365.aspx

Lycos attempts to fight SPAM with DDOS

Fighting evil with evil.

BBC reports on Lycos latest attempt to fight SPAM:  The Make LOVE not war screen saver (Flash needed)

The idea is pretty simple:

• Scan SPAM for link to web sites


• Manually verify that the web site sells spam goods


• Let the screen savers send tons of request to the spam web sites

Each client only generates 3-4MB of traffic but Lycos expects to generate terabytes of traffic making the spammers pay extra for high bandwidth usage. If it makes them "hurt where it counts" I guess it does some good but I still think it's better to stop SPAM before it leaves your LAN. Their approach doesn't stop spam and it doesn't even prevent it from coming to your inbox and breaking your balls. All it does is generate loads of traffic and make their web site slower. The spammers will continue to send mails as fast as before but the client who paid for the "direct e-mail marketing" will pay dearly as he gets hits by the Lycos DDOS.

Wonder how long it takes for the biggest spammers to sue Lycos?

Via [SmartMobs]

363.aspx

.NET CF DataSet performance using XML, text and CSV

I want a fast storage for my secrets that is easy to synchronize with a PC. The obvious choice would be a DataSet serialized to an XML file. It's fast on a PC but my SMS Manager slows down on the Pocket PC when the DB grows. The password manager will be used for reading in 99% of the case so I set up a simple test suite on the PPC to test the performance of the different file formats I was considering:

• Text array: reads a line and does a .Split() using tab as the separator. Creates a  2 dimensional array (rows/fields in row)
  
• CSV array: parses CSV file and creates a  2 dimensional array (rows/fields in row)
  
• XML dataset: uses the ReadXml() method of the DataSet object
  
• CSV dataset: parses a CSV file and builds a DataSet in memory

Example test routine (XML DataSet):

openFileDialog.Filter = "XML Test|*.xml";

if (DialogResult.OK == openFileDialog.ShowDialog())

{

    string fileName = openFileDialog.FileName;

    int startTick = Environment.TickCount;        

    System.Data.DataSet ds = new System.Data.DataSet();

    ds.ReadXml(fileName);            

    int ticks = Environment.TickCount - startTick;

    System.Windows.Forms.MessageBox.Show("Time taken: " + 

            ticks + " ms");

}

I know that DataSets serialized to XML are slow on .NET Compact Framework but I had no idea they were this slow:

The test were run with 1.000 records on a H3870.  I repeated the tests with 100, 1.000 and 10.000 records with similar results.

I find it strange that my CSV version is almost 3 times faster than the text version that does a simple Split(). This is the Text reader core:

StreamReader sr = File.OpenText(fileName);

String input;

while ((input = sr.ReadLine()) != null )

{

    rows.Add (input.Split(fieldSeparators));

}

sr.Close();

The text version is slightly faster than the CSV version the first time it is run (not shown in my graphs). I guess this is because the String class is pre-jitted.
I have decided use the CSV DataSet for several reasons:

• It gives me all the features of DataSets I would otherwise have to implement myself for the array versions: sort, filter, search
  
• It has less start up overhead for the first call (728 ms vs 2.218 ms for XML)
  
• It has acceptable performance up to 10.000 records (6.303 ms vs 36.513 ms for XML)

I will play with encryption support next.

361.aspx

A Password manager for my PC and Pocket PC

I always use strong passwords which means they are close to impossible to remember. I can store my 200+ passwords and other "secrets" encrypted on a my PC but I sometimes need them on my Pocket PC as well.

Password Safe meets most of my requirements:

• It's free and comes with source code 


• Pocket PC and PC version


• Copy password to clipboard without displaying it


• Auto paste/type in the PC version


• Tray icon


• Strong encryption


• All data protected (i.e. there is no clear text data in the file) by a single master password


• Simple and fast to use


• Import text or csv

The latest PC version, 2.0.7, is perfect but it is not compatible with the latest Pocket PC version which is stuck at 1.9.2. The old 1.9.2 version for the PC is missing some of the must have features:

• Tray icon


• Auto type


• Import (I am -not- retyping 200+ items)

So, the options are:

• Update the open source Pocket PC version to 2.0.7


• Write my own

The Pocket PC version is written in C++ using MFC which I haven't used in a while so it should be faster, and more interesting, to write one from scratch. So, I will implement my own password manager in .NET and post post code sniplets as I write the core parts of the application that may be interesting for other people as well:

• Fast encrypted DataSets on the Pocket PC


• Clipboard integration on the Pocket PC

355.aspx

Safe online banking with two factor authentication

Cool idea: authenticating large bank transfers via SMS.

ASB and Bank Direct's internet banking customers will need to have their cellphone close to hand if they want to use the net to transfer more than $2500 into another account from December.
ASB technology and operations group general manager Clayton Wakefield announced the banks would be the first in New Zealand to implement a "two factor authentication" system to shut out online fraudsters, unveiling details of the service on Friday.

After logging on to internet banking, customers who want to remit more than $2500 into a third party account will receive an eight-digit text message to their cellphone, which they will need to enter online within three minutes to complete the transaction.

Italy is still far behind but things are improving:

• CartaSi (credit cards) sends SMS alerts in seconds when your credit card is used.


• BMP (banking) is increasing its security by requiring you to enter a code from a pre-generated list in addition to the user name and password for any online transaction.

Via [Schneier on Security]

353.aspx

Pocket PC .NET CF development tips & tricks

The new Optimize Your Pocket PC Development with the .NET Compact Framework article in the December 2004 MSDN Magazine has several usefully .NET CF tips and tricks:

• Tips for making programming in the .NET Compact Framework environment easier


• Tricks for making your Pocket PC-based apps run faster


• Important .NET Compact Framework classes


• .NET Compact Framework windowing issues

Full source code available on line

350.aspx

Avalon Community Technical Preview

"Avalon" is the code name for the presentation subsystem class libraries in WinFX. MSDN Subscribers can download the November 2004 Community Technical Preview. It runs on Windows XP as well as Windows 2k3. It requires .NET 2.0 beta which I already have on my machine for another cool beta: MSH

More information on the MSDN article on Avalon November 2004 Community Technical Preview and the Avalon news groups:

• news:microsoft.public.windows.developer.winfx.avalon 
  Avalon development topics.
  
• news:microsoft.public.windows.developer.winfx.sdk 
  WinFX SDK topics.    
  
• news:microsoft.public.windows.developer.winfx.announcements 
  General WinFX developer announcements.    

Update: Forgot to add XamlPad which allows you to play with XAML after installing Avalon.

Via [frankarr] and [simplegeek]

344.aspx

Skulls Trojan on Symbian

Not the first trojan for Symbian phones but one of the first that is out in the wild. From the F-Secure report on the Skulls Trojan

This trojan has been distributed on some Symbian shareware download sites as "Extended Theme Manager" by "Tee-222". If you see it, don't install it on your phone. It will make you're phone useless and it will prevent it from booting up. Recovery could get tricky, especially if you don't have a third-party file manager software already installed on your phone.

The most obvious symptom of the trojan is that the typical programs on the phone won't work any more, and that their icons get replaced with a a picture of a skull. See below:

Thanks for the tip Marco