Lost in .NET Code

Starting out on Windows 7 Phone Development Cycle

noreply@blogger.com (James Knowles) — Fri, 12 Nov 2010 11:58:00 +0000

So I am actually writing an App for Windows 7 Phone .

I thought I would share my links for actually building a Windows 7 Phone, I come from a background of Windows Forms / ASP.NET so I am possibly like a lot of developers out there just stepping into WPF and Phone development.

So the good news is nearly all the resources for building an Windows 7 Phone are free!

So start with you need to goto

http://create.msdn.com/en-US/

Get yourself an account, The app hub is a central place for both Xbox 360 developer information but more importantly to us Windows 7 Phone .

http://create.msdn.com/en-us/home/getting_started

This is where you need to go for downloading the tools. If you don't have a copy of VS you dont neet to worry a version of Visual Studio Express will be downloaded and installed. The average downloaded is 300MB so even thought the initial file is only 3-4mb you should expect another 300-400mb depending on what you have already installed on your machine.

So where to go next, my suggestion next is actually not to code a thing it is to now read the UI Design and Interactive Guide

Then the application certification process

There is no point in obivously creating an app if it is going to fail the certification process or UI design rules.

So once you have read those it worth IMHO looking at the below resources:

Free E-Book
Programming Windows Phone 7 by Charles Petzold
http://www.charlespetzold.com/phone/

Charles Petzold is a living legend and this book is a great guide to starting out on the Windows 7 Phone. I am still working my way through it but it is certainly great for going through the concepts and giving examples. Highly reccomend reading.

30 Excellent Windows Phone 7 Examples

http://microsoftfeed.com/2010/30-excellent-windows-phone-7-development-tutorials/

I have not had a chance to go through all of the examples here but so far they been great. Worth a peek.

The App centre itself has lots of links and resources.

Below is the link for Windows Phone Development
http://msdn.microsoft.com/en-us/library/ff402535(v=VS.92).aspx

This is a great resources for indepth and starting knowledge and well worth a bookmark.

Useful Forums

Microsoft Offical App Hub Forums
http://go.microsoft.com/?linkid=9730558

I will update this post as I found more useful resources and as my knowledge get better on WP7 .

Last night at LDNUG

noreply@blogger.com (James Knowles) — Thu, 21 Oct 2010 10:56:00 +0000

So hopefully I did not bore to many people last night with my talk about Running a Tiny Software Company. Link here for the presentation . It was good fun to do if not slightly nerve racking at the start.

Was great to connect with so many people and really enjoyed the other presentations there, certainly the Sass, html 5 presentation was useful for me in terms of actually projects for the future and now. Mobile application development platform talk was something I was really looking forward to and it did not disappoint, I will be having a look at the platform described in some detail over the weeks ahead.

The Pair programming presentation was pretty cool, I have never paired programmed so it was interesting insight and I thought the role play was good fun and maybe a good way to present a topic that must be hard to put across in just slides.

Overall really enjoyed the night, a few beers afterwards and then a dash homewards as I was slightly past my curfew for the beer pass.

Thanks to Toby for allowing me to speak.

Edit: Review also here by Danny Simper from Adgistics http://www.adgistics.com/blog/post/2010/10/22/What-is-a-geek.aspx

Weak Passwords and mixing passwords

noreply@blogger.com (James Knowles) — Thu, 19 Aug 2010 17:07:00 +0000

The last couple of months one of the core areas I have noticed is that brute force attacks on systems are becoming more common place. This is not exactly new news but one of things that I noticed is that companies are still using passwords at administrator level in one or more places. As note more to myself than to anybody else it is to make sure that in my personal and my business accounts I am using one password unqiuely with each account.

If nothing else if one system gets compromised you at least have a chance that others will not have been.

Back to Blogging

noreply@blogger.com (James Knowles) — Tue, 17 Aug 2010 23:36:00 +0000

Been a while since I actually blogged for a number of reasons ... The main one being that my wife and I had a baby girl Emily, which has consumed alot of my time up ;) . Also with Blogger changing there policy on FTP it has taken me some time to change the systems and get this blog back up and running.

... O yes and one other little thing..

.. We have been busy also at work.

Test Test 123

noreply@blogger.com (James Knowles) — Tue, 17 Aug 2010 21:11:00 +0000

Testing posting on a new domain..

Authorize.net lessons for etailers

noreply@blogger.com (James Knowles) — Fri, 03 Jul 2009 14:58:00 +0000

First things first I wish Authorize.net team the best of luck and speed in fixing there network.

Lessons for etailers though is to *if* possible build a second payment provider into the online checkout system. www.dabs.com are great example of site that has multiple paymet options at checkout. This not only gives consumers choice but also provides resilences into your online payment solution.

Is this not illegal?

noreply@blogger.com (James Knowles) — Thu, 12 Mar 2009 23:07:00 +0000

http://news.bbc.co.uk/1/hi/programmes/click_online/7932816.stm

Last time I looked it was illegal to do this type of thing either for profit or demonstration purpose.

"Almost 22,000 computers made up Click's network of hijacked machines, which has now been disabled."

"If this exercise had been done with criminal intent it would be breaking the law. "

What ? using other people machines to send traffic and there bandwidth is not already a misuses of there network ?? Does that not break the Computer Mis Use act ? What if some of those machines where on mobile networks where they were paying by the meg for there bandwidth ??

Moving a SUSDB Database on SBS 2003

noreply@blogger.com (James Knowles) — Wed, 07 Jan 2009 10:33:00 +0000

WSUS database by default tend to be on the C drive, which is all good until you start to run out of space.

The problem then comes in moving the database from C: to often your data drive in my example D:

The biggest problem people have in doing this is actually connecting to the database.

Most people like point and click tools like SQL Server Management Studio or Express edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=C243A5AE-4BD1-4E3D-94B8-5A0F62BF7796&displaylang=en

MAKE SURE YOU HAVE A BACKUP BEFORE YOU START THIS.

To connect to the database you need to use the following address as the Server Name:

file://pipe/mssql$microsoft##ssee/sql/query

I connected through using this address as Administrator which seem to work ;-) Once you have a connection in the database.

The rest becomes alot simplier in terms of moving the SUSDB . Expand the database list and you should see SUSDB .

Before you do this though make a note of were the files are !! ldf and the mdf ;-)

Right click on the database

Task -> Detach

you will need to select the option "Drop Connections" otherwise it will normally fail to detach.

Once you have detached the database. *COPY* ldf and mdf file to your new location.

Once copied you simple need to Attach the database back in again. Right click on Database -> Attach

Locate the mdf file in the new location and attach the database back.
Once you are happy that database is re-attached correctly and you have checked the system is working, you can delete you old mdf and ldf file. Personally I just copied them off onto a USB drive just in case. You should then have some space back on your C drive.

[UPDATE]
Make sure you check the permissions on the database before you start this procedure just in case.

Happy New Year

noreply@blogger.com (James Knowles) — Thu, 01 Jan 2009 19:59:00 +0000

Happy new year to all.

Removing IE8 on Windows XP

noreply@blogger.com (James Knowles) — Mon, 22 Dec 2008 12:35:00 +0000

Had a few people run into IE8 beta lately by mistake. As most people look for Microsoft Internet Explorer in the add / remove programs, they get stuck. It is actually called "Windows Internet Explorer 8" why they cannot follow a naming standard they have setup I will never know...

Removing IE8 on Windows XP:
1. Click the Start Button and select Control Panel.
2. Select Add or Remove Programs.
3. Find and select Windows Internet Explorer 8 from the list of available applications.
4. Click the Remove button.
5. Restart your system.

Save As PDF in Office 2007

noreply@blogger.com (James Knowles) — Thu, 06 Nov 2008 10:29:00 +0000

http://www.microsoft.com/downloads/details.aspx?FamilyId=F1FC413C-6D89-4F15-991B-63B07BA5F2E5&displaylang=en

I just found this the other day and will save me purshasing a conversation tool for word to PDF.

Hope this helps someone else in the future, Not sure Adobe will love MS for this but it is great for consumers.

End of Windows 3.x

noreply@blogger.com (James Knowles) — Wed, 05 Nov 2008 17:32:00 +0000

http://news.bbc.co.uk/1/hi/technology/7707016.stm

The last time I saw 3.x was actually last month.. my dad still runs it for a flight sim!!

James

SQL Injections ASP

noreply@blogger.com (James Knowles) — Tue, 04 Nov 2008 22:51:00 +0000

http://blogs.technet.com/neilcar/archive/2008/10/31/sql-injection-hijinks.aspx

Neil Capenter shows another example of why ASP and using Black list is a really bad idea.

This is really interesting because it shows
"ASP drops a percent sign from the query string if it isn't followed by two valid hex characters(0-9, A-F) when it actually interprets it via Request.QueryString. "

Neil proves this in a test page it shows that the earlier attacks are again being updated to go past filters. If companies have patched a fix over this type of hole then they will be facing a more complete attack soon.

http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1697

The new version of URL scan specifically checks for this and is worth having in your toolkit.

Fircroft Trust are now blogging

noreply@blogger.com (James Knowles) — Tue, 04 Nov 2008 17:03:00 +0000

http://www.thefircrofttrust.org/blog/index.php
Well done Sam.

James

Long live Windows 7

noreply@blogger.com (James Knowles) — Tue, 28 Oct 2008 22:15:00 +0000

http://news.bbc.co.uk/2/hi/technology/7695933.stm

I think I am about to declare vista dead. Long live Windows 7.. Hopefully it will follow in the foot steps of Windows Server group because the server poducts seem to be getting better and better. As server/network admin though it means I am never going to be able to sell Vista at the business level, windows XP is going to rule until 7 has been released, this I have to say is a mistake on MS part if they are not seriously going to release 7 in the next 2 years, because peak shows like this just mean I have no chance of actually convincing someone in a business to spend money in a vista direction..Lets not even talk about the cloud...MS you really need to start delivering and show a real long term position rather than following the latest trend, your are effecting your long term partnership positions.

XP Antivirus 2008

noreply@blogger.com (James Knowles) — Wed, 27 Aug 2008 12:58:00 +0000

http://www.theregister.co.uk/2008/08/22/anatomy_of_a_hack/

Having spent a good couple of hours this week cleaning up XP Antivirus 2008 and one case having to do it twice..Sigh It is was very interesting to see this article. Everyone should read it, the quality of the attack that XP Antivirus 2008 uses is quite scary and will probably start to set a bench mark for coming attack. It will require a lot of education to protect user for this time of threat.

Cuil .. Maybe Not

noreply@blogger.com (James Knowles) — Thu, 31 Jul 2008 13:16:00 +0000

Just tried searching in Cuil for Unwind Software Ltd, not sure I like the image ideas they have, considering they seem to get it horribly wrong. Surely this is lawsuit waiting to happen, have no idea who FDM Software are but they seem to imply by the logo they are Unwind Software Ltd.

I assume I am not the only one, why though are they using images across domains, surely that is a reciepe for complete disaster.. Could you not posion high profile site images logo in Cuil with an image if you crafted a page that had the right keywords and the wrong images on it..

Sql Injection Prevention Articles

noreply@blogger.com (James Knowles) — Mon, 21 Jul 2008 21:39:00 +0000

SQL Injection prevention in ASP
http://msdn.microsoft.com/en-us/library/cc676512.aspx

SQL Injection prevention in ASP.Net
http://msdn.microsoft.com/en-us/library/ms998271.aspx

Both excellent articles on preventing SQL injection.

Scrawlr announcement - Microsoft / HP Collaborate on SQL Injection tool

noreply@blogger.com (James Knowles) — Wed, 25 Jun 2008 00:28:00 +0000

https://download.spidynamics.com/Products/scrawlr/

Well worth downloading and running it is free and certainly a great tool to start testing for SQL injections on a website.

Ado.Net Entity Framework Vote of no confidence ??

noreply@blogger.com (James Knowles) — Tue, 24 Jun 2008 21:38:00 +0000

**RANT**
http://efvote.wufoo.com/forms/ado-net-entity-framework-vote-of-no-confidence/

So I read Tim Mallalieu's blog he is on my RSS feed one of few select people I track and trace. (Tim if you read this I am not a stalker honest, I just think you post are cool and informative)

http://blogs.msdn.com/timmall/archive/2008/06/24/vote-of-no-confidence.aspx

So I read the following post, and fell off my chair, somebody has gone to the effort of actually putting togther a ADO.NET Entity Framework Vote of no confidence. Now forget the techie part lets just look a the practical, because obivously I am missing something. Surely and strike me down with a feather duster that if you don't like the Entity Framework ....You just don't use it ooooorrr, even better and maybe a more postive thing than moaning about a product write you own, develop an open source alternative, dare I say it... use something else.

It is really easy to sit on the side line and snip about a framework that does not fit your needs or you believe is wrong, but come on now give the guys and girls who have slaved over the Entity framework a break constructive critisim fine and in the post above they have made some (fair enough) but to finish it with please make a vote of no confidence is not exactly nice and in just is in my view rude. Yes I suppose you have got the attention of the team.. but surely there is a better way, how to motive a team to your ideas.

I personally don't use Entity Framework or Linq SQL (I have tried) but I am big fan of LLBGEN Pro, it works, it's solid and fits my clients and my needs. I made a choice, not bashed a team that was trying to build a very complex product. Have some respect please don't sign a petition just give sensible feedback through normal challenge.. or dare I say don't use it....
**END RANT**

Apologies for the Rant. Good luck to the Entity Framework team, please look at some of the criticims leveled it is correct, but I am sure you would review it just like Classic ASP is better than ASP.NET v1 and ASP.NET 2 is better than ASP.NET v1. It will be a process of learning, would love to see how many developers get frameworks out of the box correct. I will admit I don't always do, that is the part of being human, my first Sage Framework in C# sucked my revision at the moment does not..

I am missing something do we need vote of no confidence.. No, just MS to be listening which I hope they are, and for sensible suggestions in a reasonable manner.

Microsoft Anti Scripting Library + Base controls

noreply@blogger.com (James Knowles) — Wed, 18 Jun 2008 11:26:00 +0000

I have been experimenting with finding quick fixes on an existing site with Xss and using the browser file in ASP.NET to get a system wide Anti XSS implementation without have to go through each bit of code.

By no means is this a perfect solution you should go through all of the code that you are working on but sometimes you need to get up running defence.

Also this technique I am experimenting would be potentially useful for starting off with a new site with, a set of basic controls that have Microsoft Anti Scripting library by standard applied to.

Links to Microsoft Anti Scripting Library.

http://www.microsoft.com/downloads/details.aspx?familyid=EFB9C819-53FF-4F82-BFAF-E11625130C25&displaylang=en

Example:
http://msdn.microsoft.com/en-us/library/aa973813.aspx

This is the code I am tinkering with:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Web;
using Microsoft.Security.Application;
using System.Web.UI.WebControls;

namespace UnwindSoftwareLtd.Web.StandardAxss
{
public class LabelControl : System.Web.UI.WebControls.Adapters.WebControlAdapter
{

protected override void Render(System.Web.UI.HtmlTextWriter writer)
{
((Label)base.Control).Text = AntiXss.HtmlEncode(((Label)base.Control).Text);
base.Render(writer);
}
}
}

Ideally though I would like Anti Scripting Lib to be applied to all MS controls, it would be switched on by default. I accept though there applications that need to use for example Label control to output Java Script, but it would be great if you could use switch to say don't use the Anti Scripting library or I want to output Javascript format for that.

James

Classic ASP Functions for preventing SQL Injections

noreply@blogger.com (James Knowles) — Tue, 10 Jun 2008 13:45:00 +0000

The big rule of doing any CRUD data jobs in any ASP/ASP.NET app with SQL Server is that you MUST use parameterized queries.

http://msdn.microsoft.com/en-us/library/cc676512.aspx

The article above though also outlines using Regular expressions to protect your web app by validating data before passing it through.

Below are some example functions for testing for int and removing anything other than int information from a string. Both provide a first basic layer to stopping SQL injection attacks in classic ASP, as lot of web apps use int as a key field in a in a database, hence it gets passed through with a querystrings. Hopefully these will prove useful to someone else.

function IsInt(strOriginalString)
dim objRegExp : set objRegExp = new RegExp
with objRegExp
.Pattern = "^\d+$"
.IgnoreCase = True
.Global = True
end with

IsInt = objRegExp.test(strOriginalString)
set objRegExp = nothing
end Function

function OnlyInt(strOriginalString)
Dim regEx, Match, Matches,returnString ' Create variable.
Set regEx = New RegExp ' Create a regular expression.
regEx.Pattern = "\d+" ' Set pattern.
regEx.IgnoreCase = True ' Set case insensitivity.
regEx.Global = True ' Set global applicability.
Set Matches = regEx.Execute(strOriginalString) ' Execute search.
For Each Match in Matches ' Iterate Matches collection.
returnString = returnString & Match.Value
Next
OnlyInt = returnString
end Function

AVG 8 on SBS 2003 .. Maybe not.

noreply@blogger.com (James Knowles) — Mon, 09 Jun 2008 12:04:00 +0000

"Dear Sir/Madam,

Thank you for your email.

We are sorry to inform you that this issue was already reported by
other customer and we found that it is a bug in AVG. This problem is
fixed in our major program update which will be released at the end of
the second quarter of the year.

As soon as we release the update we will inform you.

Thank you for your understanding and cooperation. If you have any
further questions or issues feel free to contact us.

Answers to the most common questions can be found here as well:
http://www.avg.com/faq/"

Looks like my new shiny AVG 8 is not suitable for SBS Server 2003 .. Excellent.

Not sure why nobody thought to test it on this platform before release, can't imagine they have that many customers running SBS 2003 .... errr.

My advice is don't upgrade your AVG to 8 if you are running AVG 7.5. Stick or find a antivirus provider who actually support SBS 2003 which is exactly what I am going to actively have to do! AVG 7.5 seems to be still supported ..

Test for Int in a Web Application

noreply@blogger.com (James Knowles) — Thu, 05 Jun 2008 16:00:00 +0000

Useful function No 1

public static bool IsInt(string testStr)
{
string pattern = @"^\d+$";
if (testStr == null)
{
return false;
}
if (testStr.Length == 0)
{
return false;
}
Match matchResult = Regex.Match(testStr, pattern);
return matchResult.Success;
}

HostingUK dedicated box tips

noreply@blogger.com (James Knowles) — Fri, 30 May 2008 10:57:00 +0000

Been meaning to post this for a while.

When I pick up a HostingUK dedicated box. Some of the tips I give to customers when
they start with a dedicated box.

Disclaimer.

I am not a Windows expert by any means. PLEASE MAKE SURE YOU REVIEW
EVERYTHING.

Shut down All Services not needed

Unless you are using it shutdown all services.

These are the standard services that I shutdown on HostingUK box.

IIS :

Sharpoint Services

Report Server

Default Website

Administration Server (No Web Admin on)

Get a static IP Address to admin the box

Get a static ip address so that you can admin the box from only a selected set of addresses.

Confirm the Firewall rules to the ISP

Most you will need is normally:

WWW 80 / 443

FTP

HostingUK will have open a standard list.

Download and install Microsoft Baseline Security

http://www.microsoft.com/technet/security/tools/mbsahome.mspx

Run it and follow it.

Windows Update

Setup a Patch schedule and make sure you auto update regularly.

Uninstall un-needed software

If you don’t need it on the box delete it ASAP.

Change the Administrator Password

Change the administrator password. Make sure it is considerably strong
password.

Use http://www.pctools.com/guides/password/ and generator one with a reasonable length of maybe 12 chars.

Switch on Logging

Switching on logging for both SQL Server, Windows and give yourself full logging on IIS.

http://www.visualwin.com/Log-in/logging-failed-logins.html

Sql Server

Read The following:

http://download.microsoft.com/download/8/5/e/85eea4fa-b3bb-4426-97d0-7f7151b2011c/SQL2005SecBestPract.doc

Take offline used Websites

SQL Server 2005

Take Offline the following :

AdventureWorks
AdventureWorksDW
ReportServer
ReportServerTempDB

Rename your sa account on SQL Server and disable it.

The command used is:

ALTER LOGIN sa DISABLE;

ALTER LOGIN sa WITH NAME = [saNewAccountName];

Switch off TCP/IP access for SQL Server

SQL Server TCP/IP is at the moment for security reasons is switched off. No point having it on until we need it on. It is on shared memory.

Admin your SQL Server directly on the box

Means you don’t need to have a TCP/IP connection open.

These are just some general rules I follow when just starting with a box, hopefully it will be a good point for anyone taking over a dedicated box from HostingUK.