Monday, January 31, 2005

511.aspx

Balloon twisting: fun for kids of all ages

I saw a clown twisting balloon figures in a market last spring. As always I was curious to find out how it worked and had a look on Google. Nothing beats learning by doing it yourself so I bought a kit at a local party supply shop; La Fabbrica Delle Feste. Their web site leaves a lot to be desired but they have a lot of stuff and are very friendly. They were out of pumps, so I got a used one for close to nothing.


I was surprised to learn that twisting balloons is even simpler than it looks. I was proud of my first attempt at making a dog until I put it down on the floor and had a look at it from a distance:

A dog beast with two tails but no head!


The first attempts were even worse until I learned the trick: you have to lock elements together


I keep my balloon kit hidden and take it out when the kids are stuck inside for some reason. The repertoire is limited to dogs, giraffes (i.e. dogs with long necks :-), swords and  flowers. Let me know if you know of any good web resources where they show to make other figures.


Highly recommended if you have young kids. Great fun for the kids dad.

Friday, January 28, 2005

505.aspx

The future of .TEXT

.TEXT has been dead in the water for a while so I have been following the Community Server  project with great interest. I was worried that it would be major PITA to upgrade but Scott Watermasysk has some great news on the future of .TEXT Community Server . In particular:



  • There will be a upgrade tool for upgrading a .TEXT install to Community Server 1.0

  • Built in Search

  • Better comment moderation support (moderated, authenticated, timed)

  • e-mail subscriptions by post and blog

RC1 should be out soon. I will give it a try on of my blogs and see if I can make it run it in parallel with .TEXT on the same machine.

Thursday, January 27, 2005

503.aspx

How to force the download dialog box to appear

Today someone asked me how to force the "File Download" dialog box to appear in Internet Explorer. I thought I knew the answer but I learned a new trick.


They have a directory structure like this:
/products
   /images
      file1.jpg
      file2.jpg


The files should by default open the browser but they wanted to add a "download" link as well for people who don't know how to right click and choose "Save As…".No problem, I thought, and pointed them to How To Raise a "File Download" Dialog Box for a Known MIME Type  and gave them some old code I had laying around:


dim sFile


dim binaryData


 


sFile = server.MapPath(Request("dir") & Request("fileName"))


set binaryData = Server.CreateObject("ADODB.Stream")


binaryData.Open


binaryData.Type = 1 'binary


binaryData.LoadFromFile sFile


 


Response.AddHeader "Content-Disposition","attachment; filename=" & Request("fileName")


Response.BinaryWrite binaryData.Read


 


binaryData.Close


set binaryData = nothing


It sets the "Content-Disposition" header to attachment which instructs the browser to open the download window. This solution is OK when you download contents from a DB but I don't like it when the contents come from the file system as the script accepts a directory and file name in input. You have to be very careful so the page is not used to download contents like the source code of the ASP pages or other files outside the intended directory.


Then I decided to try the custom http header support in IIS 6.0:



  • Create a new virtual directory, for example /download

  • Point it to the directory you want to enable downloads for (/products in my case).

  • Go to the "HTTP Headers" tab in the properties of the new virtual directory

  • Add a new custom HTTP header. Name=Content-Disposition and Value=attachment


We changed the index page so it links to /download/products/images/file1.jpg as well as /products/images/file1.jpg and it works like a charm. The first link opens the “File Download“ dialog box whereas the second link opens the file inside the browser. This approach has several benefits over the ASP based approach:



  • Security. You cannot trick the ASP file to download files outside the products directory

  • Performance. It is faster than running an ASP script and you don't tie up valuable ASP script threads.

  • Faster and simpler to implement and deploy

Wednesday, January 26, 2005

500.aspx

Microsoft Architects Journal

Microsoft Architect's Journal :



a platform where authoritative software architects from all corners of Microsoft's architect community will discuss the connection between opportunities once out of reach and the solutions that now make them possible. Software architecture is a tough thing - a vast, interesting and largely unexplored subject area. As an art, it requires intuition and understanding of well-established architectural disciplines. As an engineering practice, it leads to formation of system models consisting of parts; with descriptions of their shape and form in terms of properties, relationships, and constraints. The rationale for their existence often derives from the system requirements. And of course, everyone has or wants to say something about it!


I had a look at Microsoft Architects JOURNAL4 but I'm not convinced. There is some useful information but there is also a lot of marketing fluff as well. Thoughts?


 

Friday, January 21, 2005

494.aspx

Log parser 2.2

Wow! Version 2.2 of Log Parser is just impressive.


Log parser gives you SQL like query access to a lot of data sources:



  • IIS in text, binary and DB formats.

  • Text and CSV files

  • XML

  • Windows Event Log and Event Log backup files (.evt files).

  • File system and directories

  • Windows Registry

  • Active Directory objects.

  • NetMon capture files

The supported output formats are just as impressive:



  • Text, CSV

  • XML

  • Web log

  • SQL

  • SysLog server

  • Data Grid

  • Chart

Some neat examples from the documentation:

Create a chart containing the top 20 URLs in the "www.margiestravel.com" web site:



LogParser "SELECT TOP 20 Target, COUNT(*) AS Hits INTO MyChart.gif FROM <www.margiestravel.com> GROUP BY Target ORDER BY Hits DESC" -chartType:Column3D -groupSize:1024x768


Create tab separated file with event messages from multiple machine:



LogParser "SELECT SourceName, Message INTO myFile_*.tsv FROM \\MYSERVER1\Application, \\MYSERVER2\Application"


The SQL syntax has more functions than Microsoft SQL Server so you can do loads of neat stuff like calculating MD5 hashes of files, convert hex to data, escape URLs, do aggregations etc. This example calculates the average time spent by each page type



SELECT  TO_LOWERCASE(EXTRACT_EXTENSION(cs-uri-stem)) AS PageType,
        AVG(time-taken)
FROM ex031118.log
GROUP BY PageType


The Unofficial Log Parser support site has more information and a dedicated forum.


Via [The Furrygoat Experience]

493.aspx

Adding support for the "nofollow" attribute in .TEXT

Scott Watermasysk explains how to add support for the “nofollow” attribute to .TEXT.

492.aspx

Developers and kittens...

Larry Osterman's kittens run off with keys of his laptop. My cat is a bit more of a wild animal and tried to run of with my leg instead.


It was a warm summer night…
and I had the house to myself. My wife and the kids were off on summer vacation while I was still working as most dads do in Italy. I went back to bachelor's status for a few weeks and read a lot of books and a watched a bunch of movies. The night in question I had chosen the final episode of the Matrix series. I turned of the light and turned up the Dolby Surround as high as only a deserted Milan in August allows. 


Staying in the pillow next to me in the sofa, as she usually does, turned out to be too warm for the cat. I had a fresh beer to keep me cool but she preferred to stay on the cold terra cotta tiles. I was in the middle of a loud sequence when I decided to get some more supplies. I paused the movie and made my way to the kitchen. I walked around the sofa, put my foot down on something fluffy and thought: strange, why did I leave my warm winter slippers on the floor when it's 40+ degrees? That's as far as I got before I heard a miaaaaauuuuuuuuuuuu and felt the wrath of the beast:



She ran one way (out), and I the other (to the disinfectants).


What can I say? Mons is still happily alive and well fed fatter than ever. She was skeptical for a few days but we both got over the episode without permanent damage. I would expect nothing else from the wild "beast" as she's constantly catching lizards, birds, mice and rats half her size. She has brought me some pain (the leg hurt like mad, and she gave birth to the kittens all over my Wired collection), but in the end she's great fun and and had some kick ass kittens. We gave away one male kitten to a colleagues of mine (which shall remain anonymous) that already had a male cat. The freshly neutered kitten is every bit as tough as the mum. It uses any occasion to bite the neck of the much bigger room mate, to get a better grip, while having his way...

Tuesday, January 18, 2005

488.aspx

A new challenge: learning Japanese

This should be fun; I got a Japanese course in Italian for Christmas. I had a look during my vacation but I did not apply myself so I never got past the section with the hiragana and katakana symbols.


Learning a 4th generation language (Norwegian -> English -> Italian -> Japanese :-) should keep me busy for a while. I have forgotten most of the other languages I know like German as I never had a chance to practice. A lot of the latest and greatest cool stuff is in Japanese  though, so I should have plenty of exercise reading Japanese once I get over the first hurdles.


Kuro5hin has some interesting pointers on learning languages but I am open for suggestions and practice opportunities.

485.aspx

Free eBook: .NET book in samples

SkillDrive has published a free eBook: .NET in samples. 250 pages of .NET samples in C# with  documentation.


Via [ISerializable]

483.aspx

It's snowing in Milan!

It feels and looks great:

We brought the kids out to play in the snow before sending them to bed. Not enough snow to make angels in the snow but fun anyway



I wasn't so convinced on the way back though. In the center of Milan it was mostly raining this afternoon but as soon as I hit the suburbs it started snowing for real. A major PITA when you drive a BMW C1 with tiny wheels. Luckily the road was not as slippery as when I was on Christmas vacation



 

482.aspx

SQL Injection Attacks by Example

SQL Injection Attacks by Example covers both sides of the story: how hackers use unverified user input to break in and how to protect yourself against it. A good introduction, and a must read, if you are not familiar with SQL Injection Attacks.


Via [ISerializable]


 

Monday, January 17, 2005

477.aspx

Scriptomatic 2.0 makes WMI scripting easier

Microsoft has released Scriptomatic 2.0:



A completely new version of the famous Scriptomatic, the utility that writes WMI scripts for you. (And, in the process, teaches you the fundamental concepts behind writing WMI scripts for yourself.) Unlike its predecessor, Scriptomatic 2.0 isn’t limited to writing just VBScript scripts; instead, Scriptomatic 2.0 can write scripts in Perl, Python, or JScript as well. In addition, Scriptomatic 2.0 gives you a host of new output formats to use when running scripts, including saving data as plain-text, as a stand-alone Web page, or even as XML. Scriptomatic 2.0 handles arrays, it converts dates to a more readable format, and it works with all the WMI classes on your computer; on top of all that, it also writes scripts that can be run against multiple machines.

Sunday, January 16, 2005

475.aspx

RAD development of the Pocket PC Password Manager

The Pocket PC version of my password manager is ready. AutoType is the only feature I have not implemented on the Pocket PC yet as I don't need it.


The clipboard integration works but I am unable to paste in password fields. The paste option is grayed out and Ctrl+V doesn't work either. Does anyone know how to work around this 'feature' of the Pocket PC?


I'm pretty happy with the way the code organization worked out. I put both the PC and Pocket PC solution files in the same directory and common source code in a sub directory. Platform specific files are in Platform\PC and Platform\PPC. I believe this setup is better than having two separate top level directories as it avoids one problem: VS.NET copies the file if you 'add existing' file from a directory outside the solution tree. But, if you add a file in the solution tree it includes the file. This behavior is not really a problem if you use version control as you can share the file on a source control level.


The really big time savior was the feature I didn't know about in VS.NET: you can copy  the controls on a form from a PC project to a PPC project. It copies all compatible properties like the name and size and ignores the ones that do not exist in .NET Compact Framework. Neat.


On my previous PPC projects I only developed some test drivers on the PC but did all the application work with a real device. It is faster on the H4150 than it was on a H3870, but developing everything on the PC is a lot faster. Porting only took a couple of hours so my lessons from this project are:



  • Know your platform and which features are not available

  • Design the GUI with the PPC in mind and the porting is easy

  • Develop, test and release the PC version before you port the PPC version

I will do some refactoring of my projects that I only have on .NET CF and post them as well. They may be less interesting from a technical point of view, but they are pretty useful (for me anyway):



  • poShoplist: a simple shopping list program. Implements a component that is missing on in .NET CF: a list box with check boxes

  • poSMS: Allows you to send/receive SMS messages via Bluetooth or a serial cable. Implements serial communication and Bluetooth support.

Download the poSecrets beta (includes PC and PPC version) and let me know what you think via the comments or the contact link.

Thursday, January 13, 2005

466.aspx

Feature requests for .NET Compact Framework

Order your new features today for the next version on the .NET Compact Framework Team wish list.


My wish list:



  • Built in serial (and Bluetooth) support. I had to build my own classes for managing the serial port to get Bluetooth working so I could send/receive SMSs via a mobile phone.

  • Cross platform development. For my poSecrets password manager I use two solutions pointing to the same source. Using a single solution with conditional compiles could be one option.

  • COM support (should be there in 2.0). Using (mostly) Microsoft code it is possible to use Pocket Outlook from .NET CF 1.0 but it is not possible to use the Pocket Access databases without buying 3rd party software.

  • Better DataSet performance

  • Built in clipboard support (cut and paste in text controls etc) instead of having to implement clipboard support on .NET CF 1.0 using APIs.

463.aspx

poSecrets: free password manager for PC (beta)

The beta release of the PC Edition of my Password Manager is ready.


It took me longer than planned due to vacation, sickness and other, more urgent, projects. The GUI is very simple and identical to the Pocket PC edition. Most of the code is the same. At the moment I am using two solutions pointing to the same source code files. I am not sure if this is the best way to work but it works grand for such a small project. I made the jump this morning and moved my 223 passwords and other 'little secrets' to poSecret.



Main features:



  • AES encryption of the entire file. There is no clear text data and no recovery of the password.

  • Same file format as the Pocket PC version. The file can be synchronized with ActiveSync or transferred via mail, Bluetooth etc

  • Import/export csv/text data (5 columns; category, title, user, password, notes)

  • Auto Type user name and/or password in the currently active window (not available on the Pocket PC for now)

  • No installation required (so you can run it from a USB key)

  • Configurable generation of strong passwords

There are a couple of features I may add in the final release:



  • Add a file association for .secrets

  • Tray icon. Not sure if I want it or not.

  • A decent program icon. I can hardly draw a straight line, far less design icons, so suggestions are welcome.

  • Keyboard shortcuts. All functions can already be reached through the keyboard, but Ctrl + B is faster than Alt + S, A, B

I will implement bug fixes and usability improvements as they are reported. The final versions should be ready in late January.


Download the poSecrets PC beta and let me know what you think via the comments or the contact link.


Requires .NET 1.1 (I may make a 1.0 release if someone wants it)

Wednesday, January 12, 2005

462.aspx

Update for Outlook 2003 Junk Email Filter

Microsoft has released another update for the Outlook 2003 Junk Email Filter (KB890854):



This optional update provides the Junk E-mail Filter in Microsoft Office Outlook 2003 with a more current definition of the e-mail messages that should be considered junk e-mail. ... Additional updates will follow.


 


 

Friday, January 7, 2005

454.aspx

.NET Compact Framework 1.0 SP3 Redistributable

.NET Compact Framework 1.0 SP3 Redistributable has been released.


The ~15 MB download fixes some memory corruption and stability issues. No .NET CF performance improvements as far as I can see.


Via [Larkware News]

451.aspx

Using a honeypot against port scanners and script kiddies

The Beat Hackers At Their Own Game With A Hackerbasher Site article suggests using a honeypot for security. I completely agree with its suggestion: always bind web sites on the internet to a hostname.


This best practice applies to all web servers, not only IIS. It does not stop hackers determined to hack your server, but it stops script kiddies scanning for vulnerable web servers by IP address. Setting up the honeypot is not necessary for security if you have configured the host name on all IPs, but it allows you to check the log for hacking attempts. It also helps you verify that you have configured it correctly as it will gie you an error (Another site may be running on this port) if you forget to set the hostname for all IPs


The article recommends configuring Integrated Windows Authentication (NTLM) on the honeypot site. I disagree and think this is more of a security risk than a benefit. A hacker may try to brute force passwords using the NTLM challenge response. It unlikely that the hacker manages to guess the password in three attempts so the result is that it blocks accounts which it manages to guess the name of. It is, in my opinion, better to use anonymous security and configure security on the home directory so the anonymous user is unable to access the directory.


I would change the instructions slightly (new/changed instructions in italic):



  • configure a hostname for each IP on each web site

  • create a new empty directory (not on the system disk)

  • set security on the directory so only domain admin has access to it

  • create a new web site pointing to the empty directory

  • remove all ISAPI filters (tomcat, front page etc)

  • in the "Directory security tab": Enable Anonymous security. Remove Integrated Windows Authentication

  • in the Performance tab: Enable "Throttle network bandwidth"  and set it to a few KB/second. No reason to let the hackers waste valuable bandwidth

  • in the Performance tab on Win2k3 (in the Web Site tab on Win2k) : Limit max connections to 1. Let the script kiddies block each other from hacking your site

  • Disable the "read" and "index this resource" check boxes in the home directory tab

  • Add all IP addresses the honeypot should listen to


If the site is configured correctly, you will get the following message:



HTTP Error 401.3 - Unauthorized: Access is denied due to an ACL set on the requested resource.


You will get the following error message if the security is not set correctly on the directory:



HTTP Error 403.2 - Forbidden: Read access is denied.


In any case the hacker will not be able to access your site.


Via [MSDN Student Flash] and [Stefan Goßner]

Wednesday, January 5, 2005

441.aspx

.NET Compact Framework performance tips

Scott Holden shares his experience on .NET Compact Framework performance


It covers .NET Compact Framework in particular, but the advices applies to .NET programming in general. I'm happy to see that "keeping it simple", pays off in performance on .NET CF as well since less code is faster code and fewer objects are better for performance.


DataSets haven't improved much since SP2 though, so I'll continue using CSV DataSets when I need to load datasets fast.

Tuesday, January 4, 2005

436.aspx

Is Moore's law the death of Linux?

On the subject of Moore's Law and CPU speeds is Larry Osterman predicting the death of Linux in this decade?



Interestingly (and quite coincidentally) enough, it's possible that this performance wall will effect *nix applications more than it will affect Windows applications (and it will especially effect *nix derivatives that don't have a preemptive kernel and fully asynchronous I/O like current versions of Linux do).  Since threading has been built into Windows from day one, most of the high concurrency application space is already multithreaded.  I'm not sure that that's the case for *nix server applications - for example, applications like the UW IMAP daemon (and other daemons that run under inetd) may have quite a bit of difficulty being ported to a multithreaded environment, since they were designed to be single threaded (other IMAP daemons (like Cyrus) don't have this limitation, btw).  Please note that platforms like Apache don't have this restriction since (as far as I know), Apache fully supports threads.


Will people go back to operating systems specifically designed (or ported over time) to multi processor/thread systems, i.e Windows NT 2k*, Solaris, BeOs?


Mark Russinovich wrote a great comparison of NT/Linux on multi processor systems in 1999 that explains the multi threading problems that Larry mentions in his post. The latest version of Linux has better threading support but in the last tests results I have seen at work we have better performance with Sun JVM on Win2k3 than we have on Linux on identical hardware.

435.aspx

Dr. Dobb's Journal

I used to read Dr. Dobb's Journal a lot when I was studying in Norway and later when I worked in Ireland. Only a few newsagents carry it in Italy so I haven't read it regularly in years. Then I noticed the article on CPU Speed that will be published in Dr. Dobb's soon so I decided to try to subscribe to the Dr. Dobb's. The international subscription costs $50 and includes the new "Windows and .NET edition".


I was getting ready to pay when I found a referene to the "Basic Membership" that is free with the magazine subscription. A few minutes later I stumbled upon the real goldmine:
All Access Membership: $19.95 per year (special limited time offer):



  • 12 months of complete Web access to all available past, current and future issues of Dr. Dobb’s Journal, Software Development magazine and C/C++ Users Journal. (A $99 Value)

  • 12 months of complete access to BYTE.com including ($19.95 value)

  • 12 months of complete access to BYTE Digest ($18.00 value)

  • PDF E-zines and archives from Dr. Dobb's Journal, The Perl Journal and more! ($19.95 value)

  • Topical CD-ROM ISO Downloads ($19.95 value)

  • Michael Abrash's Graphics Programming Black Book, 101 Perl Articles CD-ROM ISO, and more! ($29.95 value)

Some old stuff but a great value for the money. I'm downloading the latest editions now and can't wait to catch up

433.aspx

What happened to the 10 GHz CPU?

Herb Sutter has an interesting article on hitting the speed limit of CPUs that will be published in Dr. Dobb's Journal. Moore's Law applies to the number of transistors on a CPU and continues to be valid (at least for some more time) but we're stuck at 4GHz for a while to come.


Our work just keeps getting more interesting! CPU's will continue to get more powerful as they will add more concurrency capabilities, but sluggish programs will have to be rewritten to take benefit of the hyper threading and multicore CPUs. Adding more threads isn't a free lunch though. As Herb Sutter points out, concurrency has its costs:



  • it's hard to write multi threaded programs. It is very easy to introduce deadlocks or forget to protect variables so you corrupt data under stress. If you always lock everything, you end up with close to single threaded performance. Choosing when, and what, to lock, is a skill acquired with experience (as is good OOP).
  • some applications are difficult to make multi threaded
  • synchronization etc. has its costs

I currently work on the server side (web and infrastructure services), so I'm lucky as I have designed the applications to be multi threaded from the start. Making a server multi threaded is easier, conceptually, than a client application. It's easy to imagine a group of threads managing requests for many clients. It takes a mental shift for most developer to optimize client applications by splitting time consuming tasks, like sorting large lists, among multiple threads. Most developers still have to face the basic concurrency issue in .NET in GUI applications and have a long way before they master concurrency.


I am not worried about server side scaling (yet), as there are plenty of options:



  • Scale out with Windows Load Balancing. This can be used by many applications, not only traditional web applications. Works very well for stateless applications
  • Scale out with Data Partitioning/request routing. Depending on the data the request is routed different set of servers.
  • Scale up by adding more CPUs
  • Asynchronous programming: queue whatever can be queued and execute it later

I particularly agree with this statement:



Efficiency and performance optimization will get more, not less, important


Another thing to keep in mind for those of us with "The holy title of software architect" :-)


Via [Larry Osterman's WebBlog]

Sunday, January 2, 2005

423.aspx

A trip down memory lane

Hiding the Christmas gifts from the kids I found my oldest working PC at my parents place in a closet. Amazing how technology advances in a few years. The monster below was top of the line when I finished my studies:


It is a 33mhz i386 with TWO 120MB hard disks. My iPaq pictured in front of it is more than 10 faster, has more than 10 times as much memory and twice the permanent storage on its SD card! There is no room for the old PC anymore so I slaughtered the machine and took the only things I still have any use for: the 5 1/4 floppy and the HDs with the 5 1/4 bay containers.


I have no idea if the disks still work but I hope they do.  It would be fun to have a look at my thesis, the first program I wrote for a client and the project I have had the most fun (and problems) with. Wonder if I wrote comments in English from the start or if it is something I picked up along the way.


 


 

422.aspx

Best and Worst moments of 2004

Worst moments of 2004:



  • The company my wife worked for was bought by other company. They took over the most important projects and clients and filed for bankruptcy for the company they just bought. The trials still going on.

  • The company I work for was bought by another company. In a way it was sad but I hope it all turns out for the best. I came from Microsoft in 1996 when there was only 15 people working in the company. They stopped development projects due to some bad experiences with small clients just before I started so I ended up doing NT 4.0 migration projects and training. Little by little I got a chance to do some development again, mostly NT services in C++ for the migration projects. Over the years development grew from nothing to a corner stone of a company that passed 300+ employees.

  • Went to the doctor in for a health checkup as I didn't feel too well. The result were bad. I had high blood pressure and the doctor said I had a 'strange sound' in my left lung. It scared the crap out of me, as it would of any ex smoker.

  • Misunderstanding between myself, my wife and the baby sitter about who should pick up the oldest kid from school. Thanks to the teacher for staying 30 min extra!


Best moments of 2004:



 

Saturday, January 1, 2005

419.aspx

Adding the Amazon.com Click to Give link to a .TEXT blog

I found the the Amazon “Click to give“ code on Brian Sullivan's blog. I added his code in Skins\SkinName\Controls\CategoryList.ascx, before the <asp:Repeater tag, to get the link high on the page.


<ItemTemplate>


   <h3>Donate</h3>


    <ul>


        <li>                         


        <!-- Begin Amazon Honor System Paybox -->


            <img src="http://s1.amazon.com/exec/varzea/tipbox/A1J1JDQWBS9GWQ/T3MYIILZNTKFV2"


                  usemap="#T3MYIILZNTKFV2"


                  border="0"


                  alt="Amazon Honor System">


                  <map name="T3MYIILZNTKFV2">


                        <area coords="40,100,160,160"


                              href="http://s1.amazon.com/exec/varzea/pay/T3MYIILZNTKFV2" alt="Click Here to Pay" target=_top>


                        <area


                              coords="23,183,178,195" href="http://s1.amazon.com/exec/varzea/subst/fx/help/how-we-know.html" alt="Learn More" target=_top>


                  </map>


            <!-- End Amazon Honor System Paybox -->


        </li>


    </ul>  


</ItemTemplate>


 


I followed up on my earlier promise and donated to the International Red Cross earlier today.