Why do?

Why do HP's sound like a jet engine when they start up?

I've been told it's the boot fan test they do.

Why do servers attract dust "hippos"... not "bunnies" but "hippos" because there is downright dirt on the harddrives inside of servers.

Evil code of the day

At a glance, this code doesn't look particularly evil. What does it do though? Compile it with the C# 4.0b1 compiler and run it...

The results are:

I'm very nearly tempted to leave it there and just see what the reactions are like, but I'll at least give you a hint as to where to look - section 21.3 of the C# 4 spec explains why this gives odd results. It does make perfect sense, but it's hideously evil.

I feel dirty.

Bonus questions

• What happens if you rename the parameters in Derived.Foo to yy and xx?
• (As suggested by Mehrdad) What happens if you call it with a dynamic value?

Up, down, up, down, up...

Today and yesterday the FSDeveloper website had a little bit of downtime. We are working on solving these issues by optimizing the server. Besides that we have also been working on the backups and some other technical issues. Hopefully so much downtime won't happen again soon, but at least you can be sure we are onto it.

China Testing Mac Version of Green Dam Web Filter

China's Ministry of Industry and Information Technology says the Green Dam mandate has only been delayed. Publisher Jinhui Computer System Engineering is reportedly testing a version of Green Dam for Apple's Mac computers, which have been exempt. Tests found Green Dam to be vulnerable to malware and ineffective, even blocking images of Garfield.

http://www.newsfactor.com/news/Mac-Version-of-Green-Dam-Expected/story.xhtml?story_id=0030006966ZO&full_skip=1

SMS Remote Code Execution Vulnerability in iPhone

Charlie Miller, a well-known security researcher who specializes in Mac and iPhone security, yesterday revealed information about a new vulnerability in iPhone that allows remote code execution via SMS. Not a lot is known about the vulnerability, which was announced at the SyScan conference in Singapore, except that Charlie is working with Apple to get it fixed as soon as possible.

This is about as bad as it gets as the vulnerability seems to allow unsigned code to run which circumvents a core part of iPhone's security model. It's usually only able to run signed code, i.e. Apps that have been approved by Apple. No user-interaction is required which is unlike current mobile malware.

http://www.f-secure.com/weblog/archives/00001714.html

What does Windows Workflow Foundation 4 mean for existing workflow developers?

The question of what Windows Workflow Foundation version 4 means for developers currently developing using WF recently came up. As I mentioned before WF 4 is a complete rewrite and doesn’t use any of the existing WF 3 classes. The design of WF 4 is even quite different from the design of WF 3.

So are WF 3 developers completely left in the dark and have to start from scratch? And what about their existing applications, will they still run on .NET 4 or are they stuck in .NET 3.5 until the end of times?

Fist of all let me address why I believe Microsoft could make such a radical change. Keep i mind this is just my personal opinion and I might be completely wrong .

WF 3 was never widely adopted so I believe the team felt they could do this and not create too much of a problem. Personally I don't think the low adoption of WF 3 had anything to do with the technology. Sure it has its problems but most people never got to the point that they ran into real technical issues. Instead most people looked, didn't understand and quit. So IMHO the main problem was far more a question if evangelism that technology.

So what is the big issue with a migration from WF 3 to WF 4?

One big issue with WF 4 is that Microsoft decided not to release a state machine implementation. In WF 3 there was a choice between state machine and sequential workflows. In WF 4 there is a choice between sequential and flow chart. And in WF 3 a state machine turned out to be far more flexible and useful and quite a few cases are not really covered by the WF 4 model. There are a few workarounds to do something like a state machine in WF 4 but they are not pretty. That said, a number of state machine workflows could very well be done using a flow chart.

As far as backward compatibility the story is a bit more complicated. WF 4 ships with an interop activity you can use to host custom WF 3 activities in a WF 4 workflow. How good or bad this is? I really don't know yet but given how different the two designs are I fear it is very limited.

But WF 3 developers need not worry about their existing projects!

There is however a second side to the compatibility story. .NET 4 will ship both with the WF 3 and the WF 4 runtimes. The WF 3 runtime will not be prominent but it will still be there so all existing WF 3 applications will continue to run as is. And because it is part of the current .NET framework I suspect this is a legal requirement (but then I am no lawyer so could be wrong here). So there is no reason for existing workflow developers to panic just yet .

So existing workflow developers should start learning WF 4 for future projects but can continue to keep using their existing WF 3 solutions for the foreseeable future.

Enjoy!

www.TheProblemSolver.nl
Wiki.WindowsWorkflowFoundation.eu

Waledac Independence Day Theme - New Campaign In The Wild

Websense Security Labs™ ThreatSeeker™ Network has detected yet another new Waledac campaign theme in the wild. The new variant uses an Independence Day theme as a social engineering mechanism. The United States of America celebrates Independence Day on July 4 each year.

The malicious emails that are sent use subjects and content related to Independence Day, Fourth of July and fireworks shows.

The malicious Web sites in the current attack also have a July 4 or fireworks theme within the domain name. ThreatSeeker has been monitoring the registration of these domains. Should the user click on the video, which is designed to appear to be a YouTube video, an .exe is offered. When downloaded the .exe would install the latest Waledac variant onto the user's machine.

Alert Details

Clean install part 2

Next step is to copy over everything that might blow up.

While I do use the Easy transfer wizard, I also copy over things manually for that 1 out of 10 time that Easy transfer doesn't work and Krissy gets my bed for the evening.

Grab an extra copy of the User\Username\Desktop folder just in case along with the NK2 file

Migrating Outlook Autocomplete Data (NK2 File Data) to a New Vista/Office 2007 Computer - Realtime Windows Server:
http://www.realtime-windowsserver.com/tips_tricks/2007/06/migrating_outlook_autocomplete.htm

Next up is exporting out Outlook.

Before you do a clean install of the network

A little work needs to be done on the workstations.

Long story short, I want to do a clean install on my home Server even though I had migrated it successfully.  But before you do the "small network of users, clean install of SBS 2008, don't mess with the Sister's customized Disney desktop otherwise your 4th of July weekend will be spent in the doghouse (we share a house together) and the dog will be sleeping in your bed, you need to ensure you can flip the workstations off the network.  Go into control panel, users, and reset that local admin password that you probably can't remember anymore and make them an administrator, and make the domain user an admin for temporary purposes while you are getting ready to copy files and back up that profile. 

To make the user an admin, go into the properties, into group membership and ensure that they are an administrator for a short time (you can flip them back later)

This ensures you can flip the workstation back to the workgroup mode before rejoining the domain.

XML Literals: Simplifying Strings

You have probably heard that the next version of VB will no longer require line continuation characters in most situations. This is very good news for those of us that do not like typing underscore characters.

But in the mean time, what do we do if we have a long string, like a SQL string:

Dim mySelect As String = "Select CustomerId, " & _
                            "LastName, " & _
                            "FirstName, " & _
                            "EmailAddress " & _
                            "From Customer " & _
                            "Where CustomerId = @CustomerID"

And this one is only selecting three fields!

XML Literals can help:

Dim mySelect2 As XElement = <string>
                            Select CustomerId,
                            LastName,
                            FirstName,
                            EmailAddress
                            From Customer
                            Where CustomerId = @CustomerId
                            </string>

Notice in the XML literals example that there are no quotes, ampersands (&) or underscores (_). That can save a lot of typing and it is easier to read.

Since mySelect2 is an XElement, use the Value property to get the string from the element.

mySelect2.Value

Enjoy!

Lambdas: Aggregating Strings

Looping through a list to append strings is often more challenging than it should be. For example…

In C#:

string emailAddresses=string.Empty;
foreach (Customer c in custList)
{
    emailAddresses += c.EmailAddress + ";";
}

In VB:

Dim emailAddresses As String = String.Empty
For Each c As Customer In custList
    emailAddresses &= c.EmailAddress & ";"
Next

Both of these examples pose a problem because the emailAddresses string ends up with an extra “;” at the end. So you can add extra code to remove it after the loop, add code in the loop that checks whether you are on the last one and skip appending the “;”, or append the “;” to the beginning instead and skip the first one. In any case, it wastes time to deal with this.

NOTE: The definition of the Customer class and the list of customers (custList) used in this example can be found here.

Using lambdas and the Aggregate extension method, this task is a breeze:

In C#:

string email = custList.Select(c => c.EmailAddress)
        .Aggregate((items, item) => items + "; " + item);

In VB:

Dim email As String = custList.Select(Function(c) c.EmailAddress) _
        .Aggregate(Function(items, item) items & "; " & item)

The Select method first selects the email address for each customer. The Aggregate method then appends the email addresses together. And this code correctly handles the '”;” so you don’t have to think about it.

Enjoy!

MVP Summit 2009

At the MVP Summit this year, Beth Massi interviewed me for the “I’m a VB” series. Alan Cooper introduced me to VB back around 1992 (VB 2.0), so it was fun to talk about my favorite things in VB.

Any thoughts on the interview? I’d love to hear them!

LINQ: Defining a List of Integers

Defining a list of integers in your code involves lots of tedious typing.

In VB, you can’t do this:

'Dim numberList As new List(Of Integer) = {1, 2, 3, 4, 5, 6, 7, 8, 9}

So you have to either add numbers to the list manually, or create an array, which still involves lots of tedious typing:

Dim numberList() As Integer = {1, 2, 3, 4, 5, 6, 7, 8, 9}

With .NET 3.5, you can instead use the Range method of the Enumerable class that is part of the System.Linq namespace.

In VB:

Dim numberList2 As List(Of Integer) = Enumerable.Range(1, 9).ToList

In C#:

List<int> numberList2 = Enumerable.Range(1, 9).ToList();

The first parameter of the Range method defines the first integer of the sequence. The second parameter defines the number of items in the sequence. So Range(0,9) provides 9 integers from 0 through 8.

Enjoy!

Reflection: Displaying a Form By Name

There may be situations when you want to display a form by its form name. For example, say that you retain your menu options in a database so they can be customized. You want to associated a menu option with the display of a particular form. So you store the form name in the table.

But then you need a way to show that form at runtime. For this, you need reflection.

In VB:

Dim formName as string = "CustomerForm"
Dim assemblyName As String = My.Application.Info.AssemblyName
Dim componentName As String = assemblyName & "." & formName
Dim type As Type = type.GetType(componentName, False, True)
Dim form As Form = TryCast(Activator.CreateInstance(type), Form)
form.ShowDialog()

In C#:

string formName = "CustomerForm";
string assemblyName = Assembly.GetExecutingAssembly().GetName().Name;
string componentName  = assemblyName + "." + formName;
Type type = Type.GetType(componentName, false, true);
Form form = (Form)Activator.CreateInstance(type);
form.ShowDialog();

This code first determines the component name by appending the assembly name and form name. This code assumes that the form is in the current assembly. If that is not the case, you could instead store the assembly name in the table and use it in the above code.

The code then gets the appropriate type for the component and uses CreateInstance to create an instance of that type.

Enjoy!

OfType: Finding Objects of a Particular Type

I ran across the OfType feature a few months ago and find it to be very useful. OfType is one of the many extension methods on IEnumerable that was provided with .NET 3.5.

If you ever need to search through a list for a particular type of object, then this feature is for you. The most common scenario for this feature is in working with the user interface. Say you want to hook up a particular event handler to every Button on your form. Or you want to go through your form and clear every TextBox.

Previously, you would have to use a for or for/each loop and check the type of each object before you process it. Now, you can do this…

In VB:

For Each tb As TextBox In activeTab.Controls.OfType(Of TextBox)()
    tb.Text = String.Empty
Next

In C#:

foreach (TextBox tb in this.Controls.OfType<TextBox>())
{
   tb.Text = string.Empty;
}

Enjoy!

Generics: Building a List of Customers

Often times applications require lists of things: lists of customers, lists of experiments, lists of accounts and so on. The generic lists provided in .NET 2.0 made working with these lists easy. And the list initializers in C# and the object initializers in VB make lists easier still.

As an example, here is a first draft of a simple Customer class.

In C#:  

public class Customer
{
    public int CustomerId { get; set; }
    public string LastName { get; set; }
    public string FirstName { get; set; }
    public string EmailAddress { get; set; }
}

The above code takes advantage of automatically implemented properties. VB does not yet have this feature, but it is expected with VB 10.

In VB:

Public Class Customer

    Private _CustomerId As Integer
    Public Property CustomerId() As Integer
        Get
            Return _CustomerId
        End Get
        Set(ByVal value As Integer)
            _CustomerId = value
        End Set
    End Property

    Private _FirstName As String
    Public Property FirstName() As String
        Get
            Return _FirstName
        End Get
        Set(ByVal value As String)
            _FirstName = value
        End Set
    End Property

    Private _LastName As String   
    Public Property LastName() As String
        Get
            Return _LastName
        End Get
        Set(ByVal value As String)
            _LastName = value
        End Set
    End Property

    Private _EmailAddress As String
    Public Property EmailAddress () As String
        Get
            Return _EmailAddress
        End Get
        Set(ByVal value As String)
            _EmailAddress = value
        End Set
    End Property
End Class

Most often, you would read the customers from a database and build the list. But there are times where you may want to build the list manually. For example, for prototyping or testing.

With C#, you can build a list of customers in one line of code:

List<Customer> custList = new List<Customer>
                    {new Customer()
                          { CustomerId = 1,
                            FirstName="Bilbo",
                            LastName = "Baggins",
                            EmailAddress = "bb@hob.me"},
                    new Customer()
                          { CustomerId = 2,
                            FirstName="Frodo",
                            LastName = "Baggins",
                            EmailAddress = "fb@hob.me"},
                    new Customer()
                          { CustomerId = 3,
                            FirstName="Samwise",
                            LastName = "Gamgee",
                            EmailAddress = "sg@hob.me"},
                    new Customer()
                          { CustomerId = 4,
                            FirstName="Rosie",
                            LastName = "Cotton",
                            EmailAddress = "rc@hob.me"}};

The above example takes advantage of the list initializers feature of C#. VB does not yet have this feature, but it is expected in VB10.

The code to do this in VB takes advantage of object initializers:

Dim custList As New List(Of Customer)
custList.Add(New Customer With {.CustomerId = 1 _
                                .LastName = "Baggins", _
                                .FirstName = "Bilbo", _
                                .EmailAddress="bb@hob.me})
custList.Add(New Customer With {.CustomerId = 2 _
                                .LastName = "Baggins", _
                                .FirstName = "Frodo", _
                                .EmailAddress = fb@hob.me})
custList.Add(New Customer With {.CustomerId = 3, _
                                .LastName = "Gamgee", _
                                .FirstName = "Samwise", _
                                .EmailAddress = sg@hob.me})
custList.Add(New Customer With {.CustomerId = 4, _
                                .LastName = "Cotton", _
                                .FirstName = "Rosie", _
                                .EmailAddress = rc@hob.me})

Notice the With statement in this VB code.

Enjoy!

Comodo removed Ask/IAC SafeSurf Toolbar by replacing it with HopSurf/IAC/Ask Toolbar

So Comodo’s promise to remove SafeSurf Toolbar happened but not to finish their agreement with A$k/IAC.  Instead, the new version of Comodo is now bundled with HopSurf Toolbar which is IAC/Ask.com too.  The installer become worst because there’s no EULA presented in addition to known method of misleading people by offering unnecessary third party service/component in a SECURITY software.  Note that it is a security software that should offer clean installer no?

Screenshots at http://www.calendarofupdates.com/updates/index.php?s=&showtopic=19279&view=findpost&p=83848

Their announcement says:

What's New In 3.10.101801.529?
==============================
NEW! COMODO Secure DNS is introduced as a new free service
NEW! COMODO HopSurf Toolbar - COMODO SafeSurf Toolbar has been discontinued and superseded by COMODO HopSurf Toolbar
NEW! CIS now allows the users to change the URL for the program and virus updates
IMPROVED! CIS now has a better support for Windows Security Center integration in Windows Vista SP1 and later
IMPROVED! AV engine now supports more archives and has better detection capabilities
IMPROVED! Direct disk access false alerts have been reduced
FIXED! Some applications do not run when CIS is installed in Vista 64 bit
FIXED! Antivirus scans excluded folders
FIXED! Firewall does not show some connections under high load
FIXED! Firewall sometimes causes the PC to freeze in windows XP 32
FIXED! cfp.exe crashes when HIPS alerts timeout

http://forums.comodo.com/feedbackcommentsannouncementsnews_cis/comodo_internet_security_310101801529_released-t41954.0.html

That NEW! COMODO Secure DNS is introduced as a new free service is from DNSadvantage.com/Neustar, Inc. and again, this NEW! COMODO HopSurf Toolbar - COMODO SafeSurf Toolbar has been discontinued and superseded by COMODO HopSurf Toolbar means you need to agree with (not included EULA in the installer) the EULA in using Ask Toolbar/IAC/Ask.com service.  See HopSurf EULA online: https://accounts.comodo.com/hp/management/eula or http://www.hopsurf.com/license.jsp

Vendo Zune 120gb

Logo a seguir a ter saído a 3ª geração dos Zune, comprei o modelo de 120gb em preto, que mandei vir dos EUA. A utilização do equipamento, a ouvir música, ver vídeos, acompanhar podcasts e a partir de uma versão do firmware, até jogar, confirmaram as excelentes referências que tinha do equipamento. Na altura aproveitei e mandei vir um conjunto de cabos A/V que consiste num cabo audio que permite ligar o Zune a um equipamento que tenha uma entrada auxiliar tipo jack 3.5mm, como os sistemas de som de muitos carros, e outro que tem 3 ‘bananas’ RCA que serve de output video e som, para ligar a amplificadores A/V e televisores.

Como não lhe dou grande uso, e para o que dou, um telemóvel com Windows Mobile e um cartão de 8gb serve, vou pô-lo à venda por 175€, o que inclui para além do Zune, 2 cabos de sincronização USB originais, os auscultadores originais, cabos A/V e a caixa original do Zune, entregando em mão em Aveiro e Coimbra, ou menos frequentemente, em Lisboa. O equipamento está como novo, e sem riscos no ecrã.

Podem ver todas as características aqui, destacando o Wifi para sincronização com o PC ou partilha entre Zunes, o rádio FM com RDS, a qualidade do ecrã, a navegação intuitiva com o botão sensível a gestos. Para quem tiver um PC com o Windows Media Center, pode ainda sincronizar os programas que vai gravando no PC com o Zune. Para quem tem o bichinho da programação, podem usar XNA para desenvolver jogos para o Zune.

Se estiver interessado, contacte-me por mail para albertosilva depois mundomovel ponto com. Se o Zune for vendido entretanto, actualizo o post.

Multithreading: using fences from .NET code

In the last post, we’ve talked about memory fences. Today we’re going to keep looking at this topic, but we’re turning our attention to coding, ie, we’re going to talk about the options we have to add fences to our classes. In .NET, things are relatively straightforward.

Whenever we use one of the interlocked methods we’ve met in the past, we’re adding a full fence to our code. Locking will also end up using full fences. As you can see,  you’re already using full fences in several places. The good news is that you can also be specific about them, ie, there’s a method you can call if you want to add a fence to your code in a specific place: I’m talking about the Thread.MemoryBarrier static method (btw, this method will also add a  full fence).

Volatile reads or writes generate fences too! In C#, you can use the volatile keyword to mark a field as volatile. Reading a volatile field is the “equivalent” of having an acquiring fence. Writing to a volatile field can be seen as “adding” a release fence. Now, it’s important to notice that you’ll always get these read and write behaviors whenever you use the volatile field. If you’re looking for more control (ex.: you’ll only interested in having an acquire fence for a read), then you should rely on the Thread.VolatileRead or Thread.VolatileWrite methods for ensuring proper the desired behavior.

And I guess that’s all there’s time for today. In the next post, we’ll keep looking at multithreading and see how we can use these features on a C# program. Keep tuned!

Cold Fusion web sites compromised when HTML editor enabled

Web ADMINS should ensure the HTML text editor is secured as it may be automatically installed by default on some versions of Cold Fusion studio.  

Large # of Cold Fusion web sites compromised in past 24 hours 
http://isc.sans.org/diary.html?storyid=6715

QUOTE: There have been a high number of Cold Fusion web sites being compromised in last 24 hours. It appears that the attackers are exploiting web sites which have older installations of some Cold Fusion applications. These applications have vulnerable installations of FCKEditor, which is a very popular HTML text editor, or CKFinder, which is an Ajax file manager.

The vulnerable installations allow the attackers to upload ASP or Cold Fusion shells which further allow them to take complete control over the server. It appears that there are two attack vectors (both using vulnerable FCKEditor installations though) that the attackers are exploiting.

How to disable the HTML editor to improve safety
http://www.codfusion.com/blog/post.cfm/cf8-and-fckeditor-security-threat