Some things I learned about software while watching Die Hard 4.0 and Transformers:

1. A hacker is most of the times a hot chick.
2. A hacker never uses normal operating systems. They have a bizzare OS, that is specifically optimized for their single need - displaying a map of USA with red dots on it.
3. When a computer is hacked into, the screen flickers.
4. Evil hackers, even if hot chicks, will always be proficient at martial arts as well.
5. You can hack a computer system by directing weird sounds at it.
6. Visualization is king - code breaking and pattern recognition are achieved using quick manipulations of 3D images.

…

Web 2.0. Web two o. Web two o. Web two o. Web two o. Web two o. Web two o. Web two o. Web two o.
I am actually typing this, no copy-paste.
Tim, what have you done to us?
Web two o. Web two o. Web two o.
Donna Martin graduates. Donna Martin graduates. Donna Martin graduates.
Can we please just get it over with?
Web two o. Web two o. Two, zero, o.
Two.
Full stop.
O.
Please. Enough.
Web two o. Web to you. Web to me. Web to us.
Toys’R’Us. Don’t call us, we’ll call you.
Have a nice weekend everybody, besos.

…

Here is a major security vulnerability in applications that use the ASP.NET forms authentication mechanism.

Forms authentication exposes a configuration property called enableCrossAppRedirects. It’s default value is false.

However, a simple test showed that this property does not have the desired effect, and it is possible for an attacker to redirect a user to a malicious website from your legitimate login page.

Assuming your login page is at http://www.myapp.com/login.aspx, and login.aspx uses the FormsAuthentication.RedirectFromLoginPage method, the following request will redirect the user to another domain after passing authentication by your application:

…

Summary:

This one is not short. Better sit down.

I am going to discuss a common problem with web controls that are heavy on client-side javascript code and AJAX requests, and suggest a solution I came up with.

Right.

An Example Control

We’ll be working with a sample control. Our control will be a stock ticker control that presents a current price for a stock and periodically gets price updates from the server.

…

If you use dasBlog, the endpoint for Blogger API is:

http:///Blogger.aspx

…

Here’s another short trick for the NMock mock objects framework:

To mock an indexer use the syntax (for the getter):

Stub.On(…).Method(“get_Item”).Will(Return.Value(..));

And for the setter:

Stub.On(…).Method(“get_Item”).Will(Return.Value(..));

*Update*

Via Paul Pierce’s post I found a better way:

Stub.On(…).Get[…].Will(Return.Value(..));

…

This is the second part in an article series about setting up SSL in an ASP.NET application.

You can read the first part here. Go ahead, read it now.

Okay.

Now, that we’ve created an SSL certificate for testing and development purposes, we are ready to make the required configuration in IIS.

Setting Up IIS to Work with SSL

First thing we have to do is configure the web site to use the certificate we created:

…

SSL is the standard protocol to secure communications of web sites and applications. If you are developing your application using ASP.NET on a windows server, making the necessary configurations for SSL is not very difficult.

Unfortunately, while trying to accomplish this task at work, I discovered there isn’t one good source of information to get the whole job done.

In this series of (about) three posts I will try to get you up to speed on everything you need to do and how it’s done.

…

Here’s a look at how attempts to measure quality in three seemingly unrelated scenarios affect the results of what is measured, , and what can we do about it.

We’ll start with measuring in the software development process. Joel often claims that introducing metrics into software development usually does not work. That’s because programmers are smart enough to work around the metric, optimizing the specific thing that is being measured, with the end product not necessarily improving. For example: when you say that you measure programmers by the amount of bugs that are found in their code, they work out a way to get bug reports from QA without submitting them to the bug tracking software or just don’t accept bugs as bugs instead of fixing them.

…

Sometimes it’s amazing to realize how total is Google’s domination in web 2.0 type apps. They have everything. I didn’t even know they have a notebook app. Or an html builder(which is a free hosting service as well).

And then in a review of web 2.0 apps Google gets picked as the top app in almost every category.

Part of the reason for such domination is that they have a broad offering. So most people are already their users. I have a gmail account. So now when they roll out some new service, I can just login with my existing gmail account and voila, I can use the new app. So my barrier to entry is extremely low. It’s easy to test their new app. If it’s good (that’s another important issue) - I become a user.

…