For not having written any visual basic code in about a year, the transition from C# back to VB has been a slightly rough one. I noticed an endless barrage of squiggly lines indicating syntax errors have plagued my code. VB's compile-time syntax checking in Visual Studio didn't help either. It let me be even more aware of my failure to comply with VB's rules.
The biggest offender was in my variable declaration. Yes! In the variable declaration! I shall declare all my variables with a Dim.
I shall declare all my variables with a Dim.
I shall declare all my variables with a Dim.
I shall declare all my variables with a Dim.
I shall declare all my variables with a Dim.
I shall declare all my variables with a Dim.
All your base are belong to us.
The point here is, like that of spoken languages, computer languages too need to be learned and perpetually practiced. Just like that violin you quit playing the moment you got accepted to a good university. Don't neglect it or you may never get it back.
Ok, that's being overly dramatic. Fine. But, honestly, going from language to language is more of a nuisance than anything else unless you program in all of them everyday. I quickly got over the Dim thing. I got used to the absence of the symbols in the beloved C-Style language: { } [ ] ; . I didn't like the fact that I had to google everything from "VB ternary operators" to "VB linq to sql examples." I'm pretty good with Linq in C#, but in VB it seems so foreign to me. Man, I wish I saved my search history. But, in the end everything got done... with a 30% drop in productivity. Just kidding.
As for the long standing C# vs VB debate, here's my view. Who cares? For those of you who share the same passion as I do, we can have a language preference but that doesn't mean should refuse to work on projects written in a different languages. Besides the fact that we might get fired, it's just not right. We programmers are taught to learn to how learn. Our programming languages course showed us how to adapt to other languages. Where's the fun in exploring new ways to the do same thing? So what if C# developers get paid more than their VB counterparts on average? Wait, I do.
12.18.2009
12.16.2009
Backpropagation in Neural Networks
Backpropagation is a form of Supervised Training which teaches a Neural Network how to work and operate. The training is done prior to using the network and works only for feed-forward networks. There are many other ways to train a Neural Network, even in unsupervised ways, but Backpropagation is a widely popular training method because of its "learn by example" applicability in many real world cases. This kind of network operates on the premise that given an input, it will produce the known and "correct" output. This is analogous to training a cell phone to recognize your voice and how you pronounce certain words. So you can train a network with inputs and what their corresponding outputs should be. You can't train a network, however, to decipher what your cat's mood is at any given point. Maybe someday?
Let's look into the well known XOR example. We all know what this is right? The bitwise Exclusive Or produces a known and correct output given two inputs as shown below. Download the source code / demo for the Exclusive OR (XOR) problem.
-For each input-output pattern
Let's look into the well known XOR example. We all know what this is right? The bitwise Exclusive Or produces a known and correct output given two inputs as shown below. Download the source code / demo for the Exclusive OR (XOR) problem.
Input data Output data
(1, 1) (0)
(1, 0) (1)
(0, 1) (1)
(0, 0) (0)
In Neural Networks, neurons have weighted inputs, activation function and an output. The input layer in this example has two elements (one for each bit). The hidden layer calculates values based on the forumula: f(Sum(inputs * weight)). The weight here is initialized to small random values, let's say between -1 to 1, with a mean of 0. This produces an output value and since we know what the expected output value is, we calculate this difference and call it the error. Then, this error is backpropagated to the hidden layer and the input layer where by the weights are adjusted so that each time the same input pattern is presented to the network, the output will be a little closer to the expected output. The goal of training is to minimize this error a little bit during each iteration, aka epoch. Here's a snippet from my powerpoint presentation that sums this process up. -For each input-output pattern
–Evaluate output
–Calculate the error between output and expected output
–Adjust weights in the output layer
*Do the same for the hidden layer(s)
You're probably asking the question - why do we need a Neural Network to give us the answer of an XOR operation. We don't. It is for theoretical and teaching purposes. Now, the real uses of this is technique is widely seen in the AI of video games. Here is a statement that caught my eye when researching this topic.An agent was trained in Quake III by to collect items, engage in combat, and navigate a map. The controller was a neural network that learned by backpropagation on pre-recorded demos of human players, using the player’s weapon information and location as inputs.*From Backpropagation without Human Supervision for Visual Control in Quake II by Matt Parker and Bobby D. Bryant
11.04.2009
malloc vs calloc vs realloc
char* malloc(sizeOf)
Returns a pointer in the heap with the specified size. One major difference is that it does not initialize the memory.
char* calloc(numElements, sizeOfElement)
Returns a pointer in the heap with the specified size for a number of elements - usually for an array.
char* realloc(ptr, newSize)
Returns a pointer in the heap after growing or shrinking a block a memory that was allocated by using malloc, calloc or realloc.
void free(ptr)
No return value. Deallocates memory previous allocated by malloc, calloc or realloc. ptr is unchanged.
11.03.2009
Processes do not share Global Variables
In the C code above, what are the values at line 13 and 18?
At line 13, the value is 30.
At line 18, the value is 10.
Why is this you ask? It's because the fork system call produces a new child process which does not share global variables with its parent process. Each process has its own code section and the data region. The run-time stack is copied for each process, thus they are not the same variable. Threads, on the other hand, do share global variables. Great. Now you tell me.
Can you think of a way to get around this limitation?
10.21.2009
File transfer using SFTP in C#
Before we delve into how we accomplish this, let's first find some common ground on what S-F-T-P means. In wikipedia, you'll get a longer than expected list of links for this acronym. The technology we want to utilize is SSH File Transfer Protocol. It is alternately known as Secure File Transfer Protocol, but to avoid confusion (hopefully) we will refer to it as SFTP henceforth. Please don't get it confused with "FTP over SSH" as it is a completely different protocol. SFTP runs on TCP port 22, the port commonly used for Secure Shell - SSH. "FTP over SSH" uses the standard TCP ports 20/21.
At this point, your boss asks you to send a file over to a vendor's [S]FTP server. After you do some research and figure out that he really means SSH File Transfer Protocol, the battle is half won. You can simply send that file using most ftp programs available. I had no idea. I personally use CoreFTP and was pleasantly surprised to find a nice little SSH/SFTP checkbox in the bottom right corner of the connection screen.
Now you want an api. SharpSSH is such a library that does SFTP along with a host of other things. Download demos and source files here.
Here is how simple it is to encrypt a file by using PGP. I decided to go with the open source route. Gnu Privacy Guard provides a simple wrapper class that makes it easy to encrypt/decrypt messages:
StreamReader reader = new StreamReader(readFromFile);
StreamWriter writer = new StreamWriter(writeToFile);
string output = "";
// Begin encryption
GnuPGWrapper wrapper = new GnuPGWrapper();
wrapper.homedirectory = "C:\\gnupg";
wrapper.passphrase = "";
wrapper.originator = "";
wrapper.recipient = "blah@blah.com";
wrapper.command = Commands.Encrypt;
wrapper.verbose = VerboseLevel.VeryVerbose;
wrapper.ExecuteCommand(reader.ReadToEnd(), out output);
writer.Write(output);
At this point, your boss asks you to send a file over to a vendor's [S]FTP server. After you do some research and figure out that he really means SSH File Transfer Protocol, the battle is half won. You can simply send that file using most ftp programs available. I had no idea. I personally use CoreFTP and was pleasantly surprised to find a nice little SSH/SFTP checkbox in the bottom right corner of the connection screen.
Now you want an api. SharpSSH is such a library that does SFTP along with a host of other things. Download demos and source files here.
Here is how simple it is to encrypt a file by using PGP. I decided to go with the open source route. Gnu Privacy Guard provides a simple wrapper class that makes it easy to encrypt/decrypt messages:
StreamReader reader = new StreamReader(readFromFile);
StreamWriter writer = new StreamWriter(writeToFile);
string output = "";
// Begin encryption
GnuPGWrapper wrapper = new GnuPGWrapper();
wrapper.homedirectory = "C:\\gnupg";
wrapper.passphrase = "";
wrapper.originator = "";
wrapper.recipient = "blah@blah.com";
wrapper.command = Commands.Encrypt;
wrapper.verbose = VerboseLevel.VeryVerbose;
wrapper.ExecuteCommand(reader.ReadToEnd(), out output);
writer.Write(output);
8.12.2009
Video Game Programming
The following is a description of one of the courses I will be taking in my final semester of graduate school.
CMP 717: Video Game Programming. 4 hours, 4 credits.Notice the text in bold. I can't wait....
General game architecture, asynchronous input, animated sprites, action oriented a.i., collision detection, scrolling, sound clips, 3D Graphics. Student projects involving development of several video games, both individually and in teams.
PREREQ: CMP 338 and a strong foundation in object oriented programming techniques.
COREQ: MAT 226
NOTE: Students should expect to devote a great deal of time working both individually and in teams to produce several video games written in Java. This is a “Programming Intensive” course.
7.06.2009
Stop H*Commerce
Stop H*Commerce. Go there. Please.
It's a documentary revealing the business of hacking. It gives an inside look into the lives of a white-hat hacker and a victim of the Nigerian email scam. You know, the one about a lawyer or banker having no way of transferring a large sum of money and he needs YOUR help. This scam is also known as the 419 scam whose name four-one-nine was given from the Nigerian penal code for scamming.
H*commerce (Hacker Commerce) is a term coined for an industry unlike any industry that happens all around the world. The people involved are hackers and thieves and what they trade is your data. It can be anything, but the most popular item on the black market menu is called the "dump" - the data on the magnetic strip on the back of credit cards. Read all about it here.
It's a documentary revealing the business of hacking. It gives an inside look into the lives of a white-hat hacker and a victim of the Nigerian email scam. You know, the one about a lawyer or banker having no way of transferring a large sum of money and he needs YOUR help. This scam is also known as the 419 scam whose name four-one-nine was given from the Nigerian penal code for scamming.
H*commerce (Hacker Commerce) is a term coined for an industry unlike any industry that happens all around the world. The people involved are hackers and thieves and what they trade is your data. It can be anything, but the most popular item on the black market menu is called the "dump" - the data on the magnetic strip on the back of credit cards. Read all about it here.
6.30.2009
Cookie Poisoning
I wanted to talk a little bit more about Cookie Poisoning as it is something that a lot of people seem to be interested in. Basically, a cookie saves information on the client's machines that websites want to store. Typically, they would store a session id - essentially a unique identifier.
A typical Amazon Cookie.
Cookies can store other information as well. "Other information" may be as harmless as a user name that your favorite website remembers so you don't have it type it in every time you login. It can also be non-trivial like an account number, shopping cart total, social security number and any other personal information. I wish this wasn't the case, but I'm sure there are some websites that do this. The problem does not stop here. Anyone can edit a cookie and change their shopping cart total. Who wouldn't want to buy a brand new TV for a hundred bucks? Wouldn't you also get the store warranty that they always try to sell you but no one buys?
How to edit cookies? Download and install Add N Edit Cookies (a Firefox Add-on).
There are a number of ways to protect yourselves from this vulnerability.
A typical Amazon Cookie. Cookies can store other information as well. "Other information" may be as harmless as a user name that your favorite website remembers so you don't have it type it in every time you login. It can also be non-trivial like an account number, shopping cart total, social security number and any other personal information. I wish this wasn't the case, but I'm sure there are some websites that do this. The problem does not stop here. Anyone can edit a cookie and change their shopping cart total. Who wouldn't want to buy a brand new TV for a hundred bucks? Wouldn't you also get the store warranty that they always try to sell you but no one buys?
How to edit cookies? Download and install Add N Edit Cookies (a Firefox Add-on).
There are a number of ways to protect yourselves from this vulnerability.
- Do not save sensitive information in cookies.
- Try to utilize server side sessions where possible.
- Encrypt your cookie data.
- Set an expiration that makes sense.
6.29.2009
A Malware Story
Pedro Bueno of McAfee makes a thought provoking statement, "I don’t really know which is worse: a dumb or a smart malware writer" in his blog post. Apparently, a variant of the PWS-Banker trojan was written by a "dumb malware writer." The trojan steals the usual gamut of banking information using the popular cookie poisoning exploit and sends it to a remote SQL database. However, the credentials for that database were hard-coded in the malware for everyone to see. What are the implications of this? Disaster. Any fellow evil-minded script kiddie could get theirs hands on bank account, user name and passwords and sell it out on the market. IT'S PAYDAY. Until, of course, you get caught.
6.17.2009
Orphaned Users in SQL Server
It happens all the time - orphaned users. Often times you are required to restore a database for testing purposes and you go back to your land of semicolons, butterflies and ponies and all of a sudden BAM: Login failed for user 'dbuser'.
In SQL Server, Database Users and Server Logins are two different entities. Users are associated to the database level, and logins are associated to the Server level. Every User must be mapped to a Login. Otherwise, you get a dreaded orphan.
In SQL Server 2008, run sp_change_users_login @Action='REPORT' to detected orphaned records. I actually just ran this and there are three orphaned users in one of my databases right now. Slacker!
To resolve an orphaned user, run sp_change_users_login @Action='update_one', @UserNamePattern='DatabaseUserName',
@LoginName='ServerLoginName';
And there you have it. Happily reunited.
In SQL Server, Database Users and Server Logins are two different entities. Users are associated to the database level, and logins are associated to the Server level. Every User must be mapped to a Login. Otherwise, you get a dreaded orphan.
In SQL Server 2008, run sp_change_users_login @Action='REPORT' to detected orphaned records. I actually just ran this and there are three orphaned users in one of my databases right now. Slacker!
To resolve an orphaned user, run sp_change_users_login @Action='update_one', @UserNamePattern='DatabaseUserName',
@LoginName='ServerLoginName';
And there you have it. Happily reunited.
6.11.2009
My Stackoverflow Flair
This is my stackoverflow flair. It isn't much by any means. It pales in comparison with others on the site by wide margins. To give you an idea, the leading user at the time of this writing is John Skeet with 68.5k reputation score. It's not like he's had an unfair advantage besides the obvious intellectual one. He's been a member of the site for 8 months. I've been a member for 10. Anyone that is a part of stackoverflow will know the mental fortitude necessary to stay atop the leaderboard. A hat tip goes out to you John Skeet.
6.10.2009
IIS7 SEO Toolkit (Beta Release)
There exists a subgroup of people that specializes in SEO to make websites more search engine "friendly." They probably make a ton of money doing so. I, for one, do not belong to this group, do not plan on joining anytime soon and certainly do not make a ton of money.
For those of you who, like myself, find the SEO chore a bit outside of your interest, there is a reprieve. The beta release of the Search Engine Optimization Toolkit for IIS7 was announced last week (06/03/2009). Scott Gu has an exhaustive blog post about it here as he usually does.
*Note - the site being analyzed does not have an IIS7 server dependency. Feel run to run remotely on any website.
For those of you who, like myself, find the SEO chore a bit outside of your interest, there is a reprieve. The beta release of the Search Engine Optimization Toolkit for IIS7 was announced last week (06/03/2009). Scott Gu has an exhaustive blog post about it here as he usually does.
*Note - the site being analyzed does not have an IIS7 server dependency. Feel run to run remotely on any website.
6.09.2009
SQL Injection - What is it?
SQL Injection is essentially user input, in the form of SQL code, that is executed on the database server. The lab demonstrated here shows that by injecting ' or '1'='1 into the password field, the attacker gains access into the website without any credentials. This is because the program code executes the SQL statement embedded with the attacker's input. The result is the following: SELECT * FROM tblUsers WHERE UserName = 'any arbitrary text' And Password = ' ' or '1'='1', which will always be true allowing the attacker to gain access. The security implications are huge once exploited.
The website created for demonstration of this lab queries the users table to verify the username and password to grant or restrict access. Performing the exploit outlined above actually returns the first row in this table, which happens to be the site administrator account. If the website had administration functionality built in, e.g., creating users, the attacker would have full access to it. Similarly, if the account under which the SQL is executed has sufficient read/write access to the database, the attacker would be able to inject a drop table command to cause data loss, 1'; DROP TABLE tblUsers. There are a number of ingenious ways to exploit this further.
Fortunately, prevention of SQL Injection attacks is pretty easy and straight forward. A few ways are to use parameterized statements, user input limitation and user input validation. In our specific example, we could use Linq to prevent these types of attacks. Acting as an object relational mapper, Linq creates data classes for each table, view, stored procedures and more. Linq executes SQL parameterizing all user input making it invulnerable to this type of attack. Review the program code in default.aspx.cs file provided. The SQLInjectionProtected() method demonstrates how Linq could be implemented.
Download the source code here: SQLInjectionWebsite.zip.
Download the source code here: SQLInjectionWebsite.zip.
Asp.net 2.0 (Web Framework)
.NET Framework 3.5
C# (Programming Language)
IIS 6 (Web Server)
MS Sql Server 2005 (Database)
.NET Framework 3.5
C# (Programming Language)
IIS 6 (Web Server)
MS Sql Server 2005 (Database)
5.15.2009
My love for RSS
If you are a computer programmer, software engineer, web developer, systems architect or vice president of anything in technology, you should know what RSS is and use it everyday. I would even go so far to say that if you are breathing, can see, and are able use at least a one-button mouse, then you should be using RSS. Trust me, it's really simple.
The following is a list of blogs that I follow. This is my personal list. Please don't confuse it with anything other than that. In no way do I endorse the opinions or viewpoints of these blogs. My lawyer told me to include that. Feel free to pop the urls into your RSS reader and start running.
For technologists, it's important for us to continually learn in an ever-changing technical world just as any CPA would have to keep up with the latest tax loopholes in an effort to keep his client from short selling his $1.5 million yacht. I mean, hey, it's tough times these days. But seriously, how do you keep up with the latest programming languages, frameworks, and any other arbitrary acronym without RSS?
The following is a list of blogs that I follow. This is my personal list. Please don't confuse it with anything other than that. In no way do I endorse the opinions or viewpoints of these blogs. My lawyer told me to include that. Feel free to pop the urls into your RSS reader and start running.
For technologists, it's important for us to continually learn in an ever-changing technical world just as any CPA would have to keep up with the latest tax loopholes in an effort to keep his client from short selling his $1.5 million yacht. I mean, hey, it's tough times these days. But seriously, how do you keep up with the latest programming languages, frameworks, and any other arbitrary acronym without RSS?
5.14.2009
Beginner & Advanced Unix/Linux
For a beginner's guide to Unix/Linux, take a look the UNIX Tutorial for Beginners. It covers everything you need to know to get started, e.g., files, directories, file security (access rights), processes and jobs, and the Makefile. It even has pictures! This is the perfect primer for the brand new computer science student, or even for the Windows guru who has had no exposure to the o/s. Make sure to bookmark it for future reference, people!
CodeSourcery, a proponent of open-source software, created Advanced Linux Programming published by New Riders Publishing. From experience, when any type of publication has "Advanced" in the title, it usually means business. And yes, this business does deliver 24/7. When a book can show me when and how to write an inline assembly instruction, that's when I go home and cry to mom. If you're a language head, and want to know more about processes, threads, and system calls, this just might be what you are looking for. It certainly is priced perfectly. For those of you interesting in security in operating systems, Chapter 10 discusses Buffer Overruns and Race Conditions.
CodeSourcery, a proponent of open-source software, created Advanced Linux Programming published by New Riders Publishing. From experience, when any type of publication has "Advanced" in the title, it usually means business. And yes, this business does deliver 24/7. When a book can show me when and how to write an inline assembly instruction, that's when I go home and cry to mom. If you're a language head, and want to know more about processes, threads, and system calls, this just might be what you are looking for. It certainly is priced perfectly. For those of you interesting in security in operating systems, Chapter 10 discusses Buffer Overruns and Race Conditions.
5.13.2009
Affine Cipher written in C#
The following code written in C# encrypts and decrypts using the Affine Cipher. For more information, check out Making, Breaking Codes by Paul Garrett. All questions/comments are always appreciated.
///
/// This function takes plain text and encrypts it using the Affine Cipher
/// e(x) = (ax + b)(mod m). Note: a & m should be coprime.
///
public static string AffineEncrypt(string plainText, int a, int b)
{
string cipherText = "";
// Put Plain Text (all capitals) into Character Array
char[] chars = plainText.ToUpper().ToCharArray();
// Compute e(x) = (ax + b)(mod m) for every character in the Plain Text
foreach (char c in chars)
{
int x = Convert.ToInt32(c - 65);
cipherText += Convert.ToChar((( a * x + b ) % 26) + 65);
}
return cipherText;
}
///
/// This function takes cipher text and decrypts it using the Affine Cipher
/// d(x) = aInverse * (e(x) − b)(mod m).
///
public static string AffineDecrypt(string cipherText, int a, int b)
{
string plainText = "";
// Get Multiplicative Inverse of a
int aInverse = MultiplicativeInverse(a);
// Put Cipher Text (all capitals) into Character Array
char[] chars = cipherText.ToUpper().ToCharArray();
// Computer d(x) = aInverse * (e(x) − b)(mod m)
foreach (char c in chars)
{
int x = Convert.ToInt32(c - 65);
if (x - b < 0) x = Convert.ToInt32(x) + 26;
plainText += Convert.ToChar(((aInverse * (x - b)) % 26) + 65);
}
return plainText;
}
///
/// This functions returns the multiplicative inverse of integer a mod 26.
///
public static int MultiplicativeInverse(int a)
{
for (int x = 1; x < 27; x++)
{
if ((a * x) % 26 == 1)
return x;
}
throw new Exception("No multiplicative inverse found!");
}
///
/// This function takes plain text and encrypts it using the Affine Cipher
/// e(x) = (ax + b)(mod m). Note: a & m should be coprime.
///
public static string AffineEncrypt(string plainText, int a, int b)
{
string cipherText = "";
// Put Plain Text (all capitals) into Character Array
char[] chars = plainText.ToUpper().ToCharArray();
// Compute e(x) = (ax + b)(mod m) for every character in the Plain Text
foreach (char c in chars)
{
int x = Convert.ToInt32(c - 65);
cipherText += Convert.ToChar((( a * x + b ) % 26) + 65);
}
return cipherText;
}
///
/// This function takes cipher text and decrypts it using the Affine Cipher
/// d(x) = aInverse * (e(x) − b)(mod m).
///
public static string AffineDecrypt(string cipherText, int a, int b)
{
string plainText = "";
// Get Multiplicative Inverse of a
int aInverse = MultiplicativeInverse(a);
// Put Cipher Text (all capitals) into Character Array
char[] chars = cipherText.ToUpper().ToCharArray();
// Computer d(x) = aInverse * (e(x) − b)(mod m)
foreach (char c in chars)
{
int x = Convert.ToInt32(c - 65);
if (x - b < 0) x = Convert.ToInt32(x) + 26;
plainText += Convert.ToChar(((aInverse * (x - b)) % 26) + 65);
}
return plainText;
}
///
/// This functions returns the multiplicative inverse of integer a mod 26.
///
public static int MultiplicativeInverse(int a)
{
for (int x = 1; x < 27; x++)
{
if ((a * x) % 26 == 1)
return x;
}
throw new Exception("No multiplicative inverse found!");
}
Subscribe to:
Posts (Atom)