tag:blogger.com,1999:blog-357133580588867642024-03-13T08:03:42.906-04:00jinsungy's blogYet another Microsoft programming blog. James Yoonhttp://www.blogger.com/profile/06051943010239952076noreply@blogger.comBlogger30125tag:blogger.com,1999:blog-35713358058886764.post-36538951456197490222018-07-17T21:19:00.001-04:002018-07-17T21:19:29.211-04:00Updating your EF models using Database First approach<span style="font-family: Open Sans, sans-serif;"><span style="background-color: #fafafa; font-size: 14px;">In the .Net Core world, updating your Entity Framework Core models from a Database First approach is not very obvious. It certainly wasn't obvious to me. In the not so distant past, the process of adding or updating a table involved dragging or selecting the objects onto a convenient little canvas. This is still available, I believe, in Entity Framework non core versions. </span></span><br />
<span style="font-family: Open Sans, sans-serif;"><span style="background-color: #fafafa; font-size: 14px;"><br /></span></span>
<span style="background-color: #fafafa; font-family: "Open Sans", sans-serif; font-size: 14px;">I find myself having to copy and paste this in to the Package Manager Console so often that I needed to put this somewhere easily retrievable - so here it is.</span><br />
<blockquote class="tr_bq">
<span style="background-color: #fafafa; font-family: "Open Sans", sans-serif; font-size: 14px;">Scaffold-DbContext "Data Source=Blah;Initial Catalog=DataBase;Trusted_Connection=True;" Microsoft.EntityFrameworkCore.SqlServer -force -OutputDir Models/DB</span></blockquote>
James Yoonhttp://www.blogger.com/profile/06051943010239952076noreply@blogger.com0tag:blogger.com,1999:blog-35713358058886764.post-63117385779779105252018-07-10T23:49:00.004-04:002018-07-17T21:01:28.325-04:00.Net Core 2.1 Install on IISWhen trying to install a .Net Core 2.1 web application, you will need the .Net Core hosting bundle. I found this out the hard way on a Tuesday night at ~11pm trying to deploy a web application. Follow the instructions here:<br />
<blockquote class="tr_bq">
Install the .NET Core Hosting Bundle<br />
Install the .NET Core Hosting Bundle on the hosting system. The bundle installs the .NET Core Runtime, .NET Core Library, and the <a href="https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/aspnet-core-module?view=aspnetcore-2.1">ASP.NET Core Module</a>. The module creates the reverse proxy between IIS and the Kestrel server. If the system doesn't have an Internet connection, obtain and install the <a href="https://www.microsoft.com/download/details.aspx?id=53840">Microsoft Visual C++ 2015 Redistributable</a> before installing the .NET Core Hosting Bundle.<br />
Navigate to the <a href="https://www.microsoft.com/net/download/all">.NET All Downloads page</a>.<br />
In the Runtime column of the table, select the latest non-preview .NET Core runtime from the list (X.Y Runtime (vX.Y.Z) downloads). The latest runtime has a Current label. Unless you intend to work with preview software, avoid a runtime with the word "preview" or "rc" (Release Candidate) in its link text.<br />
On the .NET Core runtime download page under Windows, select the Hosting Bundle Installer link to download the .NET Core Hosting Bundle installer.<br />
Run the installer on the server.<br />
Important! If the Hosting Bundle is installed before IIS, the bundle installation must be repaired. Run the Hosting Bundle installer again after installing IIS.<br />
To prevent the installer from installing x86 packages on an x64 OS, run the installer from an administrator command prompt with the switch OPT_NO_X86=1.</blockquote>
<div>
Source: https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/iis/index?view=aspnetcore-2.1&tabs=aspnetcore2x</div>
<div>
<br /></div>
<div>
Make sure you have the correct features and services installed...</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-nOnAfU1Ls_0/W0V-STfGJcI/AAAAAAAAiNY/kQvSWSL-fdkRQlcER0ZSr6menwhDEXADwCLcBGAs/s1600/IIS1.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="469" data-original-width="416" height="320" src="https://1.bp.blogspot.com/-nOnAfU1Ls_0/W0V-STfGJcI/AAAAAAAAiNY/kQvSWSL-fdkRQlcER0ZSr6menwhDEXADwCLcBGAs/s320/IIS1.PNG" width="283" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-05BaJEZbNAg/W0V-SQdl9LI/AAAAAAAAiNg/Poai0iVX0Kkh-qfPYDkdhvPy_4mGDOJewCLcBGAs/s1600/iis2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="478" data-original-width="670" height="228" src="https://1.bp.blogspot.com/-05BaJEZbNAg/W0V-SQdl9LI/AAAAAAAAiNg/Poai0iVX0Kkh-qfPYDkdhvPy_4mGDOJewCLcBGAs/s320/iis2.PNG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-BO7TtEtNq5E/W0V-SZDxq7I/AAAAAAAAiNc/fNEckJZkd34uuh54ZzKqc3ZeXhb53Z8oACLcBGAs/s1600/iis3.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="480" data-original-width="671" height="228" src="https://1.bp.blogspot.com/-BO7TtEtNq5E/W0V-SZDxq7I/AAAAAAAAiNc/fNEckJZkd34uuh54ZzKqc3ZeXhb53Z8oACLcBGAs/s320/iis3.PNG" width="320" /></a></div>
<div>
<br /></div>
James Yoonhttp://www.blogger.com/profile/06051943010239952076noreply@blogger.com0tag:blogger.com,1999:blog-35713358058886764.post-13384838576391634042016-05-31T18:07:00.000-04:002016-06-15T23:32:48.129-04:00Manually send HTTP requests using NetcatIn my last post, I talked about the importance of reviewing your web server's log files periodically for any unusual behavior. This is a good practice and should be implemented in your organization. In OWASP's <a href="https://www.owasp.org/index.php/Log_review_and_management">Log review and management</a>, they point out that the frequency "depends on the criticality (i.e. payment system, customer information, business secret, etc.) of the system labelled by the organization, logs could be reviewed ranging from minute, every day, weekly, monthly or even 3 months." Assessing your log management needs doesn't end here. Keep in mind that there are other considerations including but not limited to: the need for centralizing your log files, retention periods, and protection and integrity of log information. The latter can be done via a simple checksum to each log file to determine if the file has been tampered with in any way. Another consideration is to include log files in automatic backups and disaster recovery plans. How long you choose to keep these files is very important. Include all of these things in your organization's security policies. <br />
<div>
<br /></div>
<div>
Let's say you come across more than the usual number of requests coming in on Port 80 that should be coming in on the secured Port 443. You may become suspicious but more than likely if you forced your site to communicate over HTTPS then it's probably a few users who have bookmarked the HTTP url. If indeed the site is responding to those requests over HTTPS like it should, there should be no harm in that. But, it might be a good time to do some manual testing to be doubly sure. <br />
<div>
<br /></div>
<div>
The tool we want to use is <a href="https://en.wikipedia.org/wiki/Netcat">Netcat</a>. It is a network utility used for sending and receiving data from networked computers. You can transfer files, serve up a single web page, and send messages from one system to another. In our case we will be sending simple HTTP requests.<br />
<br />
It's history goes back as far as 1996. Although, I have some suspicions that it goes back further than that. The original Netcat and <a href="https://nmap.org/ncat/guide/index.html">today's Ncat</a> that we can download from <a href="https://nmap.org/download.html">here</a> is the same tool in the sense that it performs the same function but it doesn't share the same code base. The original included a port scanner. It wasn't included in Ncat because Nmap replaced it as the de facto tool.<br />
<br />
Let's Visit the <a href="https://nmap.org/download.html">download page</a> and install it for your system. If you're on windows like I am, open an command prompt and navigate to the folder. Type in the commands as shown in the following screen shot. It should be in the following format:<br />
<br />
nc [host] [port]<br />
[httpMethod] [url] [httpversion]<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-FeFu8qXJa4I/V04KpDMr6nI/AAAAAAAAXfc/B33tYodNWXs2kD3PAqvgKvzleckTX9KegCLcB/s1600/dos1.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://4.bp.blogspot.com/-FeFu8qXJa4I/V04KpDMr6nI/AAAAAAAAXfc/B33tYodNWXs2kD3PAqvgKvzleckTX9KegCLcB/s1600/dos1.PNG" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
You should get back the raw html from the requested page. How often will you use this? Probably not too often. But let's appreciate its simplicity. If you need to quick test some security settings, want to look at some raw JSON or do some testing and want to look through your log files quickly you can add in a custom User-Agent and CTRL-F for the value you put in there. Like so:<br />
<br />
nc yourdomain.com 80<br />
GET / HTTP/1.1<br />
User-Agent: blah<br />
<br />
Search for the term "blah" and you'll quickly find them in the log files. Or, set up a batch job in Log Parser Studio as mentioned in my <a href="http://jinsungy.blogspot.com/2016/04/review-your-web-servers-log-files.html">previous blog post</a> and view them there. There are many other things you can do with this tool. Let me know if you do anything cool with it. <br />
<br />
<br /></div>
</div>
James Yoonhttp://www.blogger.com/profile/06051943010239952076noreply@blogger.com0tag:blogger.com,1999:blog-35713358058886764.post-19323445257756518572016-04-29T22:56:00.000-04:002016-04-29T22:56:10.085-04:00Review your Web Server's log files!Let's face it. Viewing log files is not the most glamorous thing to do. If your company has a high-traffic web site, web server, API, or web anything, someone in your organization has got to do it. And chances are since you are reading this, then that person is probably going to be YOU. <br />
<br />
Web servers are configured to log URLs, just as cash registers are designed to spit out unnecessarily long receipts. Unfortunately, that is a sad reality. These receipts are a real problem. For our purposes though, these logs are an invaluable tool in preventing and analyzing attacks especially after the fact. In the case of IIS servers, <a href="https://www.iis.net/configreference/system.applicationhost/sites/sitedefaults/logfile">logging is turned on by default</a> capturing data in the <a href="https://www.w3.org/TR/WD-logfile">W3C format</a>. This applies to IIS7 and later. IIS logs the following fields under the W3C format, which should be sufficient enough but the option exists to log more. Bytes Sent and Bytes Received seem like good candidates depending on what/how your web applications transmit/receive data. <br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-lbt91RySuF8/VyOvcjnHCdI/AAAAAAAAXV4/Ya6j7jJ1VGwsLAmON7HPPI3CdRfutI2egCLcB/s1600/blog2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="https://3.bp.blogspot.com/-lbt91RySuF8/VyOvcjnHCdI/AAAAAAAAXV4/Ya6j7jJ1VGwsLAmON7HPPI3CdRfutI2egCLcB/s400/blog2.PNG" width="338" /></a></div>
<br />
<br />
This means you should wrangle these files, located <span style="background-color: white;"><span style="color: blue;">%SystemDrive%\inetpub\logs\LogFiles</span></span> by default, and review them periodically. That may be every hour, every day or every week - whatever makes sense to you and your organization. If you feel it's too infrequent, then it's time to change the very policies that exist to protect your company's data. However, it must be done. <br />
<br />
The good news is that you can do this pretty easily using a tool called <a href="https://gallery.technet.microsoft.com/Log-Parser-Studio-cd458765">Log Parser Studio</a>. It's an easy to use utility that has a number of pre-set queries to show, for example the Top 20 URLs requested. This may be nice for usage metric purposes but we are more concerned with errors and unusual behavior outside of two standard deviations. Look at the data and determine if anything seems suspicious and really look for the outliers. As the motto goes, if you see something, say something. <br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-zkVUpgdecmw/VyOrriXKvUI/AAAAAAAAXVs/MwxgkmddWe8AEu0OwwTazeuUti3NSO1xgCLcB/s1600/blog1.PNG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="280" src="https://3.bp.blogspot.com/-zkVUpgdecmw/VyOrriXKvUI/AAAAAAAAXVs/MwxgkmddWe8AEu0OwwTazeuUti3NSO1xgCLcB/s640/blog1.PNG" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Haven't reviewed logs before? Not a problem. I would suggest running a number of these pre-defined queries daily in a batch. That way, you can peruse over the data within a few minutes with a few button clicks. A few things you might want to look for in your logs: </div>
<div class="separator" style="clear: both; text-align: left;">
</div>
<ul>
<li>HTTP verbs used</li>
<li>GET Requests w/sensitive data</li>
<li>Requests sent over Port 80 that shouldn't have been </li>
</ul>
<div>
Long running queries, errors by error code and requests per hour are nice to see. A couple of things are more interesting here however. IIS: Top 20 HTTP Verbs shows us all the methods used. If you know you don't allow the PUT and DELETE methods but it shows up in the logs, something is wrong. Double check your IIS server for these settings. Better yet, disable all methods including PUT, DELETE, TRACE, CONNECT, OPTIONS and <b>only allow GET POST and HEAD</b>. This may vary from application to application so if you are unsure, ask someone. Also, if you see any GET requests being sent over with sensitive data in the query please take note of it. Furthermore, if you see requests coming in via the unsecured channel (Port 80) but those should be secured then this could be a client explicitly requesting HTTP instead of HTTPS. Determine if there is a pattern and investigate. And last but not least, a good practice might be to check the client IPs that are sending most of the requests. Do a quick search and see which area the requests are being made the most. If you are a local business or do most of your business in a confined geographical area and most of your requests are coming from China or North Korea, that would be a cause for concern. <br />
<br />
There are many other ways of dissecting this log data and attackers are only getting smarter. Revisit the strategy of review, data points and other markers that may be a warning sign for hackers. Do this every quarter to stay on top of this perpetual cat and mouse game.<br />
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
If you are looking for PCI DSS or HIPAA compliance, look into <a href="https://ossec.github.io/">OSSEC</a> - a host based IDS. It does a lot more than just log inspection, but that's something I will delve into next time. I will create a blog post on it in the near future so stay tuned. </div>
James Yoonhttp://www.blogger.com/profile/06051943010239952076noreply@blogger.com0tag:blogger.com,1999:blog-35713358058886764.post-23852025067051743772016-04-28T23:22:00.000-04:002016-04-29T21:42:00.005-04:00Which HTTP method, GET or POST, is more secure? How about over a secure connection (HTTPS)?There are many considerations when deciding to send either a HTTP GET or POST request when submitting form data. Some of those reasons may include: ease of use, allowing the use of the back and reload buttons on the browser, and etc. Some may implement solutions that use only one type or another exclusively. But, the main consideration that we will look into is security. <br />
<br />
We all know that when we send a GET request, the URL is visible to you and the person right next to you. Well of course that's insecure! In a POST request, the form data is sent as a block. What about GET and POST requests sent via HTTPS? Surely that's secure, right?<br />
<br />
Submitting data via POST is the <strike>more secure way</strike> less insecure way. The reasons are pretty simple. URLs are saved or transmitted in a least a couple places. 1) In the browser's history, 2) in the HTTP Referer field and 3) in the web server's log files. Attackers have at least these places to look for to get at the juicy URLs. <br />
<br />
How hard would it be to put a piece of malicious software on a USB stick around the office or better yet at various conferences and event halls with the label, "try our demo today?" Once ran, it can crawl your browser history and upload it periodically. How about another attack vector via the ad networks that will display an ad and log the referer, aka the last page that was visited by the user. And this URL can very well be that GET request with all kinds of query string information. Don't even get me started with CDNs and the danger of leaking your URLs when fetching images and javascript files with the referer info. Just about all webpages these days do this unless you specify this <a href="https://wiki.whatwg.org/wiki/Meta_referrer">meta element</a> in every page of your site: meta name="referrer" content="never". Of course, as of yet, not all browsers support this under HTML5. What's even worse is that most web servers keep logs of all URLs. And ever single URL can be potentially logged, whether it comes from a secured TCP connection or not.<br />
<br />
As a security minded developer, if you stick to this one rule your users and employers will thank you: Never send sensitive data using the GET method. Ask yourself this question the next time you are working on a web application: "Am I relying too heavily on passing data via the GET request and the query string?" If the answer is yes, choose POST. To help you remember, think of the POST OFFICE as being more secure because they package up your data as opposed to the GET OFFICE. :[James Yoonhttp://www.blogger.com/profile/06051943010239952076noreply@blogger.com0tag:blogger.com,1999:blog-35713358058886764.post-78714670803400187512013-08-08T13:14:00.000-04:002013-08-08T13:14:19.231-04:00How to add a program exception to Windows Firewall for SQL Server<h3 class="procedureSubHeading" style="color: #2a2a2a; font-family: 'Segoe UI', 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 1.386em; font-weight: normal; margin: 0px; padding-bottom: 5px; padding-top: 5px;">
<span style="font-size: 13px; line-height: 18px;">Every now and then when installing a new instance of SQL Server you may want to connect to it from other machines via Management Studio. Here are the instructions on how to do that. </span></h3>
<div>
<span style="font-size: 13px; line-height: 18px;"><br /></span></div>
<div>
<span style="font-size: 13px; line-height: 18px;">(</span><a href="http://technet.microsoft.com/en-us/library/cc646023.aspx">http://technet.microsoft.com/en-us/library/cc646023.aspx</a>)</div>
<h3 class="procedureSubHeading" style="color: #2a2a2a; font-family: 'Segoe UI', 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 1.386em; font-weight: normal; margin: 0px; padding-bottom: 5px; padding-top: 5px;">
To add a program exception to the firewall using the Windows Firewall item in Control Panel.</h3>
<div class="subSection" style="color: #2a2a2a; font-family: 'Segoe UI', 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 13px; line-height: 17px;">
<ol>
<li><div style="line-height: 18px; padding-bottom: 15px;">
On the <span class="label" style="font-weight: 700;">Exceptions</span> tab of the <span class="label" style="font-weight: 700;">Windows Firewall</span> item in Control Panel, click <span class="label" style="font-weight: 700;">Add a program</span>.</div>
</li>
<li><div style="line-height: 18px; padding-bottom: 15px;">
Browse to the location of the instance of SQL Server that you want to allow through the firewall, for example <strong>C:\Program Files\Microsoft SQL Server\MSSQL11.<instance_name>\MSSQL\Binn</instance_name></strong>, select <strong>sqlservr.exe</strong>, and then click <span class="label" style="font-weight: 700;">Open</span>.</div>
</li>
<li><div style="line-height: 18px; padding-bottom: 15px;">
Click OK.</div>
</li>
</ol>
</div>
James Yoonhttp://www.blogger.com/profile/06051943010239952076noreply@blogger.com0tag:blogger.com,1999:blog-35713358058886764.post-91539345036255396202011-02-28T11:48:00.000-05:002011-02-28T11:48:41.207-05:00My File Recovery Story<div>These days hard drive manufacturers are pushing the terabyte limits, so I thought this would be a good time to find a cheap backup solution for personal and business use at least for the interim. As already implied from reading the title of this post, I ended up losing data. But I learned far more than I ever expected. Here's my story.</div><div><br />
</div><div>I had just bought a shiny new <a href="http://www.newegg.com/Product/Product.aspx?Item=N82E16822148660&cm_re=seagate_goflex-_-22-148-660-_-Product">500GB external storage device</a> to be used as a central backup location. I figured it would be large enough to hold all my files from the various places: my home pc, an external hard drive enclosure, and 2 usb flash drives. So I have every device plugged into my pc and I started to move data to this new backup device. I have multiple explorer windows open and I see a flurry of dialog messages with the all familiar file-transfer animation. Everything is working just fine and after an hour or so it's all complete. Success. At this point, I was proud. I was responsible enough to be proactive in backup before an imminent hard drive failure occurred. <br />
<br />
The hdd enclosure was now reformatted to <a href="http://en.wikipedia.org/wiki/Ntfs">NTFS</a> and the usb drives to <a href="http://en.wikipedia.org/wiki/File_Allocation_Table#FAT32">FAT32</a>. (If you want to know why, read <a href="http://www.ntfs.com/ntfs_vs_fat.htm">here</a>) After a few seconds into the format of one of the flash drives, I had a deer in headlights uh-oh moment. I was formatting the one good backup that I had. Talk about failure. I quickly did what anyone else in that moment would have done - I pulled the cable. I used <a href="http://en.wikipedia.org/wiki/Diskpart">diskpart</a>, a DOS utility, but I had indicated the wrong drive to format. This was all in an attempt to create a bootable usb flash drive. Ok, enough of the excuses. It was all my own fault. <br />
<a href="http://en.wikipedia.org/wiki/Diskpart"></a><br />
<br />
Initially I didn't really worry too much because I knew a reformat, at least a quick one, didn't visit every cylinder of every head of every sector to do an erase. All it does is remove references to those files on disk I thought. So, I researched into several recovery products online. Here's a list of them:<br />
<ul><li>EASEUS - <a href="http://www.easeus.com/datarecoverywizardpro/">Data Recovery Wizard Professional V5.0.1</a></li>
<li>Gibson Research Corporation - <a href="http://www.grc.com/spinrite.htm">SpinRite 6.0</a></li>
<li>Piriform - <a href="http://www.piriform.com/recuva">Recuva</a> (Free)</li>
<li>GNU GPL - <a href="http://www.cgsecurity.org/wiki/PhotoRec">PhotoRec</a> (Free)</li>
<li>A few others</li>
</ul>As is the case with emergency data recovery, I was price insensitive to the cost of software. The only thing I wasn't willing to do was send it to a lab. The top two on the list are not free (all under $100), but the Data Recovery Wizard comes in a <a href="http://www.easeus.com/datarecoverywizard/free-data-recovery-software.htm">free edition</a>. The caveat is that you are limited to 1GB of data recovered. As far as time investment is concerned, let's just say you have to be very patient. A full scan using each of these products took anywhere between 5 and 8 hours. Remember, this is only a 5400 rpm 500 GB drive. Also, keep the drives well ventilated because the constant head movement will make this thing hotter than you ever want it to run. <br />
<br />
I ran each software at least twice just to be sure it got all my files. Unfortunately, none of them were able to recover everything in it's entirety because file names were lost. <br />
<br />
There are my findings:<br />
<br />
<b>Data Recovery Wizard Professional v5.0.1</b> - A very intuitive product. Great for the novice user. Free up to 1GB with the free edition. <br />
<br />
<b>SpinRite 6.0</b> - I was excited to use this product, but it couldn't even find my damaged disk drive. Somewhat of a disappointment. It is still, however, a great product. It just didn't help me in my situation here. <br />
<br />
<b>Recuva </b>- Another great product for the novice user. Recommended as it is free. <br />
<br />
<b>PhotoRec </b>- Open Source +1 (distributed under GNU General Public License). Please see the <a href="http://www.cgsecurity.org/wiki/File_Formats_Recovered_By_PhotoRec">list of file formats recovered</a> with this tool. No GUI so this is probably best for advanced users only.<br />
<br />
Conclusion:<br />
<br />
Sometimes the best things in life are free. The best products were Recuva and PhotoRec. I recommend Recuva for those users who require a GUI and want a no fuss solution.<br />
<br />
</div>James Yoonhttp://www.blogger.com/profile/06051943010239952076noreply@blogger.com0tag:blogger.com,1999:blog-35713358058886764.post-56197354839525262222010-08-31T11:25:00.000-04:002016-05-03T10:37:19.218-04:00Speed Tracer (Chrome Extension)I discovered this amazing tool a few months back created by Google called <a href="http://code.google.com/p/speedtracer/">Speed Tracer</a>. It is a Chrome Extension that allows, I suppose, just about anyone to diagnose performance issues in web applications. Take a look at the description below.<br />
<span class="Apple-style-span" style="font-family: "arial" , sans-serif; font-size: 13px;"><br />
</span><br />
<span class="Apple-style-span" style="font-family: "arial" , sans-serif; font-size: 13px;">Using Speed Tracer you are able to get a better picture of where time is being spent in your application. This includes problems caused by:</span><br />
<ul style="font-family: arial, sans-serif; font-size: 13px; max-width: 65em; padding-left: 40px;">
<li>Javascript parsing and execution</li>
<li>Layout</li>
<li>CSS style recalculation and selector matching</li>
<li>DOM Event handling</li>
<li>Network resource loading</li>
<li>Timer fires</li>
<li>XMLHttpRequest callbacks</li>
<li>Painting</li>
<li>and more ...</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div>
<span class="Apple-style-span" style="font-family: "arial" , sans-serif; font-size: small;"><span class="Apple-style-span" style="font-size: 13px;"><br />
</span></span></div>
James Yoonhttp://www.blogger.com/profile/06051943010239952076noreply@blogger.com2tag:blogger.com,1999:blog-35713358058886764.post-59838061753870264812010-08-05T10:15:00.000-04:002010-08-05T10:15:26.453-04:0032-bit and 64-bit software on Windows 7Maintenance programming - yes, we all have to do it. Most of us experience it by way of coercion. The fortunate ones have the privilege of delegating this task to an eager intern willing to get their hands on any production code. I for one do not have such a privilege.<br />
<br />
I have the responsibility of updating a VB6 application every year and in part of doing so is the need to <a href="http://msdn.microsoft.com/en-us/library/ms712362(VS.85).aspx">set up an ODBC</a> for each client machine. This year has been a little different in that these machines run Windows 7.<br />
<br />
In Windows 7 there are two folders where dll, driver and executable files live...<br />
<b><br />
</b><br />
<b>%SystemRoot%\System32</b><br />
and<br />
<b>%SystemRoot%\sysWoW64</b><br />
<br />
I was surprised to find out that on a 64-bit machine the System32 folder actually holds 64-bit files and not 32-bit files as the moniker suggests. Why? Backwards compatibility. That's right. That means the <a href="http://en.wikipedia.org/wiki/WoW64">sysWoW64</a> folder contains 32-bit files. So let me give it to you again. System32 holds 64-bit files and sysWoW64 holds 32-bit files. That certainly is backwards.<br />
<br />
And no, the WoW in sysWoW64 is not an acronym for <a href="http://www.worldofwarcraft.com/">World of Warcraft</a>. It actually means Windows 32-bit on Windows 64-bit, if that helps you remember at all.James Yoonhttp://www.blogger.com/profile/06051943010239952076noreply@blogger.com1tag:blogger.com,1999:blog-35713358058886764.post-10925168084652441692010-06-18T15:08:00.001-04:002016-05-03T10:37:50.857-04:00Microsoft Security EssentialsIf you're looking for an anti-virus along with malware/spyware protection <b>and </b>you require all these things to be free on the Windows platform - take a look at Microsoft's <a href="http://www.microsoft.com/security_essentials/">Security Essentials</a>. From the reviews I have read, it certainly seems like it will loosen the grips of the stranglehold that the two top AV software companies currently have on the market. I mean, how can you compete with free?<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
James Yoonhttp://www.blogger.com/profile/06051943010239952076noreply@blogger.com0tag:blogger.com,1999:blog-35713358058886764.post-1205213267264961262010-05-04T10:26:00.000-04:002010-05-04T10:26:53.381-04:00A SQL Server Cursor exampleEvery now and then the need to write a SQL Server cursor comes up. Since I find myself going back through a labyrinth of code when this happens, I thought it would be a good idea to post it here. That's if I remember to look here the next time I need to create one - which just might be several seasons later. <br />
<br />
*The humorous thing about this is that as I went to SQL Server Management Studio to copy the cursor example, it was gone. Apparently, I closed the script window immediately after running it thinking I wouldn't need to use this in a long time. No worries though, I wrote this up again in a short time. <br />
<br />
<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-style-span" style="color: blue;">declare </span>@SOMEID <span class="Apple-style-span" style="color: blue;">int</span><br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-style-span" style="color: blue;">declare </span>appcursor <span class="Apple-style-span" style="color: blue;">cursor </span><span class="Apple-style-span" style="color: red;">FAST_FORWARD</span><br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-style-span" style="color: blue;">FOR SELECT</span> Table1ID <span class="Apple-style-span" style="color: blue;">FROM </span>tblTable1<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-style-span" style="color: blue;">open </span>appcursor<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-style-span" style="color: blue;">fetch next from</span> appcursor <span class="Apple-style-span" style="color: blue;">into </span>@SOMEID<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-style-span" style="color: blue;">while </span><span class="Apple-style-span" style="color: magenta;">@@fetch_status</span>=0<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-style-span" style="color: blue;">begin</span><br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-style-span" style="color: blue;">delete </span><br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-style-span" style="color: blue;">from </span>tblWhatever<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-style-span" style="color: blue;">where </span>WhateverID = (<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-style-span" style="color: blue;">select top 1 </span>WhateverIDFK<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-style-span" style="color: blue;">from </span>tblSomewhere<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-style-span" style="color: blue;">where </span>SomeID = @SOMEID<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-style-span" style="color: blue;">order by </span>DateOfEntry<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-style-span" style="color: blue;">fetch next from </span>appcursor <span class="Apple-style-span" style="color: blue;">into </span>@SOMEID<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-style-span" style="color: blue;">end</span><br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-style-span" style="color: blue;">close </span>appcursor<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-style-span" style="color: blue;">deallocate </span>appcursor<br />
<br />
One thing to note is the FAST_FORWARD hint. You should always declare this when you need a forward-only, read-only result set. FAST_FORWARD allows you to traverse the dataset with the least amount of overhead. Cursors are generally slow because of the nature of their use. Most times, you are forced to use a cursor because you have seemingly no other way to perform certain database actions, which frequently require small units of work like in the example above. In the case where you need to update a result set, consider using FORWARD_ONLY (only use fetch next). Please see this <a href="http://msdn.microsoft.com/en-us/library/ms180169(SQL.90).aspx">MSDN article</a> for more information on cursor types.James Yoonhttp://www.blogger.com/profile/06051943010239952076noreply@blogger.com0tag:blogger.com,1999:blog-35713358058886764.post-27137682691942674132010-03-10T11:48:00.001-05:002010-03-10T13:26:46.123-05:001024-bit RSA encryption crackedA simple glance of this article's title (below) made my heart beat jump, literally. A quick google news search led to the legitimacy of this claim. Another title from gadgetsteria.com starts with "<b>Good-bye earth</b>: RSA encryption cracked when CPU put on digital diet…."<br />
<div><br />
<div><a href="http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/">http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://www.blogcdn.com/www.engadget.com/media/2010/03/3-8-10-rsahardwarefaultattackgraphic.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="258" src="http://www.blogcdn.com/www.engadget.com/media/2010/03/3-8-10-rsahardwarefaultattackgraphic.jpg" width="400" /></a></div><blockquote>"By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password." </blockquote>It took 81 P4 chips and 104 hours of cpu time to achieve this feat. This is a scary thought knowing that it will only be a matter of time when a single cpu with that computing power will be able to fit inside the confines of a netbook. I'm about halfway done with this blog post and my heart is still beating at an accelerated rate.<br />
<br />
<a href="http://en.wikipedia.org/wiki/Rsa#Encryption">RSA</a> is an algorithm that Rivest, Shamir and Adleman first described in 1978. It is a public-key encryption method that is widely used for protecting all sorts of information, especially in the e-commerce space. It relies on the extreme difficulty of calculating the factors of very large numbers that only have two prime factors. The public key is exactly that, a product of two large primes. A 128-bit key (the product) can be a number from:<br />
<br />
<div style="text-align: center;">1 to 2^128</div><div style="text-align: center;">or</div><div style="text-align: center;">1 to 3.4028236692093846346337460743177e+<span class="Apple-style-span" style="color: red;"><b>38</b></span></div><div style="text-align: center;">or</div><div style="text-align: center;">1 to <b>340,282,366,920,938,000,000,000,000,000,000,000,000</b> </div><div style="text-align: center;"><br />
</div><div style="text-align: left;">Now, the 1024-bit encryption that was just cracked has a public key that is MUCH larger. It can be a number from:</div><div style="text-align: left;"><br />
</div><div style="text-align: center;">1 to 2^1024</div><div style="text-align: center;">or </div><div style="text-align: center;">1 to 1.797693134862315907729305190789e+<b><span class="Apple-style-span" style="color: red;">308</span></b></div><div style="text-align: center;">or</div><div style="text-align: center;">(figure it out yourself)</div><br />
Conventional wisdom told us that as long as we have keys long enough to withstand any brute force attack with the most powerful supercomputers of the time, cracking an encryption algorithm would simply be impossible. But, this broke all the rules. They bypassed everything and went straight down to the cpu level. How did these guys at the University of Michigan have the prescience to do this? I don't know, but I am impressed and still very scared. </div></div>James Yoonhttp://www.blogger.com/profile/06051943010239952076noreply@blogger.com0tag:blogger.com,1999:blog-35713358058886764.post-62464478886964035962010-03-01T12:06:00.001-05:002010-03-01T12:07:42.752-05:00Subversion - an open source version control system<a href="http://subversion.apache.org/">Subversion</a>, you are simply awesome! You are as elegant and graceful in version control as <a href="http://www.yunakim.com/">Kim Yu-Na</a> (김연아) is on the ice. Need I say more? I didn't think so.<br />
<br />
Here is my version control setup on the Windows platform:<br />
<br />
<ul><li>Subversion (creating a repository)</li>
<li>TortoiseSVN (windows shell program)</li>
<li>AnkhSVN (visual studio integration)</li>
</ul>This is a typical setup for the Windows/Visual Studio user. Instructions (with pictures) can be found <a href="http://ilmatte.wordpress.com/2008/04/27/guide-to-versioning-a-visual-studio-solution-with-subversion-tortoisesvn-and-ankhsvn/">here</a>. Thanks Matteo. <br />
<br />
I've been recently tasked with moving an svn repository to another machine and I had no idea where to start. So I did a quick search and found the "Relocate" option in the TortoiseSVN menu. Ok I'm done. That was easy. Now that I have all this free time, I'll go watch some more Queen Yu-Na videos... <br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_7eA2jumXFfQ/S4vw_aVuQAI/AAAAAAAAANA/M0AKYvQFeGw/s1600-h/svnRelocate.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/_7eA2jumXFfQ/S4vw_aVuQAI/AAAAAAAAANA/M0AKYvQFeGw/s320/svnRelocate.gif" /></a></div><br />
Here's an interesting question/answer about <a href="http://stackoverflow.com/questions/1816629/svn-relocate-or-switch">SVN Relocate or Switch</a> on Stackoverflow.James Yoonhttp://www.blogger.com/profile/06051943010239952076noreply@blogger.com0tag:blogger.com,1999:blog-35713358058886764.post-2663992778701464382010-02-25T14:39:00.000-05:002010-02-25T14:39:03.319-05:00The Tuple Type in the Microsoft .NET Framework 4.0My first impression of the new <a href="http://msdn.microsoft.com/en-us/magazine/dd942829.aspx">System.Tuple</a> type in the .NET 4.0 Framework was not a good one. Probably because at first look it seems like an implementation of the already existing System.Collections.Generic <a href="http://msdn.microsoft.com/en-us/library/5tbh8a42.aspx">KeyValuePair</a>. As you would expect, Microsoft had a few compelling reasons for this change.<br />
<br />
Many of the MS language teams each created their own private version of the tuple. After some time, the teams within MS learned of this and wanted to use it in their code as well. After collaboration between the Base Class Libraries (BCL) and the Managed Extensibility Framwork (MEF) teams, they decided to include it in the upcoming Framework release.<br />
<br />
So we know that MS uses tuples in their code. I can not even remember the last time I used KeyValuePair outside the use of a Dictionary collection. As I am writing this, I can think of a few ways I could have used KeyValuePair more in my code. <br />
<br />
With the upcoming release of F# language, interoperability was paramount. Having different representations of a tuple in C# and F# would have led to coding woes. As it says in Microsoft's documentation, "any time you wanted to call a method from an F# assembly that took a tuple as an argument, you would be unable to use the normal C# syntax for a tuple or pass an existing C# tuple. Instead, you would be forced to convert your C# tuple to an F# tuple, and then call the method." Tuples are a core concept in functional languages, so it doesn't hurt to be exposed to it.<br />
<br />
Some more interesting things about Tuples:<br />
There is a maximum of 8 elements in a tuple. The eighth tuple must be of type tuple, making it limitless. <br />
Tuples are reference types.James Yoonhttp://www.blogger.com/profile/06051943010239952076noreply@blogger.com0tag:blogger.com,1999:blog-35713358058886764.post-39621959640028009432009-12-18T10:26:00.002-05:002009-12-21T09:35:31.929-05:00The transition from C# to VBFor not having written any visual basic code in about a year, the transition from C# back to VB has been a slightly rough one. I noticed an endless barrage of squiggly lines indicating syntax errors have plagued my code. VB's compile-time syntax checking in Visual Studio didn't help either. It let me be even more aware of my failure to comply with VB's rules. <br />
<br />
The biggest offender was in my variable declaration. Yes! In the variable declaration! I shall declare all my variables with a Dim. <br />
<br />
I shall declare all my variables with a Dim. <br />
I shall declare all my variables with a Dim. <br />
I shall declare all my variables with a Dim. <br />
I shall declare all my variables with a Dim. <br />
I shall declare all my variables with a Dim. <br />
All your base are belong to us.<br />
<br />
The point here is, like that of spoken languages, computer languages too need to be learned and perpetually practiced. Just like that violin you quit playing the moment you got accepted to a good university. Don't neglect it or you may never get it back.<br />
<br />
Ok, that's being overly dramatic. Fine. But, honestly, going from language to language is more of a nuisance than anything else unless you program in all of them everyday. I quickly got over the Dim thing. I got used to the absence of the symbols in the beloved C-Style language: <b>{ } [ ] ;</b> . I didn't like the fact that I had to google everything from "VB ternary operators" to "VB linq to sql examples." I'm pretty good with Linq in C#, but in VB it seems so foreign to me. Man, I wish I saved my search history. But, in the end everything got done... with a 30% drop in productivity. Just kidding.<br />
<br />
As for the long standing C# vs VB debate, here's my view. Who cares? For those of you who share the same passion as I do, we can have a language preference but that doesn't mean should refuse to work on projects written in a different languages. Besides the fact that we might get fired, it's just not right. We programmers are taught to learn to how learn. Our programming languages course showed us how to adapt to other languages. Where's the fun in exploring new ways to the do same thing? So what if C# developers get paid more than their VB counterparts on average? Wait, I do.James Yoonhttp://www.blogger.com/profile/06051943010239952076noreply@blogger.com0tag:blogger.com,1999:blog-35713358058886764.post-29580136134261699992009-12-16T10:41:00.010-05:002009-12-16T10:57:52.268-05:00Backpropagation in Neural Networks<a href="http://en.wikipedia.org/wiki/Backpropagation"><span style="font-family: inherit;">Backpropagation</span></a><span style="font-family: inherit;"> is a form of Supervised Training which teaches a Neural Network how to work and operate. The training is done prior to using the network and works only for </span><a href="http://en.wikipedia.org/wiki/Feed-forward"><span style="font-family: inherit;">feed-forward</span></a><span style="font-family: inherit;"> networks. There are many other ways to train a Neural Network, even in unsupervised ways, but Backpropagation is a widely popular training method because of its "</span><b><span style="font-family: inherit;">learn by example</span></b><span style="font-family: inherit;">" applicability in many real world cases. This kind of network operates on the premise that given an input, it will produce the known and "correct" output. This is analogous to training a cell phone to recognize your voice and how you pronounce certain words. So you can train a network with inputs and what their corresponding outputs should be. You can't train a network, however, to decipher what your cat's mood is at any given point. Maybe someday?</span><br />
<br />
<span style="font-family: inherit;">Let's look into the well known XOR example. We all know what this is right? The bitwise Exclusive Or produces a known and correct output given two inputs as shown below. Download the source code / demo for <span style="font-family: inherit;">the </span><span style="color: #110022; line-height: 18px;"><span style="font-family: inherit;"><a href="http://neurondotnet.freehostia.com/samples/xor.html">Exclusive OR (XOR) problem</a>.</span></span></span><br />
<div style="direction: ltr; language: en-US; margin-bottom: 0pt; margin-left: .81in; margin-top: 6.72pt; mso-line-break-override: none; punctuation-wrap: hanging; text-align: left; text-indent: -.31in; unicode-bidi: embed; vertical-align: baseline;"><u><span style="color: black;"><span style="font-family: inherit;">Input data</span></span></u><span style="color: black;"><span style="font-family: inherit;"> </span></span><u><span style="color: black;"><span style="font-family: inherit;">Output data</span></span></u><br />
</div><div style="direction: ltr; language: en-US; margin-bottom: 0pt; margin-left: .81in; margin-top: 6.72pt; mso-line-break-override: none; punctuation-wrap: hanging; text-align: left; text-indent: -.31in; unicode-bidi: embed; vertical-align: baseline;"><span style="color: black;"><span style="font-family: inherit;">(1, 1) (0)</span></span><br />
</div><div style="direction: ltr; language: en-US; margin-bottom: 0pt; margin-left: .81in; margin-top: 6.72pt; mso-line-break-override: none; punctuation-wrap: hanging; text-align: left; text-indent: -.31in; unicode-bidi: embed; vertical-align: baseline;"><span style="color: black;"><span style="font-family: inherit;">(1, 0) (1)</span></span><br />
</div><div style="direction: ltr; language: en-US; margin-bottom: 0pt; margin-left: .81in; margin-top: 6.72pt; mso-line-break-override: none; punctuation-wrap: hanging; text-align: left; text-indent: -.31in; unicode-bidi: embed; vertical-align: baseline;"><span style="color: black;"><span style="font-family: inherit;">(0, 1) (1)</span></span><br />
</div><div style="direction: ltr; language: en-US; margin-bottom: 0pt; margin-left: .81in; margin-top: 6.72pt; mso-line-break-override: none; punctuation-wrap: hanging; text-align: left; text-indent: -.31in; unicode-bidi: embed; vertical-align: baseline;"><span style="color: black;"><span style="font-family: inherit;">(0, 0) (0)</span></span><br />
<span style="font-family: inherit;"><br />
</span> <span style="font-family: inherit;"> </span><br />
</div><span style="font-family: inherit;">In Neural Networks, neurons have weighted inputs, activation function and an output. The input layer in this example has two elements (one for each bit). The hidden layer calculates values based on the forumula: </span><span style="line-height: 11px;"><span style="color: black;"><span style="font-family: inherit;">f(</span></span><span style="color: black; font-weight: bold;"><span style="font-family: inherit;">Sum</span></span><span style="color: black;"><span style="font-family: inherit;">(inputs * weight)). The weight here is initialized to small random values, let's say between -1 to 1, with a mean of 0. This produces an output value and since we know what the expected output value is, we calculate this difference and call it the error. Then, this error is backpropagated to the hidden layer and the input layer where by the weights are adjusted so that each time the same input pattern is presented to the network, the output will be a little closer to the expected output. The goal of training is to minimize this error a little bit during each iteration, aka epoch. Here's a snippet from my powerpoint presentation that sums this process up. </span></span></span><br />
<br />
<span style="line-height: 11px;"><span style="color: black;"><span style="font-family: inherit;"><span style="line-height: normal;"> -For each input-output pattern</span></span></span></span><br />
<div class="O1" style="direction: ltr; language: en-US; margin-bottom: 0pt; margin-left: .81in; margin-top: 6.72pt; mso-line-break-override: none; punctuation-wrap: hanging; text-align: left; text-indent: -.31in; unicode-bidi: embed; vertical-align: baseline;"><span style="font-family: inherit;">–</span><span style="color: black;"><span style="font-family: inherit;">Evaluate output</span></span><br />
</div><div class="O1" style="direction: ltr; language: en-US; margin-bottom: 0pt; margin-left: .81in; margin-top: 6.72pt; mso-line-break-override: none; punctuation-wrap: hanging; text-align: left; text-indent: -.31in; unicode-bidi: embed; vertical-align: baseline;"><span style="font-family: inherit;">–</span><span style="color: black;"><span style="font-family: inherit;">Calculate the error between output and expected output</span></span><br />
</div><div class="O1" style="direction: ltr; language: en-US; margin-bottom: 0pt; margin-left: .81in; margin-top: 6.72pt; mso-line-break-override: none; punctuation-wrap: hanging; text-align: left; text-indent: -.31in; unicode-bidi: embed; vertical-align: baseline;"><span style="font-family: inherit;">–</span><span style="color: black;"><span style="font-family: inherit;">Adjust weights in the output layer</span></span><br />
</div><div style="direction: ltr; language: en-US; margin-bottom: 0pt; margin-left: .81in; margin-top: 6.72pt; mso-line-break-override: none; punctuation-wrap: hanging; text-align: left; text-indent: -.31in; unicode-bidi: embed; vertical-align: baseline;"><span style="color: black;"><span style="font-family: inherit;">*Do the same for the hidden layer(s)</span></span><br />
<br />
</div><span style="font-family: inherit;">You're probably asking the question - why do we need a Neural Network to give us the answer of an XOR operation. We don't. It is for theoretical and teaching purposes. Now, the real uses of this is technique is widely seen in the AI of video games. Here is a statement that caught my eye when researching this topic.</span><br />
<blockquote>An agent was trained in Quake III by to collect items, engage in combat, and navigate a map. The controller was a neural network that learned by backpropagation on pre-recorded demos of human players, using the player’s weapon information and location as inputs.<br />
</blockquote>*From <a href="http://www.ieee-cig.org/cig-2009/Proceedings/proceedings/papers/cig2009_039e.pdf">Backpropagation without Human Supervision for Visual Control in Quake II</a> by Matt Parker and Bobby D. BryantJames Yoonhttp://www.blogger.com/profile/06051943010239952076noreply@blogger.com0tag:blogger.com,1999:blog-35713358058886764.post-70809680696593447572009-11-04T10:12:00.000-05:002009-11-04T10:14:03.327-05:00malloc vs calloc vs realloc<span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px;"><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial,sans-serif; font-size: 13px;"><div><b>char* malloc(sizeOf)</b></div><div>Returns a pointer in the heap with the specified size. One major difference is that it does not initialize the memory. </div><div><br /></div><div><b>char* calloc(numElements, sizeOfElement)</b></div><div>Returns a pointer in the heap with the specified size for a number of elements - usually for an array. </div><div><br /></div><div><b>char* realloc(ptr, newSize)</b></div><div>Returns a pointer in the heap after growing or shrinking a block a memory that was allocated by using malloc, calloc or realloc.</div><div><br /></div><div><b>void free(ptr)</b></div><div>No return value. Deallocates memory previous allocated by malloc, calloc or realloc. ptr is unchanged.</div></span></span>James Yoonhttp://www.blogger.com/profile/06051943010239952076noreply@blogger.com0tag:blogger.com,1999:blog-35713358058886764.post-74546459299480748702009-11-03T08:53:00.002-05:002009-11-09T10:59:50.255-05:00Processes do not share Global Variables<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_7eA2jumXFfQ/SvGvg_LO_pI/AAAAAAAAAMQ/g62HsLYt9QU/s1600-h/fork.GIF"><img style="cursor: pointer; width: 320px; height: 269px;" src="http://1.bp.blogspot.com/_7eA2jumXFfQ/SvGvg_LO_pI/AAAAAAAAAMQ/g62HsLYt9QU/s320/fork.GIF" alt="" id="BLOGGER_PHOTO_ID_5400290409443163794" border="0" /></a><br /><br />In the C code above, what are the values at line 13 and 18?<br /><br />At line 13, the value is 30.<br />At line 18, the value is 10.<br /><br />Why is this you ask? It's because the <a href="http://en.wikipedia.org/wiki/Fork_%28operating_system%29">fork system call</a> produces a new child process which does not share global variables with its parent process. Each process has its own code section and the data region. The run-time stack is copied for each process, thus they are not the same variable. Threads, on the other hand, do share global variables. Great. Now you tell me.<br /><br />Can you think of a way to get around this limitation?James Yoonhttp://www.blogger.com/profile/06051943010239952076noreply@blogger.com0tag:blogger.com,1999:blog-35713358058886764.post-84780604523611517592009-10-21T10:38:00.013-04:002010-02-18T15:32:57.419-05:00File transfer using SFTP in C#Before we delve into how we accomplish this, let's first find some common ground on what S-F-T-P means. In wikipedia, you'll get a longer than expected list of links for this acronym. The technology we want to utilize is <a href="http://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol"><span style="font-weight: bold;">SSH File Transfer Protocol</span></a>. It is alternately known as Secure File Transfer Protocol, but to avoid confusion (hopefully) we will refer to it as SFTP henceforth. Please don't get it confused with "FTP over SSH" as it is a completely different protocol. SFTP runs on TCP port 22, the port commonly used for Secure Shell - SSH. "FTP over SSH" uses the standard TCP ports 20/21.<br />
<br />
At this point, your boss asks you to send a file over to a vendor's [S]FTP server. After you do some research and figure out that he really means SSH File Transfer Protocol, the battle is half won. You can simply send that file using most ftp programs available. I had no idea. I personally use <a href="http://www.coreftp.com/">CoreFTP</a> and was pleasantly surprised to find a nice little SSH/SFTP checkbox in the bottom right corner of the connection screen.<br />
<br />
<a href="http://3.bp.blogspot.com/_7eA2jumXFfQ/St8rlb3QCtI/AAAAAAAAAMI/uqWtARltC9o/s1600-h/coreftpss1.gif" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5395078800747793106" src="http://3.bp.blogspot.com/_7eA2jumXFfQ/St8rlb3QCtI/AAAAAAAAAMI/uqWtARltC9o/s320/coreftpss1.gif" style="cursor: pointer; height: 286px; width: 320px;" /></a><br />
<br />
Now you want an api. <a href="http://sourceforge.net/projects/sharpssh/">SharpSSH</a> is such a library that does SFTP along with a host of other things. Download demos and source files <a href="http://www.codeproject.com/KB/IP/sharpssh.aspx">here</a>.<br />
<br />
Here is how simple it is to encrypt a file by using <a href="http://en.wikipedia.org/wiki/Pretty_Good_Privacy">PGP</a>. I decided to go with the open source route. <a href="http://www.codeproject.com/KB/security/gnupgdotnet.aspx">Gnu Privacy Guard</a> provides a simple wrapper class that makes it easy to encrypt/decrypt messages:<br />
<br />
StreamReader reader = new StreamReader(readFromFile);<br />
StreamWriter writer = new StreamWriter(writeToFile);<br />
string output = "";<br />
<br />
// Begin encryption<br />
GnuPGWrapper wrapper = new GnuPGWrapper();<br />
<br />
wrapper.homedirectory = "C:\\gnupg";<br />
wrapper.passphrase = "";<br />
wrapper.originator = "";<br />
wrapper.recipient = "blah@blah.com";<br />
wrapper.command = Commands.Encrypt;<br />
wrapper.verbose = VerboseLevel.VeryVerbose;<br />
wrapper.ExecuteCommand(reader.ReadToEnd(), out output);<br />
<br />
writer.Write(output);James Yoonhttp://www.blogger.com/profile/06051943010239952076noreply@blogger.com1tag:blogger.com,1999:blog-35713358058886764.post-8497224644923329352009-08-12T10:04:00.006-04:002009-11-04T10:47:42.816-05:00Video Game ProgrammingThe following is a description of one of the courses I will be taking in my final semester of graduate school.<br /><span style=";font-family:Arial;font-size:85%;" ><b><a name="cmp717"></a></b></span><blockquote><span style=";font-family:Arial;font-size:85%;" ><b><a name="cmp717">CMP 717:</a> Video Game Programming.</b> 4 hours, 4 credits.<br />General game architecture, asynchronous input, animated sprites, action oriented a.i., collision detection, scrolling, sound clips, 3D Graphics. Student projects involving development of several video games, both individually and in teams.<br />PREREQ: CMP 338 and a strong foundation in object oriented programming techniques.<br />COREQ: MAT 226<br />NOTE: Students should expect to <b>devote a great deal of time</b> working both individually and in teams to produce several video games written in Java. This is a “Programming Intensive” course.</span></blockquote>Notice the text in bold. I can't wait....James Yoonhttp://www.blogger.com/profile/06051943010239952076noreply@blogger.com2tag:blogger.com,1999:blog-35713358058886764.post-87029858568883364282009-07-06T11:36:00.000-04:002009-07-06T11:36:14.135-04:00Stop H*Commerce<a href="http://www.stophcommerce.com/">Stop H*Commerce</a>. Go there. Please.<br /><br />It's a documentary revealing the business of hacking. It gives an inside look into the lives of a white-hat hacker and a victim of the Nigerian email scam. You know, the one about a lawyer or banker having no way of transferring a large sum of money and he needs YOUR help. This scam is also known as the 419 scam whose name four-one-nine was given from the Nigerian penal code for scamming.<br /><br />H*commerce (Hacker Commerce) is a term coined for an industry unlike any industry that happens all around the world. The people involved are hackers and thieves and what they trade is <span style="font-weight: bold;">your data</span>. It can be anything, but the most popular item on the black market menu is called the "dump" - the data on the magnetic strip on the back of credit cards. Read all about it <a href="http://www.wired.com/techbiz/people/magazine/17-01/ff_max_butler">here</a>.James Yoonhttp://www.blogger.com/profile/06051943010239952076noreply@blogger.com0tag:blogger.com,1999:blog-35713358058886764.post-5035880238624143112009-06-30T08:40:00.014-04:002009-06-30T12:43:39.711-04:00Cookie PoisoningI wanted to talk a little bit more about <a href="http://en.wikipedia.org/wiki/Cookie_poisoning#Cookie_poisoning">Cookie Poisoning</a> as it is something that a lot of people seem to be interested in. Basically, a cookie saves information on the client's machines that websites want to store. Typically, they would store a session id - essentially a unique identifier.<br /><br /><div style="text-align: center;"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_7eA2jumXFfQ/Sko1p3HWe1I/AAAAAAAAALo/ULbh-sUxdtE/s1600-h/amazonSession.gif"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 270px; height: 132px;" src="http://2.bp.blogspot.com/_7eA2jumXFfQ/Sko1p3HWe1I/AAAAAAAAALo/ULbh-sUxdtE/s320/amazonSession.gif" alt="" id="BLOGGER_PHOTO_ID_5353150100368948050" border="0" /></a>A typical Amazon Cookie. </div><br />Cookies can store other information as well. "Other information" may be as harmless as a user name that your favorite website remembers so you don't have it type it in every time you login. It can also be non-trivial like an account number, shopping cart total, social security number and any other personal information. I wish this wasn't the case, but I'm sure there are some websites that do this. The problem does not stop here. Anyone can edit a cookie and change their shopping cart total. Who wouldn't want to buy a brand new TV for a hundred bucks? Wouldn't you also get the store warranty that they always try to sell you but no one buys?<br /><br />How to edit cookies? Download and install <a href="https://addons.mozilla.org/en-US/firefox/addon/573">Add N Edit Cookies</a> (a Firefox Add-on).<br /><br />There are a number of ways to protect yourselves from this vulnerability.<br /><ul><li>Do not save sensitive information in cookies.</li><li>Try to utilize server side sessions where possible.<br /></li><li>Encrypt your cookie data.<br /></li><li>Set an expiration that makes sense.</li></ul>Note that cookie security should entail using SSL for your website <span style="font-weight: bold;">AND </span>encrypting the data in your cookie. If your site transmits any personal information, securing your site with SSL is a must. Packet sniffers can pick up cookie data in plain sight. Furthermore, anyone that has access to your local hard drive can view cookie data. Secure your data using strong encryption!James Yoonhttp://www.blogger.com/profile/06051943010239952076noreply@blogger.com4tag:blogger.com,1999:blog-35713358058886764.post-19698948040866022052009-06-29T14:07:00.012-04:002009-06-30T08:50:33.315-04:00A Malware StoryPedro Bueno of McAfee makes a thought provoking statement, "I don’t really know which is worse: a dumb or a smart malware writer" in his <a href="http://www.avertlabs.com/research/blog/index.php/2009/06/11/dumb-malware-authors-cause-more-damage-than-smart-ones/">blog post</a>. Apparently, a variant of the PWS-Banker trojan was written by a "dumb malware writer." The trojan steals the usual gamut of banking information using the popular <a href="http://www.imperva.com/resources/glossary/cookie_poisoning.html">cookie poisoning</a> exploit and sends it to a remote SQL database. However, the credentials for that database were hard-coded in the malware for everyone to see. What are the implications of this? Disaster. Any fellow evil-minded script kiddie could get theirs hands on bank account, user name and passwords and sell it out on the market. IT'S PAYDAY. Until, of course, you get caught.James Yoonhttp://www.blogger.com/profile/06051943010239952076noreply@blogger.com0tag:blogger.com,1999:blog-35713358058886764.post-12525414040570725112009-06-17T14:01:00.014-04:002009-06-29T16:29:52.994-04:00Orphaned Users in SQL ServerIt happens all the time - <span style="font-weight: bold;">orphaned users</span>. Often times you are required to restore a database for testing purposes and you go back to your land of semicolons, butterflies and ponies and all of a sudden BAM: Login failed for user 'dbuser'.<br /><br />In SQL Server, <span style="color: rgb(0, 153, 0);">Database Users</span> and <span style="color: rgb(0, 0, 153);">Server Logins</span> are two different entities. Users are associated to the database level, and logins are associated to the Server level. Every User must be mapped to a Login. Otherwise, you get a dreaded orphan. <br /><br />In SQL Server 2008, run <span style="color: rgb(255, 0, 0);">sp_change_users_login @Action='REPORT'</span> to detected orphaned records. I actually just ran this and there are three orphaned users in one of my databases right now. Slacker!<br /><br />To resolve an orphaned user, run <span style="color: rgb(255, 0, 0);">sp_change_users_login @Action='update_one', @UserNamePattern='DatabaseUserName', </span><br /><span style="color: rgb(255, 0, 0);"> @LoginName='ServerLoginName';</span><br /><br />And there you have it. Happily reunited.James Yoonhttp://www.blogger.com/profile/06051943010239952076noreply@blogger.com0tag:blogger.com,1999:blog-35713358058886764.post-54950998687400562422009-06-11T00:01:00.003-04:002009-11-04T10:47:56.388-05:00My Stackoverflow Flair<iframe src="http://stackoverflow.com/users/flair/1316.html?theme=default" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" height="60" width="210"></iframe><br /><br />This is my <a href="http://stackoverflow.com/">stack<span style="font-weight: bold;">overflow</span></a> flair. It isn't much by any means. It pales in comparison with others on the site by wide margins. To give you an idea, the leading user at the time of this writing is <a href="http://stackoverflow.com/users/22656/jon-skeet">John Skeet</a> with 68.5k reputation score. It's not like he's had an unfair advantage besides the obvious intellectual one. He's been a member of the site for 8 months. I've been a member for 10. Anyone that is a part of stackoverflow will know the mental fortitude necessary to stay atop the leaderboard. A hat tip goes out to you John Skeet.James Yoonhttp://www.blogger.com/profile/06051943010239952076noreply@blogger.com0