Tarak's Weblog

Move Over, AJAX, ARAX Is Here

tarak4v — Fri, 06 Jun 2008 08:57:00 +0000

By Darryl K. Taft
2008-06-05

Microsoft promotes Asynchronous Ruby and XML development.

Move over, AJAX; Microsoft is pushing a different scenario, known as Asynchronous Ruby and XML, or ARAX.

At the RailsConf conference for Ruby on Rails developers in Portland, Ore., on May 30, John Lam, creator of the IronRuby project at Microsoft, told eWEEK that as Microsoft’s Silverlight rich Internet application environment takes off it will provide Ruby developers with a way to deliver AJAX (Asynchronous JavaScript and XML)-style applications without having to use JavaScript.

“If you’re a Ruby programmer and you like Ruby as a language, context-switching into JavaScript is just something you have to do,” Lam said. “It’s a tax. You’re trading productivity away arbitrarily because that’s just what runs in the browser. And it’s much more interesting when you can run the same language on both sides [the client and the server] so you don’t have to do that context switch.”

In essence, using ARAX, Ruby developers would not have to go through the machinations of using something like the RJS (Ruby JavaScript) utility, where they write Ruby code and RJS generates JavaScript code to run on the client, Lam said. “Sure, you could do it that way, but then at some point you might have to add some JavaScript code that adds some custom functionality on the client yourself,” he said. “So there’s always that sense of, ‘Now I’m in another world. And wouldn’t it be nice if I have this utility class I wrote in Ruby…’ Today if I want to use it in the browser I have to port it to JavaScript. Now I can just run it in the browser.”

According to Lam, the scenario is that people agree that HTML and CSS (Cascading Style Sheets) are standard. “It’s a known thing and people understand this technology,” Lam said. “The part that [is important], at least as far as Rails programmers are concerned with, is they would like to be able to do some Ruby on the client. JavaScript is no longer the ugly stepchild that it used to be, but it’s quirky in certain ways. That’s not to say that Ruby isn’t, but Ruby has more ‘oohs and ahs’ about it than JavaScript does.”

Moreover, “If we do our jobs right and we get Silverlight to play very widely, then all of a sudden for folks that are interested in doing some ARAX, they can. They have to ask, Do we want to take a dependency on this thing? It’s pretty brain-dead to take a dependency on Flash, because Flash is everywhere already. So this becomes a more compelling scenario over time,” he said, noting that as Silverlight adoption grows the opportunity for ARAX development increases.

Ben Galbraith, co-founder of Ajaxian.com, said of ARAX: “If this is about using Silverlight to host client-side browser scripting in Ruby, it’s definitely an appealing notion, but the problem will always be about Silverlight being a Microsoft technology.”

Indeed, Galbraith said, “As long as Windows/Office dominates Microsoft’s balance sheet, these cross-platform Microsoft plays always feel a bit like the story of the boy who upon encountering a rattlesnake picks it up after it promises not to hurt him, upon which the snake promptly bites. After the boy protests, the snake says: ‘You knew what I was when you picked me up.’ No matter what capabilities Silverlight may have, I think most of us in the community simply wouldn’t dream of embracing architectures dependent on Microsoft’s goodwill to support other OS vendors.”

Dion Almaer, the other co-founder of Ajaxian.com, said, “It is interesting to note that you have been able to use JRuby to run Ruby in the browser for quite some time … IronRuby is great. Getting more languages into the browser is great.”

In a blog post, Troy Taft, principal consultant and founder of Troy Taft Consulting, a software development firm, said: “Silverlight and the plug-in RIA wars … caught me by surprise. I didn’t expect Ruby to have a chance at the client. This may make ARAX become more popular than AJAX because you can actually write client-based applications in Silverlight with Ruby in the near future if everything goes well.”

And although Taft (no relation to this reporter) said he considers himself a “JavaScript promoter,” he wrote: “Why do I think that Ruby is better than JavaScript? Mostly because it expresses objects more respectably and it has a cleaner syntax that works in an obvious way to me as developer. This makes the code very readable and easy to use.”

Meanwhile, in a session at RailsConf, Lam showed IronRuby running Ruby on Rails code.

“Our goal was to show that Rails guys could use Silverlight as well,” Lam said. “And if you wanted to use Ruby to do some HTML stuff, if you want to do ARAX on the client, awesome. Knock yourself out.”

With IronRuby, Lam said he demonstrated that Microsoft could dispatch simple Rails requests. “So we can dispatch these static page requests,” he said. “We showed some dynamic stuff happening—we demonstrated we could dispatch to a controller, which will render using a view. And then we showed we could use ActiveRecord to round-trip from SQL Server and return like a single row. So we could demonstrate we could go through the Active Record path. So we can read from database, we can create databases; I don’t think we can update or delete or any of that stuff yet. But that’s coming. This was a demonstration of our commitment to building a Ruby that runs real Ruby programs.”

Lam said he is under no illusion that Rails developers will move in droves to IronRuby.

“Look around at the Rails conference, everybody’s carrying a Mac here,” Lam said. “And this community is a very ‘Unix-y’ community. There are just no if, ands or buts about it. So for us coming here and showing IronRuby running Rails, we weren’t under any illusions that people would convert to us simply because of that. So what we wanted to show was something new, something different. We allow people to run Ruby in the browser in a cross-platform way with a very lightweight download.”

And IronRuby’s support for Ruby on Rails will only get better as the team has more time to work on it, Lam said. Already, he said, he believes IronRuby is further along in its Rails support than either the JRuby or Rubinius projects were at the point when the same amount of time had been put into their efforts.

Ruby on Rails creator David Heinemeier Hansson offered praise for the IronRuby effort.

“It’s great to see Microsoft making progress on IronRuby,” Hansson said. “Just like JRuby provides people who are stuck with an inventory of Java infrastructure and programs an easy way into Ruby, so does IronRuby for those who are still sitting on a Microsoft stack.”

He added, “As with JRuby, though, I don’t expect a lot of Ruby programmers with no existing connection to Microsoft to go gaga over it.”

An IT manager’s guide on how to be better at what you do, no matter how experienced you are

tarak4v — Tue, 03 Jun 2008 05:32:00 +0000

By Richard Casselberry

June 02, 2008

On MSN the other day, I noticed an article called “75 skills every man should master.” It included some skills I have and some I don’t. For example, I can tie a knot and hammer a nail, but frankly I can’t recite a poem from memory, and bow ties still confuse me.

It was an interesting read and made me realize I could be more well-rounded than I am. To be honest, we all could be.

So in the spirit of personal growth, I developed a list of skills every IT person should have.

1. Be able to fix basic PC issues. These can be how to map a printer, back up files, or add a network card. You don’t need to be an expert and understand how to overclock a CPU or hack the registry, but if you work in IT, people expect you to be able to do some things.

2. Work the help desk. Everyone, from the CIO to the senior architect, should be able to sit down at the help desk and answer the phones. Not only will you gain a new appreciation for the folks on the phones, but you will also teach them more about your process and avoid escalations in the future.

3. Do public speaking. At least once, you should present a topic to your peers. It can be as simple as a five-minute tutorial on how IM works, but being able to explain something and being comfortable enough to talk in front of a crowd is a skill you need to have. If you are nervous, partner with someone who is good at it, or do a roundtable. This way, if you get flustered, someone is there to cover for you.

4. Train someone. The best way to learn is to teach.

5. Listen more than you speak. I very rarely say something I didn’t already know, but I often hear other people say things and think, “Darn, I wish I knew that last week.”

6. Know basic networking. Whether you are a network engineer, a help desk technician, a business analyst, or a system administrator, you need to understand how networks work and simple troubleshooting. You should understand DNS and how to check it, as well as how to ping and trace-route machines.

7. Know basic system administration. Understand file permissions, access levels, and why machines talk to the domain controllers. You don’t need to be an expert, but knowing the basics will avoid many headaches down the road.

8. Know how to take a network trace. Everyone in IT should be able to fire up wireshark, netmon, snoop, or some basic network capturing tool. You don’t need to understand everything in it, but you should be able to capture it to send to a network engineer to examine.

9. Know the difference between latency and bandwidth. Latency is the amount of time to get a packet back and forth; bandwidth is the maximum amount of data a link can carry. They are related, but different. A link with high-bandwidth utilization can cause latency to go higher, but if the link isn’t full, adding more bandwidth can’t reduce latency.

10. Script. Everyone should be able to throw a script together to get quick results. That doesn’t mean you’re a programmer. Real programmers put in error messages, look for abnormal behavior, and document. You don’t need to do that, but you should be able to put something together to remove lines, send e-mail, or copy files.

11. Back up. Before you do anything, for your own sake, back it up.

12. Test backups. If you haven’t tested restoring it, it isn’t really there. Trust me.

13. Document. None of the rest of us wants to have to figure out what you did. Write it down and put it in a location everyone can find. Even if it’s obvious what you did or why you did it, write it down.

14. Read “The Cuckoo’s Egg.” I don’t get a cut from Cliff Stoll (the author), but this is probably the best security book there is — not because it is so technical, but because it isn’t.

15. Work all night on a team project. No one likes to do this, but it’s part of IT. Working through a hell project that requires an all-nighter to resolve stinks, but it builds very useful camaraderie by the time it is done.

16. Run cable. It looks easy, but it isn’t. Plus, you will understand why installing a new server doesn’t really take five minutes — unless, of course, you just plug in both ends and let the cable fall all over the place. Don’t do that — do it right. Label all the cables (yes, both ends), and dress them nice and neat. This will save time when there’s a problem because you’ll be able to see what goes where.

17. You should know some energy rules of thumb. For example: A device consuming 3.5kW of electricity requires a ton of cooling to compensate for the heat. And I really do mean a ton, not merely “a lot.” Note that 3.5kW is roughly what 15 to 20 fairly new 1U and 2U servers consume. One ton of cooling requires three 10-inch-round ducts to handle the air; 30 tons of air requires a duct measuring 80 by 20 inches. Thirty tons of air is a considerable amount.

18. Manage at least one project. This way, the next time the project manager asks you for a status, you’ll understand why. Ideally, you will have already sent the status report because you knew it would be asked for.

19. Understand operating costs versus capital projects. Operating costs are the costs to run the business. Capital equipment is made of assets that can have their cost spread over a time period — say, 36 months. Operating costs are sometimes better, sometimes worse. Know which one is better — it can make a difference between a yes and no.

20. Learn the business processes. Being able to spot improvements in the way the business is run is a great technique for gaining points. You don’t need to use fancy tools; just asking a few questions and using common sense will serve you well.

21. Don’t be afraid to debate something you know is wrong. But also know when to stop arguing. It’s a fine line between having a good idea and being a pain in the ass.

22. If you have to go to your boss with a problem, make sure you have at least one solution.

23. There is no such thing as a dumb question, so ask it … once. Then write down the answer so that you don’t have to ask it again. If you ask the same person the same question more than twice, you’re an idiot (in their eyes).

24. Even if it takes you twice as long to figure something out on your own versus asking someone else, take the time to do it yourself. You’ll remember it longer. If it takes more than twice as long, ask.

25. Learn how to speak without using acronyms.

26. IT managers: Listen to your people. They know more than you. If not, get rid of them and hire smarter people. If you think you are the smartest one, resign.

27. IT managers: If you know the answer, ask the right questions for someone else to get the solution; don’t just give the answer. This is hard when you know what will bring the system back up quickly and everyone in the company is waiting for it, but it will pay off in the long run. After all, you won’t always be available.

28. IT managers: The first time someone does something wrong, it’s not a mistake — it’s a learning experience. The next time, though, give them hell. And remember: Every day is a chance for an employee to learn something else. Make sure they learn something valuable versus learning there’s a better job out there.

29. IT managers: Always give people more work than you think they can handle. People will say you are unrealistic, but everyone needs something to complain about anyway, so make it easy. Plus, there’s nothing worse than looking at the clock at 2 p.m. and thinking, “I’ve got nothing to do, but can’t leave.” This way, your employees won’t have that dilemma.

30. IT managers: Square pegs go in square holes. If someone works well in a team but not so effectively on their own, keep them as part of a team.

obtained from:here

A Map for .net Framework 3.5

tarak4v — Sat, 26 Jan 2008 07:47:00 +0000

Hi Friends…

I was finding for the technology update for the Microsoft .net 3.5 framework and i got the Amazing thing for you People..

go through that and let me know your reviews about this.

http://www.microsoft.com/downloads/details.aspx?FamilyId=7B645F3A-6D22-4548-A0D8-C2A27E1917F8&displaylang=en

this poster is a basic tool all of us needs, right??

Tarak
(Your Friend & Well-Wisher)

Articles : How to hack a website

tarak4v — Mon, 26 Nov 2007 06:14:00 +0000

I want to show you just one way that hackers can get in to your website and mess it up, using a technique called SQL Injection. And then I’ll show you how to fix it. This article touches on some technical topics, but I’ll try to keep things as simple as possible. There are a few very short code examples written in PHP and SQL. These are for the techies, but you don’t have to fully understand the examples to be able to follow what is going on. Please also note that the examples used are extremely simple, and Real Hackers™ will use many variations on the examples listed.

If your website doesn’t use a database, you can relax a bit; this article doesn’t apply to your site — although you might find it interesting anyway. If your site does use a database, and has an administrator login who has rights to update the site, or indeed any forms which can be used to submit content to the site — even a comment form — read on.

Warning

This article will show you how you can hack in to vulnerable websites, and to check your own website for one specific vulnerability. It’s OK to play around with this on your own site (but be careful!) but do not be tempted to try it out on a site you do not own. If the site is properly managed, an attempt to log in using this or similar methods will be detected and you might find yourself facing charges under the Computer Misuse Act. Penalties under this act are severe, including heavy fines or even imprisonment.

What is SQL Injection?

SQL stands for Structured Query Language, and it is the language used by most website databases. SQL Injection is a technique used by hackers to add their own SQL to your site’s SQL to gain access to confidential information or to change or delete the data that keeps your website running. I’m going to talk about just one form of SQL Injection attack that allows a hacker to log in as an administrator – even if he doesn’t know the password.

Is your site vulnerable?

If your website has a login form for an administrator to log in, go to your site now, in the username field type the administrator user name.

In the password field, type or paste this:

x’ or ‘a’ = ‘a

If the website didn’t let you log in using this string you can relax a bit; this article probably doesn’t apply to you. However you might like to try this alternative:

x’ or 1=1–

Or you could try pasting either or both of the above strings into both the login and password field. Or if you are familiar with SQL you could try a few other variations. A hacker who really wants to get access to your site will try many variations before he gives up.

If you were able to log in using any of these methods then get your web tech to read this article, and to read up all the other methods of SQL Injection. The hackers and “skript kiddies” know all this stuff; your web techs need to know it too.

The technical stuff

If you were able to log in, then the code which generates the SQL for the login looks something like this:

  $sql =
    “SELECT * FROM users
    “WHERE username = ‘” . $username .
    “‘ AND password = ‘” . $password . “‘”;

When you log in normally, let’s say using userid admin and password secret, what happens is the admin is put in place of

$username

and secret is put in place of

$password

. The SQL that is generated then looks like this:

SELECT * FROM users WHERE username = ‘admin‘ and PASSWORD = ‘secret‘

But when you enter

x’ or ‘a’ = ‘a

as the password, the SQL which is generated looks like this:

SELECT * FROM users WHERE username = ‘admin‘ and PASSWORD = ‘x’ or ‘a’ = ‘a‘

Notice that the string:

  x’ or ‘a’ = ‘a 

has injected an extra phrase into the WHERE clause:

 or ‘a’ = ‘a’ 

. This means that the WHERE is always true, and so this query will return a row contain the user’s details.

If there is only a single user defined in the database, then that user’s details will always be returned and the system will allow you to log in. If you have multiple users, then one of those users will be returned at random. If you are lucky, it will be a user without administration rights (although it might be a user who has paid to access the site). Do you feel lucky?

How to defend against this type of attack

Fixing this security hole isn’t difficult. There are several ways to do it. If you are using MySQL, for example, the simplest method is to escape the username and password, using the mysql_escape_string() or mysql_real_escape_string() functions, e.g.:

$userid = mysql_real_escape_string($userid);
$password = mysql_real_escape_string($password);
$sql =
“SELECT * FROM users
“WHERE username = ‘” . $username .
“‘ AND password = ‘” . $password . “‘”;

Now when the SQL is built, it will come out as:

SELECT * FROM users WHERE username = ‘admin‘ and PASSWORD = ‘x\’ or \’a\’ = \’a‘

Those backslashes ( \ ) make the database treat the quote as a normal character rather than as a delimiter, so the database no longer interprets the SQL as having an OR in the WHERE clause.

This is just a simplistic example. In practice you will do a bit more than this as there are many variations on this attack. For example, you might structure the SQL differently, fetch the user using the user name only and then check manually that the password matches or make sure you always use bind variables (the best defence against SQL injection and strongly recommended!). And you should always escape all incoming data using the appropriate functions from whatever language your website is written in – not just data that is being used for login.

There’s more

This has just been a brief overview. There are many more hacking techniques than SQL Injection; there are many more things that can be done just using SQL Injection. It is possible to directly change data, get access to confidential information, even delete your whole database — irrespective of whether the hacker can actually log in — if your website isn’t set up correctly.

If you are hungry for more, this detailed article from SecuriTeam explains other techiques hackers might use, as well as some of the methods hackers use to work out the structure of your database, the userid of the admin user, gain access to your system’s configuration, etc.

Have a nice weekend!

Article Obtained from
http://www.ecademy.com/node.php?id=76050

A Preview of What’s New in C# 3.0

tarak4v — Mon, 19 Nov 2007 12:54:00 +0000

On the heels of the Visual Studio 2005 and C# 2.0 releases, Microsoft has given a sneak preview of what to expect in the version after the next: C# 3.0. Even though C# 3.0 is not even standardized yet, Microsoft provided a preview release at its Professional Developers Conference (PDC) in September so eager developers could try out some of the expected features. This article discusses the following major new enhancements expected in C# 3.0:

Implicitly typed local variables
Anonymous types
Extension methods
Object and collection initializers
Lambda expressions
Query expressions
Expression Trees

Implicitly Typed Local Variables

C# 3.0 introduces a new keyword called “var”. Var allows you to declare a new variable, whose type is implicitly inferred from the expression used to initialize the variable. In other words, the following is valid syntax in C# 3.0:

var i = 1;

The preceding line initializes the variable i to value 1 and gives it the type of integer. Note that “i” is strongly typed to an integer—it is not an object or a VB6 variant, nor does it carry the overhead of an object or a variant.

To ensure the strongly typed nature of the variable that is declared with the var keyword, C# 3.0 requires that you put the assignment (initializer) on the same line as the declaration (declarator). Also, the initializer has to be an expression, not an object or collection initializer, and it cannot be null. If multiple declarators exist on the same variable, they must all evaluate to the same type at compile time.

Implicitly typed arrays, on the other hand, are possible using a slightly different syntax, as shown below:

var intArr = new[] {1,2,3,4} ;

The above line of code would end up declaring intArr as int[].

The var keyword allows you to refer to instances of anonymous types (described in the next section) and yet the instances are statically typed. So, when you create instances of a class that contain an arbitrary set of data, you don’t need to predefine a class to both hold that structure and be able to hold that data in a statically typed variable.

Anonymous Types

C# 3.0 gives you the flexibility to create an instance of a class without having to write code for the class beforehand. So, you now can write code as shown below:

new {hair=”black”, skin=”green”, teethCount=64}

The preceding line of code, with the help of the “new” keyword, gives you a new type that has three properties: hair, skin, and teethCount. Behind the scenes, the C# compiler would create a class that looks as follows:

class __Anonymous1

{

private string _hair = “black”;

private string _skin = “green”;

private int _teeth = 64;

public string hair {get { return _hair; } set { _hair = value; }}

public string skin {get { return _skin; } set { _skin = value; }}

public int teeth {get { return _teeth; } set { _teeth = value; }}

}

In fact, if another anonymous type that specified the same sequence of names and types were created, the compiler would be smart enough to create only a single anonymous type for both instances to use. Also, because the instances are, as you may have guessed, simply instances of the same class, they can be exchanged because the types are really the same.

Now you have a class, but you still need something to hold an instance of the above class. This is where the “var” keyword comes in handy; it lets you hold a statically typed instance of the above instance of the anonymous type. Here is a rather simple and easy use of an anonymous type:

var frankenstein = new {hair=”black”, skin=”green”, teethCount=64}

Extension Methods

Extension methods enable you to extend various types with additional static methods. However, they are quite limited and should be used as a last resort—only where instance methods are insufficient.

Extension methods can be declared only in static classes and are identified by the keyword “this” as a modifier on the first parameter of the method. The following is an example of a valid extension method:

public static int ToInt32(this string s)

{

return Convert.ToInt32(s) ;

}

If the static class that contains the above method is imported using the “using” keyword, the ToInt32 method will appear in existing types (albeit in lower precedence to existing instance methods), and you will be able to compile and execute code that looks as follows:

string s = “1″;

int i = s.ToInt32();

This allows you to take advantage of the extensible nature of various built-in or defined types and add newer methods to them.

Object and Collection Initializers

C# 3.0 is expected to allow you to include an initializer that specifies the initial values of the members of a newly created object or collection. This enables you to combine declaration and initialization in one step.

For instance, if you defined a CoOrdinate class as follows:

public class CoOrdinate

{

public int x ;

public int y;

}

You then could declare and initialize a CoOrdinate object using an object initializer, like this:

var myCoOrd = new CoOrdinate{ x = 0, y= 0} ;

The above code may have made you raise your eyebrows and ask, “Why not just write the following:”

var myCoOrd = new CoOrdinate(0, 0) ;

Note: I never declared a constructor that accepted two parameters in my class. In fact, initializing the object using an object initializer essentially is equivalent to calling a parameterless (default) constructor of the CoOrdinate object and then assigning the relevant values.

Similarly, you should easily be able to give values to collections in a rather concise and compact manner in C# 3.0. For instance, the following C# 2.0 code:

List animals = new List();

animals.Add(“monkey”);

animals.Add(“donkey”);

animals.Add(“cow”);

animals.Add(“dog”);

animals.Add(“cat”);

Now can be shortened to simply:

List animals = new List {

“monkey”, “donkey”, “cow”, “dog”, “cat” } ;

Lambda Expressions: The Espresso of Anonymous Methods

C# 1.x allowed you to write code blocks in methods, which you could invoke easily using delegates. Delegates are definitely useful, and they are used throughout the framework, but in many instances you had to declare a method or a class just to use one. Thus, to give you an easier and more concise way of writing code, C# 2.0 allowed you to replace standard calls to delegates with anonymous methods. The following code may have been written in .NET 1.1 or earlier:

class Program

{

delegate void DemoDelegate();

static void Main(string[] args)

{

DemoDelegate myDelegate = new DemoDelegate(SayHi);

myDelegate();

}

void SayHi()

{

Console.Writeline(“Hiya!!”) ;

}

In C# 2.0, using anonymous methods, you could rewrite the code as follows:

class Program

{

delegate void DemoDelegate();

static void Main(string[] args)

{

DemoDelegate myDelegate = delegate()

{

Console.Writeline(“Hiya!!”);

};

myDelegate();

}

Whereas anonymous methods are a step above method-based delegate invocation, lambda expressions allow you to write anonymous methods in a more concise, functional syntax.

You can write a lambda expression as a parameter list, followed by the => token, followed by an expression or statement block. The above code can now be replaced with the following code:

class Program

{

delegate void DemoDelegate();

static void Main(string[] args)

{

DemoDelegate myDelegate = () => Console.WriteLine(“Hiya!!”) ;

myDelegate();

}

Although Lambda expressions may appear to be simply a more concise way of writing anonymous methods, in reality they also are a functional superset of anonymous methods. Specifically, Lambda expressions offer the following additional functionality:

They permit parameter types to be inferred. Anonymous methods will require you to explicitly state each and every type.
They can hold either query expressions (described in the following section) or C# statements.
They can be treated as data using expression trees (described later). This cannot be done using Anonymous methods.

Query Expressions

Even though further enhancements may be introduced in the coming months as C# 3.0 matures, the new features described in the preceding sections make it a lot easier to work with data inside C# in general. This feature, also known as LINQ (Language Integrated Query), allows you to write SQL-like syntax in C#.

For instance, you may have a class that describes your data as follows:

public class CoOrdinate

{

public int x ;

public int y;

}

You now could easily declare the logical equivalent of a database table inside C# as follows:

// Use Object and collection initializers

List coords = … ;

And now that you have your data as a collection that implements IEnumerable, you easily can query this data as follows:

var filteredCoords =

from c in coords

where x == 1

select (c.x, c.y)

In the SQL-like syntax above, “from”, “where”, and “select” are query expressions that take advantage of C# 3.0 features such as anonymous types, extension methods, implicit typed local variables, and so forth. This way, you can leverage SQL-like syntax and work with disconnected data easily.

Each query expression is actually translated into a C#-like invocation behind the scenes. For instance, the following:

where x == 1

Translates to this:

coords.where(c => c.x == 1)

As you can see, the above looks an awful lot like a lambda expression and extension method. C# 3.0 has many other query expressions and rules that surround them.

Expression Trees

C# 3.0 includes a new type that allows expressions to be treated as data at runtime. This type, System.Expressions.Expression, is simply an in-memory representation of a lambda expression. The end result is that your code can modify and inspect lambda expressions at runtime.

The following is an example of an expression tree:

Expression filter = () => Console.WriteLine(“Hiya!!”) ;

With the above expression tree setup, you easily can inspect the contents of the tree by using various properties on the filter variable.

One to Grow On

C# 3.0 offers incredible new features that make your work as an application developer and architect a lot easier, and yet it remains a programming language that lends itself to stricter and cleaner architecture.

C# 3.0 is in its infancy right now and it will mature in the coming months, but given the sizable impact its changes will have on the surrounding .NET Framework, its recommended architecture, and design patterns, definitely keep your eye on it.

20 Tips to Improve ASP.net Application Performance

tarak4v — Sun, 11 Nov 2007 11:47:00 +0000

Not a .net Developer?

Are you an asp.net developer? If you aren’t don’t worry, we have similar posts in the works for Ruby, PHP, and other developers out there. If you are an ASP.net developer, listen up!

Get Ready for Massive Gains

There are certain things you should take into account when you are developing your applications. Over the last 12 years or so of working with asp and asp.net, I have learned to avoid and do certain things that increase your application performance by a massive amount! Below are my top 20 tips to improving ASP.net application Performance.

Disable Session State
Disable Session State if you’re not going to use it. By default it’s on. You can actually turn this off for specific pages, instead of for every page:
```
<%@ Page language="c#" Codebehind="WebForm1.aspx.cs"AutoEventWireup="false" Inherits="WebApplication1.WebForm1"EnableSessionState="false" %>
```
You can also disable it across the application in the web.config by setting the mode value to Off.
Output Buffering
Take advantage of this great feature. Basically batch all of your work on the server, and then run a Response.Flush method to output the data. This avoids chatty back and forth with the server.
```
<%response.buffer=true%> 
```
Then use:
```
<%response.flush=true%> 
```
Avoid Server-Side Validation
Try to avoid server-side validation, use client-side instead. Server-Side will just consume valuable resources on your servers, and cause more chat back and forth.
Repeater Control Good, DataList, DataGrid, and DataView controls Bad
Asp.net is a great platform, unfortunately a lot of the controls that were developed are heavy in html, and create not the greatest scaleable html from a performance standpoint. ASP.net repeater control is awesome! Use it! You might write more code, but you will thank me in the long run!

Take advantage of HttpResponse.IsClientConnected before performing a large operation:

if (Response.IsClientConnected)      {          // If still connected, redirect          // to another page.           Response.Redirect("Page2CS.aspx", false);      }

What is wrong with Response.Redirect? Read on…

Use HTTPServerUtility.Transfer instead of Response.Redirect
Redirect’s are also very chatty. They should only be used when you are transferring people to another physical web server. For any transfers within your server, use .transfer! You will save a lot of needless HTTP requests.
Always check Page.IsValid when using Validator Controls
So you’ve dropped on some validator controls, and you think your good to go because ASP.net does everything for you! Right? Wrong! All that happens if bad data is received is the IsValid flag is set to false. So make sure you check Page.IsValid before processing your forms!
Deploy with Release Build
Make sure you use Release Build mode and not Debug Build when you deploy your site to production. If you think this doesn’t matter, think again. By running in debug mode, you are creating PDB’s and cranking up the timeout. Deploy Release mode and you will see the speed improvements.
Turn off Tracing
Tracing is awesome, however have you remembered to turn it off? If not, make sure you edit your web.config and turn it off! It will add a lot of overhead to your application that is not needed in a production environment.
```
"false" />"10" pageOutput="false" traceMode="SortByTime" localOnly="true"/>
```
Page.IsPostBack is your friend
Make sure you don’t execute code needlessly. I don’t know how many web developers forget about checking IsPostBack! It seems like such a basic thing to me! Needless processing!
Avoid Exceptions
Avoid throwing exceptions, and handling useless exceptions. Exceptions are probably one of the heaviest resource hogs and causes of slowdowns you will ever see in web applications, as well as windows applications. Write your code so they don’t happen! Don’t code by exception!
Caching is Possibly the number one tip!
Use Quick Page Caching and the ASP.net Cache API! Lots to learn, its not as simple as you might think. There is a lot of strategy involved here. When do you cache? what do you cache?
Create Per-Request Cache
Use HTTPContect.Items to add single page load to create a per-request cache.
StringBuilder
StringBuilder.Append is faster than String + String. However in order to use StringBuilder, you must
```
new StringBuilder()
```
Therefore it is not something you want to use if you don’t have large strings. If you are concatenating less than 3 times, then stick with String + String. You can also try String.Concat

Turn Off ViewState
If you are not using form postback, turn off viewsate, by default, controls will turn on viewsate and slow your site.

public ShowOrdersTablePage(){  this.Init += new EventHandler(Page_Init);}

private void Page_Init(object sender, System.EventArgs e){  this.EnableViewState = false;}

Use Paging
Take advantage of paging’s simplicity in .net. Only show small subsets of data at a time, allowing the page to load faster. Just be careful when you mix in caching. How many times do you hit the page 2, or page 3 button? Hardly ever right! So don’t cache all the data in the grid! Think of it this way: How big would the first search result page be for “music” on Google if they cached all the pages from 1 to goggle
Use the AppOffline.htm when updating binaries
I hate the generic asp.net error messages! If I never had to see them again I would be so happy. Make sure your users never see them! Use the AppOffline.htm file!
Use ControlState and not ViewState for Controls
If you followed the last tip, you are probably freaking out at the though of your controls not working. Simply use Control State. Microsoft has an excellent example of using ControlState here, as I will not be able to get into all the detail in this short article.
Use the Finally Method
If you have opened any connections to the database, or files, etc, make sure that you close them at the end! The Finally block is really the best place to do so, as it is the only block of code that will surely execute.
Option Strict and Option Explicit
This is an oldy, and not so much a strictly ASP.net tip, but a .net tip in general. Make sure you turn BOTH on. you should never trust .net or any compiler to perform conversions for you. That’s just shady programming, and low quality code anyway. If you have never turned both on, go turn them on right now and try and compile. Fix all your errors.

There are hundreds more where these came from, however I really feel that these are the most critical of the speed improvements you can make in ASP.net that will have a dramatic impact on the user experience of your application. As always if you have any suggestions or tips to add, please let us know! We would love to hear them!

Have web development!

Post from The MS Word 2007… It’s Too Fast Too Furious….

tarak4v — Fri, 06 Jul 2007 11:57:00 +0000

Security certifications are hot. While some IT accreditation paths have cooled, others are attracting attention. In many cases, the accreditations drawing uncommon interest are security-related.

Microsoft offers security-focused versions of its Microsoft Certified Systems Administrator and Microsoft Certified Systems Engineer accreditations, while Cisco offers a security version of its CCIE certification. Still others–including CompTIA, the International Information System Security 2 (ISC)2, the Global Information Assurance Certification (GIAC) and the Security Certified Program–all offer popular security accreditations.

Here’s a rundown of the top vendor-independent security certifications.

CompTIA Security+

Candidates seeking CompTIA Security+ certification need pass only a single (SY0-101) exam. The CompTIA exam, consisting of 100 questions, tests candidates’ security expertise in five areas:

General Security Concepts
Communication Security
Infrastructure Security
Basics of Cryptography
Operational/Organizational Security.

General security concepts tested include knowledge of authentication protocols, common vulnerabilities and attack strategies and social engineering risks. Communication security issues candidates must master include remote access security technologies and e-mail security, as well as strategies for hardening wireless networks. Infrastructure topics covered include firewall, router, switch, modem, VPN and telecom security, issues associated with protecting such media as common Ethernet cabling and intrusion detection strategies.

CompTIA’s Security+ exam also explores cryptography. Candidates must demonstrate knowledge of common cryptographic algorithms, digital signatures, and public key policies.

The Security+ test also covers operational and organization security issues. From protecting backup data to designing effective security policies and implementing effective incident response strategies, candidates must prove a wide range of operational and organizational security expertise.

The Security+ exam is well known. In fact, the certification is so well respected that Microsoft accepts Security+ certification as credit toward its MCSE and MCSA certifications (eliminating the requirement for candidates to pass other exams).

(ISC)2 – SSCP and CISSP

The International Information Systems Security Consortium, known as (ISC)2, maintains what it calls the (ISC)2 CBK. The so-called Common Body of Knowledge tracks best practices for securing information technology. The (ISC)2 awards four certifications: CISSP, SSCP, CAP and Associate of (ISC)2.

The Certification and Accreditation Professional, or CAP credential, is a little different than traditional certifications. The CAP certification measures ones understanding of the certification process and targets those IT professionals who must determine processes for assessing security vulnerabilities and implement security protections. In addition to testing knowledge of certification’s purpose, CAP candidates must demonstration knowledge of the certification and accreditation processes and post-certification monitoring.

The Systems Security Certified Practitioner (SSCP) certification targets IT professionals responsible for network or systems security. The SSCP tests a candidate’s knowledge in seven areas: access controls, analysis and monitoring, cryptography, networks and telecommunications, malicious code, risk, response and recovery and security operations and administration.

The CISSP certification is aimed at IT managers seeking executive-level security positions. The CISSP exam tests candidates’ knowledge of (ISC)2′s 10 CBKs: access control, application security, business continuity and disaster recovery planning, cryptography, information security and risk management, legal, regulations, compliance and investigations, operations security, physical security, security architecture and design and telecommunications and network security.

The Associate of (ISC)2 status, meanwhile, targets those IT professionals who possess the expertise required to earn CISSP or SSCP accreditation but don’t boast commensurate years of practical field experience. SSCP candidates are expected to have one year of security field experience, while those sitting for the CISSP credential are expected to possess four years of such practical experience (although a Master’s Degree in Information Security from a National Center of Excellence subtracts one year from that requirement). SSCP and CISSP candidates must also pass professional, criminal and background history checks.

GIAC–GISF and GSEC

The Global Information Assurance Certification arm of the SANS Institute exists to confirm real-world information technology skills. The organization maintains some 19 security-focused and job-specific certificates and certifications.

GIAC certifies candidates in five subject areas (including Security Administration) and at several levels (including Silver, Gold and Platinum). The organization offers both certificates and certifications. Certificates typically are based on material covered in a one- or two-day SANS training course and encompass a single exam. Certifications, however, tend to be based on weeklong courses and usually require passing two exams that require renewal every four years.

The entry-level GIAC security accreditation–the GIAC Information Security Fundamentals (GISF)–targets IT managers, security officers and administrators. The exam measures candidates’ understanding of the threats that challenge information resources and tests the ability to identify best security practices.

The next highest GIAC security accreditation is the Security Essentials Certification (GSEC), which targets such technology professionals as hands-on managers, staff new to the field and others. The two exams test security essentials and helps ensure individuals possess solid baseline security knowledge.

Additional GIAC security certifications include the Certified Firewall Analyst (which confirms the knowledge, skills and abilities required to design, configure and monitor routers, firewalls and other perimeter devices), the Certified Intrusion Analyst (which gauges one’s knowledge configuring and monitoring intrusion detection systems), Certified Incident Handler (which confirms the candidate’s ability to manage incidents and attacks) and Certified Forensics Analyst (which measures one’s ability to effective manage formal forensic investigations).

Security Certified Program–SCNP

The Security Certified Network Professional (SCNP) certification is maintained by the Security Certified Program (SCP). SCP develops and maintains its vendor-neutral certifications with the goal of awarding accreditations that measure real-world security skills.

In order to sit for the SCNP exam, candidates must first earn Security Certified Network Specialist (SCNS) standing. SCNS certification requires than an IT professional pass the organization’s Tactical Perimeter Defense (TPD) exam that tests network defense fundamentals, advanced TCP/IP use, configuring routers and access control lists, firewall and VPN design and configuration and intrusion detection system administration.

To earn SCNP accreditation, candidates must pass the Strategic Infrastructure Security (SIS) exam. The SIS test measures candidate’s understanding of cryptography, Linux and Windows hardening, ethical hacking, risk analysis, security policies and other facets of Inernet security. Recertification is required every two years.

Summary

As with any certification, these security certifications provide baseline measurements of an individual’s knowledge, skills and expertise. IT certifications should not be interpreted as indicating the holder mastered each of the technologies covered, as even veterans boasting years of field experience rarely master every facet of a specific discipline.

Acer Ferrari 5000 Arrived

tarak4v — Tue, 03 Jul 2007 08:31:00 +0000

Acer’s tie up with Ferrari has proved very fruitful for the computer company and presumably also for the car company, since they’ve just repeated the exercise with a new pair of style-rich notebooks. The top-end machine, reviewed here, is the Ferrari 5000, and will set you back just under £1,700. It needs more than a couple of red flashes to justify that price tag.

It’s a big machine; think plastic document wallet and add a centimeter all round to get to its footprint on the desk. It’s dressed in a lightweight carbon-fiber case, in glossy black with a thin Ferrari-red stripe on the lid and in flashes down both sides.

Open it up and there’s a swiveling Web-cam along the top edge of the lid and a keyboard laid out in a shallow crescent below – that should make typing easier on your wrists. In front of that is a wide-angle touchpad and mouse buttons, but if you don’t like touchpads, you can use the bundled, Ferrari-liveried, Bluetooth optical mouse instead.

A quick trip around the edges of the machine reveals a letterbox-style DVD rewriter, a PC Card slot and sockets for Ethernet, modem, audio, Firewire and four USB 2 slots. There are also more specialist sockets, like an HDMI for HD video and a multi-format memory card slot. The machine’s equipped with Wi-Fi, Bluetooth and infra-red, and bundled with the laptop is a Bluetooth PC Card to enable VoIP calls from any Bluetooth mobile.

The hardware spec is just as impressive. Starting with an AMD Turion 64 X2, a dual-core 64-bit chip running at 2GHz, it adds 2GB of main memory with another 256MB attached to the ATI Mobility Radeon X1600 graphics processor. There’s a 160GB SATA hard drive inside and a hunky Lithium-Ion battery which runs the whole thing for three and a half hours and recharges in two.

Running 3DMark 2006 at a screen resolution of 1,280 x 1,024 returned 2,091, a very respectable score for a notebook, though at this resolution some of the game segment frame-rates dropped below 5fps, which isn’t so good. Although the native resolution of the 15.4-inch screen is an impressively wide 1,680 x 1,050 pixels, it may be as well to play resource-intensive games at 1,024 x 768.

The only other negative is a distinct swish from the cooling fans, even when the machine is lying idle. Probably not enough to get you ejected from a library, but audible in a home office and even in quiet scenes in movies.

Talking of sounds, the small, twin speaker apertures in the front edge of the machine do a surprisingly good job of reproducing music and soundtracks. While there’s little bass to speak of, middle and treble frequencies are comparatively clear and precise.

Web 2.0

tarak4v — Fri, 18 May 2007 17:20:00 +0000

Web 2.0, Part 2: Serious Business Tool or Silly Waste of Time?

By Erika Morphy
E-Commerce Times
Part of the ECT News Network
04/25/07 4:00 AM PT

“Web 2.0 is about service providers exposing their business services on the Web — bringing them together in a common view for the employee and under a common management umbrella for the corporation,” says Rearden Commerce CEO Patrick Grady. “Web 2.0 is Web 1.0 for dummies,” counters Miki Dzugan of Rapport Online.

How do you suppose a professor of computer science and engineering might use Web 2.0 tools? Assisting students to manage an intramural sports league online is probably not the first thing that would come to mind. That, though, is exactly what Yannis Papakonstantinou, a professor at the University of California, San Diego, does.

He recently helped to launch a new application called app2u.org, which allows people to use their browser to build their own custom, interactive Web applications where they can collaborate and exchange information. All they have to know is what the Web interface will look like — back-end development is automatic.

“For example, one can easily build applications to track sales leads, manage employee recruiting and hiring — or set up intramural sports leagues,” Papakonstantinou told the E-Commerce Times.

As for his definition of “Web 2.0″: It “refers to Web-based services that emphasize online collaboration and information exchange by user communities.”

Different Themes, Definitions

Nailing down the meaning of “Web 2.0″ has proven to be an exercise in dealing with the unexpected. Part 1 of this two-part series offers definitions gleaned from an informal survey of tech and content executives. They touched upon such issues as community, personalization, customization and editorial control.

They mentioned the tools behind Web 2.0 as well. “Two of the hallmarks [of Web 2.0] are more fluid desktop-type interfaces and emphasizing online collaboration among users,” said Paddy McCobb, creative director for Boston-area branding and design studio Corey McPherson Nash.

To that end, he told the E-Commerce Times, a number of technologies are widely used, such as wikis, RSS (really simple syndication) feeds, Web APIs (application programming interfaces) and Ajax.

The execs surveyed also commented on the functionality these tools ultimately provide to end-users.

“Web 2.0 is about service providers exposing their business services on the Web — bringing them together in a common view for the employee and under a common management umbrella for the corporation,” Rearden Commerce CEO Patrick Grady told the E-Commerce Times.

“It’s a ‘best of both worlds’ scenario, where employees or customers have all the useful features in one place that they need to do their jobs more effectively and make smart choices,” he remarked, “but where the corporation still has the ability to control and manage what’s being offered.”

Gone are the days when you had to wait weeks or months for new features to be added into an application, Grady continued.

“It took Microsoft (Nasdaq: MSFT) more than five years to develop Vista, yet the software was already obsolete within weeks of delivery,” he claimed. “An advanced Web 2.0 architecture provides the opportunity to add or remove services and vendors on a fluid, real-time basis with just a few clicks of a mouse.”

Mind Candy?

The survey also brought out the lighter side of Web 2.0 — or, at least, indications that the term is becoming overused and overhyped.

“Web 2.0 is a waste of time,” contended Kevin Walker, CEO of SimpleTuition, which provides online tools to research, review and compare multiple loan options from a variety of lenders.

“More specifically, it’s about wasting time,” he told the E-Commerce Times. “A lot of people killing time watching inane videos. A lot of people killing time with dumb-dumb blog entries. A lot of people killing time complaining about their stay at some random Holiday Inn.”

It’s also about a modern look: “Oversized type in gray or gray-scale colors. Self-contained widgets that fancy up a site. User-generated ratings. Ajax platforms. These are the sorts of characteristics that just scream ’2.0,’” said Walker.

“I’m all for mind candy and the occasional rant from some random person, but life’s too short,” he complained. “Let’s move on to Web 3.0 — where entrepreneurs and techie creatives and the press and consumers focus on ways to conduct business online that is productive, not a waste of time.”

Miki Dzugan of Rapport Online was only slightly less harsh. “Ever since the term was coined, I’ve been inclined to say, ‘Web 2.0 is Web 1.0 for dummies,’” she told the E-Commerce Times.

The first Web sites included discussion groups and personal journals known as “Web logs,” she explained. Then came corporate Web sites and advertising agencies — all with print or broadcast media background trying to run the Web like a broadcast medium.

“They fell on their butts, and the Internet boom turned to bust,” Dzugan wryly observed.

“With more broadband capability, bigger PC capacities and better tools for content management [such as] blog software and photo/video sharing tools, online sharing is bigger than ever. Agencies have finally discovered this ‘new’ idea that the Web is a place for consumer-generated content, and they call it ‘Web 2.0,’” she said.

“Maybe someday soon they will discover that advertising that is consistent with how a Web site is being used is more effective than the print or TV-style interruption advertising. They’ll probably call that ‘Web 3.0.’”

The term is becoming grossly overused, agreed Tim Shisler, a marketing executive based in Los Gatos, Calif. — and who better to know? He can’t resist taking pot shots at the worst cliches.

“Web 2.0 is the phenomenon where everyone thinks they are important, sorority girls post picture of themselves in thongs, high school boys take bong hits out of Apples on YouTube , and kids are stupid enough to ‘fall in love’ with Imreally13 on AIM,” Shisler sneered.

On second thought, professor Papakonstantinou’s online intramural soccer team sounds like a perfectly sober example of Web 2.0 at work.

Malware News

tarak4v — Fri, 18 May 2007 16:59:00 +0000

Net’s Malware Infection: Growing by 5,000 Sites Per Day

By John P. Mello Jr.
TechNewsWorld
05/18/07 4:00 AM PT

Just how pervasive the problem of malware has become was revealed in a study released at the HotBots conference held in Cambridge, Mass., last month. One out of every 10 sites on the Web, the research found, is infected with “drive-by” malware — malware that automatically installs itself on a computer when it visits a site.

With e-mail’s value as a malware delivery agent on the decline, writers of malicious software have boosted their efforts to infect Web sites with their nasty payloads.

Thousands of malicious Web sites are created on a daily basis to steal information from unsuspecting visitors or plant insidious software on their computers without their knowledge, according to security experts interviewed by TechNewsWorld.

On average, 5,000 new malicious Web sites are created daily on the Internet, estimated Ron O’Brien, a senior security analyst in the Burlington, Mass., offices of Sophos , an international network security company. That number hit a peak of 8,000 in April, he added.

Infected E-Mails Dropping

In the past, malware mongers could count on e-mail attachments to deliver their electronic effluent to their victims, O’Brien explained, but as users became wiser to the ways of the spam artists, that method’s virility shriveled.

A year ago, he recalled, one out of every 40 e-mails traveling through the Internet contained a virus; now that number is one in 300.

“The malware writers, in order to increase their rate of success, have taken to putting URLs in their spam because you’re much more likely to click on a link to a Web site than you are to click on an attachment,” he explained.

“So as a method of delivery,” he added, “e-mail infected with viruses are down, but it has been replaced by e-mails that contain links to Web sites that are hosting malicious content.”

The 10 Percent Problem

Just how pervasive the problem has become was revealed in a study released at the HotBots conference held in Cambridge, Mass., last month.

One out of every 10 sites on the Web, the research found, is infected with “drive-by” malware — malware that automatically installs itself on a computer when it visits a site. The study was conducted by Google (Nasdaq: GOOG) researchers Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang and Nagendra Modadugu.

Of some 4.5 million URLs analyzed by the researchers, about 450,000, or 10 percent, were engaging in drive-by downloads.

Hype Factor

While the number of infected Web sites is high, that doesn’t mean Net surfers should put their surfboards in the closet, asserted Randy Abrams, director of technical education at antivirus software maker ESET in San Diego, Calif.

“That one-out-of-10 doesn’t mean one out of 10 sites that the average user is likely to encounter,” he explained. “Oftentimes, the only way you’re going to find one of these sites is by clicking a link in a spam or getting redirected from a questionable Web site.

“If the only way you can get to a site is by clicking a link in a spam for Viagra,” he argued, “people with spam blocking never see that, people who delete their spam never see that, so there’s a ton of sites with malicious code on them that most people are never going to see.

“There’s a definite hype factor in that 10 percent number,” he added.

However, he acknowledged that malicious Web sites can be a huge headache when they’re linked to high-traffic sites, like the Super Bowl Web site.

Show Me the Money

It shouldn’t be surprising that information highwaymen are turning to infected Web sites as distribution points for their banditry, observed David Marcus, security research and communications manager for McAfee Avert Labs.

“Most people start off their computer usage in some way, shape or form with a Google search or some kind of Internet session,” he explained.

“They’re doing more research online, they’re doing more searching online, they’re doing more transactional buying online,” he continued. “When you consider that, it only makes sense for the malware writer to leverage that kind of behavior to push out their malware.

“Malware follows money,” he added, “and where there’s money to be made or transactions, credit card numbers or identities to be stolen, there’s going to be malware.”