Sharing Images

By definition a simple image sharing site; http://imgur.com/ you could just drag and drop your image over and share the link with your friends. Having said that it is open to any and everyone who would choose to browse that link.

Extremely useful for those times that you want to quickly share an image on the web with multiple people, without having to rely on email.

A concise explanation of REST concepts

A site which gives a concise explanation of the concepts behind REST;

http://rest.elkstein.org/2008/02/what-is-rest.html

ASP.Net - Setting up the session store in SQL Server

1) Navigate to Visual Studio Tools > Visual Studio Command Prompt

2) Execute aspnet_regsql.exe -ssadd -sstype c -S [sqlservername]  -d [sqldatabasename]  -U [sqlusername]  -P [sqlpassword]

3) Add line to web.config 

sessionState mode="SQLServer" 
allowCustomSqlDatabase="true" 
sqlConnectionString="data source= [sqlservername];Initial Catalog=[sqldatabasename];user id= [sqlusername];password=[sqlpassword];" 
cookieless="false" 
timeout="900"

allowCustomSqlDatabase is required if you have configured a non standard database name.

[Edit] - 30th of August 2012

The [sessionState] attribute needs to be added in the [system.web] section of the web.config

References:

aspnet_regsql.exe - parameters;
http://msdn.microsoft.com/en-us/library/ms229862%28v=vs.80%29.aspx

Some Notes on MS PowerPivots

Following up from here; http://opinionsonoffer.blogspot.com/2012/04/business-intelligence-using-ms.html

Have been meaning to get this typed out for the longest time now; and the longest time it has been :) So here it is; as promised the following are some of the notes I took down from a session on power pivots, please feel free to point out any misconceptions should you see them.

• Powerpivots look to offload the work of a Corporate Business Intelligence team and bring it to the end users. This is basically a plugin to the existing MS Excel suite.
• This is achieved to some extent by Excel and its pivoting functionality; but if you were to take around 4000 - 5000 records and pivot it generally it takes upward of 10 secs to process.
• Powerpivots look to ease this down and make it much faster.
• To run powerpivots you require Vertipaq processors which are usually installed and run at a organizational level. Thereby there is no surefire way to bring this technology to home users as yet.
• Powerpivots allow users to pivot and manipulate data volumes in the millions within a second; (in the demonstration We used 1.3 million records). It seems it achieves this by using column based compression, said to reduce the original filesize by almost 40%. (Similar technology that is used in SQL Server 2012 Denali - ColumnStore Indexes). The file size for the 1.3 million records was 18 mb.
• You can further slice and dice this data as necessary.
• First time load however takes some time, with subsequent loads being upto speed.
• Setting up the data is through a wizard functionality; the data source could be; Access, Another PowerPivot, SQL Server etc. Relationships would be autodetected and mapped accordingly.
• These powerpivots can be pushed to a sharepoint view as well, however you would require silver light to view the resulting screens. They are however very intuitive and easy to use. They can moreover be cached for individual users in order to increase performance.
• Using these you can slice and dice the data and even chart it in terms of displaying.
• Security is maintained either through Sharepoint in terms of a published powerpivot or powerpivots in terms of an excel sheet.

So in summary in terms of bringing this to a home user there is still some ways to go; and in terms of even the business user; you will still need to have a knowledge of the tables that are needed and the datasources. However it has brought us a step closer to the elusive business intelligence at your finger tips paradigm.

Pharma Attack

No it is not when you get attacked by a marauding Pharmacy :)

So what is it?

Its a website hack which first originated in Wordpress sites, it involves malicious users hijacking google search results for the site, which in turn they redirect to different sites which sell different pharmaceuticals products such as Viagra.

The hack...

The hacker would modify existing pages to execute code in other pages, these code snippets in turn would translate to links to third-party websites pushing various pharmaceuticals. 


Unfortunately it is quite likely the owner or the users of the site would likely never know that these links are being exposed because the attack targets only certain search engine spiders such as google bots. 


Effectively meaning that these results would be posted on the search engine’s results for the site (e.g. Google).


How do they get in?

The most usual point of entry is a hacked FTP account or a script vulnerability in the content management system.


The fix...

1. Check .htaccess and .bootstrap files; for suspicious redirects / executions
2. Check PHP files for suspicious references to "eval()" or "base64_decode()" or "create_function()"

Prevention is better than cure...

1. Always make sure to use WiFi hotspots that have a password as this ensures that your communication is encrypted and cannot be intercepted and used by a malicious user.
2. Do not use the FTP account over an unsecure FTP protocol. Only use with secure transmission over SSH File Transfer Protocol that hides (encrypts) the username and password, and encrypts the content.
3. Keep your CMS installations upto date with the latest versions, this ensures that hackers cannot make use of vulnerabilities in older versions of the CMS.
4. Several CMS modules need constant upgrades to eliminate security vulnerabilities.
5. Keep weekly backups of the code repository and of the database.
6. Change all Administrator passwords, database password and FTP passwords periodically.
7. Monitor server logs for the site for search engines links crawled by the search engine which look suspiciousMonitor server logs for the site for search engines links crawled by the search engine which look suspicious.
8. Maintain a backup copy of the entire CMS installation and run a Code Diff periodically to ascertain that no files have been changed.
9. Check PHP files for suspicious references to "eval()" or "base64_decode()" or "create_function()".

References:

• http://hashable.org/2011/09/wordpress-pharmaceutical-attack/
• http://stackoverflow.com/questions/3462473/php-evalgzinflatebase64-decode-hack-how-to-prevent-it-from-occurring-a       
• http://www.pearsonified.com/2010/04/wordpress-pharma-hack.php
• http://digwp.com/2010/07/wordpress-security-lockdown/

Export Files and Folders in a Windows Folder to Excel

Not surprisingly this is quite easy; just do a select all (CTRL + A) in your folder and mouse Right Click while holding the SHIFT key; in the ensuing menu select the option Copy File Paths. 

Now open an excel worksheet and just paste. This will show you your total file path including directory path; if you want to get rid of this just do a find and replace to "". And you have your imported list of objects in a Folder.

Hope this helps...

Deploying your ASP.Net MVC application on Amazon

Was looking at deploying one of our ASP.Net MVC applications on Amazon; and came across this good article on deploying ASP.Net MVC through Amazon Beanstalk.

http://www.simple-talk.com/dotnet/.net-framework/getting-started-with-amazon-aws-and-elastic-beanstalk/

Just a few minutes and you are good to go; this should really give Windows Azure a run for its money as well. Especially with Amazon RDS starting to support SQL Server 2008 R2 Express, Std and EE editions as well.

Will continue to talk about this in the next few weeks.

An initiation in Wordpress

Drafted this up for a friend of mine, so thought I would drop a line on it here as well;

1. Download WAMP (Windows, Apache, MySql, PHP)
1. http://www.wampserver.com/en/

1. Install WAMP

1. http://www.makeuseof.com/tag/how-to-set-up-your-own-wampserver/
2. http://sixrevisions.com/web-development/install-wordpress-on-your-computer-using-wampserver/

2. Download Wordpress

1. http://wordpress.org/download/

3. Install Wordpress

1. http://codex.wordpress.org/Installing_WordPress

4. Setting up a Site

1. http://www.youtube.com/watch?v=Fe_xauphyyI - Setting up a site

5. Hosting

1. http://coenraets.org/blog/2012/01/setting-up-wordpress-on-amazon-ec2-in-5-minutes/

JWPlayer 4 not playing flash files on IE9

Was fixing a bug on a Drupal 5 site recently; basically flash videos were not playing on IE9. The player being used was Jwplayer 4. 


The player initialized as follows;


var playerscriptproxy = new SWFObject("swf/player.swf","ply","660","525","9","#FFFFFF");
playerscriptproxy.addParam('flashvars','skin=modieus.swf');
playerscriptproxy .write("videoplayer");


Doesn't work on IE9;


Turns out after initializing the player adding the skin via addParam somehow overwrote the original video reference, thereby showing just a blank video player;


Solution is to add it all as a part of one reference;

playerscriptproxy.addParam("flashvars", "file=videos/video.flv&skin=modieus.swf");

Hope this helps somebody out.

Cheers,

How do I configure required fields in Drupal UberCart?

Well it is as simple as it sounds;

Navigate through Administer > Store Administration > Configuration > Checkout Settings > Address Fields; the interface would give you the option of enabling a field, changing the title and assigning a required field validation to it.

That's it! Happy UberCarting...

Common web application vulnerabilities and how they can be exploited

Recently one of my colleagues came across this offering from Google code university of an application built with the most common vulnerabilities; and with detailed explanations on how they can be exploited, and how developers can guard their applications against these vulnerabilities. Check it out...

http://google-gruyere.appspot.com/

The following document is a tutor's guide to exercises which can be completed after looking through the concepts in the site;

http://code.google.com/edu/submissions/gruyere/Gruyere_Instructors_Guide.pdf

The following link is to a set of discussions from Niel Daswani on Web Security; worthwhile to update your basics knowledge.

http://code.google.com/edu/submissions/web_security/listing.html

Implementing the IDisposable Pattern (.Net)

The following post is a very good explanation of the recommended way to implement the IDisposable interface in .net;  the poster breaks down the code from scratch and explains why each construct has been used.

http://stackoverflow.com/questions/538060/proper-use-of-the-idisposable-interface

Business Intelligence using MS PowerPivot

A technical talk on MS Power Pivot being delivered next week, just some introductory links to prime for the session, will expand the post once the session is done.

http://blogs.office.com/b/microsoft-excel/archive/2010/10/01/top-5-ways-powerpivot-helps-excel-pros.aspx

http://msdn.microsoft.com/en-us/library/ee210692(v=sql.105).aspx

http://www.powerpivotpro.com/what-is-powerpivot/

Edit: [28/02/2013] - Link to expansion http://opinionsonoffer.blogspot.com/2012/07/some-notes-on-ms-powerpivots.html

Cool sharepoint sites with good branding ideas

Was just thinking about the branding aspects and capabilities of SharePoint in internet facing sites; came across these very good examples;

1) Ferrari - http://www.ferrari.com/

2) Goodman - http://www.goodman.com/

3) Cadburies - http://www.cadbury.com/

4) Conservation International - http://www.conservation.org/

5) Swiss Airways - http://www.swiss.com

6) Hyro - http://www.hyro.com

7) Rado - http://www.rado.com

8) 1 by Youth - http://www.1byyouth.com

9) WesternAustralia - http://www.westernaustralia.com/

10) Hyder Consulting - http://www.hyderconsulting.com

I picked some of these up from the sites given below as reference, you could go check them out for more information;

1) pinkpetrol gives you some nice commentary on the sites as well. 

2) wssdemo is an excellent example of the use of silverlight in a site.

3) sharepointjoel gives you some of the sites of the more prominent companies.

References;

http://www.sharepointjoel.com/Lists/Posts/Post.aspx?ID=202

http://www.pinkpetrol.com/blog/2010/06/top-20-examples-of-creative-navigation-within-sharepoint/

http://www.wssdemo.com/livepivot/

How could I know if there is Tsunami coming?

The truth is you can't know if there is a tsunami coming as seismologists are still unable to identify the exact factors which would pinpoint a wave, much as they are still unable to pinpoint when an earthquake might hit. However there are warnings that could be looked for;

1) foremost on this is if there have been major earthquakes in the area.

A good place to keep up to date on tsunami warnings in the regions of the Pacific and Indian Oceans is the Pacific Tsunami Warning Center http://ptwc.weather.gov/ maintained by the National Oceanic and Atmospheric Administration of the United States of America.

The site gives us earth quake occurrences and readings across the globe and also the severity of the occurrence and the likelihood of a tsunami.

It also goes on to further to offer the estimated time that a wave could be expected at a place if in fact there is a tsunami.

All times are expressed in Zulu time that is GMT +0000; so would need to be converted to the time zones of the local regions.

2) Receding Sea Water / Tides often up to about 1 to 2 miles into the sea, you might notice fish flopping belly up in the ocean. This is often a sure fire way to tell that there is a Tsunami on its way. This was something that was noticed in the 2004 Boxing Day Tsunami.

3) You might also notice flocks of birds flying inland, and even animals moving further inland; it seems God has given these animals inbuilt seismic meters :)