This is the second part in an article series about setting up SSL in an ASP.NET application.

You can read the first part here. Go ahead, read it now.

Okay.

Now, that we've created an SSL certificate for testing and development purposes, we are ready to make the required configuration in IIS.

Setting Up IIS to Work with SSL

First thing we have to do is configure the web site to use the certificate we created:

1. From the IIS MMC snap-in, select your web site, right-click "properties" and under "directory security" click "Server Certificate...".
2. Click "Assign an existing certificate". You should be able to see the self-signed certificate you created. Select it and finish the wizard.

At this state IIS is able to respond to SSL HTTP requests with this certificate.

To test that everything is okay, try to navigate to an existing URL in your application, with https in the beginning of the URL.

Forcing SSL for an application

If your application requires SSL encryption for all traffic you want to force the application to only handle SSL requests.

You can do this on the application level (so that other applications on the same web site in IIS will not require SSL) or on the web site level.

Here's how:

1. In IIS MMC, right click the application virtual directory or the web site.
2. Select "Directory Security" tab and click "Edit...".
3. Check "Require secure channel" and "Require 128-bit encryption".

Now, any request to a URL that starts with http and not https - will receive a 403.4 error from the web server.

Supporting Debugging in Visual Studio

Now that you've setup the web server on your machine to require SSL traffic, you need to update the application URL in Visual Studio in order to be able to run the application from Visual Studio:

1. Right click the project in Solution Explorer and select "Properties".
2. Under the "Web" tab change the value of "Project Url" to start with https.

Auto-Redirecting non-SSL Traffic

Perhaps some of your users will try to navigate to your application via a non SSL URL (most users assume a web page URL starts with http).

You can silently redirect your users to the correct SSL address using the following technique:

Users trying to reach a non-SSL URL will be automatically redirected by IIS to the standard 403.4 error page. First step is to change that page to your own page:

1. In your project, create a new web form called "NonSslRedirect.aspx".
2. In IIS MMC, right click your application virtual directory, click the "Custom Errors" tab and select the 403;4 error.
3. Click "Edit Properties...", select "URL" in "Message Type" and type the address of the page you added in step 1 (for example: /MyApp/NonSslRedirect.aspx).

Try again to navigate to a URL starting with http. You should be redirected by IIS to NonSslRedirect.aspx.

Now, in the code-behind file of NonSslRedirect.aspx, add code similar to the following to automatically redirect the users to the matching SSL URL:

protected void Page_Load(object sender, EventArgs e)

{

string originalUrl = Request.Url.ToString().Split(new char[1] { ';' })[1];

string urlWithHttps = "https" + originalUrl.Substring(4);

Response.Redirect(urlWithHttps);

}

This code will replace the http prefix in the requested URL with an https prefix and redirect the user to new URL.

Want to join me as partner in a cool new startup?
Get in touch: pasha at cohai dot co

SSL is the standard protocol to secure communications of web sites and applications. If you are developing your application using ASP.NET on a windows server, making the necessary configurations for SSL is not very difficult.

Unfortunately, while trying to accomplish this task at work, I discovered there isn't one good source of information to get the whole job done.

In this series of (about) three posts I will try to get you up to speed on everything you need to do and how it's done.

So, on to part one: "What is SSL and How Do We Create a Certificate?". Let's go.

A Short Intro on SSL

(Ugly oversimplification coming at you)

SSL is the standard protocol for (1)authenticating one or both parties and (2)encrypting communication between the parties.

Authentication is accomplished by a party presenting a valid certificate.

Encryption is accomplished in two steps:

1. Negotiating encryption key(s).
2. Encrypting communication using the negotiated key.

Setting up SSL for an ASP.NET App

The basic steps to do this are:

1. Obtaining a certificate for use by the server.
2. Configuring IIS.
3. (Optional) Enforcing the use of SSL by creating a redirection mechanism in IIS and ASP.NET.

Usually, it's desired to create the setup at the development stage so you will be able to develop, debug and test your application in the same structure it will exist come production-time. So, in this post I will explain the whole setup for you developer station (referred to as localhost).

Obtaining a Server Certificate

What's a certificate? A certificate is simply a character string that contains the public key of some entitiy (like your server) signed by a third party. Presenting a valid certificate guarantees to the person who wants to communicate with you that you are who you claim you are (think drivers license).

To have SSL working in the real world you need to buy a certificate from an Authorized Certification Authority (CA) like Verisign, for example. An authorized CA is an organization that is recognized ("trusted") by client software (the web browser you're using, for example). Continuing with the driver's license metaphor, the CA in that case is the state government that issues the license.

A verified certificate costs money and is only valid for the specific machine it was issued to, so for development and testing purposes you can create your own "self-signed" certificate.

On a side note, the fellows over at Verisign are basically charging people 1,500 USD for a short string in a file. Talk about a sweet and sustainable business model - no advertising revenue required, thank you very much.

Introducing makecert.exe

Luckily, on a Windows mcahine you can use the makecert command-line utility to create a self-signed certificate.

It has a s**t-load of arguments, so here is the minimal command you need to run on the machine that hosts the application:

makecert -pe -n "CN=localhost" -ss my -sr localMachine -sky exchange

The interesting bits are:

• -n "CN=localhost" : creates the certificate suitable for use by server "localhost". Remember that every certificate is server-specific.
• -ss my : places the certificate in the "personal" certificates folder.

Last argument deserves a word: to view all certificates installed on your machine - use the Certificates MMC snap-in. Choose "local computer" and you are presented with various "stores" which are basically folders of certificates. To consume a certificate in IIS you need it to reside in the "personal" store of local computer.

There are additional useful arguments to the makecert utility, but the basic ones I presented will get you up an running. If you can see a certificate named "localhost" in your personal certificates store you are doing fine so far.

Stay tuned for the next part, where I will cover configuring IIS for SSL support using the certifcate we created.

Want to join me as partner in a cool new startup?
Get in touch: pasha at cohai dot co

Here's a look at how attempts to measure quality in three seemingly unrelated scenarios affect the results of what is measured, , and what can we do about it.

 

We'll start with measuring in the software development process. Joel often claims that introducing metrics into software development usually does not work. That's because programmers are smart enough to work around the metric, optimizing the specific thing that is being measured, with the end product not necessarily improving. For example: when you say that you measure programmers by the amount of bugs that are found in their code, they work out a way to get bug reports from QA without submitting them to the bug tracking software or just don't accept bugs as bugs instead of fixing them.

 

Where else does a similar situation arise?

 

Example # 1 – Measuring the Risks of Cigarettes

A recent Slate article, Nicotine Madness, discusses how measuring the levels of dangerous chemicals(nicotine, tar and others) in cigarettes, done by the U.S. government since the late 1960's didn't make the cigarettes any healthier, even though the government did punish makers with higher rates of dangerous materials.

The measuring strategy did succeed in one thing. Making the measured properties of cigarettes lower.

Here's why: the measurements are performed by a smoking-machine that simulates a human smoker. Yes, they stick the cigarette in and the machine starts puffing away, recording the levels of the dangerous chemicals. The problem is – it does not really simulate the way a human smoker smokes. Human smokers will smoke in a way that extracts the (ever growing) craved amounts of dangerous chemicals from the cigarette.

So what do the tobacco companies do? Hire the brightest scientists(they can afford it) to develop cigarettes that will score better on the machine tests but allow the smokers to inhale more and more nicotine and tar.

 

Example #2 – Doping in Sports

You have probably witnessed the hoopla surrounding use of illegal substances in sports. Here are some examples.

Am I the only one who feels it gets more and more common for top athletes to get caught using performance-enhancing drugs? I think not. But what else is growing at an even faster pace? You guessed it right – drug testing. The authorities that govern the various sports declared an all-out war on doping and drug testing became a fact-of-life for most (if not all) professional sportsmen. The punishments for those who break the rules get tougher all the time – multiple-year career-ending suspensions are now the norm.

Lo and behold: more and more athletes use the drugs. For every researcher that develops innovative drug tests, there are two who develop drugs that cannot be tested against. Once again, a measurement strategy backfires and makes the result even worse.

 

 

 

So Pasha, What to Do?

First, I recommend you read an excellent book called First, Break All the Rules. The authors suggest some uncommon knowledge ideas to get better results when managing people. One of them is define the goal very well, let the people decide on how to reach it.

This can also be a solution for our "Measuring Paradox":

The problem with measuring is not that it doesn't work. It's that it works. We just measure the wrong thing. What do we measure? We measure some properties that we suspect to be correlated with the desired result. A lower bug count is a sign for a program with few bugs. Lower nicotine levels are a sign for a healthier cigarette. More cheating athletes caught is a sign for a cleaner sport.

This approach doesn't seem to work.

Why don't we, instead of measuring properties that might lead to a better outcome and rewarding for better measurements, just measure the outcome itself and reward for a better one?

Specifically:

1. Award the programmer with a bonus when the software makes money ("profit sharing"). Instead minimizing bug counts she will do anything to make the product a success.

2. Award the tobacco companies when less people die because of smoking. For example – make them pay a special tax that grows with the number of people dying because of smoking-related reasons. Now instead of minimizing machine-tested nicotine levels they will do anything to make cigarettes healthier.

3. Totally allow the use of performance-enhancing drugs, then integrate drug use in the result. For example: if you use drug A – 2 tens of a second are added to your 100 meters dash time. Now instead of thinking how to pass the drug-test, the athletes will concentrate on training for the best result. Using drugs will not give you an edge anyway.

 

The sad truth is that most metric-systems for performance are not very good at improving the outcome. So, the only thing you should really be measuring and trying to optimize is the desired outcome itself.

And don't smoke, it's not good for you.

Want to join me as partner in a cool new startup?
Get in touch: pasha at cohai dot co

Sometimes it's amazing to realize how total is Google's domination in web 2.0 type apps. They have everything. I didn't even know they have a notebook app. Or an html builder(which is a free hosting service as well).

And then in a review of web 2.0 apps Google gets picked as the top app in almost every category.

Part of the reason for such domination is that they have a broad offering. So most people are already their users. I have a gmail account. So now when they roll out some new service, I can just login with my existing gmail account and voila, I can use the new app. So my barrier to entry is extremely low. It's easy to test their new app. If it's good (that's another important issue) - I become a user.

Now imagine potential-competitor-startup-firm launches their super-cool new app. I want to try it, because everyone's blogging it. But I don't want to sign up. Because it will take five minutes. And I will have to tell them stuff about myself. And go to my email (gmail anyone?) and click something to confirm something. And that's no good.

So the number one lesson, I think, to someone who wants to make a new web app is make your sign up process seamless.

And here is a great example - check out Zoho. They have what seems like a very nice web based office suite. But that's no biggie. What really got me (and remember how important first time user experience is) is the signup. It's as quick and as easy to sign up as a new user as it is to log in as an existing user!!

You just tick the "I am a new user" checkbox, and type-in your password twice instead of once. That's it. No personal info. No signup page. No wizard. No email confirmation. The next page you see is the editor itself (I logged into Zoho Writer).

That's fun. And this is how apps should be.

I know I am going to make the signup in my apps like this from now on.

By the way, this post was written with Zoho Writer. And yesterday's was written with Writely (which is Google owned). Maybe I'll post reviews of the apps later.

Want to join me as partner in a cool new startup?
Get in touch: pasha at cohai dot co

Summary: In this short article I will describe the creation of a Visual Studio.NET 2005 macro that speeds up the process of adding localizable controls to ASP.NET web pages, briefly touching on the subjects of ASP.NET localization, regular expressions and world peace.

Not really world peace.

I will assume you are familiar with writing ASP.NET pages and working with regular expressions.

 

 

Intro on ASP.NET Globalization

Globalization is the process of building an application in a way that it's GUI can appear in diferrent languages and cultural formats. ASP.NET 2.0 has some mechanisms that simplify building globalized apps with (relatively) little hassle.

One of the widest used mechanisms is called implicit localization expressions. It works by placing a special attribute, meta:resourcekey on an ASP.NET control in the page:

 

<asp:label id="Header" runat="server" meta:resourcekey="Header"></asp:label>

 

Now, you can create resource files in the App_LocalResources directory of the web project. The resource files must adhere to the naming convention:

 

[LocalizedWebFormName].resx

 

So if the above asp:label is in a file named Default.aspx, the resource file will be named Default.aspx.resx.

In the resource file you can now add resources with names that match the values in the meta:resourcekey attributes of the localized controls and the property names of the controls that you want to localize(such as the Text property of an asp:label control).

For example:

 

When you run the page, ASP.NET will automatically populate the properties of the localized control with the values from the resource file.

Now for the localization part - you can supply resource files for every language and culture you wish to support by creating a resource file named in the following convention:

 

[LocalizedWebFormName].[Language Code].resx

 

For example:

Default.aspx.en.resx

Default.aspx.fr.resx

Default.aspx.he.resx

 

The beauty is that ASP.NET will load properties with values from the resource file that matches the culture of the current thread, based on the current culture of the requesting user's machine. So when a user from Israel will request the page she will get the Hebrew values automatically.

 

Very Cool, But There's a Rub

Now you can build globalized web pages by dragging controls, adding the meta:resourcekey attribute and adding the needed property resources to the resource file.

One problem is that creating even simple pages that contain many controls can become tedious, because now you have to spend much more time on every control you drag to the web page.

How can we automate the process of adding the extra attributes and resources?

 

VS Macros 101

Visual Studio.NET 2005 contains two main customization and extension mechanisms: Macros and Add-Ins. Generally speaking Macros are less powerful but easier to create. Add-Ins are more powerful and are a bit more complicated to create.

VS Macros are actually Visual Basic for Applications code (that's right, no VB.NET and definitely no C#) intended primary for automating repetitive tasks in  Visual Studio.

The easiest way to create a macro is by using the Record Macro command:

 

Recording a macro in this way actually creates VBA code behind the scenes. You then can edit that code and also create new macros programmatically using the Macros IDE. This code can access many parts of the Visual Studio environment such as the files ad the code inside them, via different classes in the EnvDTE namespace.

Good places to start learning about how you can access the various parts of VS are:

1. Automation and Extensibility reference on MSDN.

2. Opening the Macros IDE and reading the code in the Samples project.

3. Recording macros and going through the code that VS creates automatically.

 

Back to the Problem, Macro For Localized Controls

Lets draw an outline for one possible solution:

The user will create the controls normally, then select in the editor all the controls that need to be localized and run the macro. The macro will go through the controls that are found within the selection, creating a meta:resourcekey attribute for each one (the attribute value will be the same as the value of the id attribute) and also creating a resource for each control in the appropriate resource file.

 

Writing the Macro - Adding Localization Attributes to the Web Page

We'll start out by adding a new public method to the macros module:

 

Sub LocalizeControls()

End Sub

 

The procedure is public by default. Private procedures will not be accessible from the IDE and cannot be used as macro entry-points.

We will use regular expressions to find all the ASP.NET controls inside the selection and to append the meta:resourcekey attributes. The following code section does just that:

 

Const ControlsMatchingPattern = "(?<tag><asp[^>]*id=" & Chr(34) & "(?<id>[^" & Chr(34) & "]*)" & Chr(34) & "[^>]*text=" & Chr(34) & "(?<text>[^" & Chr(34) & "]*)" & Chr(34) & "[^>]*)>"

 

Function AddMetaResourceKeyToControls(ByVal ControlsHtml As String)

Dim ControlsRegexExpression As New Regex(ControlsMatchingPattern, RegexOptions.IgnoreCase)

Dim ReplacementPattern As String = "${tag} meta:resourcekey=" & Chr(34) & "${id}" & Chr(34) & ">"

AddMetaResourceKeyToControls = ControlsRegexExpression.Replace(ControlsHtml, ReplacementPattern)

End Function

 

Sub LocalizeControls()

Dim CurrentSelection As TextSelection = DTE.ActiveDocument.Selection

Dim ToReplace As String = CurrentSelection.Text

Dim Replaced As String = AddMetaResourceKeyToControls(ToReplace)

CurrentSelection.Insert(Replaced)

End Sub

 

The AddMetaResourceKeyToControls function receives some text and finds all the occurrences of ASP.NET controls in it. The simplest way to do this is using regular expressions.

Tip: I suggest you use a tool like Expresso for building regular expressions. It simplifies remembering the syntax of regular expressions. It also allows you to test your expressions against some input text and is .NET specific.

 

In this case we want to find everything that looks like this:

 

<asp:[something] >

 

Note that our code will only handle ASP.NET built-in controls for sake of simplicity.

The basic regular expression to perform this is:

 

<asp:[^>]*>

 

Let's further limit ourselves to controls that contain an id attribute and a text attribute:

 

<asp:[^>]*id="[^"]*"[^>]*text="[^"]*"[^>]*>

 

To use the replacement feature of the .NET Regex class we need to use a feature called groups. Groups allow us to temporarily store certain parts of our matches and use them in the replacement pattern. In our case we want to make the following kind of transformation:

 

<asp:label id="Header" text="Hello World">    ->    <asp:label id="Header" text="Hello World" meta:resourcekey="Header">

 

Let's store the whole control's opening tag in a group:

 

(?<tag><asp:[^>]*id="[^"]*"[^>]*text="[^"]*"[^>]*)>

 

So that we can later use it in the replacement. Note the placement of the closing parenthesis. That's because I will need to plant the new attribute before the closing of the ASP.NET control tag.

We also need to extract the value of the id and text attributes for later use:

 

(?<tag><asp:[^>]*id="(?<id>[^"]*)"[^>]*text="(?<text>[^"]*)"[^>]*)>

 

Now, for the replacement pattern. It's rather simple, we take the tag group from the match and append the new localization attribute:

 

${tag} meta:resourcekey="${id}">

 

With the regex patterns set, we can use the Replace method of the Regex class to append the localization attributes to our controls. Note the use of the IgnoreCase flag when creating the Regex class. We want to catch controls that have id or ID attributes.

Replacing the actual code in the document is a matter of calling the Insert method of the TextSelection object in the ActiveDocument.Selection property. That's the current selection made by the user.

 

Adding Resources

Now let's automatically add the needed resources to the resource file. To find the resource file:

 

Function GetLocalResourcesDir()

Dim CurrentProject As EnvDTE.Project = DTE.ActiveDocument.ProjectItem.ContainingProject

For Each Item As ProjectItem In CurrentProject.ProjectItems

If (Item.Name = "App_LocalResources") Then

GetLocalResourcesDir = Item

Exit Function

End If

Next

GetLocalResourcesDir = Nothing

End Function

Function GetLocalResourceFileForCurrentDocument()

Dim LocalResourcesDirItem As ProjectItem = GetLocalResourcesDir()

If (LocalResourcesDirItem Is Nothing) Then

MsgBox("App_LocalResources directory not found. Will not add resources.")

Exit Function

End If

For Each Item As ProjectItem In LocalResourcesDirItem.ProjectItems

If (Item.Name = DTE.ActiveDocument.Name & ".resx") Then

GetLocalResourceFileForCurrentDocument = Item

Exit Function

End If

Next

MsgBox("Default resource file for current document not found. Will not add resources.")

GetLocalResourceFileForCurrentDocument = Nothing

End Function

 

What I'm basically doing here is looking for a resource file named like the currently edited document, with an resx extension, inside the ASP.NET local resources folder. If the item is not found I show an error message to the user. This code can be modified so that the resource file is created if it does not exist yet.

I leave that as an exercise to the reader.

(Don't you just love to read that sentence? I do.)

Visual Studio.NET provides two views for resource files: designer and code:

 

 

 

In designer view we get a nice grid to edit the file, in code view we actually see the text of the resource file, which suprisingly is just XML. In order to add the needed resources, we will manipulate the file as text. So, after locating the resource file, we will open it in code view and make it the active document:

 

Private Sub OpenResourceFileInTextViewAndActivate(ByVal ResourceFileToOpen As ProjectItem)

If (ResourceFileToOpen.IsOpen) Then

ResourceFileToOpen.Document.Close(vsSaveChanges.vsSaveChangesNo)

End If

ResourceFileToOpen.Open(Constants.vsViewKindTextView)

ResourceFileToOpen.Document.Activate()

End Sub

 

Now we are ready to add the new resources to the resource file:

 

Function GetMatchingControls(ByVal ControlsHtml As String)

Dim Matches As MatchCollection

Dim ControlsRegexExpression As New Regex(ControlsMatchingPattern, RegexOptions.IgnoreCase)

GetMatchingControls = ControlsRegexExpression.Matches(ControlsHtml)

End Function

 

Private Sub AddResourcesXmlAtSelection(ByVal Matches As MatchCollection, ByVal AddLocation As TextSelection)

For Each M As Match In Matches

AddLocation.Insert("<data name=" & Chr(34) & M.Groups.Item("id").Value & ".Text" & Chr(34) & " xml:space=" & Chr(34) & "preserve" & Chr(34) & ">" & Chr(10))

AddLocation.Insert("<value>" & M.Groups.Item("text").Value & "</value>" & Chr(10))

AddLocation.Insert("</data>" & Chr(10))

Next

End Sub

 

Private Sub AddResourcesToResourceFile(ByVal ControlsHtml As String)

Dim ResourceFileForCurrentDocument As ProjectItem = GetLocalResourceFileForCurrentDocument()

If (ResourceFileForCurrentDocument Is Nothing) Then

Exit Sub

End If

OpenResourceFileInTextViewAndActivate(ResourceFileForCurrentDocument)

Dim ResourceFileSelection As TextSelection = DTE.ActiveDocument.Selection

ResourceFileSelection.EndOfDocument()

ResourceFileSelection.StartOfLine()

AddResourcesXmlAtSelection(GetMatchingControls(ControlsHtml), ResourceFileSelection)

End Sub

 

The XML of the resource file looks kind of like this:

 

<?xml version="1.0" encoding="utf-8"?>
<root>
  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
 ...
  </xsd:schema>
 ...
 ...
  <data name="SomeControl.Text" xml:space="preserve">
    <value>Control Text</value>
  </data>
</root>

 

We want to append additional data tags at the end of the file. In order to do that we need to navigate the TextSelection object to the beginning of the last line:

 

Dim ResourceFileSelection As TextSelection = DTE.ActiveDocument.Selection

ResourceFileSelection.EndOfDocument()

ResourceFileSelection.StartOfLine()

 

Now we can use the Regex class again to loop through the controls found in the original user selection and append XML to the resource file, using the id and text groups from the regex pattern. That is done in the AddResourcesXmlAtSelection method.

What is left is just to add the call to it in our entry-point method LocalizeControls.

 

Deploying Macros

If you want to use your macros across solutions and share them with other team members, you should create a new Macro Project using the Macro Explorer window in VS. Drag the module with your macro code to that project and save the project. The default saving location for macro projects in VS.NET 2005 is \Visual Studio 2005\Projects\VSMacros80 under the My Documents folder. All the macro project code is saved in one file with a vsmacros extension. You can easily share this file with other people.

To use a macro that resides in some macro project you need to load the macro project using the Macro Explorer. Once you have loaded a macro project it will be available in VS on that machine for all solutions until you manually unload it.

Want to join me as partner in a cool new startup?
Get in touch: pasha at cohai dot co

What's this business with Narnia anyway? Am I supposed to know what it is? Is this like the three musketeers or something? Or is it the new Harry Potter?

Am I too old for this? Or too young?

What's going on? I totally missed it.

Want to join me as partner in a cool new startup?
Get in touch: pasha at cohai dot co

The Official and Unbiased pashabitz.com Online Stores in Israel Reviews - Part II

a) www.maximus.co.il - I ordered a keyboard with English, Hebrew and Russian fonts on it's keys. (Now, make sure you understand that complicated order) Received a confirmation email that my order was processed and will be delivered, that email had the exact (and correct) description of the ordered product. Waiting for like two weeks (!!), nothing in the mail. So I call them up, and some dude, who really wants to help, just can't correctly email me the post barcode with which I can pick up the delivery. Anyway, the keyboard arrives, lo and behold, it's not what I ordered. You guessed right, it has everything (the keys, the board, even that funny cable that connects to the PC), just not the Russian fonts.

I call them up again, not without disgust in my voice, and what does the guy tell me? "Oh, you ordered a keyboard with Russian? We don't have that".

So I returned it. At least that went okay.

"Very bad" on the Bitz scale.

b) www.noacomp.co.il - ordered earphones with a microphone (the kind you use for skype and stuff). It took more than two weeks to arrive! What's that? "Not good" on the Bitz scale.

Want to join me as partner in a cool new startup?
Get in touch: pasha at cohai dot co

Always ready. Motto of the Soviet Pioneers Youth Organization.

 

My Official Packing List (Microft Excel 2003 based, of course) contains exactly 62 items.

Here, as a free-of-charge pashabitz.com service, I provide a pictorial overview of some of the most important, must-have items for your next South America journey. With commentary, by me.

 

                    

South American Handbook 2005, a.k.a. The Holy Bible (pictured left). Don't leave your El Calafate dacha without it. If you don't know Pucon from Bacon, start here. Also wonderful for holding out doors when it's windy and for making chairs for smaller children higher so they (the children) can reach the table.

The IRiver hp120 (pictured right) hard disk based MP3 portable player. Mucho musical can be packed in this wonderful device, for those long 20-hour bus rides. Connects via the ubiquitous USB port. Also can store porn. But no screen, that's in the later models, so you can't watch it on the go. Will be stolen from me pretty quickly.

 

    

Shoes, a pair, size 43 and one third. Lock, with combination.

Great for walking, slightly running, and other land based activities. May be admitted to a good restaurant with, though not without a bribe.

Locks - don't take the ones with keys. You'll lose them or drop them inside an active volcano (and then they're lost anyway). Instead use an unbreakable three digit combination, giving you, hmm, 10-bit strength I guess. Unbreakable.

Dexamol (tm) pills, yellow. Great for ass pain tze-tze fly stings mixing with cheap rum head ache.

 

  

Biffe de Lomo money, in local cash. Provided by the big Or, to pass as-is to the waiter for the fattest peace of cow there. Order pre-written on the envelope.

Real Old-City-Jerusalem crosses, David Shields, plates with pictures of Fish and Chips. Or was it Fish and Bread? Hand out to your local friends you'll acquire along the way, as a sign of gratitude.

 

     

I (pictured left), will carry the goods.

Plastic cup, plastic plate (medium depth), matching colors (in support of the Dutch national football team and the orange growers).

Knife, fork, spoon.

Will be used for eating meals on a trek. A trek is a place you go where there are no people everyone's a tourist, so no one makes food for you.

 

                  

MasterCard with the "Hever" consumer club membership. Nothing like flashing it at the strip club doorman in Ushuaia and getting the 5% off because you're a vet.

Want to join me as partner in a cool new startup?
Get in touch: pasha at cohai dot co

I've been telling everyone who's willing to hear for a while now, that I'm sure that despite all the latest hype, Barca will not win the Champions League this year, that they'll lose to either Chelsea or Liverpool, and that one of the last two will win it all eventually, probably Liverpool.

The first reason is that I had a strong gut feeling about it.

But like they say where I work, "'Gut Feeling' is a name of a fish, and they eat that too". Or something.

The real ultimate and undisputable reason is that Liverpool (and to a lesser extent Chelsea) stand for everything evil in football and Barca stand for everything good. The former play a negative, joyless kind. The latter play the kind of football that makes you love the game in the first place.

Where's the reason, you ask? Simple. Evil always prevails. And more than that, nothing I want ever happens in football. Never.

 

So anyway, yesterday I watched the Barca-Celta game and I'm officially changing my tune.

I say Barca will win the Champions League this year. There's just no other way.

I got this thought when I noticed how much the players, Ronaldinho mainly, are watching themselves during the game. They realize perfectly well how great they've been playing lately. And they know how everything can just crumble down in the knock-out stage. So they don't want to get injured. They won the Liga last year, and they can have it won easily this year, it's just not enough this time.

 

I'll be rooting for Barca come February.

And if they lose, well, they might as well cancel that whole football thing. It's just not working.

 

--*Update*--

Effie Arditti corrects:

"...So now lets take a look at some statistic facts:
Chelsea FC – 19 matches in the league till now, with aggregation of 41-9 in goals...
Please tell me, is there any other word accept excellence to describe it ?
This is evil ?? this is a negative football ? ..."

Indeed, that is correct. I guess I'm just overwhelmed by excitement watching Barca lately, so I 'm being emotional. That's all there's to it I guess. Emotions. Football is pretty cool that way.

Liverpool still suck though.

Want to join me as partner in a cool new startup?
Get in touch: pasha at cohai dot co