Of interest is that this patch stopped the TS Gateway service
Thus dropping the RWW session.
Once again proving that you can't consistently patch over a RWW session and you need some other methodology to patch.
I can’t say I am a fan of the way the TryCatch activity is implemented in Windows Workflow Foundation 4.
For starters there is a Finally block where you can add some activities you want to execute. Sounds nice and very much like the try/catch/finally code construct we have in C# or Visual Basic. Except that it behaves in a subtlety different way. With the C# try/catch/finally the finally code will always run, whether you catch the exception or not. In fact you can just use a try/finally and it will work just fine.
With WF4 this is not the case though 
The finally activity will only execute if the try block or one of the catch blocks completes. This means that an exception that is unhandled which bubbles terminating the workflow up will not cause the finally block to execute unless the host application forces it to do so by returning UnhandledExceptionAction.Cancel from the OnUnhandledException instead of UnhandledExceptionAction.Terminate (the default). A subtle difference and one that is likely to bite people because the normal code path is usually to have the try activity to complete normally.
Another issue I have is with the catch blocks and the cause of the exception.
As with a code catch block you get a reference to the exception. However where you normally would use the stack trace to see where the error occurred this is useless in Windows Workflow Foundation. After all that is only going to show you a few methods in the ActivityExecutor and the activity that was executed, not which instance and where in the activity tree. And by default there is no way to get to the offending activity
Turns out that Darren Headrick created a rather nice way to get to the offending activity through workflow tracking. Quite a nice solution but not entirely obvious and I am sad that a solution like this is needed. Still nice work from Darren though 
public class WhosFaultWasThat : TrackingParticipant
{
public string Name { get; set; }
protected override void Track(TrackingRecord trackingRecord, TimeSpan timeout)
{
if (trackingRecord is FaultPropagationRecord)
{
Name = ((FaultPropagationRecord)trackingRecord).FaultSource.Name;
}
}
}
Besides the FaultSource you also get the Fault and a FaultHandler property which will tell you if there is a TryCatch activity that might handle it. I say might because while you can see that there is a TryCatch you can’t quite see its catch blocks so you don’t know if it will be caught or not.
This neat trick does show one important thing though.
If you want to know what is going on with your workflow and activities you need to use a TrackingParticipant and add it to the Extensions collections. No matter which execution module you choose, WorkflowInvoker, WorkflowApplication or WorkflowServiceHost, they all support this mechanism.
Enjoy!
www.TheProblemSolver.nl
Wiki.WindowsWorkflowFoundation.eu
Mininova, one of the biggest torrent file-sharing websites in the world, has removed links to all copyrighted content that it does not have official agreements for.
Thursday's move is a win for the entertainment industry as users of the site are now cut off from a major source of torrent files, which link to downloads of television shows, music, movies and other copyrighted content. The victory is likely to be short-lived, though, as peer-to-peer file sharers move on to other torrent sites and new technology.
More > http://www.cbc.ca/technology/story/2009/11/26/mininova-removes-torrents.html
A 23-year-old man from Avon & Somerset has been arrested for theft of gaming accounts in the MMORPG RuneScape. The man is alleged to have "hacked and misappropriated" players' accounts, and was caught after developers Jagex reported the issues to the Police Central e-crime Unit.
The accounts are stolen by the use of phishing sites, which mimic official websites and ask players to input their usernames and passwords, which are logged. The thief then changes the password on the account to lock the original owner out. The problem is common in many online multiplayer games as players can have equipment and characters worth hundreds of pounds.
Jagex's CEO said: "Jagex maintains a specialist team to combat any law breaking within our games. Where there is any evidence to suggest someone has committed a crime, as is clearly the case with any phishing or hijacking, we work closely with law enforcement agencies around the world to bring these people to account".
http://www.pocket-lint.com/news/29839/uk-man-arrested-for-game-account-theft?
Facebook's recently introduced vanity URLs may be a handy function for many, but the offer to distinguish users' profiles with names rather than numbers is not unconditional.
Defence systems engineer David Lloyd was pleased to be able to adopt the nickname 'squaresheep' to distinguish his Facebook profile from those of the many others who share his given name. He had used the nickname for years on the likes of Hotmail and Skype, but found on logging into Facebook last weekend that the moniker had been taken off him and handed over to squaresheep.com, a US-based cooking website established only last year.
Facebook told Lloyd that the vanity URL had been taken away from him because it violated its terms and conditions. Lloyd was still able to log into his Facebook profile using a registered email address and password combination, but was put out at the fact he was given no opportunity to contest the handover.
A representative for Facebook explained that the use of 'squaresheep' by Lloyd violated its terms of service because the name had no relation to Lloyd's real name. Facebook wasn't saying whether it had acted in response to a complaint from squaresheep.com, the cooking site, which is yet to clarify its side of the story.
http://www.theregister.co.uk/2009/11/26/facebook_vanity_url_takeover/
From Sophos Blog:
This morning while triaging customer malware and spam samples I saw a variation on the typical click-the-link and get malware spam.
This one was Christmas themed, normally we would expect Thanksgiving themed spam before the Christmas glut.
The spam has a subject of “HO HO HO Santa has the best offer of the year for you” and contents of :
HO HO HO Santa has the best offer of the year for you
Hello, it’s me Santa Clause, I suppose you already know me, I have for you the most wanted offer of the year.
If you make an account on:
http://xxxx.xxx
until the 5th December, you can choose one welcome gift from us for 50 Euros
from http://xxxx.xxx
and enter your validation code, which is: a91-valets-cloud-mad
(Only until the 5th December availible.)
This is our way to say Happy Holidays,
take your chance to feel the Christmas Anticipation
.
Regards,
Santa Clause
The link if you were to follow it would attempt to install an EXE called santaclause.exe that is infected with W32/Parite-B an old Windows viruses whose only claim to fame is that it infected all 32-bit PE files.
More with update http://www.sophos.com/blogs/sophoslabs/?p=7584
In another blog entry: Early ecard Christmas malware cheers
There are two major methods malware writers use to infect and take control over remote systems. The first one relies on exploiting unpatched vulnerabilities in software such as a web browser or configuration vulnerabilities such a weak passwords. The second method relies on vulnerabilities of the human condition. We, humans, have a need to be liked, by our friends, family and colleagues but also by complete strangers that often send us greetings for major holidays like Easter, Christmas or New Years Day. Social engineering has been proven to work and it remains a major weapon in the attacker’s arsenal. I was not too surprised today when I found this message today in one of our spam feeds. It was only a matter of time when Christmas related spam messages linking to malware would reappear.
I was curious to find out more about the linked file which was hosted on a server located in Austria which was configured to reject download requests once the file is delivered. I managed to download a relatively large Winrar self-extractable file which made me think that it could be one of the Zapchas variants. Zapchas usually contains several malicious components with a common purpose of recruiting the infected system into a botnet.
http://www.sophos.com/blogs/sophoslabs/?p=7583
Americans having been planning their Thanksgiving meal for a while, and the spammers haven't been idle.
They've not only been offering recipes but the ingredients for them too! Order a mass mailing, and get coupons for a free turkey! (What's kind of intriguing is that the mass mailing on offer is traditional, paper-based advertising, rather than the electronic kind.)
http://www.viruslist.com/en/weblog?weblogid=208187910
The activities of the infamous Koobface botnet have been a frequent topic of discussion here at the Malware Blog. Some security analysts recently commented that the botnet has added a new tool to its arsenal as a new alleged “Koobface variant” has been targeting the VoIP application, Skype.
The supposed “Koobface variant,” detected by Trend Micro as TROJ_VILSEL.EA, steals a user’s contact list, phone numbers, location, and other information that may be part of the user’s Skype profile aside from the user’s login credentials. It is also capable of using Skype’s built-in instant messaging capability to send links to people on the affected user’s contact list. These links all go to affected domains with copies of TROJ_VILSEL.EA.
http://blog.trendmicro.com/new-koobface-variant-targets-skype/
A report on Skype installer or upgrading Skype will sneak install "The Browser Highlighter" and that's not all about it. Read more in http://www.calendarofupdates.com/updates/index.php?s=&showtopic=16109&view=findpost&p=95078
Thanks to our friend Jintan (Tom) for the report. The Browser Highlighter is available as add-on for IE and Firefox also.
Reading data from an Access database is similar to the functionality we have already seen.
| 001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
| function Get-AccessData {
param (
[string]$sql,
[System.Data.OleDb.OleDbConnection]$connection,
[switch]$grid
)
$cmd = New-Object System.Data.OleDb.OleDbCommand($sql, $connection)
$reader = $cmd.ExecuteReader()
$dt = New-Object System.Data.DataTable
$dt.Load($reader)
if ($grid) {$dt | Out-GridView -Title "$sql" }
else {$dt}
} |
We can pass a SQL statement and the connection information
$dt = Get-AccessData -sql "Select * FROM test1" -connection $db
$dt | ft
in which case we get a DataTable object that we can put through a formatting cmdlet or that we could use for further processing.
if we use the –grid switch
Get-AccessData -sql "Select * FROM test1" -connection $db –grid
We are using the out-gridview cmdlet from within the function to display the data
Get-AccessData -sql "Select * FROM test1" -connection $db | out-gridview
would achieve the same goal.
We have seen how to add a record to an Access table by passing in the whole SQL string. This is OK when we want to add a single record or possibly not fill all fields in a row.
| 001
002
003
004
005
006
007
008
009
010
011
012
| function Add-AccessRecord {
param (
[string]$sql,
[System.Data.OleDb.OleDbConnection]$connection,
[string]$table,
[string]$values
)
$sql = "INSERT INTO $table VALUES ($values)"
$cmd = New-Object System.Data.OleDb.OleDbCommand($sql, $connection)
$cmd.ExecuteNonQuery()
} |
If we alter our function to create the SQL as shown we can pass the table name and values into the function.
Add-AccessRecord -connection $db -table test1 -values '"John","Smith","01/07/1981"'
This will add a record and start applying the values in sequence to the row. it assumes that values are supplied for all fields.
At the moment the function effectively breaks our previous version because $sql is redefined in the function. We need to test whether we should create a SQL record or use the SQL statement supplied. We could check if the $sql parameter is given a value but a better way would be to use parameter sets which we will look at after we have learned to read data from a table.
Looks like I need to be making a trip to British Library between now and the 7th March for this free exhibition: “An exhibition that signals the welcome public debut of one of the world’s great photographic collections” Financial Times Find out more Read...
.NET Framework 2.0 200715 In a multithreaded access to a Type's custom attributes via Type.GetCustomAttributes() (or PropertyInfo.GetCustomAttributes()), sometimes an attribute object returned does not have the constructor run Internet Explorer 6...
Windows SBS 2008 prefers to back up to a removable USB drive, which is a problem if your SBS is virtualized in Hyper-V, which doesn’t support USB. There are workarounds, such as FabulaTech’s USB over Network, which I’ve used, and like. But the current version (4.2) has issues, as I posted a few days ago. I expect them to resolve those, but in the meantime, here is a purely Microsoft solution – use Hyper-V R2’s new dynamic storage capabilities!
Dynamic storage? Yup. Hyper-V R2, whether as a role on Windows Server 2008 R2, or as the standalone Hyper-V Server R2, supports hot add and removal of VHDs. This gives us a way to indirectly support USB hard disks.
First, this only works with R2, so make sure you`re running the latest version of the Hyper-V Manager. You`ll need a Windows 7 or Server 2008 R2 machine with the Remote Server Administration Tools (RSAT) installed.
Next, make sure you`re VM has at least one SCSI adapter added to it. If you create a new VM in Hyper-V R2, this happens automatically, but if you created the VM in the original version of Hyper-V, it may not have a SCSI adapter. Before this will work, you must have a SCSI adapter added to the VM.
Now, plug in your USB hard disk, and format with NTFS from the host. (If you`re running Hyper-V Server R2, you may need to use diskpart.exe for this. ) Next, in the Hyper-V Manager, click on New, Hard->Hard Disk in the Action Menu to open the New Hard Disk Wizard.
Select Fixed Size, and click Next.
Point to the removable USB disk and supply a name for the VHD. Click Next and specify the size of the VHD. Make it essentially the full size of the USB disk.
Click Finish and the virtual hard disk will be built. This can take a while, be patient. Once the VHD has been built, you can add it to a running VM. Select the VM in Hyper-V Manager, and open the Settings for it.
Select the SCSI controller in the left pane, and Hard Disk in the right pane.
Click Add, and then enter the path to the VHD on your USB hard disk.
Click OK and the VHD is available in the SBS VM.
Now follow standard SBS steps to configure SBS Backup to use the virtual disk you just added. (For details on SBS Backup, see Windows Small Business Server 2008 Administrator’s Companion.)
You’ll need to add and remove disks using the Hyper-V Manager to avoid issues for the SBS Backup, or, alternately, you could write a PowerShell script using WMI to manage the process.
Charlie.
Security Advisories Updated or Released Today * Microsoft Security Advisory (977981) - Title: Vulnerability in Internet Explorer Could Allow Remote Code Execution - http://www.microsoft.com/technet/security/advisory/977981...
Received this from my friends at 1E and thought I’d pass it along: Is Your Organization Suffering from Application Sprawl? Time to go Shopping™ For a Typical ROI of Between 3-6 Months! Join one of two webinars on Thursday 3 rd December and Tuesday...
It may be Thanksgiving in the USA but we're also getting ready for Christmas as the Bradley/Mini Cooper family.
My sister has planned the Antenna ball toppers AND the car magnets for the count down to Christmas...
Yes, that's an analog calendar but it's a MINI COOPER analog calendar from the North American Motoring forum mind you.
In black ink are the reminders of what Antenna balls we are to put on our cars, in Red ink is the reminder for the magnets.
[We are a little scary, aren't we?]
Happy Holidays everyone!
So today I’ve though about giving IIS’ integrated mode a shot…The idea was simple: create a new application pool, configure it to use ASP.NET 4.0 in integrated mode and then associated it to an existing web application. The problem: The first request would always kill the application pool and it returned a 503 error to the browser. IIS Manager seemed to confirm that the pool was really dead:
WTF? I’ve read a couple of posts on IIS 7 and 503, but none helped. Then I tried one more thing: I’ve configured the web app to use the default ASP.NET v4.0 application pool. And it worked…the mystery was solved when I looked carefully at the application pool list. Can you spot the problem? If you’re thinking that my custom livro application pool is using the wrong .NET version, you’re right! I don’t know how it happened, but it seems like all this beta stuff I’ve been adding to my machine removed the correct version of .NET from the .NET version dropdown (I only had v4.0 available from the dropdown list).
Running aspnet_iisreg from within the 4.0 framework folder made everything go back to normal. So, are you getting 503 in integrated mode? Don’t forget to check the .NET version used by the application pool…it might not exist and that means 503!
Some excellent suggestions can be found on password management in this article. The Microsoft security password checker is
Some key considerations are:
- Don't use same universal password for all sites. When one is discovered, all accounts may be compromised)
- Use password complexity. Microsoft has a good website to test passwords (see link at bottom). I avoid creating highly complex passwords as noted in the article. However, I always mix case, letters, numbers. I've also started using the '-' (dash) and '$" as special characters to create passwords that are meaningful but not too cryptic.
- Keep password master lists secure. Hide them carefully and name any electronic versions so that they will not be easily discovered.
- Change passwords on a regular basis. Incrementing passwords (e.g., Rainbow03, Rainbow06, Rainbow09) is one technique to help recall past ones and stay safe (esp. if you don't increment by 1).
- Avoid sharing your passwords with others. Be careful when responding to email or websites requesting it.
AVERT Labs - Password Security Tips
http://www.avertlabs.com/research/blog/index.php/2009/11/25/make-your-password-secure/
QUOTE: No matter how sophisticated security gets, we still need to handle the basics properly. One of the most basic tasks is to create and use secure passwords. You need them to log onto your computer, reach internal applications, and enter just about every website you visit. They are pervasive in our connected world.
MICROSOFT SECURITY PASSWORD CHECKER
(you can enter passwords here for testing)
http://www.microsoft.com/protect/fraud/passwords/checker.aspx
More Posts
Next page »