I was going to post a few links about Googles new browser 'Chrome' in my weekly Linkification post - but as theres such a flood of information and articles this week I've decided to move them into their own blog post. So here it is:
Microsoft Dynamics GP Multiple (4) Buffer Overflows
The Microsoft Dynamics GP is vulnerable to four heap and stack-based buffer overflows. A remote attacker could overflow the buffer and execute arbitrary code or gain control of the affected system by sending malicious queries to the Distributed Process Server or Distributed Process Manager.
#tenz8 Notes from the Field at NZ Tech-Ed 08 day 3
When | Where | What |
---|---|---|
03-09-2008 7:00 | Hotel | Good morning Lord (at least it's better than "good lord, it's morning!") 5.5 hours sleep not enough |
03-09-2008 9:00 | WEB309 | Jonas on Silverlight |
03-09-2008 9:45 | WEB309 | in Silverlight, all networking is asynchronous |
03-09-2008 10:00 | WEB309 | if (HtmlPage.IsEnabled) useDB else useStub; |
03-09-2008 10:15 | WEB309 | having just seen it quickly demoed, I finally understand MembersipProvider |
03-09-2008 10:45 | SEC201 | largest room is packed for Steve Riley |
03-09-2008 11:15 | SEC201 | steve showed Bush-Blair-Love-Duet. laf! |
03-09-2008 11:30 | SEC201 | steve is an Evolutionist. I am not. |
03-09-2008 11:45 | SEC201 | risk = threat (severity) x vulnerability (1 or 0) x exposure (dollars) |
03-09-2008 12:00 | SEC201 | great stuff, good entertainer, raving liberal |
03-09-2008 12:10 | Lab | bin05 lab authoring ms sql reports |
03-09-2008 13:00 | Lab | i feel it's time (when the refresh laptop arrives next week) to install sql08 and vs sp1 |
03-09-2008 13:25 | Lunch | @freitasm informed me my 2 posts from the field were too big! |
03-09-2008 14:30 | DAT355 | fixed posts but missed first half of Greg Lows talk |
03-09-2008 14:45 | DAT355 | anybody sticking around for dinner tonight? |
03-09-2008 15:00 | DAT355 | Greg is usually better than this but: death by PowerPoint |
03-09-2008 15:15 | DAT355 | presenters: PP is for agendas, not white-papers |
03-09-2008 15:30 | DAT355 | funniest presenter comment (which is also true for me) "I have no inner dialogue" |
03-09-2008 15:35 | Tea | see you Owen. Wellington represent! |
03-09-2008 16:00 | DEV486 | MindScape on da stage. Wellington represent! |
03-09-2008 16:30 | DEV486 | hey! c# has #if debug. VB had that how long? |
03-09-2008 17:00 | DEV486 | extension methods will be useful |
03-09-2008 18:00 | Drinkies | Monsoon Poon 7pm (go dutch) |
SubSonic Workaround and Profile Storage Space Issues
SubSonic Bug Workaround
SubSonic is an Object Relational Mapper (ORM) tool to which I converted a few months back from Strongly-Typed Datasets in Visual Studio. SubSonic is a free open source program. It’s brilliant because you point it at your database (supplying the database connection string) and it generates the code that maps your tables into classes. It automatically generates your Data Access Layer for you. Anytime you need to alter a table structure, you merely re-run SubSonic, et voila, your classes instantly reflect the change. You don’t need to muck around with editing 4 stored procedures like I used to do with Strongly Typed Datasets.
As long as the User ID you specified in your connection string has SELECT rights on your table(s) and/or EXEC rights on your Stored Procedures, then SubSonic will pick that up and make only those objects available. If you want your application to do INSERTS, you also need to grant that right to your User, and SubSonic will auto-generate a method for Insert.
However, I’ve recently discovered a bug, and subsequently the workaround for it.
Problem Description
You can call a stored procedure with the following code:
<quote>
Public Function GetOutstandingRequests() As DAL.RequestCollection
Dim sp1 As StoredProcedure
Dim ds1 As DataSet
Dim dt1 As DataTable
Dim retVal As New DAL.RequestCollection
sp1 = DAL.SPs.SelectRequestsByFilter()
ds1 = sp1.GetDataSet()
dt1 = ds1.Tables(0)
retVal.Load(dt1)
Return retVal
End Function
</quote>
This will result in an error: Object does not exist on the line that attempts to GetDataSet().
Explanation
The bug is that SubSonic cannot instantiate a stored procedure that doesn’t have any parameters.
Workaround
The workaround is to alter your Stored Procedure to always accept at least one parameter and use them to instantiate the object, thus:
<quote>
Public Function GetOutstandingRequests( _
ByVal createdBy As String, _
ByVal responseTypeID As Integer?, _
ByVal seekerID As Integer?) As DAL.RequestCollection
Dim sp1 As StoredProcedure
Dim ds1 As DataSet
Dim dt1 As DataTable
Dim retVal As New DAL.RequestCollection
sp1 = DAL.SPs.SelectRequestsByFilter(createdBy, responseTypeID, seekerID)
ds1 = sp1.GetDataSet()
dt1 = ds1.Tables(0)
retVal.Load(dt1)
Return retVal
End Function
</quote>
Status
If anyone is aware of whether this issue will be fixed in future versions of SubSonic, I’d be grateful to be kept informed (I’m using version 2.1 [Final] at present). Please leave a comment or send me a tweet.
Profile Storage Space Issues
Both Martin and I are experiencing blow-outs of our profile space (currently around 120MB), mainly due to Visual Studio 2008. We can handle it with the handy little Registry snippet which grants us unlimited space. However, logging in and out on the network is taking longer each time.
I wonder if now is a good time to think about and/or investigate the option of running Virtual Machines and moving Visual Studio onto there. I personally don’t have the time to look into this. What are other people’s opinions?
Norman replied:
<quote>
My profile is sitting on 45Mb and I am running VS2008 (VS2005 and VS2003 as well). I am wondering if it is SP1 for VS2008 that is storing a lot more in the d:\Documents and Settings...?
I am a bit wary of the extra complexity of using VMs and think a better option maybe some further tweaks so that VS2008 stores its settings in a different location than d:\Documents and Settings\... . I think most of it is set in the Registry as the options below only cover a small subset of where it stores its stuff
Totally agree we need to do something. Recently I had to test Brochure Template on an EDS Machine in Auckland logging in using my T number. As you can imagine very slow and could not log out (no rights to tweak the Registry).
</quote>
Martin replied:
<quote>
Where is the official source to state the current size of your profile? I was looking at System properties.. Advanced.. User Profiles.. and my roaming profile was 585MB! Is this the same profile EDS tracks? I've culled mine back to 100MB now..
I've cut that back dramatically by deleting the ReflectedSchemas and ReflectedTypeLibs that VS likes to generate all the time.
But it is only a temporary fix, though I plan to write a script to run when I want to log off or shut down that will automatically delete them every time.
Those project and template locations tend to not have much in them unless you are creating your own user templates.
The best solution would be to exclude certain folders from our profile. The only thing stopping that from happening is getting EDS to set it up for us?
</quote>
Summary
I am reluctant to adopt Martin’s idea, as I believe those Reflected Schemas are what IntelliSense generate each time you invoke them, so I don’t want to constantly have to be waiting for IntelliSense every day. Does anybody in the community have any (useful) suggestions?
Flaw Found in Google Chrome;
Security Researchers have annouced the first flaw found in the much hyped Chrome browser from Google:
*** Update *** Flaw Demo included.
The issue exists in the way that Chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27.
This crash can occur without any user interaction.
When a Malicious link is visited, that has a 'special' character after an undefined handler, The browser crashes, with a message "Whoa! Google Chrome has crashed. Restart Now?"
(source: http://evilfingers.com/advisory/google_chrome_poc.php , credit: Rishi Narang)
There is a demo of the working flaw at the source site.
Due to the Open source nature of the Chrome Browser, and the fact that its from such a prominent company I expect this flaw will be the first of many as coders and researchers alike tear it apart looking for flaws.
Mouse over the following link to crash Chrome CRASH CHROME
#tenz8 Notes from the Field at NZ Tech-Ed 08 day 2
Time | Where | Comments |
02-09-2008 8:30 | Breakfast | great conversations |
02-09-2008 9:00 | BIN309 | changed my mind, from ARC to SQL |
02-09-2008 9:10 | BIN309 | is it just me, or does Pat Martin remind anybody else of Malcolm McDowell? |
02-09-2008 9:20 | BIN309 | this class is full |
02-09-2008 9:30 | BIN309 | merge statement is very verbose |
02-09-2008 9:45 | BIN309 | death by PowerPoint |
02-09-2008 10:00 | BIN309 | super dump! should I shout skull ? |
02-09-2008 10:45 | WEB304 | web future starting. @kiwitwitter is in it |
02-09-2008 10:50 | WEB304 | each country thinks broadband speed is better elsewhere |
02-09-2008 11:00 | WEB304 | contrary to all appearances Scottha is not really a Budhist |
02-09-2008 11:15 | WEB304 | reach out and Touch some device |
02-09-2008 11:30 | WEB304 | finally Chris Auld has found his niche: he's a hopeless panelist but a great convenor |
02-09-2008 11:45 | WEB304 | "Silverlight gets us around the limitations of HTML, is the future of the web" |
02-09-2008 12:00 | WEB304 | just realised: unlike 2005, have no time for labs, too many good sessions |
02-09-2008 12:10 | DEV260 | TFS version control starting |
02-09-2008 12:30 | DEV260 | @kiwitwitter it was fun thanks |
02-09-2008 13:00 | DEV260 | death by PowerPoint |
02-09-2008 13:25 | DEV260 | multiple forward integration for each reverse integration |
02-09-2008 13:40 | Lunch | listening to Trika talk about certification |
02-09-2008 15:00 | LAB | doing labs |
02-09-2008 15:30 | LAB | trika was lovely and gracious |
02-09-2008 16:00 | LAB | missed 2 sessions 2 do 1 MVC lab. glad i did but MVC not 4 me |
02-09-2008 16:30 | LAB | im loving sub sonic too much to MVC |
02-09-2008 17:00 | LAB | just did another lab: Test Management |
02-09-2008 17:10 | WEB317 | ASP.NET AJAX SP1 starting |
02-09-2008 18:20 | WEB317 | ScriptManager EnableHistory=true |
02-09-2008 18:25 | WEB317 | @blackmael MVC seems 2 be 3-tier on the presentation layer. y bother? |
02-09-2008 20:15 | Tech-Fest | idea 4 next year: have a dinner on Tuesday for those not inclined to booze |
02-09-2008 20:20 | Tech-Fest | great idea Intergen: earplugs in survival kit |
02-09-2008 20:25 | Tech-Fest | takeaways 4 dinner, heading back to hotel |
02-09-2008 20:30 | Tech-Fest | latte anyone? |
02-09-2008 23:00 | Hotel | Completed compiling Tweats into Blog Post |
Ah... My 5 years with broadband
Pretty sure some of you out there have been using some sort of "broadband" for longer than I have (how much did you pay!?!), but for me, I've been using broadband for 5 years.
[Let's wind back into the past shall we?]
Got connected to Xtra Jetstream during September 2003, during their new Jetsons/Flintstones (whatever it was called) marketing period. Back then, we signed up to the Home 500 Full Speed plan.
500MB and a blisteringly fast 2mbps connection at the low price of just $59 a month!
In those days we barely reached 500MB a month. That seemed virtually impossible, especially from surfing on free service dial up from ISPs like Zfree and i4free.
Overage was at a whopping $0.20/MB! Thankfully, we only got over that only once.
Back then things were really expensive, and not just for Internet. Seriously, we had to go out and get a $200 JetStream Single PC Pack. A SpeedTouch 330 USB Modem and 2 filters (one dual, one single). I do think that we got signed up on a free connection offer, can't really remember or search for it though.
Back then we had trouble even understanding the meaning behind all of this "allowance". We didn't know that the Internet used "megabytes"... we just cared about how long we got online. We consistently managed to get under the limit which was actually amazing. Don't know how... probably because the web was pretty simplistic back then still.
So over the years we changed plans...
- 2005: JetStream Everyday
1GB @ 1mbps/128k
$44.49
We had to sacrifice half our speed for double the allowance - tough for me especially, when we were used to great speed at 2mbps!
- 2006: Discover
1GB @ 1mbps/128k
$44.49
Nothing different from Everyday, just a name change.
- 2006: Go
1GB @ 2mbps/128k
1GB @ Full Speed/128k
$39.95
The "unleashing" of the Internet - need I say more? A price cut and a speed increase helped make my Dad finally realise the potential of the Internet now.
- 2006: Go Large
Managed @ Full Speed/128k
$49.95
No need to say anything here other than we were on it for 2 months!
Then Telecom lost another customer. The freshly bought over ihug was the next to welcome us.
- 2007: broadband 2
5GB @ Full Speed/128k
$40.00
We only truly survived on it for around 3 months. We always went over 5GB easily. I'm wondering what I did 4 years back.
- 2007: broadband 3
Managed @ Full Speed/128k
$50.00
Finally had a crack at the managed plan. We kept our promise to go under 500MB per day over a 3 day average - but we had some splurges sometimes, until ihug got around to change everything
- 2008: Ultimate pack
20GB @ Full Speed/Full Speed
=$50.00 (equivalent broadband price)
Vodafone eventually took over the ihug brand, and we were welcomed to the world of max upload!
Fast forward to today - 20GB from Vodafone for $50 (the eqivalent price of the broadband), and now you can get modems from as low as $50 from them and they've got contract offers with free connection and modem.
Broadband speed used to be able to consistently reach the rated speed. It was great. About 3 friends I knew back in 2003 actually knew what broadband was. Who knew that the Internet was possible without tying the phone line? Who knew that the Internet was to evolve into what it is now?
But now with increasing saturation of customers in an area with broadband, everything feels different. Everyone's got broadband now, and most have at least chosen the 3GB Go plan from Telecom. My neighbours probably have broadband.
Things have changed alright.
But I'm not really celebrating now - broadband is now a part of daily life really. I've come to enjoy having it by my bedside.
That was the broadband journey that still continues to this very day... just shows how fast people develop the habit of surfing the Internet everyday just in a matter of months. No wonder New Zealand's broadband is so useless.
When did you discover the world of speedier Internet?
Where was broadband first introduced to you? (At work? Some random cafe? At home stealing someone else's Wi-Fi?)
How much did you first pay for broadband?
Leave your comments below.
Mythtv, xvid, and my PSP
When I first started fiddling around with Mythbuntu I (like everyone else) needed to know how to get the video off the myth host into something less annoying than the nupplevideo format it records in. (if you are using a BT analogue capture card, that is)
iTunes 8 actually runs quite well on xp.
I got a huge surprise! It's quicker to sync and eject and scrolling through things has less lag.
But it IS bloated. The grid view wants to thumbnail all your art everytime you start unless you tell it "never" and the "genuis" feature is still sorting my library after 4 hours.
I made the mistake of closing itunes while this was still running, and while this didn't restart the whole process, it did make me go through the terms and conditions again.
Overall, I'm pretty happy so far... but time will tell (if genius bizzo ever finishes).
No comments:
Post a Comment