open source under the CA Trusted Open Source License (CATOSL) license in August.


The Linux and Windows versions of Ingres r3 are now available for download. Other platforms like 64 bit and Sun Solaris, HP/UX, IBM AIX will be available by early 2005.


The Ingres million dollar challenge for the best Ingres r3 toolkits is open until February 1st 2005.

298.aspx

Fast error code lookup

I usually use net helpmsg  to get quick info on error codes:



net helpmsg 5
Access is denied.


It works but not all the error codes are covered. It also wants the error message number in decimal whereas most programs return them as hex. The error code tool from Microsoft contains the error codes defined in the standard C include files (19871 return codes registered from 172 sources) and allows you to search by hex, decimal, name etc:



USAGE: err {value} [value] [value] ...
 where <value> must be of one of the following forms:
   1. decorated hex (0x54f)
   2. implicit hex  (54f)
   3. ambiguous     (1359)
   4. exact string  (=ERROR_INTERNAL_ERROR)
   5. substring     (:INTERNAL_ERROR)


Added to my toolkit!


Via [FurryGoat]