February 2005 Entries
A Colleague of mine found
this, essentially it's a search engine based on
DotLucene which can index all then content in your Content Management Server (2003 I think) system!
Another
interesting item was linked from the
Slashdot post on this , so why eactly was IE7 being released again ;-):
JENNINGS: I read an article coming up here on Firefox (Web browser) and its perceived ability to do this better than you. Is that fair?
GATES: Well, there's competition in every place that we're in. The browser space that we are in we have about 90 percent. Sure Firefox has come along and the press love the idea of that. Our commitment is to keep our browser that competes with Firefox to be the best browser — best in security, best in features. In fact, we just announced that we'll have a new version of the browser so we're innovating very rapidly there and it's our commitment to have the best.
Slashdot recently reported on a post on
Bruce Schneiers blog which reports that the SHA-1 hashing algorithm has been ‘broken’ by a team in China (wonder why they were working on it
) – this is a pretty big deal; SHA-1 is the NSA / NIST
standard for hashing algorithms right now – though
recently they announced that they’ll be recommending the stronger SHA-512 and SHA-256 variants (properly called SHA-2 variants) soo, – good timing! For most common applications though where there’s a possibility
collision after 2^69 ( 590295810358705651712 ) hash operations compared to 2^80 (1208925819614629174706176) really isn’t that bad then if you’re currently using SHA-1 I wouldn’t do a panic change (though next time you might want to change over to SHA-256 / 512).
To try to clarify what this means, in order to generate the same hash code from two distinct inputs (so you’re comparing one hash against the other) would mean hashing 590295810358705651712 times rather than 1208925819614629174706176 times with what was previously thought to be the possibility of collision. If you’re betting your life on a hashing function (so for instance you have a document containing the nuclear key codes signed only with a SHA-1 hash) I’d seriously considering moving to a longer one (SHA-256) – if you’re just storing passwords for a Barney fanclub site…I wouldn’t worry especially. Of course if you’re really paranoid (ooh, the NSA developed SHA!) you’re probably using
Whirlpool already!
UPDATE: If you really want to check out some amazing .NET implementations of pretty much every encryption / hashing function on the planet take a look at
this , currently has MD2, MD4, MD5, RIPEMD128, RIPEMD160, RIPEMD256, RIPEMD320, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, and Tiger hashes (well message digests which are a little different but still...lots!)!
So I’m trying to install the Avalon November CTP Preview using the MSI downloaded from here – after passing the inquisition (using a virtual PC for testing stuff – I don’t generally register them as they have lifetimes < 30 days) I have downloaded it, twice, run it and it hangs as the start screen. MSIEXEC.exe however is busy hoovering up memory (400MB+) …tried disablign my virus scanner, running on my main machine (which has 1GB ram, just more foor for the MSIEXEC troll), same result. Any ideas???
Do I have to be stuck trying to develop an online payment system using a sodding COM based payment system with a 2 stage payment process...I mean how difficult can they make it! Grr...ah well, the client's paying for my hassle!
Hmm...this is a constant
quandary for me, when to use and when not to use the #region...#endregion tags(?) in code. Currently I tend to use them to hide pointless stuff like ASP.NET control declarations and generally increase redability in long chunks of code (so, parcel up my events, constructors etc...in regions) - but I in no way always do this. Now, a colleague of mine uses this stuff religiously, every class has
- Declarations
- Lifecycle
- General
- Methods
- Properties
; with all the bits all hidden away when you open the file (which incidentally drives me nuts - I'm a code-speed reader and it breaks the flow :-)). So here's a question, when do you use regions and where...and more importantly, anyone know a way to make regions expanded by default???
This is one of these things I am always meaning to do something useful with but it keeps shifting around and I can never find it again. Anyway DotLucene, a full-text search engine for .NET oh, and it's Open Source! Find it
here
Following on from
Part 3 , Eric Lippert has posted
Part 4 of his series of posts on Hashing and security he also discusses Keberos...If you're really into this sort of stuff but not from an overly mathematical background (like me) the best book I've found on Cryptography is
Practical Cryptography by Niels Ferguson and Bruce Schnier this covers pretty much everything the non-NSA employee could need to know about this topic.
Well, sorry I've been light on the posting for a couple of weeks - been a bit caught up in some stuff going on (my uncle died) as well as starting a new project at work. I haven't been entirely away from blogs though, here's a few articles I've been reading recently:
Also been buying a couple of decent books (and a couple of crap ones which I won't mention)
Apart from that, I'm currently looking at using the
XPathNavigator for use in a path-sensitive URL rewriting system for a new application I'm building at work- so urls like http://me/you/other/thisitem.aspx can be mapped dynamically on to a 'sitemap-like' navigation structure. Trying to avoid using RegEx based rewriting ala .TEXT - in mine the path defines the context so I don't need to carry object identity information in the URL e.g.,
http://www.mostlylucid.co.uk/archive/2005/02/04/1649.aspx - in mine I would have the path info as well as the object identity statically mapped in XML (well, editable but rarely updated...). Any opinions / great implementations you've seen of this sort of thing (information on most efficient in-memory storage using binary-search-trees (e.g.,
Scott Mitchell's series on data structures) etc...would be greatly appreciated)
First saw a link to
this stuff here on
Darrell's blog I don't know how any of these I actually agree with (seems more like the ethos of the hacker than a proper methodology)...anyway:
"Hey, I knew that methodology when it was still just a complaint."
"Experience trumps formal estimation."
"Smells like chicken!"
"We do not model for the sake of modeling; we model so that an implementation can be made."
"Fundamentally most software development methodologies strive to improve communication and shorten the time of gaining experience."
"Experience is better than iterations."
"If you know what to do then why don't you do it?"
"Revolution is for visionaries. Evolution is for apes." This one will get me in trouble for sure!
"You know with a flat-head screw driver, a pair of vice-grips, and a hammer you can fix almost anything but you can build almost nothing!"
"Definition of Shared Code: Code that someone else wrote that you don't trust."
"Don't tell me it is my problem and how you want it fixed. If it is my problem I will fix it the way I want."
"A sheep herder is a sheep manager. A shepherd is a sheep leader."
Geoffrey Slinker
THis is a great series of articles - I posted on this
previously -
part 3 covers why you should use a salt (and I've mentioned
how to generate them recently ) . These really are excellent articles!
Oh, thought I should mention, if you're just looking for a really simple way to generate an alphanumeric hash for a password (as opposed to a byte array), the ASP.NET framework has a handy (if extensively named) method for doing this:
FormsAuthentication.HashPasswordForStoringInConfigFile
Grr...so I had to reinstall my work machine after an odd problem with my TCP/IP stack (probably caused by an inopportune disk crash during an install) - not too bad reinstalled in about 4 hours (including Office, VS etc...). Problem is that I had a couple of explorer crashes..no big deal, Off I toddled off to Windows Update; with our work connection this should be pretty quick; well long story short, the download keeps hanging, can't quit or IE shoots to 100% CPU. In comparison, my OSX machine - update has an integrated UI, one button it downloads everything it needs - doesn't hang, doesn't use the browser it's trying to update!
MS really have to get a grip of this type of thing - it's really annoying to have to install 34 critical patches and have the installer hang!
OK, so apart from being a hetero-male...I've just switched the HIP validator thing on this site to use
Miguel's Clearscreen SharpHIP control and I have to say it's incredibly easy to do - no recompilation required, just add two lines to your PostComments.ascx skin control!
Anyway, looks like it's pretty much perfect - you now have no excuse for not commenting!
So, a few (actually, rapidly becoming more than a few) bloggers have defected from
DotNetJunkies blogs to a new blog destination called
CodeBetter (as opposed to mine which could be subtitled 'CodeWorse' :-) ). Lots of good blogs over there including
Brendan Tompkins,
Geoff Appleby and
Darrell Norton three of my favourite bloggers...so good destination (I know Geoff won't let that place become too serious).
One of the most interesting bits for me is that the site uses the new Beta of
CommunityServer:Blogs , the successor to .TEXT - looks like the time is rapidly approaching to update this old clunker too (though I'll probably wait until 1.0 - need the source dude!)
Ooh, wonder if they'd let me cross-post some of my more code oriented posts?
UPDATE: Apparently not...I can take a hint...sniffle...
So, I built a little system last night to use one of my multitude of PCs for something vaguely useful - using
Media Center 2005 (courtesy of MSDN) . Umm...I can't exactly say my experiences were totally positive and it's not really ready for the end-user market! My first horrible issue was an odd error in MCE 2005 complaining that 'Cannot play video as the files required are not installed' as well as a warning that my video card drivers were not compatible with Media Center - not an especially useful error as it turned out, the real problem was due to my internal graphics sub-system (
a Geforce 4 MX on NForce2 Shuttle board) having been set as having 32MB of ram...upping it a bit (basically to anything more than 32MB but I settled on 128MB in the end) solved the problem!
Second problem is the sheer crappness of the built in TV-Guide thingy - I guess my using DVB-T (what we call
Freeview in the UK) has flummoxed it! I have about 4 out of 30 channels available for the guide, the rest have 'no data' - not good and a real show stopper for adoption of Media Center in most of the UK (I shudder to think what satellite viewers would see!). Anyway, apart from that (oh and needing a proper
Media Center remote) it works fairly well.
Some issues do drive me crazy though...I don't know of any way to replace the guide with information from other sources - I know it's possible (for example
this site has one for viewers in the Netherlands) . There's a bunch of stuff around
like this which lets you play around with the settings - but not supporting a simple method of replacing the Guide is not good!
Other bits are mainly to do with the quality of the video output by the system (totally not MCE's fault this time!) video is pretty dark and changing the output via the driver doesn't make much difference - my card, the
Pinnacle 300i does seem a little on the crappy side (one of the indications is that the upgrade procedure asks for your serial number...unfortunately nowhere in the software does this exist - hint - you can use any number)...Anyway, I'll persevere, any tips on using MCE 2005 with Freeview in the UK are gratefully accepted! (An I'll happily review any Media Centers anyone wants to send me ;-))
UPDATE: Umm...yes...seems you can add channels to the list...they are actually in the guide just not hooked up to the actual channels (no idea why) - hooked them up and I have a guide - still crappy picture quality though :-(