Archive for Internet tag

Apology for the odd theme and sluggish speed

August 21st 2007 • Internet, Personal (Internet) • 1,443 views • 3 responses

I’ve switched to a lightweight theme (300KB less per initial hit) whilst we are overloaded with requests from the excellent Daring Fireball regarding the font rendering philosophies post.

I’ve tried moving some images off site but it’s just typical this happens the week before I move to proper hosting. My poor home DSL line is melting!

Update

Things have calmed down and through a combination of moving images off-site, switching theme and enabling gzip compression for .js and .css the site has survived despite being overloaded at times through lack of bandwidth (CPU and RAM were just fine)

I’ll leave the theme as it is for now in case we get a second wave – the hits appear to come in waves as different time-zones hit different parts of their wake-up, get-to-work and get-home cycles.

The 60 day old post has now had 20,000 hits – about 19,500 of them within the last 24 hours. Slicing and dicing the stats in SQL reveal that my blog has been running for 977 days, consists of 263 blog posts averaging one post every 3.5 days. It has received 1239,51 hits in that time, a sixth of which were in the last 24 hours.

It’s amazing for so many people to read something I have written but as analytics is already pointing out fame is fleeting.

Here’s hoping a few of them decided to add me to their news reader :)

[)amien

Investigating MonoRail

August 17th 2007 • .NET (.NET, HTML-injection, Internet, MonoRail, NHibernate, WebForms) • 1,207 views • 2 responses

Fighting WinForms

I hate fighting with a technology to get it to do what I want because it means I either have the wrong expectation or wrong technology.

With web development I expect strict web standard support and clean code that is easy to maintain.

I am, therefore, tired of fighting with WebForms and seeing as I’m not prepared to change my expectation then the technology must change.

Looking at MonoRail

Ruby on Rails is very fast, elegant and powerful but comes with a bunch of unknowns. The IDE’s I’ve tried have been so-so, there is no support for IntelliSense so I’m forced to remember exact property and method names. There are concerns about performance and scalability and I find the Ruby language itself cryptic.

My current .NET environment has all these things, so what I’m really looking for is an alternative to the WebForms element itself. It also has a powerful framework, tons of samples, and C# is not only enjoyable but very in-demand :)

MonoRail seems to be just what I am looking for but there are a number of things keeping me away. I decided to spend an hour watching a screen cast on WinForms and MonoRail from Ayende @ Rahien’s blog. It calmed some concerns but raised a few others…

NHibernate mapping files

NHibernate provides the core ORM system within MonoRail and normally requires XML mapping files to do so.

I really don’t want or need another abstraction layer here – my tables are freshly modeled and represent my domain classes very well. Rails, Subsonic and LINQ to SQL are all happy to just do it/

Thankfully a project called ActiveWriter gives you a very LINQ to SQL-like experience in dragging tables off, changing names and properties if you want and doing the magic for you.

ActiveRecord template

I still don’t like this mix of static and instance methods providing some sort of split between what should really be two classes but I can live with it.

There is also a Repository<T> option mentioned which perhaps solves this, I shall have to investigate it further.

View engines

There are a number of view engines available for MonoRail but the primary ones are NVelocity and Brail.

As I already have C# and JavaScript in my project and I have no desire to add another language unless there is a good reason to do so. If they want to stop people writing too much view code then what is wrong with a subset of C#?

The template engines also mean giving up strong typing (everything is passed to the view in a type-less property bag accessed with a string key!) and a complete lack of IntelliSense (the demo stalls as fields are mistyped on occasion proving just how useful this is).

HTML injection

Yes, in this day and age HTML injection should be a long-dead concern and yet even the built in SmartGridComponent will happily squirt out data without encoding it and thus allowing data from anywhere to contain HTML ready to be injected into an unsuspecting page.

Ayende has investigated the issue now and is working on getting a fix into the tree.

[)amien

Hiding secrets behind the law – DRM, AACS and the 16-byte key

May 2nd 2007 • Entertainment, Hardware, Internet (aacs, drm, Hardware, Internet) • 1,145 views • one response

It surprises and annoys me when I hear of individuals or companies trying to use the law to hide secrets. Surprise at the sheer stupidity and annoyance that tax payers money is used in the process.

The latest secret under suppression is a short 16-byte key which locks away the content on HD-DVD discs that only licensed software and hardware can play it back and prevent you from making copies.

This type of protection used to be called copy-protection but these days it goes under the equally unpopular name of "Digital Rights Management (DRM)". It enforce the copyright holders rights whilst denying you yours and does it in such a way that in some countries re-asserting your legal rights means you end up breaking others.

The AACS Licencing Authority believe they can now protect by law what they failed to protect using technology. This is particularly amusing because their predecessor, the DVD-CCA, failed on both counts when the encryption on DVD was broken in 1999 by an enterprising trio. Apple gets it and is going down the DRM-free route and not treating their customers like criminals.

Basing an entire business model on keeping a sequence of characters secret defies belief and thinking you can wipe the secret off the face of the internet once it’s out is laughable especially when you consider the infinite number of ways you could represent it. The AACS are at it anyway with take down notices to the likes of Digg and others. Amusingly the take down notice itself includes the ‘magic key’.

Alternative 16-byte sequence where each byte is an offset on the previous one is "09 F0 18 F1 9B D7 6F 78 7D 69 15 6F 9E F3 32 38" which if run through the following program yields a certain magic key.

class Program {
    static void Main(string[] argv) {
        byte b = 0;
        string key = string.Empty;
        foreach(string a in argv) {
            b += byte.Parse(a, System.Globalization.NumberStyles.HexNumber);
            key += string.Format("{0:x2} ", b);
        }
        System.Console.WriteLine(key);
    }
}

[)amien

Google Apps Premier Edition announced

February 22nd 2007 • Internet (Google, Google-Apps, Internet) • 1,052 views • 2 responses

I’ve been a user of Google Apps for your domain for some time – primarily to let me use the great gMail interface for my own mail domains (thanks to the domain alias feature they introduced last month).

Logging into my mailbox this morning I was surprised to find that my account is now considered a Standard Edition but that a Premier Edition is available too.

For $50 USD per year per account you get:

• 10gb of email storage (vs 2gb normally)
• AdSense can be switched off
• Calendar sharing
• API to integrate with existing infrastructure (single sign on, user management etc).
• Migration tools (limited right now)
• 24×7 assistance and telephone support

You can upgrade right now for a free trial on your existing account however you’ll have to provide a credit card number that will be billed come April 30th if you haven’t cancelled by then.

Google have also rolled Spreadsheets, Documents and Document management into the Apps services for everybody and now include a rolling 90-day graph of user activity on the dashboard.

Now where’s the pop mail collection facility that hit the non-app/domain version of gMail a couple of weeks ago…

[)amien

Remote denial of present (DoP) attack via Amazon wish-list

December 18th 2006 • Internet, Personal (Amazon, Internet, Shopping) • 1,334 views • 3 responses

I placed eleven items this year into my Amazon wish-list for my family and girlfriend to pick from and all were quickly purchased.

A few days later my mother asks if I can put some items to buy because after purchasing one or two the others have now gone.

My brothers don’t have debit cards, my sisters have limited net access my girlfriend claims she hasn’t brought them and nobody else knows about it.

Either I’ve got a secret Santa fulfilling my every Amazon wish or… somebody is executing a remote denial of present attack upon my Christmas!

How it works is simple.

1. Find the Amazon wish-list of the target
2. Buy items from the wish-list but ship to your own address
3. Enjoy the items yourself
4. Rejoice in knowing the target is deprived of the item now that Amazon believes he will get it

It’s pretty evil.

The only way I can see that Amazon would be able to prevent this attack is to either let you pre-select other Amazon accounts that are able to use your wish-list or to be able to see who brought what.

Ho-ho hum,

[)amien