Archive for the ‘Uncategorized’ Category

Sample code from my ASP.NET SignalR talk at Campus Days 2014

No Comments »

You can download the ASP.NET SignalR code I wrote at my recent talk at Microsoft’s Campus Days 2014 conference.

10394516_10152843579432230_5512066094159459877_n

 

 

 

 

 

 

 

 


Sample code from my SignalR talk at DDC 2014

No Comments »

runeddc2014_2_xs
Several people have asked me for the code that I wrote during the session. You can download the full VS2013 solution here.

I would appreciate it if you would take the time to provide some feedback to Microsoft and myself.

 

 

 


Talking SignalR at Danish Developer Conference 2014

No Comments »

I will be giving a talk on building real-time web applications with Microsoft’s ASP.NET SignalR at Danish Developer Conference 2014 in Århus, Denmark, on the 30th of April 2014.

When I am not on stage, you will likely find me at the Copenhagen Software booth. You are more than welcome to come by for a chat or just to check out my booth-babe outfit.

I will be giving the same talk in Copenhagen sometime later this year. So, if you are unable to attend on the 30th in Århus then let me know and I will keep you posted on the event in Copenhagen.


CLR Inside Out

No Comments »

My favourite column in MSDN Magazine was “CLR Inside Out”. Although it is a bit dated now, it is still a treasure trove of interesting information and geeky subtleties. If you haven’t done so already, you should check it out! I have compiled a table of contents for your convenience:

2010

2009

2008

2007

2006


Security is your responsibility

2 Comments »

I recently read a story that made me contemplate the relationship between website developers and the visitors to these sites. I’ll share my most obvious conclusion here.

The social implicit contract

When building a website that you expect people to use, you are implicitly entering into a mutual agreement with that website’s users: You expect the users to use your site, and they in turn expect you to take them seriously. In particular, they expect you to store their personal information reliably and inaccessible to others. This holds true even if your website doesn’t actually contain any confidential information per se. As soon as you have users, you have logins and passwords that need to be protected.

But if my site doesn’t contain confidential information, it matters little if a user’s account is compromised

you may say. However, that is just plain wrong. Users will most likely use the same username and password in multiple places. Thus, if a user’s password is compromised because of a flaw in your software, who knows what other systems you may inadvertently have compromised.

But best practices recommend that users never reuse a password. If they do, it is their own fault and they alone must face the consequences.

Not so fast, sailor. The fact of the matter is that the average person has a multitude of online accounts with various services and that it is utterly impossible for him/her to keep track of a similar number of unique passwords (let alone of which passwords goes with what service). To this day no one has really solved this problem.

Thus, you should expect people to reuse passwords and protect these passwords accordingly. Having a laissez-faire attitude to users’ passwords means you’re not doing your job properly. Period.

I’ll say it again:

 

You, yes you, need to store passwords securely

 

A compromised password in one system, no matter how insignificant, may have dire consequences for other and much more critical systems. Since Internet users invariably reuse passwords, web developers collectively need to protect these.

I realize that being a security specialist is a full-time job and that most developers don’t have the time to become experts in this area. However, I think every web developer who is worth his salt should at the very minimum

  • understand the most basic attack vectors like SQL injection attacks and cross-site scripting attacks and how to mitigate these
  • know how to properly store a password (or, better yet, avoid building a password system but use someone else’s)

I’ll end this post with the illustrative tale that inspired me to write it.

The HBGary attack

There was once a security firm called HBGary (at the time of writing there still is). This was a reputable company providing training and malware protection software to Fortune 500 companies and high profile organizations.

In its quest to rid the world of Internet scumbags, it one day happened upon a group of anonymous scoundrels and threatened to expose them. HBGary barely lived to regret it.

The scoundrels exploited a basic SQL injection chink in HBGary’s armor and leveraged this weakness to open a floodgate for attacks on the organization: HBGary’s emails were publicized, their data, including backups, were destroyed, and their website and twitter profiles were defaced.

For the unabridged story, read the inside version.

What do you think? Which implicit responsibilities do we as web developers take upon us when we deliver a product?


Microsoft is making Cloud Power mainstream

No Comments »

Well, the headline may be a bit presumptuous, but at least they are trying.

Cloud Power - LHRI was pretty impressed when I saw the extent of the Cloud Power advertisement campaign in major Danish newspapers a few weeks back. However, if you live in Denmark, you may not realize just how much marketing muscle Microsoft is putting into this campaign.

I recently travelled to the United Kingdom and found that Cloud Power is everywhere: In the subway, on train stations and in the airport. I took these pictures with a slightly shaking HTC Desire (I was probably shaking from an overdose of bangers and mash).

It will be exiting to see where this will take Microsoft on the Cloud scene. I’ve never seen any of the other players in this space do advertisement like that.

Cloud Power - Waterloo Station


Windows Azure Platform Acceleration Workshop

No Comments »

I will be teaching a 3-day training session on the Windows Azure Platform starting on the 8th of February. Last time I facilitated a similar event was back in December 2010, when 30 Microsoft partners showed up. It was great fun, so I am very much looking forward to repeating the exercise.

This particular event is by invitation only, but if you are interested in a similar training course or just an introductory session on Cloud Computing in general and Windows Azure in particular, please contact my company, Copenhagen Software.


Windows Azure Acceleration Workshop

No Comments »

I will be teaching a 3-day training session on the Windows Azure Platform starting on the 30th of November.

The content will be a bespoke mix of Windows Azure subjects and alternate between presentations and hands-on labs, providing the participants ample opportunity to get their hands dirty in Microsoft’s training center.

This particular event is by invitation only, but if you are interested in a similar training course or just an introductory session on Cloud Computing in general and Windows Azure in particular, please contact my company, Copenhagen Software.


TechTalk on Windows Azure on the 22nd of September

No Comments »

I will be giving a talk on Microsoft Windows Azure on the 22nd of September at Microsoft’s Danish headquarters in Hellerup.

Attendance is free of charge, so sign up and get ready for a tour through the Cloud!


Monitoring your StackOverflow status with Python

No Comments »

I recently read this post on meta.stackoverflow.com on monitoring your SO status using Python. Since I’ve been looking into Pyhon (IronPython in particular) lately, I figured it might be fun to try the provided script out in IronPython.

I quickly experienced some problems pertaining to the sqlite3 and urllib2 modules which I was unable to solve, so I downloaded and installed Python 3.1 for Windows.

The original script does not run against Python 3.1 because of some string encoding issues. Moreover, the regular expressions used in the original script no longer match the markup of SO, so I have updated the script somewhat:

from sqlite3 import dbapi2 as sqlite
import re, os, sys, time
import urllib.request as urllib2

questLen = 60 #digits before elipses kick in
connection = sqlite.connect(“C:\\Users\\Rune Ibsen\\Projects\\SO\\profile.db”)
cursor = connection.cursor()

user = #your user id

request = urllib2.Request(url = ‘<http://stackoverflow.com/users/%i/myProfile.html>’ % (user))

profile = urllib2.urlopen(request).read()
profile = profile.decode(“utf-8″)
rep = re.compile(‘summarycount”>.*?([,\d]+)</div>.*?Reputation’, re.S).search(profile).group(1)
rep = rep.replace(‘,’,”)
badge = re.compile(‘<‘+‘div class=”summarycount ar”.{0,50}>(\d+).{1,100}Badges’, re.S).search(profile).group(1)

stQuestion = re.compile(‘Questions</h.*?Answers</h’, re.S).search(profile).group()
mQuestion = re.compile(‘question-summary narrow.*?id=”question-summary-(\d+)”.*?class=”votes”.*?(\d+).*?class=”status.+?(\d+).*?<h3><a.+?>(.+?)</a>’, re.S).findall(stQuestion)
# mQuestion contains tuples containing (id, votes, answers, title)

stAnswer  = re.compile(‘<h1>Answers</h1>.*?<script’, re.S).search(profile).group()
mAnswer   = re.compile(‘answer-summary”><a href=”/questions/(\d*).*?votes.*?>(-?\d+).*?href.*?>(.*?)<.a’, re.S).findall(stAnswer)

stTime = time.strftime(“%Y-%m-%d %H:%M:%S”)

print (stTime)
print (‘\nQuestions (‘ + str(len(mQuestion)) + ‘):’ )
for quest in mQuestion:
cursor.execute(‘SELECT count(id), votes FROM Questions WHERE id = ‘ + quest[0+ ‘ AND type=0;’)
item = cursor.fetchone()
if item[0> 0:
lastQ = (int(quest[1]) - item[1])
if lastQ==0:lastQ=“”
cursor.execute(‘UPDATE Questions SET votes = %s WHERE id = %s AND type = 0′ % (quest[1], quest[0]))
else:
cursor.execute(‘INSERT INTO Questions VALUES(“‘+quest[3]+‘”,’+quest[1]+‘,0,’+quest[0]+‘);’)
lastQ = “(NEW)”
if len(quest[2]) > questLen:
elips=“…” #in case the question is really long
nElips = 0
else:
elips=“”
nElips = 3
print (‘%s%s %s%s’ % (quest[3][:questLen].ljust(questLen+nElips,” “),elips, (“(“+str(quest[1])+“)”).ljust(5,” “), lastQ))
print (“\nAnswers (” + str(len(mAnswer)) + ‘):’)
for answer in mAnswer:
aId = answer[0]
aVotes = answer[1]
aQuestion = answer[2]
cursor.execute(‘SELECT count(id), votes FROM Questions WHERE id = ‘ + aId + ‘ AND type=1;’)
item = cursor.fetchone()
if item[0> 0:
lastQ = int(aVotes) - item[1]
if lastQ==0:lastQ=“”
cursor.execute(‘UPDATE Questions SET votes = %s WHERE id = %s AND type = 1′ % (aVotes, aId))
else:
cursor.execute(‘INSERT INTO Questions VALUES(“‘+aQuestion+‘”,’+aVotes+‘,1,’+aId+‘);’)
lastQ = “(NEW)”
if len(aQuestion) > questLen:
elips=“…”
nElips = 0
else:
elips=“”
nElips = 3
print (‘%s%s %s%s’ % (aQuestion[:questLen].ljust(questLen+nElips,” “),elips, (“(“+str(aVotes)+“)”).ljust(5,” “), lastQ))

cursor.execute(‘SELECT rep, badges, questions, answers , COUNT(date) FROM profile WHERE user = ‘ + str(user) + ‘ ORDER BY date DESC;’)
oldData = cursor.fetchone()
if oldData[4== 0:
oldData = [0,0,0,0]
cursor.execute(“INSERT INTO profile VALUES(%s,%s,%s,%s,’%s’,%i);” % (rep,badge,len(mQuestion),len(mAnswer),stTime, user) )
print (‘\n‘)
print (‘%s Questions, %s new’ % (len(mQuestion),(len(mQuestion) - oldData[2])))
print (‘%s Answers, %s new’ % (len(mAnswer),(len(mAnswer) - oldData[3])))
print (‘%s Reputation (%+i)’ % (rep, (int(rep) - oldData[0])))
print (‘%s Badges, %s new’ % (badge, (int(badge) - oldData[1])))
connection.commit()

Note that

  • You will have to create an empty SQLite database or download one here
  • You will have to insert your own user id (which is easily identified from the URL if you go to your user page).

Running the script will result in something like this:

image