« September 2004 | Main | November 2004 »
October 30, 2004
Installing Clam Anti-Virus on FreeBSD
"The open-source ClamAV (Clam Anti-Virus) virus scanner can be invoked in a variety of ways. This document describes my experience in installing it as a sendmail milter from the FreeBSD ports. The setup I describe doesn't require the MIMEDefang (or other milter) wrapper..."
Posted by 0xFF3300 at 12:46 PM | Comments (0) | TrackBack
October 27, 2004
Migrating ATL Apps to Visual C++.NET
I am in the process of migrating an application from VC++ 6.0 to Visual C++.NET. This article has extremely useful:
"This article presents steps required to migrate Windows service applications (also called NT services) written using Visual C++ 6.0 and ATL to Visual C++.NET. Most of ATL and MFC code requires only recompilation when upgrading Visual Studio from version 6.0 to .NET. Unfortunately, this is not the case with ATL service applications. Part of ATL7 that handles Windows services has been rewritten, so most of the code that ATL Wizard generated in Visual C++ 6.0 is no longer needed – actually, the code is still in use, but it has been moved to ATL classes rather than being copied by Wizard to every service application you create. The downside of this improvement is that it breaks applications that were written using ATL3 (the version that came with Visual C++ 6.0)."
Posted by 0xFF3300 at 10:05 AM | Comments (0) | TrackBack
Bush Blocks Access to Website
Bush has blocked access his website, georgewbush.com to non-US visitors. Netcraft spotted the international exclusion on Oct 25 when users from London, Amsterdam and Sydney were unable to connect to the site. The Bush campaign has stated, they see no reason to distrubute content to people that will not be voting. This has excluded Americans who are currently overseas. It is unknown if the site is blocked to troops currently stationed in Iraq. On the opposing side, the website for John Kerry is available to international visitors.
Posted by 0xFF3300 at 09:59 AM | Comments (0) | TrackBack
October 20, 2004
High Performance MySQL Book
Being that MySQL is my primary data store for applications running on my FreeBSD server, I thought I would check this book out.
Author Jeremy Zawodny has managed large numbers of MySQL servers for mission-critical work at Yahoo!, maintained years of contacts with the MySQL AB team, and presents regularly at conferences. Jeremy and Derek have spent months experimenting, interviewing major users of MySQL, talking to MySQL AB, benchmarking, and writing some of their own tools in order to produce the information in this book.
Posted by 0xFF3300 at 03:48 PM | Comments (0) | TrackBack
Coding for Security
Check out the Nov 2004 MSDN Magazine, good security articles. It just so happens I'm working on a project to reduce the attack surface of an application. Thanks!
Posted by 0xFF3300 at 10:05 AM | Comments (0) | TrackBack
October 15, 2004
IIS ASP.NET Performance Monitors
Probaly the 5 most important IIS 'at-a-glance' setting are the following:
ASP.NET: Requests Current
The number of requests executed per second. This represents the current throughput of the application. Under constant load, this number should remain within a certain range, barring other server work (such as garbage collection, cache cleanup thread, external server tools, and so on).
ASP.NET: Requests Queued
The number of requests waiting for service from the queue. When this number starts to increment linearly with respect to client load, the Web server computer has reached the limit of concurrent requests that it can process. The default maximum for this counter is 5,000. You can change this setting in the computer's Machine.config file.
ASP.NET Application: Pipeline Instance Count
The number of active request pipeline instances for the specified ASP.NET application. Since only one execution thread can run within a pipeline instance, this number gives the maximum number of concurrent requests that are being processed for a given application. In most circumstances it is better for this number to be low when under load, which signifies that the CPU is well utilized.
Web Service: Total Method Requests/sec
The current methods combined (GET, POST, PUT) being executed per second. This number should be lower than Requests Current.
Web Service: Current Connections
Total number of raw HTTP connections to the server.
Posted by 0xFF3300 at 11:45 AM | Comments (0) | TrackBack
October 13, 2004
ASP.NET: ASM to IL compiler
Now this is interesting.
"...so I decided to do something about it - by bringing x86 assembler programming into the .NET age. Well, at least to allow ASP.NET pages to be written in 80386 assembler.
To do just that, I've written a compiler (assembler?) that compiles 80386 assembler code into MSIL. In other words, you get to write assembler programs that compiles into the same IL of the .NET's Common Language Runtime that your fellow VisualBasic.NET and C# developers are using. So basically you can enjoy the thrill of low-level programming and still be compatible with your "oh, so modern" VB.NET friends."
Posted by 0xFF3300 at 10:13 AM | Comments (0) | TrackBack
CherryOS alllows Mac OS X emulation on x86
Looks promising, however no known release is yet available.
"Our solution, CherryOS, is to turn a PC into a Macintosh clone, and to run MacOS and Macintosh applications directly on the PC. You benefit from the lower cost and faster speed of the PC, and still keep the use of your Macintosh applications."
Posted by 0xFF3300 at 09:59 AM | Comments (0) | TrackBack
October 11, 2004
WINCRYPT.H
I am doing some research on how I can efficiently encrypt data .NET 1.1 and decrypt with VC++ 6.0, I found the following links very useful:
* the old and the new? WINCRYPT.H
* Generating a Key from a Password
* CryptDeriveKey
Posted by 0xFF3300 at 06:05 PM | Comments (0) | TrackBack
MSBuild Compatibility Toolkit 1.0 Available
Robert McLaws has released an MSBuild toolkit supporting all versions of the .NET framework from Visual Studio 2005.
Posted by 0xFF3300 at 02:10 PM | Comments (0) | TrackBack
October 08, 2004
ASP.NET Canonicalization Security Flaw
A security vulnerability in ASP.NET has been identified that could allow an attacker to gain access to secured content. This issue centers around how ASP.NET locates files based on file names sent as part of a server request. Microsoft has issued a recommendation to add a check for this attack to your Global.asax file.
What is canonicalization?
Canonicalization is the process by which various equivalent forms of a name can be resolved to a single standard name, or the "canonical" name. For example, on a specific computer, the names c:\dir\test.dat, test.dat, and ..\..\test.dat might all refer to the same file. Canonicalization is the process by which such names are mapped to a name that is similar to c:\dir\test.dat.
Microsoft ASP.NET Security Incident
You may be able to safeguard against this by following the MS recomendation here:
Programmatically check for...
Posted by 0xFF3300 at 09:37 AM | Comments (0) | TrackBack