February 25, 2007


This (http://sports.espn.go.com/espn/page2/story?page=simmons/070223) is probably one of the funniest page 2 articles I’ve *EVER* seen.  (Courtesy of Mr. Bill Simmons of ESPN).


I didn’t know that F-minus-minus-minus, F-infinity-minus and G were real grades J


Go Wolves; KG Rocks!





February 18, 2007

Moving an SVN repository between machines

I thought this was a pretty nice, straightforward howto on migrating a
repository from one machine to another machine. I naively thought one
could just copy and paste the directories, heh heh.



February 16, 2007

Trust is *not* security

February 12, 2007 (Computerworld) -- In Lancaster, Pa., last week, the county coroner was brought to court in handcuffs. A grand jury indicted Dr. Gary Kirchner, charging him with giving out his account name and password for a county Web site that contained confidential police 911 information. What kind of information? Names of accident victims and police informants, medical conditions, witness accounts, autopsy reports and not-yet-substantiated accusations. The site was the access point for real-time data generated and used by firefighters, ambulance crews and other emergency responders.

And who did the coroner allegedly give his password to? Newspaper reporters. Now there’s a trusting user.”
The entire article can be found here: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=282376&source=NLT_SEC&nlid=38

- Clearly this guy should not have been giving out his login credentials to anyone (much less a member of the media, jeez).

- Where were the auditing procedures and detection? "...an IT staffer checked Web site logs and discovered that the site was accessed more than 50 times in two weeks from computers at a newspaper office". OK, logging was working, but if no one reviews the logs regularly, or notifications are not sent out for suspicious activity, the logs provide less value (they provided good forensic value once people realized there was a problem though).

- Thankfully "a reporter from a competing newspaper called the county to find out why he didn’t have access". Just think if this reporter didn't call; the security breach would still be going on....

This article again proves that the human element is typically the weakest when it comes to computer security. I’m betting they are going to make an example of this guy…


February 10, 2007

Alice & Bob

Things like patterns and best practices help out developers by promoting consistency and communication.  e.g.


In describing a piece of code to a fellow developer, which is easier to understand:

1)       I defined a family of algorithms, encapsulated each one as an object, and made them interchangeable

2)      “I used a Strategy Pattern” (http://en.wikipedia.org/wiki/Strategy_pattern)


Clearly #2 is easier to understand.  Not only did I use a tried-and-true coding technique (the pattern), but the term “Strategy Pattern” conveys special meaning and becomes part of the common language amongst developers.


In that same vein, the Security Community uses a common set of terms to represent characters in a system:  http://en.wikipedia.org/wiki/Characters_in_cryptography

.  The canonical example of this is: ‘Alice sends a message to Bob, but does not want Eve to read the message’.  When two security professionals sit down to discuss a scenario, this common verbiage raises the level and efficiency of communication.


Please read the ‘Characters in cryptography’ link and familiarize yourself with the characters.  I think these characters can have potential value in many developers day-to-day lives, just like design patterns already do.  Improving communication and developing a common set of terms will only help a team be more successful!









February 09, 2007

AT&T Pebble Beach National Pro-Am - Live@ 7

Golf season is here again (yea!).  For the last few years, PGA.com broadcasted Live from the 17th hole of Sawgrass (the island green).  This year, they have expanded their offering to 10 tournaments.  This week, at the Pebble Beach Pro-Am (Pebble Beach Golf Links) they are showing the par 3 7th, one of the most scenic, shortest/scariest holes on tour.


You can view the web cast here:  http://www.pgatour.com/tournaments/r005/liveat/#


Here is a link to the Google Map of the 7thhttp://tinyurl.com/3c54yf (the green is at the southern end of the peninsula in this picture)


Yesterday (2/8/2007) the pros were hitting knock-down 7 & 8 irons into this 115 yard hole (with a 32’ elevation drop) due to high winds and the back pin position…





February 07, 2007

New-old content

Apologies for any confusion the new posts (actually old posts from the soon-to-be-deprecated Magenic .Text blog).  I tried to preserve the content and the original post date/times…I’ve noticed that Outlook 2007 doesn’t handle the ATOM feed date/times appropriately…grrr…


Spring is almost here; so is Twin Cities Code Camp : Spring 2007

Mr. Bock (http://www.jasonbock.net) is organizing the 2nd Twin Cities Code Camp (http://www.twincitiescodecamp.com/TCCC/Spring2007/Sessions.aspx) on April 28th, 2007.

I’m very excited to do a session with Dan (check out his feed at http://feeds.feedburner.com/humanstuff). We’re going to tackle the newly released (December 2006) Web Service Software Factory for WCF put out by the Microsoft Patterns and Practices Group.

The 1st code camp was a great time; don’t miss this one! The .Net folks got along with the Ruby folks who got along with the Java folks - it was one big geek-love-fest (no, no, nothing dirty) :) Please register here:

Current sessions (75 minutes) and Chalk Talks (30 minutes) include:

-3D Construction Basics in WPF - Mike Hodnick
-CPU and Game Emulation Design - David Pinch
-Delegation and Kerberos in the Enterprise - David Baldauff
-Developing for Windows Vista using Visual Studio 2005 - Cory Smith
-Extending Microsoft Office 2007 as a Platform - Scott Yokiel
-If Darwin Could Write Code - Jake Good
-Inside the WCF Web Service Software Factory - Jeff Knutson and Dan Mork
-An Introduction to LINQ and the ADO.NET Entity Framework - Adam Grocholski
-An Introduction to PowerShell - Neil Iversen
-There Must be Fifty Ways to Unit Test your Software - Jon Stonecash
-What Ruby on Rails can Teach .NET Developers - Dan Mork and John Howes

Chalk Talks
-Beyond Orcas - Where is .NET Going? - Jason Bock
-SSIS Tips and Tricks - David Baldauff
-Web Part Development - Neil Iversen


January 21, 2007

Truth in advertising --or-- Archer Farms Margherita pizza dissapoints

Ok, I know frozen pizza is frozen pizza, but this is totally ridiculous. I LOVE margherita pizzas, but will *NEVER* buy this one again unless Archer Farms decides to improve the recipe and quality of this product.

Yeah, the picture and product really look close...

January 05, 2007

Post #100 - Protecting yourself (and your company)

Sadly, there are bad people out in the world and the virtual world. Many coffee shops and bars offer free (read:unencrypted) WiFi to their patrons. This service is very convienent and fun; hey, who wants to work in an office setting when you could be hoisting a frothy beverage (coffee or beer, your choice) in the comfortable setting with your laptop and a few friends???

The problem is, no one believes there is a bad person lurking at a coffee shop, just waiting for you to enter your domain username and password to access corporate email/intranet/eBay/PayPal/Hotmail/your bank...

Are you protecting yourself and your company? I ran across an article titled How to protect yourself at wireless hot spots which offers some simple tips and techniques on protecting your data. Here are the highlights from this article:

1. Disable ad-hoc mode -- PLEASE PLEASE do this; it is so simple and the cost of using ad-hoc mode far outweigh the benefits from a security standpoint.
2. File Sharing -- many people doen't even know much about this, so if you don't know how to use it, reduce your attack surface and TURN IT OFF! Even if you think you know how to use it, make sure you are only sharing what you intend to share with the world. I know, your mom always told you to share, but if she would have known about unencrypted WiFi, she would have put on the disclaimer!!! :)
3. Turn off network discovery (Vista only) - I have not fired up Vista yet, so I have nothing intelligent to add here....
4. Carry an encrypted USB flash drive - I like this one; I don't own one of these yet, but suspect I will be picking one up very soon; not so much for storing my OS on it, but strictly for data...
5. Protect yourself with a virtual private network - VPN == goodness; 'nuff said
6. Disable your wireless adapter - ok, this maybe is not a reality, but it *IS* a possibility
7. Watch out for shoulder surfers - The security mantra of "Social engineering trumps most security systems" applies here!

Happy new year and 'safe' surfing!!


Stock touting and a cute little HTML trick

Stock Touting

While reading an artcile about how stock-spammers make money (you know, the emails saying a particular stock is going to be hot), I followed the research link to a Harvard web page titled Spam Works: Evidence from Stock Touts and Corresponding Market Activity. I enjoyed playing with the stock simulator at the harvard site also which simulates the scenario from both spammer and spam recipient point-of-view. It is hard to believe that this kind of social engineering works, but the facts don't lie. :) The only thing I could even *remotely* consider doing on these would be to buy short!!!!!!

A cute little HTML trick

While reading the Harvard page, I noticed this text: "If the email addresses are unreadable, click here. They cannot be copied/pasted directly from this page." which naturally made me try to highlight the authors' email address and copy them. As advertised, it appeared to mangle the email address. After looking into it a bit more, I figured out the little trick: the web page author used a combination of the PRE tag along with a STYLE attribute. I'll show this below: first with no 'style' attribute so you can see the 'real' text and then with the style attribute of "line-height: 0px" to see the obfuscated text. (I will change the email addresses of the real authors to protect their addresses...). They used the 2 line technique, multiple lines also works (as shown below).


r b t p o m i . o
o o @ o k a l c m

Obfuscated (2 lines)

r b t p o m i . o
o o @ o k a l c m

Obfuscated (3 lines)

r o p k i c
o t o m l o
b @ o a . m


1. If spammers can't make money (by stock touting and every other nefarious ploy, they'll stop spamming.
2. Try out this fun little HTML trick! It should help slow down unsophisticated email collectors, and if nothing else, it is like a little parlour trick to impress your geeky friends :)


January 04, 2007

Not even PDFs are safe - Security hole in Acrobat Plugin

A plugin for Acrobat Reader has a major security hole, so please, please, please be careful and only open trusted PDFs for a while until a patch is available.

from: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9007051&source=NLT_SEC&nlid=38

"January 03, 2007 (IDG News Service) -- Security researchers are poring over what one vendor has called a "breathtaking" weakness in the Web browser plug-in for Adobe Systems Inc.'s Acrobat Reader program used to open files in the popular Portable Document Format. "

Browse safely!