When I wrote the ASP.NET book I pretty much lived in Reflector 24/7 to figure out all the gory implementation details. Back then it would have been great to be able to simply set breakpoints in some of the low level classes like HttpRuntime or modules.
Fortunately this is now possible, here's a quick walkthrough:
* Set up your Visual Studio to work with the new .NET symbols. Also have a look at the various symbol loading options you have. * Open an ASP.NET app * Set a breakpoint somewhere in your code (e.g. in a Page_Load) * Let the debugger hit the breakpoint * Open the call stack window and navigate up the stack, e.g. to HttpRuntime.ProcessRequest or Page.ProcessRequest * Set a breakpoint (use HttpRuntime.Init or the (c)ctor to step through the whole initialization process) * Right click the breakpoint, select location and check the "Allow the source code to be different from the original version" option. * Debug again. The debugger should now hit the breakpoint in the ASP.NET infrastructure class * Depending on how early in processing you set the breakpoint, you may have to recycle the AppDomain to start over. Simply make a change to web.config and save to trigger recycling.
This is a reminder for me to try again at getting ASP.NET Regex Validators to fail. I tried a few months ago while waiting at the airport for my connecting flight. Other than making the Regex.Match thread hang with backtracking I was unable to make the regex validator fail.
I was only poking around with Reflector before, but thanks to Dominick Baier for reminding me that I can now hook a debugger to the code I previously couldn't.
Created by Academy award nominated director Fredric Golding and presented by Fortify Software (www.fortify.com), The New Face of CyberCrime gives a face to the criminals' intent on hacking into your systems today. Who are they? How do they think? What makes them successful? You'll also hear candid interviews with many industry leaders and executives of large organizations taking steps against these attacks. Understand how they think about these threats and what they are doing about them throughout their companies.
“HACKERS, welcome! Here are detailed circuit diagrams of our products — modify them as you wish.”
The OSD is a versatile recorder. Using a memory card or a U.S.B. storage device, it saves copies of DVDs, VHS tapes and television programs from satellite receivers, cable boxes, TVs and any other device with standard video output.
Because the OSD saves the recordings in the popular compressed video format MPEG-4 (pronounced EM-peg), the programs can be watched on a host of devices, including iPods and smartphones. The OSD is for sale at Fry’s, Micro Center, J&R Electronics and other locations for about $230.
With AppJet, you write your entire app using JavaScript, including the server logic and database. This simplifies the process of building a web app, because it lets you do everything in just one language. JavaScript is easy to learn, but still pulls its weight for advanced uses. In fact, the AppJet site itself and the AppJet framework are written in server-side JavaScript.
The first thing I thought of when I saw this is a web hackers wet dream. A host and framework for creating javascript apps with easy hooks for storage and HTTP request/response objects.
Dominick Baier came up with a good idea to extend the HtmlEncode() and UrlEncode() methods to implement Microsoft's AntiXss version of these same methods.
Part of the research I've been doing on static analysis has included identifying sources of potential tainted data in ASP.NET and the source-sink connectivity. During analysis if a source passes through a sanitizer we don't flag a vulnerability. Even if that sanitizer is a worthless piece of shit. (Yes, I'm talking to you...people who like to use .* in your Regex validators) We already provide pre-built validators in the product I work on, but what if we could also reduce the number of unsafe ways data is used in a program. Which brings us back to Dominick's use of Extensions. Imagine if the user could use a "Secure" Label control or a "Secure" Databound Literal control that would automatically filter a XSS attack when the Text property is accessed. Of course you could achieve that type of functionality without Extensions but I thought it was an interesting use of the new language feature.
During normal operation or in Safe mode, your computer may play "Fur Elise" or "It's a Small, Small World" seemingly at random. This is an indication sent to the PC speaker from the computer's BIOS that the CPU fan is failing or has failed, or that the power supply voltages have drifted out of tolerance. This is a design feature of a detection circuit and system BIOSes developed by Award/Unicore from 1997 on.
"Fur Elise" would be much more pleasant than an error message or a droning beep. "It's a Small, Small World" on the other hand is straight annoying.
This guy built a motion sensing water gun to scare off the rabbits intruding on his garden. His goals for the project were:
# Must have automatic fire ability # Must be able to detect motion # Must be able to record the event # Must be able to turn off auto fire mode and take on manual control # Must be able to "Water the Lawn" # Must be able to cover a 30 foot field of fire # Must have a range of about 25 to 35 feet # Must have the ability to work at night with all of the above features # Must be able to Play back any recordings and laugh while sitting on the deck drinking a beer.
For supplies he used: # X10 120 volt outlet # X10 Transmitter and Receiver # X10 Libraries that would work with C# # In ground sprinkler solenoid # Phidget single servo board with servo # Phidget C# libraries # PVC pipe, Copper Ice maker pipe, and a few other plumbing parts # Old computer, 1.7 GHz with a gig of ram # USB Web camera
He also used AForge.NET which is a C# framework designed for developers and researchers in the fields of Computer Vision and Artificial Intelligence - image processing, neural networks, genetic algorithms, machine learning, etc. http://code.google.com/p/aforge
School: Did you really name your son Robert'); Drop Table Students;--? Mom: Oh. Yes. Little Bobby Tables we call him School: Well, we've lost this year's student records. I hope your happy. Mom: and I hope you've learned to sanitize your database inputs.
HAHAHA! Sweet.
To be fair, you shouldn't sanitize user input, you should validate it.
A hands-on look at Microsoft’s new Surface computing platform
Topic: Technology
2:14 pm EDT, Oct 1, 2007
I learned a few new things about the Surface computer.
It utilizes Microsoft's XNA Development framework. Which is an extension of the .NET framework to allow easy development of Xbox and Windows games. I've used XNA to make a clone of Oasis and I can personally vouch that is makes developing cool graphics very easy.
Mint allows you to view all of your banking and credit card transactions side-by-side, making identifying all of your transactions much easier and faster than ever before.
How does this help you? We make it easy for you to track down erroneous charges or bank fees, and keep a closer eye on your money.
Mint even lets you label your transactions so you know what bills you need to split with your friends or roommates, know which ones need to be reimbursed for your company, and more.
