The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,862 other subscribers

Archive for July, 2012

« Previous Entries
Next Entries »

WiFi/WLAN security: for personal/PSK mode, choose WPA2 with AES and a strong password and SSID name. Don’t use TKIP or WPS PIN

Posted by jpluimers on 2012/07/20

To make WPA2 as secure as possible in PSK mode aka personal mode, make sure you don’t trap into the major WPA2 weaknesses:

So this is what I did on my TomatoUSB flashed Asus RT N66U router:

  • strong and different passwords for 2.4 Ghz and 5Ghz WiFi
  • unique SSIDs for both the WiFi bands
  • AES encryption
  • no WPS PIN

Easy to setup: follow the WiKi here, using the basic link from the link list.

–jeroen

via:

Posted in *nix, Internet, Power User, TomatoUSB | Leave a Comment »

Great post on the differences between TFS, SVN, CVS and other source code management systems, ideas on Trunk/Tag/Branch

Posted by jpluimers on 2012/07/19

When switching between different source code management systems for doing version control at clients, it is always a bit of “getting used” to the mantra of both their system, and how it has been implemented.

Few people can really explain this well.

Richard Berg did in his great StackOverflow answer sharing his ideas on how to handle Trunk/Branch/Tag (for people starting with SVN, read this answer by David Schmitt before you mix them up).

I still see truckloads of people, and even teams try to do without version control. Please do use source control. If you don’t know where to get started, read some text on Source Control for beginners, or for instance the free on-line Red Bean books on SVN, Mercurial or CVS.

Also read some other great answers by Richard Berg (many on TFS, but also this very balanced view on usage of nullable in languages and proper use of Invoke-Expression in PowerShell: recommended reading).

–jeroen

Posted in Mercurial/Hg, Source Code Management, Subversion/SVN, TFS (Team Foundation System) | Leave a Comment »

Paros Proxy | TestingSecurity.com

Posted by jpluimers on 2012/07/18

On the research list as it seems a lot wider than HTTP Fiddler:

Paros Proxy

Paros is a valuable testing tool for your security and vulnerability testing. Paros can be used to spider/crawl your entire site, and then execute canned vulnerability scanner tests. But Paros goes beyond that, it comes with a built in utility that can proxy traffic. This Paros Proxy utility can be used to tamper or manipulate any http or https traffic on the fly. This makes some of the more interesting security types of testing. It will help you isolate potential area’s of security concern and then manual attempt to perform the type of testing you desire.

Paros Proxy

Paros also comes with a built in Session ID analyzer. It will display a graph of all the types of Session ID’s it has been presented with using a multiple threaded session initiator. You then can determine if the graph appears random enough for the Session ID. It is a pretty unique and interesting tool to use. Although typically most developers will rely upon another technology tomcat, apache, or some other application to generate Session ID’s. This is not always the case and as such a Session ID analysis should be performed. Sometimes the Session ID will not be randomized enough and the hash used to create the Session ID is easily predictable.

Paros also comes with a built in Fuzzer. You will need to generate your own Fuzzer library to use the Fuzzer, but it will perform all the fuzzing for you.

–jeroen

via: Paros Proxy | TestingSecurity.com.

Posted in Development, HTML, Java, Scripting, SOAP/WebServices, Software Development, Web Development | 2 Comments »

Visual Studio – How to: Reset Your Settings

Posted by jpluimers on 2012/07/17

There are features you rarely use. I once screwed up my Visual Studio desktop. Resetting to the default is easy, if you remember it is in the import/export settings dialog, which I didn’t (:

This is how I got back to the default:

To reset your settings

  1. On the Tools menu, click Import and Export Settings.
  2. On the Welcome to the Import and Export Settings Wizard page, click Reset all settings and then click Next.
  3. If you want to save your current settings combination, click Yes, save my current settings, specify a file name, and then click Next.
    —or—
    If you want to delete your current settings combination, choose No, just reset settings, overwriting my current settings, and then click Next. This option does not delete default settings, which will still be available the next time you use the wizard.
  4. In Which collection of settings do you want to reset to, select a settings collection from the list.
  5. Click Finish.
    The Reset Complete page alerts you to any problems encountered during the reset.

–jeroen

via: How to: Reset Your Settings.

Posted in .NET, Development, Software Development, Visual Studio 11, Visual Studio 2005, Visual Studio 2008, Visual Studio 2010, Visual Studio and tools | Leave a Comment »

Beveilings issue site die persoonsgegevens bewaart; gaarne input op dit concept van melding (site slaat wachtwoorden onversleuteld op)

Posted by jpluimers on 2012/07/16

Gaarne ontvang ik input op dit concept dat ik in de loop van de dag via een webform (andere manier van melden kent de site niet) wil gaan sturen naar een site die wel op heel bizarre manier met privacy om gaat:

Als curator van iemand met een verstandelijke beperking in uw regio is het ondermeer mijn taak om te waken over zijn privacy.

Ik wilde zijn gegevens controleren die bij jullie geregistreerd staan en heb daarvoor een nieuw wachtwoord aangevraagd via de optie “Wachtwoord vergeten” op jullie site. Ik was geschokt toen ik merkte dat u het oorspronkelijke wachtwoord terugmailde.

Dit betekent dat u de wachtwoorden van uw klanten opslaat op een manier die te herleiden is tot het oorspronkelijke wachtwoord, een prio 1-security-issue!

Dat is een schending van de beginselen van beveiliging: zodra er op uw server wordt ingebroken, liggen eenvoudig alle persoonlijke gegevens in 1x op straat, zoals
– volledige adresgegevens;
– geboortedatum;
– BSN;
– inkomengegevens van het huidige jaar;
– bankrekeningnummer.

Dit zijn voldoende gegevens om een zeer geslaagde identiteitsfraude te kunnen uitvoeren, en naar mijn idee veel meer gegevens dan u in uw persoonsregister zou moeten bijhouden.

In de pers zijn afgelopen tijd voldoende van deze gevallen verschenen. Ze staan bekend als “plain text offenders” een vorm van publiciteit die als zeer onprettig wordt ervaren.

Ik geef u tot en met maandag 23 juli 18:00 West-Europese zomertijd de tijd om telefonisch en per email aan mij te melden dat en hoe u dit heeft opgelost en instaat voor de veiligheid van de gegevens van inschrijvers op uw site.

Onder oplossen versta ik dat u:
– geen wachtwoorden bewaart op een manier waarmee de oorspronkelijke wachtwoorden kunnen worden gegenereerd;
– in plaats daarvan op een deugdelijke manier – met juiste salting – een hash van de wachtwoorden opslaat;
– bij “vergeten wachtwoord” een éénmalig tijdelijk wachtwoord afgeeft dat voor een beperkte duur gebruikt kan worden om een veilig wachtwoord te kiezen

Mocht het daarna niet zijn opgelost, dan meld ik dit bij de autoriteiten die gaan over privacy en persoonsgegevens.
Die zullen ongetwijfeld in hun onderzoek mee laten wegen dat u geen verplichte wettelijke informatie (zoals KvK en telefoonnummer) op uw website voert (waarmee nu dus niet te herleiden is wie eindverantwoordelijk is voor deze site).

Met vriendelijke groet,

Jeroen Pluimers

Bij voorbaat dank!

De site schaart zich met bijvoorbeeld MyVodafone tot de Plain Text Offenders, niet echt handig met persoonlijke informatie.

–jeroen

Posted in About, Opinions, Personal | Leave a Comment »

The Old New Thing: Why does holding the Ctrl key when selecting New Task from Task Manager open a command prompt? (via: Site Home – MSDN Blogs)

Posted by jpluimers on 2012/07/16

I love the long lead time between some proposals in the suggestion box and the actual answer. A lot longer than my blog queue (:

I Commenter Adam S wonders why holding the Ctrl key when selecting New Task from Task Manager will open a command prompt.Its a rogue feature.

I didn’t even know this was possible. It seems one of the fastest ways to start the console!

–jeroen

via: Why does holding the Ctrl key when selecting New Task from Task Manager open a command prompt? – The Old New Thing – Site Home – MSDN Blogs.

Posted in Power User, Windows, Windows 7, Windows 8, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP | Leave a Comment »

Some Chrome links: finding out which tabs make noise, muting noisy tabs, restarting chrome while retaining all pages

Posted by jpluimers on 2012/07/13

Finding out which Chrome tabs make noise (I opted for the MuteTab extension)

Restarting your browsers retaining the opened tabs. Chrome does this automatically upon update, but there seems to be no manual automatic way other than this:

  1. Change your options to Reopen the pages that were open last
  2. Close your browser
  3. Restart your browser
  4. Resetting your Reopen the pages that were open last back to what is was

Not nice, but it works.

–jeroen

Posted in Chrome, Google, Power User | Leave a Comment »

.NET/C# InternalsVisibleTo Attribute via: Salvo(z)

Posted by jpluimers on 2012/07/12

Didn’t need it until now, as now I wrote my first unit test on an internal class, with the unit test in a separate assembly.

Visual Studio 2010 suggested adding the InternalsVisibleTo Attribute to the assembly containing the internal class specifying that the unit test assembly would have access to it.

For me that felt up-side-down, but thinking again it is logical, but still doesn’t feel well.

This is what it does:

The InternalVisibleToAttribute was added in .Net 2.0 and most people seem to be using it in order expose internal methods to external unit test classes. However, there is nothing to prevent you from using it in non-testing situations., although I have not seen a good reason other then unit testing to use it.

–jeroen

via: C# InternalVisibleTo Attribute | Salvo(z).

Posted in .NET, C#, C# 2.0, C# 3.0, C# 4.0, Development, Prism, Software Development, VB.NET | Leave a Comment »

Connecting Visual Studio 2010 to TFS over a Corporate Proxy (via: Visual studio 2010: cannot connect for any online resource – Stack Overflow)

Posted by jpluimers on 2012/07/11

One of the clients has tightened up their web proxy so much that Visual Studio 2010 does not want to connect to the HTTP 8080 port on the external TFS server (yes, I will switch to HTTPS if the workaround appears stable enough).

The problem is that Visual Studio often just tells you it cannot connect. No further error details.

Well, after you get most things working, you get this error every now and then:

[Microsoft Visual Studio]
Error
Team Foundation services are not available from server tfs.some-domain\PREFIX.
Technical information (for administrator):
HTTP code 407: Proxy Authentication Required
[OK]

There are a few problems involved:

  • Visual Studio does not allow you to enter credentials for the Proxy server.
  • Visual Studio doesn’t fully use the proxy settings from Internet Explorer either.
  • Visual Studio (unlike Internet Explorer) seems to loose the proxy session and or proxy authentication for that session over time.

All in all, it is fishy, even editing the devenv.exe.config proxy settings didn’t work (maybe I haven’t found the right combination of settings yet: that’s part of the research I need to do).

Workaround

So far, these are the current workaround steps (I will post a new entry when I found the solution or shortened the steps).

The workaround includes HTTP Fiddler, and sometimes doesn’t work without. HTTP Fiddler helps anyway as it shows the HTTP traffic (including error messages from the proxy server) between Visual Studio and TFS. Read the rest of this entry »

Posted in .NET, Development, Fiddler, Software Development, Visual Studio 2010, Visual Studio and tools, Web Development | 3 Comments »

which kind of IsHex() function do you like most, and why?

Posted by jpluimers on 2012/07/10

Though the sample question is in C#, it applies to almost any language and framework: for relatively simple checks like IsHex(), you can go the RegEx way, or the compound if-statement way.

Which kind of function do you like most?

I’m not only interested in the percentages, so let me know in the comments why.

–jeroen

PS: if you want to use RegEx in .NET, you can compile them to IL, but be very cautious for the compilation overhead.

Posted in .NET, C#, COBOL, Delphi, Development, JavaScript/ECMAScript, PHP, RegEx, Scripting, Software Development, VB.NET | 8 Comments »

« Previous Entries
Next Entries »