Sikko2go Blog

Last Post, farewell

2005-01-13T15:51:00.000+01:00

I'm not completely stopping to blog, but from now on I want to go under my real name, and not under disguise anymore, as I did until now.
Therefore I'm quitting this blog. I hope you had a good time reading these ramblings, my two dear readers. Had a good time around here, but it's time to move on. Actually my opinion about blogging under alias has hanged considerably: at the moment I don't see the point in *not* writing under your own name.... sorry
Goodbye and thanks again for your interest

JavaScript SyntaxHighlighter

2005-01-03T11:49:00.000+01:00

Just found a great Syntax Hightlighter. It consists basically of a JavaScript file, while you can easily copy and paste your code in a <TEXTAREA>. Works for VB(.NET), SQL

(via)

Sikko2Go's newDiscoveries

2004-12-21T16:48:00.000+01:00

Server Side Guy
Chris Justus' Blog about bug tracking, web services etc. Bumped into it via del.icio.us popular, referring to an article about how the newest feature originating from Google
Google Suggest works. Definetely worth a read!

Make Acrobat Reader 6 Load Faster
I'm always looking for ways to make my digital life easier, and this especially was one of the annoyances I had. I'm doing all my homebased surfing on a 128MB Pentium-III/600 laptop. It works OK as long as you're not starting apps for the first time. the Reader takes about 50 seconds to completely 'boot' and display a document

On Speaking Terms

2004-12-21T16:44:00.000+01:00

On of the things making it difficult for me as having no CS background, is the words people tend to use every now and then ...what on earth is a property accessor (fifth paragraph) anyway?

[disclaimer: please note the aforementioned blogs is a very good one. It's even in my subscription list. I only referred to it having a slightly geeky style, showing more knowledge on the subject, and / or more having a slightly :) more substantial audience than my own little blog]

Prductivity is linearly related to concentration

2004-12-14T15:48:00.000+01:00

Read a very interesting post over at the Coding Horror blog, called This is your Anti-Productivity Pod

It's a wonderful explanation of what I see the main problem at my work: productivity loss due to an enourmous amount of distraction during the day. I'm working in what we in the Netherlands call an office garden, a huge open room in which about a dozen people work, make telephone calls, talk about their children and last holidays, about politics, about ... well, work-related stuff also. Besides, there's no real hallway, that's on one side of the open room, so lot's of people are passing by. Apart from that, in my function I try to combine being a programmer and sysadmin at the same time. So there's a low bar for people to access me with all kinds of questions. Of course, that's what I chose for when accepting this job, so I shouldn't wine.

However, I try to cope by trying to judge whether questions asked orally can also handled by email: in that case I ask people that the next time they fire up Outlook for these kind of things. Also, I power down my mail client every now and then. Another thing is: I try to be in the office around as early as possible, giving me about an hour of quietness before most of my coworkers arrive.

What I do recognize is the much bespoken rule of 15-minutes-till-flow-arrives. In my case it's maybe in the order of ten minutes, but even then it's very irritating to be disturbed just every quarter of an hour. O, and what also helps is just opening up a window every now and then: the airco is just not capable of preventing headaches cropping up in the course of the day. Well, a whole bunch of them, all by itself small things, but combined they help me tremendously in coping with the everyday noise factor here at the office

Loads of freeware, yummie

2004-12-08T20:53:00.000+01:00

Check out http://www.techsupportalert.com/best_46_free_utilities.htm, a list with lots of freeware programs. I'm really fond of freeware, as long as it's also free of bugs. Already seen my favorite text editor EditPad and 'brain'program KeyNote. The last one is a 'tabbed notes' program, an excellent way to store all kinds of information in an easy way.

Via The Daily Grind and Joel's Virtual Desktop

Addicted to Del.icio.US

2004-12-04T22:35:00.000+01:00

Discovered yesterday what Del.icio.us is. Of all the things it is, the most obvious to me right now is: addictive! What a great, being a bit geeky text based interface, way of exploring the internet. It's just so simple and intuitive... don't hesitate and just give give it a try
Just wanted to let you know...

I've made The Switch

2004-11-13T22:12:00.000+01:00

At my home machine, today, I finally decided to remove myself from the Administrator list. Actually, I was convinced by reading about it in a computer magazine. Thought: well, when mainsteam magazines are starting to write about running as non-admin, I'm actually a bit due as a developer. It feels so good, now that most (all?) recent worms and virii are only able to wreck havoc on my personal profile, instead of destroying the complete machine. So far, the only trouble I've seen is that I'm not able to change system time :) O, and the other thing, a bit more problematic, is that runas only yields errors after trying to run it (and entering the admin password, in case you wondered):
"RUNAS ERROR" Unable to run - explorer.exe 5: "Access is denied"
Well, got some Googling to do for now...

Dressfullness

2004-10-27T21:45:00.000+02:00

This is a stupid test to see whether Google will pick up this word, which can not be found in it's dictionary so far. So, dressfullness is the word. I'm just curious whether people are actually searching for this word. Chances would be very good I estimate, that someone will click when they see this one and only link.

Fresh Inspiration: logging-/debugging tool

2004-10-27T21:38:00.000+02:00

Reading "How to be a Programmer" by Robert L. Read, I felt inspired by the part on debugging. Thought to myself: well, my not using real debugging tools lead almost always to Debug.Print debugging. How often do I find myself putting Response.Writes on ASP pages and Debug.Print in VB code. Or... even MsgBox come into play sometimes. Wouldn't it be nice to have an abstract class which I can call, and which handles the debugging/logging for me. So far I set up something simple which just writes some info to a logfile. For me, it's easy working like that, because I can have an Editpad window with automatic refreshing open on the log. So far I can thing of the following features:

choose debugging (immediate/debug window) or logging (file) mode
loghandling: overwrite existing file, append new info, or use multiple files based on datetime
handle verbosity, logging level: low, medium, all?

What do you think: is this the mother-of-super-dullest helper apps, or can it really be interesting? So far, I tend to the former, negative side, as for the usefulness to the community this can be. I am the last to say there are no logging applications so far. But being it the mother-of... it can still be a good learning experience for me. And something to keep me up at night, if both my son, and his soon-to-arrive brother or sister aren't already doing that :)

"Open Office" at the Public Prosecutor

2004-10-13T14:48:00.000+02:00

These days, here in the Netherlands, we have our own little security scandal. Let me introduce you to the story: a public prosecutor by the name of Joost Tonino in Amsterdam saw his PC affected by a virus. He couldn't get it to boot anymore, and thought he might just as well throw it away . An effective means of getting rid of a machine is, of course, to put it bluntly on the street as sewage to be taken away. And that's exactly what he did. You can read more on the story e.g. elsewhere, but there's lot's of English language stories on the subject, so you don't need to master the Dutch language in order to understand the story. It all started with a cabdriver who took the machine home, was able to get access to the unprotected hard drive, and read all of Tonino's personal and confidential stuff. There was an abundance of info related to recent criminal lawsuits in our country. Couple days later, the story continues as some cracker hacked the personal mailbox of the man, which email address was already shown in a Dutch crime fighters' TV show. The password was supposedly communicated (I haven't seen the program myself) but was subsequently already changed. I can imagine how much of a trigger this can be to some, to give it a try... Why at least something so trivial as this personal email account, free to acquire, was not immediately taken out of use is beyond me. This morning the latest news is that the Tonino has resigned from his function.

Well, my point is not to discuss how stupid it is to put your machine on the street just like that. Nor do I want to talk about or the to put highly sensitive information on an exposed free mailbox by one person. I think the background is much more interesting. Supposedly people in these positions, who handle information about matters of life and death, are able to do things like this. This was an accident, but it would be quite naive to think that it doesn't happen on a larger scale. Also the Public Prosecutor's Office (Openbaar Ministerie) won't be the only government organization affected. Maybe this happens on a much larger scale than I can even think of. It gives me the shivers imagining all the information flowing around the unprotected. Now, it is said that the Justice Department should take preventive measure, but of course that's nothing more than an automatic reaction. This is 2004, we have the opportunities to prevent these things already for years. Let me enlighten you:

The first they thing should have done - not now, but in the not so recent past- is to have a security audit team investigate information flows in the complete organization. It will show quite soon that there's a lot of information that maybe shouldn't cross the internet at all. This is something that should be discussed with all employees involved. They should be communicated clearly the dangers of letting sensitive information flow outside the organization. In my point of view, it all starts with having everybody involved understand thoroughly what's going on. Once it's common knowledge that information os an important asset worthy of protection, you can talk about the specific course of action. In this case an obvious point would be to have no work related information go to personal external mailboxes. There are ways to enforce this, such as monitoring the internet usage, or scanning where documents are sent to. Furthermore a more rigid way of working should in no way inconvenience the employee's way of access to vital information. Think VPN's or other ways to log in to the network securely (man, it is even imaginable to have dedicated lines from the employee's private home to the court. It probably is not feasible for everyone, but for people in positions like the prosecutor is in, it should be given at least some thought. Btw, I heard on the radio the Dutch Parliament connects this way to their network, on machines which are not used on the internet; you have a closed circuit this way, which is of course much more safe. As an aside: even in the NSA there have been computers intended only for internal use been compromised by viruses because they were connected to the internet. So how much of this info is true, I wouldn't know).

But, we were talking VPN's: one should be careful about client-side trouble, so a remote machine must be protected adequately. There are ways to enforce this. It's more or less trivial these days to have secure access to the work environment. If we, with our very small company can handle this, why can't the government? They have some of the smartest hackers around at the Forensic Service, they have a Secret Service who knows how to break in to mailboxes if they want to; so they also know how to be secure, one would think. The correct way to handle this is not to require the Justice Dept to take appropriate steps to prevent this in the future. No, one should on a much higher entry point think about all places in the government where sensitive information is handled. How are we going to secure all these information streams in appropriate ways? How are we going to learn employees how to work securely. Not in all cases it can be prevented I think, that information will cross the internet. In that case, use SSL, VPN's, personal email certificates or other measures. These encryption tactics are certainly not the whole picture, but can be a good enhancement. Awareness and appropriate employee tools are just as important. You can tell everybody on a monthly basis how dangerous it is to zip your stuff and mail them home, but if there's no suitable solution to access information from home, this *will* happen in the end.

Of course, no meaure can create a 100% secure organisation, where never, ever any sensitive information will get in the open. In the end there's always people involved. Someone somewhere can be bribed, someone bears a grudge, or whatever. No hardware, electronic tripwire, encryption software or what have you will prevent someone to put something on a diskette, print information out and take it home, etc.etc. You get the point. Information is always a trade-off, as Security Guru Bruce Schneier uses to say. These days, budgets are tight, and never can we be completely save, but surely we can do something valuable with our money. Just as in medicine it is just not possible to always treat everybody with the most expensive / most effective drugs, we also have to take care where to put our money.

Just to tell you I'm still here...

2004-10-12T11:32:00.000+02:00

Just read a nice article by Mike Gunderloy of Coder to Developer fame, Query Analyzer Tips and Tricks. Although I'm working in the Q.A. almost every day, there's still some things I didn't know about. Point is, as soon as you find a way how to do something, you stop looking for quicker shortcuts (assuming doing it your way is 'fast enough'). Therefore it's good to never stop reading, and learn something in the process...
[aside]Btw, when I stopped blogging more than two months ago, I was curious whether I would quickly feel the need to continue writing. As it turns out, this hasn't really been the case. Only sometimes, when new security troubles loomed onthe horizon, e.g. de recent ASP.NET Canonicalization issue, I thought 'man I should blog this'. But then, dozens of bloggers just did nothing other than just reporting this, and referring to the aforementioned site. So, what could have been my contribution other than repeating what's already been said?
Maybe it's unfortunate, this lack of blog urge; maybe I'm just not much of a writer. Well, I guess you'll be hearing something of me in the near future, only I don't know how near. In the meantime, can you please please let me know you are also still there, beloved reader???

Why shoulnd't I just stop blogging?

2004-07-28T16:36:00.000+02:00

I feel exactly like decafbad wondering why he would be recycling all the news the rest of the world is talking about. Well, at least he has 889 subscribers using Bloglines (and I guess a lot more in reality) as of today, which is much.. really much more than I have :) This means there's probably more than a thousand people who care about what he says. That could be some stimulant maybe? Well, as for me, I'm actually very surprised that you're even reading this, as chances are very very little that you would. Anyways, the point of this post: there is just so much happening outside which I just want to know about. And then, having read all stuff, I'm just tired, having no idea what's interesting anough to blog about. Is there really anything that you user want me to talk about. Then please please let me know, because me is out of ideas and on the brink of quitting

I'm not a social animal. or am I?

2004-07-28T16:33:00.000+02:00

[back from 3 weeks of lovely analog holidays, hence the lack of recent posts ]

I never felt attracted to social software like IRC (chat) and more recently Friendster, Orkut and its ilk. I'd rather speak to an analog person than with someone while bashing on my keyboard. Besides, this new flood of social thingies seems to overwhelm you with loads of friends, friends-of-a-friend, and friends-of-a-friend-of-a-friend. This way, George W. Bush is probably even a friend of mine :( Furthermore, I rather read than type / comminucate in the digital world. And ....my dial-up connection rules out a lot of possibilities to explore.

Posting from Tech Ed

2004-07-01T11:53:00.000+02:00

Just a little info here from Tech Ed 2004. I already set up a post yesterday. Unfortunately, that one was saved into the Drafts of Outlook 2003 on one of the 400 or so Dell around here, which are free to use. Thought saving in Drafts was safe, but unfortunately the post disappeared the next time I logged on again. I’m not one of the *many* fortunate owners of an own laptop with wireless connection here, so have to wait in line sometimes because it’s only during session time not all machines are taken permanently. And the wireless is used massively.
I won’t really blog about the technical details, new announcements which are made here. Feels a little bit useless because I’ve already seen a lot of people talk about the new version of the Studio Suite (the Express line), and some other interesting stuff. Just go to Tech Ed Bloggers If you want to read more.
Monday at the keynote we heard already 2500 of the 6000+ users used it so far. And back then Tech Ed had just officially started (well, apart from Mondays Pre-Conference Seminars of course).
The atmosphere is really a bit geeky around here. Everywhere people are phoning, PDA’sing, just sitting around with notebook on their laps etc. Really funny to see. On the other hand you can easily feel a bit lost in the crowd. There’s just so many people, you can find yourself sitting in sessions with maybe 1000-2000 visitors. There’s only on colleague around here that I know, but he of course has a bit of his own schedule so we only see each other about twice a day.
Furthermore what can I say: the food is really good, a healthy warm lunch, muffins in the morning, snacks in the afternoon to pick up literally at dozens of places. All kinds of free drinks of course; and hey, there’s also a Health Bar, with several kinds of salads to enjoy.

.Stories of a .NET Newbie (5)

2004-06-21T14:08:00.000+02:00

Today there was another of these learning moments. I have this Public Class where I store all my global business related code. Now what I did was defining my first Public Function CheckCredentials(ByVal username As String, ByVal hPassword As String) which, AFAIK, can easily be called by:

CheckCredentials (txtUsername.Value, hPassword)

However, running the code produced another runtime error

Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.

I took me awhile to find the origin of the error. This was mostly due to the fact that I thought the function was called with the right parameters. After some testing I realized the function needed to be shared, e.g. make it Public Shared Function

Somehow, one hopes that troubleshooting with in the end become easier, after one has done his fair share of it. But it turns out every time that there's always a new error to be learned from

UPDATE: .Stories of a .NET Newbie (4)

2004-06-18T09:18:00.000+02:00

1) Starting today I'm using Charles Carroll's Utility Belt ASP.NET library. It's been long since I've seen something so easily incorporated into a development project. And the way .NET handles libraries is just cool. Of course you could just as easily add you own classes, dll's and what not in VS6, but now it just seems so much easier.

2) Cast is giving me the creeps. In ASP doing something like Response.Write varname was a very easy way to put some Session variable or whatever to an asp page. But now, you put a label on the right spot on you page, and then you add to the code-behind:

lblUser.Text = Session("username")

At least, that's what I thought. lblUser.Text Is obviously a string, just like the Session variable. Nope. System.InvalidCastException: Cast from type 'HtmlInputText' to type 'String' is not valid

.NET *really* is an adventurous travel for me...

UPDATE: I'm feeling such a 'n00b' because after just a little reading about sessions I realised you can just as easy bind Objects to a Session. And that was exactly what I did with the following code :)
Session.Add("username", txtUsername)
txtUsername.Value would have been a lot better...

TechEd Europe 2004 is coming to town

2004-06-15T13:10:00.000+02:00

Rumours all around the globe, now that the Web Application of the TechEd Europe 2004 has gone live yesterday. Inside the app you'll get a temporary email account on Outlook Web Access 2003 (which is looking *very* slick, b.t.w.). Also, there's the possibility to make a complete schedule of the conference, as the complete program is now finilsed and accesible. I must say, I neede almost 2 hours to read through all 300+ programs and make a desicion on which one to visit.
Sometimes I really want to be at 3 places simultaneously...

.Stories of a .NET Newbie (3)

2004-06-15T08:41:00.000+02:00

1) From the MSDN Help:

"Applications that implement role-based security grant rights based on the role associated with a principal object"

Well, it sounds less hard than it is actually; at least to me. This Principal thing is a completely new concept to me. I know Users and the use of adding them to Roles of course, but first I totally couldn't grasp why one would use something on top of the User/Role scheme. Well, something to dig into some more the coming days.

2) Man, has Data handling become a simple matter. I'm communicating with my SQL Server now without having written any line of code, right from within my web pages! I always used something like the following to make a custom connection:



Set rst = New ADODB.Recordset

Rst.LockType = adLockOptimistic

Rst.CursorType = adOpenKeyset

Rst.Open "SELECT * FROM MyTable WHERE user = " & verifiedString & "'"

Do Until Rst.EOF

...dostuff

Loop

Rst.Close 

Set Rst = Nothing

But now... I opened up the Server Explorer, use the GUI to add a new connection to the SQL Server in the IDE. After entering the password the whole wealth of SQL Server unfolds itself right into the IDE. I can even make table changes on the fly if I want. But, what you're basically doing to enable paging is the putting a Table or Stored Procedure to your form. This automatically adds a SqlConnection1 and SqlDataAdapter1 to the so-called component tray area. No with basically some right-clicking here and there you set up the database connection; set a couple of details like the numbers of rows on your page, the kind of record selectors, and you're done. No more debugging unnecessary, repeating code with lots of typos, or hidden errors which only show up at runtime etc, etc.

For the first time in years coding has become *real* fun again

Sikko2Go LINKS

2004-06-12T16:53:00.001+02:00

(all via Robert Hurlbut's .Net Blog )

Things I want to check out for myself the next week

Demo video of Hatteras, the new Microsoft Source Code Control software
SQL Server Best Practices Analyzer Tool; just curious to see if I can use it at work
Visual Studio Team Software:
1) links
2) video

About the Team software: I saw so many postings about it, that I just want to see for myself just what it is and how it works, not to use it in my own environment

.Stories of a .NET Newbie (2)

2004-06-11T14:17:00.000+02:00

And the story continues...:

1) I tweaked the web.config settings a little bit, more precisely in the authentication section. Immediately the IDE came up with a big Microsoft Development Environment "Error while trying to run project.. etc" and mumbling on for a couple sentences about all kinds of things not being OK. Me knowing I only changed some lines in the web.config, pressed Ctrl-Z until I was back from where I started, and everything was OK. Then I realized you can watch the web.config -being an XML file- in 'xml' mode and in 'data' mode. Now I know I should, after changing something here, first check data mode to see whether we're speaking well formed XML here. The 'data' mode will tell you did. Or is there a better way. I don't see any options to further kind of debug the web.config file?
Anyway, be careful with your brackets here.

2) Wow, I thought: .NET does data paging automatically now. Let me just put this DataGrid1 on my Form, set AllowPaging to True and PageSize to 5; run it!. Well, another .NET error popped up telling me "System.Web.HttpException: Control 'DataGrid1__ctl9__ctl1' of type 'DataGridLinkButton' must be placed inside a form tag with runat=server."
The funny thing is that the datagrid pulled it's data from the SQL Server with no problems without paging. So I wouldn't expect an error like this. But well, the message is actually quite clear, so it should be fixed in a sec. So I switched over to 'html' view to see that the DataGrid was automatically placed in a Web Form already present on the page. So cut-n-paste it out of here, surround it with some form tags <form runat=server> and there you go. Only, what happens next is that I have page one with records 1-5, and clicking the 'next' doesn't yield records 6-10 which are clearly present in the table. The page refreshes only to come up with the same 5 records again, and no error message.
What to do now? This desperately calls for an event handler. But after having added some code to the DataGrid1_PageIndexChanged Sub in which the PageIndexChanged property decides to load a NewPageIndex, the Grid disappears from my screen when going the second page. Hmm... do I go on on this path, or am I heading in the wrong direction, meaning I should stop and start again from scratch? This is oftentimes a difficult desision to make for me. Well, I'm stopping this entry now 'cause I have to fix something and don't want to bore you with more of these details which are surely quite uninteresting to you, o highly experienced .NET developer.

.Stories of a .NET Newbie (1)

2004-06-10T12:53:00.000+02:00

Lately I've been doing some development in VS.NET 2003 every day now, so I thought I 'd start writing about it. There's just so much things to the language, and almost everything I do in the wonderfully overloaded IDE is new for me. It feels kind of 'fresh' for me after working for years with Visual Studio 6. Well, let's not spend too much words here, just give it a start.

1) This morning I realised I opened a Web Project on the local disk, which is not very good in case it's crashing. To overcome file loss, I sometimes do things like zip directories and place the zips on a network drive, labeled with some identifier (mostly the current date). But I figured there should be some option to transfer all a solution's files to another drive.
My eye immediately fell on the / Projects / Projectname Properties menu option. There you find an option 'file share', which can be changed. It was no problem to change it. However the next time I opened VS.NET I got a 'Web Access Failed' complaint from the system about localhost/webproject1 and this file share not matching. Well, I can imagine that. But how have the virtual directory point to the new location. Or rather, would I be able to do that: will that be enough and will I be out of additional problems... first lemme put the original File Share location back, to get back to the initial -working- setup.
There is a more general IDE wide option under / Tools / Options / Projects / Web Projects where you can change "Offline Projects" which is the location of the web project cache. Unfortunately, not everything is cached there, I only found some dll's, resource and debug data. No source code, which is my only interest. So out of luck again.
Then: let's just copy the projects' files over to the network location and create a fresh blank solution to which you add this project. This in turn yielded the error "the web server reported the following error when attempting to create or open the web project located at the following url: 'http://webserver:/WebProject1'. A connection with the server could not be established'. Well, for the time being I give up.
2) Markus Renschler's Rexexp Builder I needed something to get my regexes correct. I'm a total Regex n00b, and I don't have the time to become an expert in it. Only need them every now and then. But still, it's *very* difficult to produce even the simplest of expressions when you're not at ease with the syntax. What I needed was a check on a username being entered into a Web Form: it should only contain letters (small and/or CAPITAL). So I though it should be something like [azAZ]. Well, in the end it turned out to be ^[a-zA-z]+$ Which is not something the builder will come up with on it's own, but it's still a very convenient tool to quickly check some expression. Otherwise I would have had to change it in the IDE, rebuild the Solution and check on the web page whether it worked (And before you complain: I'm not using Unit Tests -so far-, making NUnit not an option here)
Last minute note: Chris Sells has a real RegEx builder tool which is a little bit more elaborate: after creating a regexp you can also generate VB/C# code for including the specific exp in your own application; handy

Sikko2Go LINKS

2004-06-10T11:56:00.000+02:00

Report on Symbiots iSIMS counterstrike software. I thought about it back in March after having read their report on the rules of engagement in cyber war (thought I even wrote a little about it but that turned out not to be the case; I only commented here and there). They think one has the right to strike back when under (DDOS)-attack. But the problem lots of experts see is that the internet can be congested once everybody is using these techniques. And Symbiot's advice to only use counterstrike when all else fails is just like handing a dictator an nuclear bomb whilst telling him he should only use it when.. Well, all else fails.
worrisome development. And hey: USD10,000 a month for this service, isn't that a bit too much??

Weirdest Search Engine hit so far

2004-06-07T08:25:00.000+02:00

Yesterday I received quite a strange hit to this blog. From MSN someone was looking for shopping in disneyworld. Now, probably there's a lot of mugs and puppets you can buy over there; but I can't remember having *ever* written about shopping, nor Disneyworld. So they probably did not find what they were looking for. Still, I'm grateful for the traffic from MSN, because there's not much coming from there. Search engine related traffic is still about 90% coming from Google

It was an efficient day ...

2004-06-04T22:31:00.000+02:00

finalized a couple of MS Access data entry screens, which were being tested using our standardized test protocols for these screens.

Did an install of the IIS 6.0 Resource Kit, although I have to say it will take another day to look into all options it gives me. Right now it only looks overwhelming. For example, right now I can't think of some concrete use for editing the Metabase. But maybe that will come with time.

Took about two hours to do some VB.NET practice. I'm very glad that finally I find a bit more time for going into .NET coding. Right now there's no in-houses application we've done in .NET, as it's still all Studio 6. But I think it's getting more and more important to get into the new direction more

the DLT tape streamer was causing problems... again. Yesterday I put the /verify option back on. Our backup server is Server 2003 now, and we found out the backup process is much more efficient now, giving the possibility to do a complete verify after a full backup, and still finish hours before someone arrives in the office. Took me more than an hour to get the streamer back online, with a cold reset in the end. Still don't know what really was the problem, but this thing is taking me more time than I like.

Had a little more than an hour to do some development on my Secure Web project. But with the weekend already neigh, I wasn't that efficient anymore at that time.

Tonight I read some more Paul Graham essays. His newest essays are mainly about new spamfilter techniques (of which the Bayesian technique seems to yield the best results). Older articles, some very lengthy, handle about his clear passion for succinct programming languages, the ones that are able to the same with less code. Lisp is clearly his language of choice. Although I've never looked at the language before (maybe I should... do I feel another entry coming?), the general ideas in the articles are very refreshing - to me at least - and had me thinking about the place .NET takes in there (it's nowhere mentioned in his articles), and giving me a broader view on the world of programming languages. I learned mainly Visual Basic, along with some JavaScript / VBScript, which is a world away from his one. Still: highly recommended stuff (mmm, Lisp looks so condensed it's really gibberish for me. This places .NET somewhere in the middle on the scale, right next to the Blub language I guess :)

Re-electing President Bush?

2004-05-27T10:31:00.000+02:00

So, it seems on the other side of the pond the Re-election campaign of George W. Bush has started. In my opinion these seven terrorists are in fact a very welcome tool to the Bush Administration in the Administrations' continuous efforts of spreading FUD among the American people. My prediction is you will see a lot of these warnings until November. Maybe somewhere during the summer Osama will be captured, more doubt will be spread, the targets will keep on changing, etc. etc. And then in the weeks before the election something will happen as a final push of the voters right into the arms of the current president. I've spoken.
BTW, this is not a political blog, no do I intend to go into that direction. Only once I wanted to voice my opinion, so you know where I stand.

Sikko2Go LINKS

2004-05-25T08:35:00.000+02:00

Trackback is a blog standard for keeping track of who refers to content on your blog. Below the post these trackbacks are automitically collected; a nice way to see who;s talking about you. Unfortunately I don't have trackback enabled, that is Blogger doesnt have it.
However, with this form I can have comments to other sites I make on my blog show up in trackbacks on other sites now: manual pings can be done using a simple form in which you enter your posts details and the link it refers to. I'm going to try this some time soon, but the point is I don't have a blog in which trackback works. So I have to (ab)use someone else's blog for it... :)

SimpleTrack (via)

I am not a G33k

2004-05-24T22:08:00.000+02:00

Blogreading your way around the Blog-o-Sphere you find lots and lots of bloggers who have received Guru Status one way or the other. There's nothing wrong with that; even more: when someone is very educated in the programming languages I like, and is able to talk about it in an interesting and convincing way (like those good people in my last sentence, giving me more insight in the language and programming in general, (s)he's subscribed! But sometimes I wonder if it's only the G33ks and Guru's who are blogging. I mean, G33ks, Guru's and me. I'm by no means one of them. For starters I haven't built something big like one of the big blogging engines. Or even smaller things like small Open Source applications to be shared with the world. The only thing I'm doing is building internal applications to keep my employer happy (and improving my Software Engineering and programming knowledge in my free time). This is nothing earth shattering, tens of thousands of other developers must exist all around the globe in pursuing the same happiness.

Of course I understand some of the rationale behind all this: it's a bit like district-based elections: winner takes all principle. People with already some influence tend to attract more and more people, leading to the famous Shirky's Power Law, the curve with only a couple of class-A bloggers with 10,000+ visitors a day high up to the left of the graph, and the bulk of smaller cannon fodder (joke) somewhere in the margin to the far right .
The ones who started on a fortunate moment in time, e.g. a couple years ago during the dot com boom, or the ones with above average writing skills, or with a strong opinion, a good PR talk, or maybe just enough courage are in the top charts. And me? I'm only some small blogger from the Netherlands. My fluency in English is not enough, I do not have enough experience, credibility, I never built something big etc. etc. I wonder what can be done about it:
At least being sincere in blogging efforts: 4 or 5 posts a week must be possible; but time and time again I find myself doing all kind of other things like reading other blogs, doing volunteering work for my church, raising a kid, etc. It seems keeping my own blog updated with some interesting rants is not my first priority. On the other hand: don't see this as an apology for not blogging enough. too much people are excusing their way around, a bit too often to be credible, for the lack of recent posts. Most of the times reasons seem to be related to 1) having too much work / project = late or 2) they have another life too. And well, why shouldn't they? All bloggers give away their content for free, so there's nothing they should apologize for (except for their good name and fame maybe).
So, to conclude this small piece: I do try to blog more, but don't expect an apology when it doesn't work out. I have a life too :)
And yes: I don't life in a box, so I did notice Tech Ed US Edition started today (well, as a matter of fact actually yesterday). But, I'm going to the European edition , starting June 28, so see this also as a note in advance for probably no updates in that week, as I won't be wireless there...
(cat.: Bloggers, Opinion)

Sikko2Go LINKS

2004-05-15T22:11:00.000+02:00

Chromeless Windows
Tried it out, and it worked under IE6 with Medium security, which is standard, so most users will be on it. Makes one pretty nervous, and indeed I wonder why Microsoft doesn't see this as a high-risk situation, in need of being fixed?

Sikko2Go LINKS

2004-05-14T13:02:00.000+02:00

Don XML is wondering why technical authors shouldn't publish books by themselves. Now I haven't written any book at all, and don't plan on doing it in the near(*) future; but it certainly is interesting to see how the digital world is changing our way of working these days: Who would have thought 10 years ago about writing, printing and distributing your own book on a global level? Don't forget to read the comments there btw, they add a lot to the discussion.
(*)note the layout of the word near here :)

Blogger comments enabled, adieu Haloscan

2004-05-14T08:25:00.000+02:00

Reading about the Great Blogger Relaunch I thought I might as well turn on bloggers's comments now. Until now I worked with Haloscan, had no problems with them. Anyway, it's probably better to completely do it the Blogger way. Actually, thinking a little bit further; I don't like having all these different little systems to keep something running. Blogger looks reliable enough, so way not remove one other change of braeking the blog?
The only thing left to do is handcopying the -few that there are :) - old Haloscan comments to Blogger. What needs to be done there is matching the Halscan time indication to the specific posts, as they had no other identifier to a post. Which is the only downside of Haloscan: reading there comment feed, I had no way of knowing to which post a comment was made.

2004-05-10T12:45:00.000+02:00

Did this little test, just because I as curious what I would be.

But man... I've never even heard about this OS. I know GNU of course, but what is Hurd anyway??? Which OS are you

Via and via

Sorry for the Republish

2004-05-10T09:30:00.000+02:00

But I was digging into Bloggers' new features and layout, and before I knew it I pushed the republish button...

Coder to Developer

2004-05-06T14:18:00.000+02:00

My long awaited new Amazon shipment arrived Tuesday, containing among others Mike Gunderloy's new book: the already famous Coder to Developer. I mean, everyone seems to talk about it. Can't tell you a lot of details yet, only read the Foreword and Chapter 1, but it looks really really promising. Can't wait till to call it a day, rush home and start Chapter 2.. ehm, well, after bathing and bringing to bed my 2 year old son of course. BTW, on the CtD website you can download Chapter 5
as an appetizer; just in case you didn't already (Note: it's a 2 MB pdf)

Sikko2Go LINKS

2004-05-01T15:25:00.000+02:00

Sikko2Go LINK 1
Random Sampling in T-SQL

In my previous life I acted as a statistician for a couple of years. Therefore I was especially attracted to this MSDN article speaking about things like Chi-2 tests; this test is a statistical metric used to decide whether data is distributed in a random manner, or something like that. The article contains a pointer for those interested in the statistical backgrounds

Sikko2Go LINK 2
Boolean Logic
These weeks I'm trying to increase my general knowledge on programming by reading the Pragmattic Programmer. Because this books' samples are mainly in C++, a simple C++ tutorial was good in getting me up to speed in understanding the source code better. Pointers for example are unknown in my daily programming activities. Well, to end this link recommendation: this piece on Boolean logic is a small part of the introductory C++ course.

Sikko2Go LINK 3
Eight Web Usability Killers
My personal experience is that quite often, once a company's site is finalized and online; no real development, analysis or whatever to estimate it's efficiency is performed anymore. This quote from the article speaks for itself:

"Many web sites considered robust and healthy by their owners may be suffering from life-threatening diseases"

Btw, the site contains more articles in this series, e.g. on web site credibility and accessability

Redesigning my Login / User Management system

2004-04-29T21:39:00.000+02:00

A couple of weeks ago I wrote about my redesign of a secure website: last week I realised I was in a bit of trouble. Some time ago I set up a system for external clients to be able to access parts of our internal network. This 'system' of course underwent some redesign in the process of finding out which features were necessary, and then and again something new came in our minds which had to be incorporated in it. All in all it looks we didn't quite think the design through from beginning to end upfront. Now I realise that the system I made (built on IIS 5.0 and using good old-fashioned ASP), was not ~~really~~ that flexible. Database calls were lying around deeply nested within HTML layout code; references to .css files were sometimes made several times. And I'm using multiple web pages in cases where one page, extended with some Session / QueryString variables will suffice. That way, you don't have to set up a new page or every other report some client wants. But just one page for one report or even a generic page for all required reports. It took me a while to realise (with some outside conviction as well) that I'd better start again from scratch. Lose all old stuff, start thinking it through thoroughly, draw a database plan by hand, etc. All-in-all: start from scratch. And that's what I'm doing right now... to be continued, probably.

Sikko2Go LINK

2004-04-29T09:23:00.000+02:00

Thinking about software licensing for a small ISV and the issue of open source - note-to-self: read this interesting looking, but rather long article
via

Blog Woes

2004-04-24T16:03:00.000+02:00

Every now an then I find myself thinking, whilst reading some blog entry or article: 'hey, I could have written this myself'. But as it turns out, I didn't. It got me thinking about the exact reason why... The point is, I'm trying to follow some .NET related blogs (like Carl Franklin's and
Rory Blyth. Their .NET Rocks show surely is fun to listen to. However, currently I have no active experience in the language. This makes me feel very restrained in talking about it. As I have no real knowledge about it, how on earth could I write interesting things for my readers? Maybe I could make something introductory, but then again, how could it be interesting to you. An you only need ten seconds on Google to promptly find many more interesting info than anything I'd cough up. In fact, writing this short bit give me thoughts on an article about the subject of not being settled and noteworthy in the field of blogging, and still being an active blogger. Sometimes I wonder just why someone gets noted and receive massive audiences; while other bloggers, whose stories may be just as interesting, have only 4 or 5 readers a day.

136 Feeds Subscriptions and still counting

2004-04-24T15:20:00.000+02:00

Yesterday, I took a fresh look at the number of feeds I'm subscribed to, and you guessed it, the counter reaches 136. Already unsubscribed several feeds the last weeks. Among them some blogs which were not really in my field of business, which I subscribed to too hastily, or which were just overwhelming (some tech news feeds; I keep up with tech news without a problem without these feeds anyway; for me, they were just a recycling of news I've already seen on real website I visit, and so they just take up extra reading time). But still it seems I add more blogs than I lose. This is definitely not going in the right direction. There's just so much content that it's unable to keep up with (Btw, some people
are able to write so much interesting things that I wonder where they get the time?). For me it means some blogs I'd like to keep up with, sometimes remain unread for almost a week. This way some of their items are already old news; while I would prefer to be reading the news from them instead of somewhere else. That's exactly why they're on my Favorites list. Anyway, something has to be done. One way would be dumping all superfluous blogs in some 'When-You-Have-Time-Left' folder; the other of course would be unsubscribing. Hmm, let me just think about the options for some time. But in the meantime, please tell me how *you* handle Blog Overload?

Frequent Blog Updates

2004-04-14T11:21:00.000+02:00

Wow... on Easter Monday after some blogreading, I managed to get all (about 70) blogs in my 'root' directory into the 'read' state. Blogs I read frequently or for which I haven't yet decided on the category they belong to, reside there. This morning - maybe 36 hours later - I find 40+ of them have new content available. Is this an after-Easter blog rush, or is it just that these blogs update frequently?

LINK

2004-04-08T14:33:00.000+02:00

Reading Joatblog I almost fell off my chair laughin when I linked through to The lost Olive, an entry which on its' turn revealed this. I can only highly recommend you give it a read

Oops, I did it again...

2004-04-06T21:42:00.000+02:00

... acting a bit too naive and unthinkingly it seems. I was investigating Bloglines' possibilities. And while I already found the very useful feature of 'sorting blogs alphabetically', I was a bit too rushed on this one: at the moment I'm using several subfolders for easier browsing of the feeds (which is a natural thing to do, I hear you say). However, now I opened some of the bigger folders, selected all feeds and happily sorted them thereafter. Going back to the blogs, only to find out the interface really did what I actually asked it to do: it had sorted *all* blogs alphabetically, putting all blogs into a long list in the root so to say. All subfolders were empty afterwards :) And as there's no undo option, it took half an hour to place all the feeds back to where they belong.
Is it me being stupid, or does Bloglines need a *little* bit more intuitivity.
[DISCLAIMER] This is certainly not a BL rant, for I do like their free service and all. Maybe it really *is* me after all...

How many bytes can one read in an hour?

2004-04-01T11:41:00.000+02:00

I've just been backreading some old blog entries in a skip-uninteresting-parts way, while still reading most of the content. It was 67000 chars (or 13000 words) which I read in just under 2 hours. I can come up with these specific numbers thanks to the handy word-count feature in Word. This is available right from the Tools menu nowadays; leading to the suggestion that Microsoft surveys found out people like this feature and use it a lot. At least, as far as my knowledge goes, Microsoft investigates the usage of Office programs, in order to give often used functions a more prominent place in the program.
It seems I read about 10 chars / second, giving me a 0,01KB/sec reading speed. Is that fast?

visitedEurope - World66

2004-03-30T09:46:00.000+02:00

This is my Route66 map of visited countries in Europe. Generating a world map would be pretty useless for me, as I have never been outside of Europe :)

Visit visitedEurope - World66 to generate your own map

Wired missing the point?

2004-03-28T14:07:00.000+02:00

Wired runs an article about plans in the US to issue trusted travelers a card granting them the possibility to skip time-consuming checks at the airport. The card seems to assure we're not dealing with a terrorist planning to crash into the Whitehouse here.
By the way, it seems the US government seems to think someone buying a one-way ticket is more likely to be a plane hijacker. Which raises the interesting question: why in the world would a professional terrorist buy a one-way ticket in preparing himself for paradise? Certainly after reading the Wired article containing this sensitive piece of governmental information he will think twice about doing so (pun intended). Why save a couple of bucks after all those years of living as a mole in complete anonymity, taking care of not being given even getting fined for speeding, and then doing something as obviously stupid as that?
Well, back to the point: the government wants to reduce chances of terrorist attack taking place. Doing everything to prevent terrorists from acting out their evil deeds is a very good thing, don't get me wrong. But we should hope that the measures that are being taken do really help something in the process. For example, what we really wouldn't want is the introduction of a card for the rich and influential to be treated quicker than us mortals; under the coverage of restraining terrorists in their footsteps. Let's take a look at what Bruce Schneier, a well-known and respected voice on these kind of matters, has to say about all this. In a lengthy contribution to his latest monthly Crypto-Gram newsletter (which seems to be read by 100,000+ readers), he writes about some entrepreneur trying to have his invention V-ID system introduces. I don't know if Wired and Schneier are talking about the same system here, but he idea of the cards is the same:

"for people who are not on a set of government watch lists to be able to subscribe to the service (or for organizations to buy it for their employees, customers, etc.), and then get faster treatment at security checkpoints around the country"

(quote from crypto-gram).
The card is a voluntary national ID card, for every American without a criminal record to acquire. Schneider’s idea is that somewhere in the system computers make decisions about card-issuing. Attackers will probe the system for vulnerabilities. And while it won’t be easy for ordinary people, and maybe even for ordinary CS graduates, we really can’t be sure it will be safe from a "dedicated and well-funded adversary" (quote). Would it be possible for terrorists to acquire such card, the whole idea behind it is thwarted; it will even obviously lowers security, as now potentially dangerous people are declared trustworthy by the government itself.
Let me know if you don’t agree, think these kind of cards are in fact a very good idea; I would be glad to alter my opinion seeing some reasonable arguments here. It's just that I'm quite concerned with the way governments (also mine, the Dutch) are using the threat of terror as an excuse to introduce new laws certainly having the side effect of diminishing our freedom of movement and privacy. It seems all kinds of measures are taken without further thinking; only when it's too late do we see what has been taken from us.

Plaxo vunnerability

2004-03-26T12:44:00.000+01:00

I have reservations about online contact systems like Plaxo, which
I wrote about back in January. Now, it seems they had a major phishing hole on their homepage. You can never be too careful in putting your whole contact list on the net for free in the hands of a ~~trusted~~ third party. In the end there's no such things as a free... you know.

via Plaxo plugs phishing vulnerability - ZDNet UK News

Redesign of a Secure Website

2004-03-25T21:05:00.000+01:00

I'm in the process of redeveloping my company's secure website. This website allows our clients to access confidential data in a secure way. I thought to share it with the world. Maybe it's all old news for you, but hopefully I can contribute just that little bit extra to your understanding of building secure websites. [DISCLAIMER: I'm not working for one of the big companies, so maybe some things here are not exactly according to widely used standards. But hey, as we're just a very> small IT department, everything here has to be done in a DIY-kind-of-way. Not some tester around here, who'll come up with all kind of smart things I didn't consider. No, my complete knowledge stems from my own desire to gain knowledge. And when things seem to be seriously wrong here, please don’t hesitate to use the comments. I'll be glad to discuss matters a bit further. Well, let's take of then:

Convenient Access
These data consists of multiple types of information: automatically generated but static HTML pages, Word / PDF documents, and dynamic pages pulling data right from our Management Information System in real-time. Of course, access must be secure on one side and convenient for both administrators and clients at the same time. We had some thought as to the best way to do all this, so even direct links to Word documents would yield an Unauthorized error, unless the right credentials are given. Right now we use:

HTTPS-only access on all pages, to ensure data is encrypted in transit. 128-bit encryption is required, as most browsers support this nowadays; and we didn't have any complaints about it so far.

As to the client, the usual username / password method of authentication is used. Every clients has her own Windows Local User account

All pages checks for an authenticated user, and whether this person is the right user? Would you forget the last, it would be possible for one authenticated client to impersonate another one. If the user is not authenticated, or she is authenticated but not working under the expected credentials, she is logged off and redirected to the company homepage

As you see only a server certificate is used, as we're mostly concerned that data will not be sniffed along the way. It's too restraining for the clients to also have to cough up a client certificate. The use of client certificates doesn't seem to be in wide use nowadays, so I don't think this is a major flaw in our system. You could argue about that, but we're not talking military grade security here (note the irony in the term military :)

Getting Rid of Windows Accounts
One of the disadvantages of the current system is; having to add a new Windows user account for every new client takes some administrative hurdles. Lacking remote access to the webserver, we need physical access to it for every new client that has to be added, or passwords which have to be changes on request. We'd like to be able to use the standard Forms Based Authentication (FBA), with the usernames stored in a database table, and passwords in hashed form. We plan to include the option that clients can change their passwords as they wish; and they're definitely forced to change them at their first login. I guess hashed passwords require a client must be able to reset their own passwords anyway, as administrators will not have the possibility anymore to change them. Using a table for storing user login information will make administration as easy as adding a record to a table. Additional functionality should be the system generates a random password, which is then communicated to a pre-set email address (of the client, presumably).This will probably be done by means of an ordinary email (meaning a password is sent out unencrypted, but I see this system used even in major forum based sites; and chances that an informed [1] attacker can take hold of this specific email are quite small, I'd say. In that case they probably 0wn the network already to some amount, so they can take hold of much more information by then.

Reducing Data Redundancy
Other things I want to accomplish is reducing data redundancy while we're at it. Right now, we upload copies of all kinds of documents which are used on the local intranet, to the webserver. Every now and then these documents are updated. You'll have to take very good care that webserver documents stay in sync. One way would be some nightly super batch script which copies all stuff to the webserver, but it's kind of rough. I want to put everything into a database, and have both internal and external customers use that one. For internal users, there's no access restrictions necessary. However, external clients must be restricted to seeing only information for which they are cleared. This can be complete sets of documents, or only specific ones, anything. A smart way of handling this requirement is on its way.

SQL Injection ahead!
Abandoning Windows Authentication, and using FBA instead, means SQL Injection comes into the picture even more than now. You know about SQL Injection
don't you? By not checking user input in some way, you risk people can access confidential parts of your site with no password at all. Or worse; they're able to enumerate all kind of information about your database, database server etcetera. They could even bring your server down, drop your database or execute commands on your database server by using xp_cmdshell. And, actually Windows Authentication is kind of easy, come to think of it. Authentication is performed by the Operating System, the user is given an server variable USER, which is trivial to check for. With table based login details you'll have to do everything yourself, setting and bookkeeping Session / Cookie variables and what have you. However, a big advantage of the future system will be the possibility to really log a user off from the system. Windows Authentication requires the user to close the browser after use, even Outlook Web Access does this (have you ever tried to log off, and go back to your inbox: you'll still be able to take care of your email)

Another thing we're not clear on: should we use the SessionID in the QueryString. A method you'll find on lots of sites, e.g. web based email clients, shopping sites and the like. You can use it to double check whether the user is allowed access to the page: don't have the expected SessionID: you're instantly logged off, taken to disneyworld.com or whatever. Actually, I've learned the mantra "QueryStrings are bad", but they can be used to your advantage when handled the right way. However, I'm considering no using them, as Cookies / Session variables can be handled without resorting to QueryString, of course.

---
[1] With informed I mean the attacker has knowledge about the system and wants to gain access. In the process he tries to sniff the email containing a password. As these emails are only sent once to new clients, and afterwards only on clients' request, this will happen in such low frequency that chances of intercepting for an attacker are quite low. He might have to monitor all network traffic maybe for several days, and still not know when this will happen. Maybe it's more feasible than I think, but still I don't think it's the smartest way of finding out a password. Too much trouble, and chances are the client will soon find out the password doesn't work, contact us, and we'll just reset it. There's no elevation of privileges possible with just this attack; the worst thing that can happen is that the attacker is able to view some confidential data for a certain amount of time.

[QUICK TIP] Google search even more powerful

2004-03-22T10:30:00.000+01:00

You can search on Google on words which are located near each other, with some in between. I didn't know this; it may be very old news, but not for me.It'll certainly exctend my search capabilities
via 0xDECAFBAD
I was a bit too fast into thinking the asterisk was a replacement for the NEAR search term. It seems it has the meaning of 'one word', so two asterisks represent two words in between two search terms. This mean I could search for all March 2004 articles on this blog with the command site:sikko2go.blogspot.com "March * 2004". Although I see some articles -including this one!-, not all are there. I assume Google must have indexed all of them, as they already indexed this one which I posted yesterday; so that leaves room to some discussion as to function of the asterisk. Btw, I couldn't find any info about this on Google's site itself

Jiri's Notepad: Cash machine and train reboots

2004-03-15T08:37:00.000+01:00

Jiri's Notepad: Cash machine and train reboots

in which Jiri has a friend who was in a train which just had to reboot in order to solve some technical difficulties. Ha-ha, but what if I were on that train. What if this train had to reboot at full speed in order to be using the brakes again. Like switching the engine of my car on the highway. Obviously something you just do not do. And probably there's protection against the switching off of cars while in transit. Although I don't know, never tried...

YAGNI

2004-03-14T13:37:00.000+01:00

The Fishbowl has a piece on YAGNI, an acronym for "You Aren't Going to Need It", and one of the eXtreme Programming principles. This article really made my day, because my peers tend to tell me I definitely need to make things as generic as possible. While this doesn't need to be bad in general, I sometimes find myself working for hours to make something useable for all possible future cases one can think of (at the present time!), while a much easier specific solution might be at hand. One you can only use in this circumstance, but also one which you can code in 10 minutes. The next time you might need this specific solution in another circumstance; it will take only the 10 minutes it took you last time. Probably less for reasons of increased experience. Isn't the point of this whole thing that you need to be aware of general picture, instead of making virtually all things generic? Let's take, e.g., database access. You could build only one wrapper for all web based database access you'll ever need in every future project. It will take a substantial amount of time, but then again you'll never find yourself troubling with connection strings etcetera.
Only thing: software engineering principles tend to keep on develop over time. What's in common use today will be outdated tomorrow, and you bet in two years. Secure database access best practices will certainly change vastly. And what to think of new technologies. While at my company we're still on IIS 5.0 and ASP, and .NET being something we just look in to as something for the future. Suppose I'd put an abundance of time in building the most secure db access wrapper. It could be superfluous the moment we change to .NET.

(by the way, my colleague really had a good laugh last week installing VS.NET for the first time. Well, I told him - as I read it somewhere, don't remember - you surely need to write all your code from the ground up, cause this time there's no way to have your VS6 code converted to .NET. The next thing he does is opening up his favorite VB6 project in . NET, which launches some Wizard who exactly want to do just that, converting his project to .NET :)

Anyway, the YAGNI piece is an excellent example of my own opinion about software development. And , working my way through the comments I seem to be more of into eXtreme Programming than I'd thought.

Btw, Google search on YAGNI yields a lot of results, of which the specific article is already second, just below some XP Wiki site. Sounds cool, for something written just days ago!

Disappearing Internet Explorer Links Toolbar

2004-03-14T13:25:00.000+01:00

Why is it hat every time - well, quite often in fact - my Internet Explorer Links Toolbar, on which I keep my most visited sites, keeps on disappearing. I put everything in position, lock the bars, and still the bar isn't visible a lot of times. But hey, wait, can it be that when I'm doing offline reading they're automatically not visible or something. OK, I'm offline right now so there's no way to prove this. Some research needs to be done here. I like learning new things, so that won't be a problem. I'll let you know the answer

The World got itself some more Data Entry Screens

2004-03-10T14:41:00.000+01:00

Last week I built some dozen and a half new Data Entry Screens for use within my company's homegrown Access database. We use it as a front end to our SQL Server. The whole system has a couple of features like double data-entry with a built-in Data Compare. The results of the compare will be visible to the user in electronic of paper form, and can then be looked up in the original paper forms for adjustment. In the end of course, the data in both datasets will be the same, and the data is declared 'clean'. Other features are an Audit Trail mercilessly logging al updates made to once entered data. The user has to give a reason for making the change. Trail data is also available to the users. We work with roles: some people have a limited ability to alter data or enter some new system-wide information, other are only allowed to enter data and nothing else. All kinds of reports can be automatically printed by the user. As a matter of fact, the whole system is self supporting for 95% of the time. Only some key information is to be added and updated by us, the administrators when necessary.

Validation
But before my new Data Entry Forms can be used in the system, some validation needs to be done. First of all, I open up the forms myself and enter some random data. This is to find any typos in field names or something. Most of the Form is built by hand; well, some back-end code is generated automatically, but the fields have to be placed on the Form by hand, of recycled from some old Form. One can understand that errors on my behalf are possible. Well, after the Forms fire up nice and cleanly, it's time to make the dreaded Test Protocol. This is a paper manuscript, which a Data Entry Clerk must follow closely to get some test data into the screens. The test data consists of some test patients (patients are the main entity in this -medical- database. One test patient’s data is used later for testing of the export to the statistical package; another has data which is completely different in both data entry runs (we have double data entry, remember?). This is done logically to test the Compare function: all these different fields have to be coughed up by it after being keyed into the system. Another patient will have completely similar data in both runs: the expected result from the Compare will be obvious to the considerate reader. Other test patients are used for other system functions (for example, because a lot of data can be missing, unreadable etc, we use a range of standard codes to address the issues; for these 'filter codes', but it's a bit too much detail for now. Let's consider the Test Protocol done for now.

Be Careful
Other things can go wrong, for example me forgetting to put the appropriate user rights on a newly created SQL Server table. Funny thing is, this will become obvious quite soon because we build these new tables into the production system. Now it's possible some database function which is used by one of the regular users of the system, and which needs to check all tables of some kind in the database, that it gets stuck on this table (mmm... just let me think on rewriting this sentence a bit). The error the user gets in his / her screen -which is obvious to me and can be fixed in seconds- will get my attention to details back quite quickly, as this should rather not happen :-)

[ASIDE]
Now I hear you guys rambling: for goodness sake, why do these morons work on the production server while building new screens into their live systems ?!? Let me tell you, as a two-man IT Department of a small company, it's just not an option to have a dedicated server at our disposal for testing purposes. It would be a case of too much money on one side, and too much administrative hassle on the other. Let me tell you, I've seen examples far worse than our situation. For the size of company we have, we're doing quite well. And it actually works very smooth. SQL Server has its nightly database backups and hourly backups of the Transaction Log. Tape backups are performed at night. So in case of a catastrophe we lose at most one day of work (the catastrophe happening at 6pm and taking the tape streamer in its decline, as everybody will. And in case one of us screws up with the database, at least we'll lose no more than an hour of data entry. Which I can live with. And o yeah: we do check our tape backups occasionally, thank you very much
[/ASIDE]

Go and Test 'em
Were was I.. Ah, I see we just finished the Test Protocol. OK, now some basic printing is done (at least our power printer / copier does holes and staples itself, can print double-sided with no trouble etc) on some packs of paper. Don't forget to insert the Access printouts of some Form Security checks, before making some additional copies, or you have to insert copies into copies by hand. We have different kinds of form security in the sense that sometimes it must be necessary to enter new information on the same screens, while on other occasions (read: screens) this must explicitly no be the case. Most of the times this works reasonably well. The only problems raises when one wants to use an old template screen in a new situation: suppose in the new situation it must be able to add new information, while the old template doesn't allow. A decision must be made to make a new copy of this screen, or adapt the old one. In the former case the whole test phase must be walked through again. Which costs me probably about 3 hours divided over multiple days during the test phase. And other people it will take some additional hours to enter data, performs checks etcetera. It is feasible that sometimes a trade-off will be made between the additional hours of work that have to be put in and the ease of just tweaking the old template a little bit.
Now most of the work for me is done. Only, chances are some Data Entry person will come back to me failing to try and enter some test data. After some little fixes being made, everything is supposed to work as a charm. I expect the Screens I built last week will be available to the system next week. Don't know if that's a good score compared to the way that is worked in bigger companies and / or IT Departments, but that’s for you to let me know in the comments.

For now I consider this the end of the article. Just wanted to let you know a bit about life on a small IT Department. It probably is completely different from your daily working environment. Hope you found it interesting reading, and if you'd like to hear some more stories , tell me what you want to know.... until next time

Weird Word thingy

2004-03-10T14:14:00.000+01:00

Fired up 3 Word documents in which I copied some HTML pages I wanted to read offline. As they couldn't be saved in the normal way, I used my normal alternative: paste to Word. Sometimes Word just freezes as it seems to choke on an overload of HTML code. But now I have 3 happy Word documents, accessible as ever with the mouse, but all Word functionality is disabled. Basically I can scroll up and down the docs, but nothing else. Which seems a little odd. Lucky man I am however, as I still can read the information, so my goal is reached at least

[NOTE TO SELF]Don't post this! There was this stupid Dialog Box open somewhere underneath all windows, which just didn't come up[/NOTE TO SELF]

Well, I might just post just as well. After all, how many times do you have these kind of things happening to you .... massive quietness... it happens to me every now and then. Maybe I'm just stupid, but my opinion is that this is also a usability error. Somehow you should be notified about an open dialog box. Maybe it must remain as an MDI form on top of the specific Window, in which case it's not possible to do anything else before closing it. You asked for it to be opened, now tell it to close also... I just repeated my specific problem. Open 2 Word documents, open up the thesaurus on one document, and then switch windows a bit. The thesaurus will fall into the background, rendering both the Word documents useless. Now, closing one of the documents yields the following error "you cannot close Microsoft Word because a dialog is active. Switch to Microsoft Word first and close the dialog" after which the thesaurus finally pops up again... a little late. Why couldn't it just stay MDI, I want to look up the meaning of a Word, and not something else. Anybody has a thought on this matter?

LINK: DotNetRocks

2004-03-05T14:14:00.000+01:00

DotNetRocks
Radio show on .NET programming. You can listen to the show live as-it-happens, and ask questions during the show. Alternativelly, download all former shows in mp3 or windows media, or listen to a windows stream (in which case you don't need to download the complete show first)

Bloglines

2004-03-05T10:17:00.000+01:00

Just wanted to let you know that Bloglines is indeed very OK. For those not in the know: it's an online news aggregator. Well, some weeks ago I told you why I didn't use news aggregators, but that was before I discovered Bloglines. What I especially like is the ease with which it works: an easy way to get up to speed with you blogroll is to use 'recommended blogs', where I found a lot of the ones I already read. And adding new feeds manually is a breeze. The best part however, is that it's online, on the web, and it remembers which blogs I read -on a blog-by-blog basis-, how many new items there are, etc etc. This way, I can use it anywhere I like, at home, at the office, and still never read an old article again. I don't even see old entries again, because there hidden from view, once you've opened the specific feed. Of course, you can recover old items from the feed when needed...
(disclaimer: I'm not funded by Bloglines in any way for writing this entry, I just like the service)

MSDN WebCasts

2004-02-23T09:41:00.000+01:00

Got introduced to the MSDN webcasts (via).
Maybe they're familiar for all of you, but at least I didn't know them so far. In a word: they're great. A great way to view talks by MS engineers just from your computer at home. The Webcasts are broadcasted live of course on previously announced times. There interactive, in that they use simple polls in which you can participate, you can ask questions etc.
I just watched Writing Secure Code - Best Practices by Joel Semeniuk. This was a webcast from last week on, well, building secure applications. The threat modeling process is introduced, among other features like identifying threats by using the STRIDE model (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of privilege). Also, the well-known process of threat rating (DREAD: Damage potential, Reproducibility, Exploitability, Affected users, Discoverability) is explained.
I can only advise you to have a look at this or one of the other webcasts. Take some time to refresh or improve your knowledge. What I'm wondering myself is whether it would be possible to download the contents of the webcast in some way? That way, I'd have the possibility to watch them at home (dialup) instead of at work (DSL). There's no way to do this on dialup. It uses a 104Kbit connection, meaning 56Kb dialup is only half of which is needed.

Windows XP Bootable CD

2004-02-19T13:49:00.000+01:00

Below is a link to "Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD" (via. We had this harddisk clicking and ticking away in one of our notebooks. It really was on the brink of falling apart. The employee wasn't able to work with it anymore, and we neither could access the disk anymore. So some important files on the C were inaccessible now. I remembered having read this a couple of days ago, but only bookmarked the link for later use. Now, it has proven it's worth. Really amazing, everything went OK the first time. Download a 2MB Builder program, use it to make an XP ISO, burn the image to CD, and off we went. The only things I had to do was tell it to use DHCP, and enter the domain name. Wonderful thingie, we'll certainly use this one more in the future.

http://www.nu2.nu/pebuilder/

Oops, source code leak

2004-02-13T08:57:00.000+01:00

Arriving at work yesterday morning and one of the biggest security holes
in Windows ever has been announced. Serious enough. Arriving this morning, and Windows 2000 and NT source code has supposedly leaked to the net, according to Neowin. It has been confirmed by Microsoft already. Guess we'll be hearing much
much more about this the next few days. Just wanted to share this with you, although it probably a bit useless, as everyone is blogging / talking about it right now. This is certainly not the best week for Microsoft...

No feedreaders for me

2004-02-08T13:12:00.000+01:00

I know, all
you guys acquire your information by means of RSS feeds and the like. I myself used Bottomfeeder and AmphetaDesk for a couple of months (I really enjoyed Bottomfeeder the most), but since about half a year I stopped the use of Newsreaders. Now I only hop from blog to blog to other miscellaneous news source, using blogrolls and my own list of favorites. Working this way I can download the information I want for offline reading, disconnect the dialup connection and spend the rest of the evening reading, reading and reading. That's right; I still use a 56k dialup. And in the Netherlands, although telephony rates are not too high, I still notice this puts some stress on me in trying to get my information as quickly as possible, and then disconnect. Even though, this is nonsense, because I'm more limited in that people around me also expect their fair deal of attention, than in the amount of money I spend on the internet connection. And while I'm paying less than (A)DSL or some other broadband connection, I won't go for it. Still, it must be kind of convenient being on broadband without bothering about having to disconnect in order to save on the phone bill. But, back to my point: havingDSL / cable is a big prerequisite for using some kind of newsreader, to my opinion. Using Bottomfeeder on dialup, I'd be downloading the headers, or first paragraphs or whatever is offered in the feed, disconnect, and not being able to read whole blog entries afterward. I would need to be connected the whole time I'd be using the newsreader, in order to read the complete entries. This would mean I'd be on dialup for multiple hours on a regular basis. That certainly would beg for a permanent connection. Which is why I'm not using newsreaders, I guess
Agree? Or think I shouldn't be moaning so much (in any case nothing in life is free, except love, and God's grace)
Take care

IIS: happy to put your server in a loop

2004-02-05T11:41:00.000+01:00

Just found this peace of documentation in the IIS Help files. Imagine what would happen if, for the one or other reason the HTTP_ACCEPT_LANGUAGE server variable would not be known... The welcome.asp file would include itself :) Better use welcome.asp, and something like Lang & ".asp" for each language. And default back to English when the above mentioned variable is empty.

Welcome.asp

<HTML>

<BODY>

<H1>Company Name</H1>

<%

  AcceptLang = Request.ServerVariables("HTTP_ACCEPT_LANGUAGE")

  Lang = Left(AcceptLang, 2)

  Server.Execute(Lang & "Welcome.asp")

%>

</BODY>

</HTML>

enWelcome.asp

<% Response.Write "Welcome to my website!" %>

deWelcome.asp

<% Response.Write "Willkommen zu meinem website!" %>

esWelcome.asp

<% Response.Write "Recepción a mi website!" %>

Windows Search and the XP Indexing Service

2004-02-05T09:31:00.000+01:00

Since upgrading to XP, we have problems searching in files with the built-in Windows Search. This is, a college of mine who runs the Indexing Service locally is able to find strings in files on the network (which are - obviously- not indexed on his machine). Whereas, performing the same search on my machine yields no results. This is very annoying: although only a small percentage of the people here use this feature (myself included), it is the most easy way to find things without using third party tools. I've heard of Regexps and command line tools, but that's a step too far for most people here). And, it was working under NT, and I just don't like the idea of something working since 1996, and not in 2004. Anyway, I started this rant because we couldn't think of any other differences between my college's PC and mine, which could explain this difference in search results. And on the net I couldn't find any solution so far. It seems there are problems with the Windows Search, but where's the solution???

The RISKS of IT

2004-01-28T17:13:00.000+01:00

http://catless.ncl.ac.uk/Risks/
This seems to be a web interface to a newsgroup on risks related to the use of IT (news://comp.risks, RISKS-LIST, "Forum on Risks to the Public in Computers and Related Systems". I didn't know it so far, but it's really quite interesting reading. For example, a post from January 5, "Danish PM's private communications disclosed by MS Word" -I think no direct link available- is about the New Years speech of the Danish Prime Minister, was distributed in MS Word format. As most (?) people also outside the IT world could know by now, it's very easy to have a peek in the history of these kinds of documents, when they’re not pasted to a new document before distribution. Last year, the British government was brought into embarrassment following the same practice. As far as I remember, it had to do with different people around Tony Blair, editing a document about Iraq's WMD. A trail of who made which changes was easily found in the press release. So, the thing that strikes me the most is that even in 2004 governments are still sending Word docs to the press. Are they thinking that now this Word feature is public knowledge, everyone will act securely and think twice about sending Word docs around without first copying all text into a new document? But then, following this trail, you could also remove all corporate virus scanners from employees' email clients. They know how to discern legitimate correspondence from viral content. They will absolutely not open attachments which they don't trust. Sound like reality? Of course not. People like to click on things, they like nice pictures, something to laugh about during the day. People need to be secured from all kinds of evil, which could be upon them every minute of every day. However, the problem is that you can never rely on everybody following the most secure practices, even if it's in common knowledge. Then you can just wait for something like this happening someday, or more often. Instead change your policy and distribute everything as PDF, or some other closed format.
This doesn't mean however, that people shouldn't be instructed about safe behavior. This is indeed quite important. But protective measures need to be in place to prevent these accidental kinds of things from happening. Sending PDF by default instead of Word helps a great deal with that. My idea would be that users should act responsibly, but need to be protected against themselves.
Well, now the Danish government will change their practice, according to this post ('"We will in the future distribute speeches as PDF files so that such things will not happen" says ministry spokesman Michael Kristiansen'). But it's acting after disaster, where a preventive measure could easily have been taken.

MyDoom virus alert

2004-01-27T09:32:00.000+01:00

The MyDoom virus is hammering on all Windows doors since yesterday. A part of the payload seems to be DDossing SCO, the company suing IBM and the like for supposedly using their proprietary sourcecode in developing the Linus OS.
This morning, arriving at work I found the virus already blocked a couple dozen times by our mailserver. And this even without updated antivirus files. The problem with viruses, of course, is that they can spread so fast, that automatic update intervals for virusscanners don't suffice to stop them. Also in this case, I expect a lot of company were too slow updating their files, and the virus already spread on their networks. At least, I've always been very happy about our strict policy of blocking .exe, .scr, .pif etc by default. Compiled exes are just not meant to be distributed by email. And in case someone really has to sent an exe, then they know that adding the txt extension will help. This measure of preventive blocking is quite successful, as even after about five years of mass email viruses (as far as I know, the Melissa virus was the first real massmailer, correct me if I'm wrong), they still pose a big threat.

Comments!

2004-01-25T12:42:00.000+01:00

It finally seems to work. After much hassles with different blog commenters, I just installed the Haloscan commenter. Now.. let's make a comment to this post

.... it works. Now, voice your opinions for the world to view ...

Freecell

2004-01-25T11:53:00.000+01:00

Reading a shareware programmer's blog, I found the suggestion that you can be productive playing Solitaire on your computer. Well, what a nice idea. Instead I opened up Freecell (for the first time in more than a year probably). But even before I started playing my Zonealarm asks whether Freecell should be given permission to acces the internet. Why on earth would the most basic of computer games "(well, not considering pong), go to the net. To get new skins or new card-sorting routines, or what? Since cardgames are in Windows since... well I don't remember any further back than Windows 3.x, you wouldn't expect any more innovations for them.

Software worries

2004-01-15T11:07:00.000+01:00

Today I as asked by someone from our company could install the Plaxo software (no link given, as I don't want Google to give this site a higher PageRank, but you can make up the URL yourself, in case you want to check). I've heard a bit about it lately, and also found a couple of the Plaxo contact detail information emails blocked by our spamfilter. The idea is that you install the software, upload your Outlook Contact List to Plaxo, after which all your contacts will receive a customized message requesting them to check the validity of the information you have about them. They can change their information online, and your address book will be updated automagically. This seems like a good idea, at least it saves you some hassle with contact information (and nobody likes to spend time updating this, isn't it?). But some things give me second thoughts:

the emails have a VCard as attachment, containing the contacts' information (if I remember correctly there was some VCard exploit.. lemme check... Yes, here it is). Our spamfilter blocks plaxo requests by default anyway. As will be the case in other companies, which my college's would be emailing the requests

Plaxo is acquiring a wealth of information (e-mail addresses, but also the contact details itself of course). The privacy policy on theirs website states that they "... Will not share your information with anyone without your permission. Period". But: does it prove they won't do that in the future?? Think about it: why wouldn't they one day change their EULA, with or without notifying you. Even if they notified you, would you check their website to see what has changed. Companies are famous for creating multi-page EULA's which no sane person would even consider start reading.

it integrates with Outlook. Why wouldn't the program be used to acquire a little bit more information about you, and phone it home? Well, I guess they won't be doing that now, lest someone would have found out. But in the future??

related to the former: would you, as an IT Administrator, like to have some free software installed around your email client, without knowing what it does. I for sure wouldn't!

Well, seems Plaxo even made it to Wired last November. I especially like what Doc Searls says in that Wired article:
"If they won't explain how they intend to make money, one can only assume they intend to spend it," Searls said. "The product looks like a new way to hire a company to annoy your friends. It feels like spam. It's annoying, and I don't think there's a viable plan here."

The .NET Story continues

2004-01-14T17:26:00.000+01:00

Up to now, I was actually under the wrong impression that you'd need Visual Studio.NET to be doing realluy serious .NET stuff. Point is, bacause we're oriented on Visual Studio 6 almost exclusively in my company, I was skipping all .NET stuff when I was searching for VB code. You know, -.NET in Google :)
After installing the .NET Framework the other day I started to read more on the subject. Now, I also installed the .NET Framework Software Development Kit (a 100MB download from MSDN), and the freeware IDE Web Matrix (in it's 0.6 stage at the moment). The first one is so impressive that I need some time to loose myself into it. Web Matrix is a simple IDE (no IntelliSense, not very elaborate. But what would you expect?). Anyway, with the SDK it should be possible to make the same Windows Forms and Web application as with VS.NET, only without the environment that takes so many things out of your hands. And well, coding in a basically text based environment is better than letting the software do 'everything' for you. Doing it the software way will not be help you very much in the case you'd want to set up something without the IDE. But for now I know I sign off my VB6 newsletters and find some good ASP.NET ones. Please let me know which ones are the best for someone just starting

.NET as the last of the mohicans

2004-01-08T15:05:00.000+01:00

Today is the day I want to start with ASP.NET. I find so many sites dedicated to .NET, that I'm feeling to be falling back in knowledge. Because of lack of Visual Studio.NET I downloaded the .NET Framework 1.1, and installed one of the StarterKits from www.asp.net. This didn't go without much ado, because I had this strange installation order: Framework, StarterKit, IIS. That was because I wanted .NET a little bit too badly, and forgot I was only working on an Windows XP Pro test client without a personal webserver installed. Well, after removing, rebooting to be sure, and the proper installation order 1) IIS, 2) Framework, 3) Starterkit, I was more lucky. The underlying database was added to a (test)SQL Server with no problems. And the first time the default.aspx page was loaded it worked! Only found out I had the Community Kit installed (advanced level) instead of the Commerce Kit (basic level) - seems like I really was in a hurry :) Well, I don't know if the label 'advanced' is only put on the Community Kit because it is much more elaborate, or that the samples are indeed more... advanced. At least I have a way to go with ASP.NET code now, which was my intention. Finally I can visit .NET related sites, and try out code given there. I'm a happy man!

(No) time to read

2004-01-03T17:50:00.000+01:00

In the normal world when you want to read something, you decide what to read, buy the book (maybe even on Amazon), go to the library or second hand shop. And there you go sitting on your favorite couch and start to read. Whereas on the internet, we often don't have a clear view of what to read (at least, I don't have when I go online). We open up some blogs, find an interesting link, from which another interesting site is offered. And before you know it, you end up on the site of the Journal of Digital Information, article named 'Networked Knowledge Representation and Exchange using UML and RDF'. Note: not that there is something wrong with this site, there are probably a lot of librarians and information architects out there for which this site is quite meaningful. At that point I was thinking to myself what exactly it was I was reading. I find it intriguing to learn something from the field of Information Architecture, but it seems far too little related to my daily work to put too much time into it. For me, it's better to keep up with the more technical, programming related blogs (see link list on your left side for an indication of what I'm reading). Which actually brings me to what I wanted to say: so much can be read on, and learned from the sources on the internet, that you have to very carefully weigh the offered information to the time it takes to read. Then, it is even better to maybe just leave a site than to continue reading it and finding yourself out of time for what you really came to the internet for. In my case, that's making a decent blogging entry. I'm amazed at the amount of keyboard strikes some people are able to upload to the net. I really envy them for their ability to put so much effort into writing interesting blog entries. So, maybe this is a good new years resolution: to blog more in 2004. In fact, when this won't happen I guess this blog will end just like a lot of other ones, in shortage of content.

ps: I found this person who reflects in the same way. Only difference, he's in his forties, I;m in my thirties. But I already feel a big distance between the young twentiesome tweakers and me.

The Remediator Security Digest: The Weakest Link: Social Engineering

2003-12-29T15:54:00.000+01:00

Via Meryl's blog I arrived at
The Remediator Security Digest: The Weakest Link: Social Engineering
A good read on Social Engineering.
It amazes me how many people, also at my company, still really don't want to know anything about the need for keeping passwords secure. Two cases I encountered recently are:

a user handing, while being at home, her password to a college at work, who needed something from her computer (we have a one user - one computer policy). It took some effort to explain why they shouldn't do something like this.

someone just shouting his password through the room to me, when I needed (as an admin) needed access to his computer (where he was logged on to, and had it locked, which was good). After I said something like ".. and I don't want to know your passw...".

Which reminds me: have to walk around the office to look for post-it memo's on which passwords are scribbled

Calling Stored Procedures from ASP pages

2003-12-29T14:47:00.000+01:00

I'm working on a homegrown web application with which our employees are able to both add and update some parts of our external webserver. Keywords: Intranet, SQL Server, ASP, Stored Procedure.
A SP is considered the best (most safe, flexible) way to to things to a SQL Server database. But, as far as I can see, the only way to use Stored Proc's using VBScript is a very tedious task:

you build a connectionstring (well, you'll always need a connection to your database, so I won't count this one),

spCMD.CommandText ' specify the sp

spCMD.CommandType = adCmdStoredProc 'say it's a sp

spCMD.Parameters.Append cmd.CreateParameter("@yourvar1",adInteger ,adParamInput )

spCMD.Parameters.Append cmd.CreateParameter("@yourvar2",adInteger ,adParamInput )

spCMD.Parameters.Append cmd.CreateParameter("@yourvar3",adInteger ,adParamInput

cmd.Parameters("@yourvar1") = yourvar1

cmd.Parameters("@yourvar1") = yourvar2

cmd.Parameters("@yourvar1") = yourvar3

' etc, where variables yourvar1, 2, 3... are user input (sanitized of course, to prevent SQL Injection)

spCMD.CommandTimeout = 0

spCMD.Execute ' well, execute it

you could do a spCMD.Parameters.Refresh instead, but this seems to put a load on the server. Still, I'm considering this one, because it is so much easier to code.
UPDATE: I found this site explaining a bit more on the so-called Prepared (like the example above) and Unprepared Commands. Comes in handy. However, you still have the big problem of having to change SQL code right in the middle of you asp file, in case the stored proc changes. Be it changing the variable name in the case of Prepared Commands, or the order / number of Parameters in the Unprepared Commands. I don't find this very useful, and it certainly is not really seperating the Business Layer from the Presentation Layer. And that is something you'd want to accomplish by using SP's, I'd reckon.

Tips from Evolt

2003-12-29T12:11:00.000+01:00

Tip Harvester at Evolt

Found this while on the Evolt site: tips in multiple categories, from Cascading Style Sheets to SQL code

TODO: really return 404 errors on "page not found"

2003-12-22T08:29:00.000+01:00

On my company websites I have a script generate custom error messages in case pages cannot be found. This way, would someone be tampering with the site - and they do of course although mostly in a complete harmless way, thanks to our security measures - I would immediately be notified. This way, I at least know something is terribly wrong the moment it happens. The only problem is, to have IIS email you this way, you need a customized script (ASP) page which is called instead of the ordinary 404. I'm not able to place the script in the ordinary location for error messages. Therefore it resides somewhere in the IIS directories. Now, comes a spider along requesting for old outdated pages, it gets a "200 OK", and no 404, as the error page exists. I want to change this, so I figure I have to modify the script to have it automatically return a 404. I guess it doesn't take a lot of time - say: about the time writing this entry :) - the only problem is, it was one of many things on my TODO list. This morning arriving at work, I felt today would be the day. I'm going to solve this one :)

Time to go home

2003-12-11T15:19:00.000+01:00

You know it's time to go home when:

you reading a text on a piece of paper in front of you, and when you're halfway you get your mouse to scroll down. Only to realise that that doesn't really have the effect you anticipated

Security flaws found in US e-vote machines

2003-12-05T13:00:00.000+01:00

Security flaws found in US e-vote machines

This is something I worte about before. It really interests me why one should want to use DRE systems which are undoubtedly, ehh, I mean not 100% safe, to have elections in which *everything* is based on thrustworthiness. What stroke me the most in the article however, is the Diebold machine makes use of an MS Access database to store its results in. Can you believe it? Access is fine for the use it is intended for, but for voting machines???
Disclaimer: we use MS Access as a front end to our database system, which works like a spark. However, the data is stored on SQL Server, which is much more reliable and robust. Imagine a database corruption after the last person has voted at the end of election day??? I would even think that maybe storing the results in a text file on an encrypted FileSystem is more secure and safe than storing it in Access. Or am I missing a point here??

Nine Reasons NOT To Use MS Access To Power A DB-Driven Website

2003-11-27T14:56:00.000+01:00

The ASP Emporium - Nine Reasons NOT To Use MS Access To Power A DB-Driven Website

Yes, another reason why you shouldn't use Access on webpages. Well, I do it on my free account (see yesterday's post, but for 'power sites' you really shouldn't). I really had to smile at the first reason, as this describes exactly the problems I had with my access db...

Comments continued

2003-11-26T21:35:00.000+01:00

Some weeks ago I added the possibility to add comments to this blog. Well, I tried to add them. For this free Blogger blogs there's only a couple of freeware thingies, and you have to use some free service like Brinkster hosting (in case you're on the Active Server Pages side) where you can store your little database. I could well build it myself, but it would probably take a couple of hours to make a script that adds webform information to a table. And there's people who did it before. And well, they tell you to reuse code whenever possible, isn't it?
The error basically comes down to an irritating ASP error code 80004005. As this is an unknown error one is own his own in solving it. It can mean a lot of things, but in the case of this blog it is related to not being able to access the Access db (not trying to be funny) of the comment script (General error Unable to open registry key 'Temporary (volatile) Jet DSN for process 0x868 Thread 0x824 DBC 0x1130c32c Jet). Which is strange, because it is related to some registry key error at Brinkster. And how could I possibly change something in their registry...
I have really wrestled with this error before in setting up a webserver. I also had an Access database from which a menu and some user information was loaded. Every now and then 'something' happened and this error popped up, rendering the database and therefore a part of the website useless. I checked everything IUSR account access to the applicable keys in the registry, read access to the database. When nothing helps I even tried to "full control" all these things (which is a bad practice, as at this pont you actually don't have a clue as to what's going on: don't you do it).

UPDATE: from Usability Watch India I learned about the YACCS comments. Have to try that out, but the only thing is you have to register and handle the comments via their server...

Visitors

2003-11-26T15:13:00.000+01:00

Since I started my blog, I had about one visitor each day on avagerage. However, since yesterday I suddenly see a rise up to 5 visitors. Where do they come from, I don't know, as I don't have logs from which I can check the referers. So much for the free Blogger version. No really, I do appreciate the free service, since it doesn't cost anything for my site to be hosted. And I can live with the banner on top of the Blog. But please tell me how you found me (sikko2go AT tiscalii DOT nl) ...
I have to say this stimulates me to blog more often. Well, 5 visitors a day is not a lot :) but that probably will go up if I have some more interesting content here....

I finally have a notebook!

2003-11-16T15:21:00.000+01:00

Recently I had the opportunity to take over a Tosiba Portege Pentium III 500 Mhz notebook for a very good price. I really didn't want to pay a lot of Euro's, as I already have a PC, just as I wouldn't want to have two cars at our disposal. But then this one came around, and I couldn't resist it. I must say, I made a very good choice, as now I can just sit at the kitchen table entering a new BLOG entry, as I'm doing now. Connect to the internet from the living room to add the entry to my blog etc. It's all so much easier now. Until now I had to go to the attic, a cold room, which was often just too much hassle. And what's more, we have to 24/7 our 15 month old son, running around the house from 6 or 7 AM to 8 PM (well, that's actually 14/7, but with him waking up every night being afraid in the dark, it's really working around the clock. Note: this is NOT complaining. It can even be fun playing with your son at 3 AM). With me sitting in the attic, I really could not pay much attention to from behind my PC. However, with this notebook I'm very flexible, typing and paying attention at the same time :)

Keynote: Timesaver of the year

2003-11-16T15:02:00.000+01:00

For some years I'm a user of the EditPad editor. And still a happy user, I must say. It's great when editing and changing multiple text documents, scripts etc at the same time, which I'm doing every day. Still, I found myself moving around with all kinds of text files, Word documents and the like. But then on my favorite tech discussion group (, Gathering of Tweakers, dutch) someone pointed to the KeyNote editor. It has a flexible interface with basically tabs and treeviews which make it possible to have URLs, new BLOG entries, a TODO list, a logbook in the same file. It is even possible to store passwords in a KeyNote document, as it has the option to encrypt documents with the secure Blowfish and Idea algorithms.

AskTog: Security D'ohLTs

2003-11-13T15:06:00.000+01:00

AskTog: Security D'ohLTs
Really cool article about security. You'll be reading it with a grin on your face. And I'm wondering: at the end of the article, will you think you're the hero of the story, or the D'ohLT?

How to permanently replace Notepad with a serious text editor on Windows XP

2003-11-10T10:43:00.000+01:00

How to permanently replace Notepad with a serious text editor on Windows XP

This is one of the annoyances I encountered now that we work with XP. One of the first things I always do is changing notepad.exe with my favorite Text Editor (which happens to be EditPad, the same as the author of this site, just a coincidence). The trouble is XP is trying to do more and more for you. Instead of cooperating, it is even considering notepad.exe as a vital system file, and does *almost* everything to protect it. Almost

NTBackup on Win2000 Server does not work as expected

2003-11-06T11:28:00.000+01:00

http://support.microsoft.com/?kbid=267574
Scheduled Backups Fail on Standalone Tape Drives After Changing Media
Fiddled around with the tape backup on the fileserver which we just upgraded to Windows 2000. Must say the old NT4 Server backup program was a bit more straightforward to use. It did not fail complaining about invalid tape libraries, unused media, wrong tape names etc. It just did what I asked: make a full network backup on out DLT streamer. Now all kinds of things are going wrong. And then I finally had a working script, with 1 statement working on a .bks file, containing all locations to backup. This went OK the first night. But lo and behold: the second night, from the same scheduled task, it complained about no unused media available" :( Digging into the problem I ended up on abovementioned MS site, which explained a lot. I found out the tape library is not refreshing itself after you manually change taes on a standalone streamer. Which is what we do daily of course. One rought hack was to add a small job before the real full network backup. This first job fails, the library is refreshed and there you go. Additionaly, I had the option of changing reg keys, adding a service etc. But I don't want to change things on the production file server, unless absolutely neccessary. Problem solved

Network Upgrade

2003-11-06T08:01:00.000+01:00

Just upgraded our network to Windows / Office XP. Everything went OK, thanks to RIS it was relatively easy to update all clients. Just boot from LAN, enter admin parameters, click the required install, hit enter somewhere, reboot to have additional software install and you're set. Only thing was, we had to manually do some things like configuring Outlook for all users, set the printer, change the Word standard template, restore old files back to the users' hard drives... this manual configuring and restoring took more time than the installation of OS + software. I know, I know, we could have done some things with standard templates or simple registry hacks for all clients at once. But hey, these were only about 40 clients, and we're a small company. This upgrade was OK for us.

Analysis of a voting system

2003-10-27T12:27:00.000+01:00

I recently wrote, as many did about the flaws discovered in Diebolds voting system. Researchers of Johns Hopkins Information Security Institute published a report giving a detailed analysis what can possibly go wrong in a live election. Later, Diebold responded to claims made in this report in a rebuttal, to which of course the authors reponded again. All in all an interesting story, which is still continuing, as instapundit notices. A lobby group will start a PR campaign to persuade us that these voting machines are the gold standard for voting, as Wired notices. But isn’t the problem more that the machines are intrinsically insecure? Why then launch public awereness campaigns instead of fizing the security holes Prof. Rubin found. I think the general public opinions shouldn’t just be influenced by a media campaign, but instead assurances should be given by *independent* expert on the safety of these machines. Of course also I can only base my opninon on what I read on the web and elsewher. We, the ordinary people don’t have the means and possibility to possess source code or the machines themselves to perform the tests. We need experts to guide us. Though, don’t forget to keep our own minds thinking at the same time..

Something to keep you busy for the weekend

2003-10-17T16:23:00.000+02:00

Some links at the end of the week to keep you reading, and thinking, hopefully. CYA

http://www.theregister.co.uk/content/4/33397.html
Gates announces Longhorn will be delayed until 2005, 2006…

http://www.sf.indymedia.org/news/2003/10/1653530.php
"ISP Rejects Diebold Copyright Claims Against News Website" This interests me. I read about flaws in Diebolds voting machines some weeks ago (see my blog somewhere). Now, IndyMedia links to sites mentioning leaked Diebold internal memo’s. Diebold seems succesful in it’s trying to get rid of all internet pages talking about this subject. But wait… read a book talking about these voting machines … on http://www.talion.com/blackboxvoting.org.htm you can download the complete BlackBox voting book. I found a lot of links to it having disappeared from the internet the last days, so maybe this one also will be offline soon. Let me know a then, mail me!!

The future of the internet

2003-10-12T14:36:00.000+02:00

The future of the internet: some say it will end in chaos somewhere in the not so far future. I don’t think so. It will be a dwelling place for those capable enough to handle it. When development of viruses and worms like Blaster and SoBig continues, some will be effectively disconnected from the internet as theire website and connection points will be under constant compromise. This seems like a unfair situation of unequal . However, everyone has the right to join the internet. Only thing: in the future this right can only be claimed when you’re securing yourself enough. During the MSBlaster worm outbreak, the most informed person at my family’s house placed a paper on their PC, announcing to the rest of the house "do not go to the internet: danger of viruses!". I hope they really followed the advice, for at that time they were as vulnerable as a newborn baby. Statistically speaking, their PC would have be infected with, for the sake of the argument, 95% possibility within the hour after connection to the internet. I even think that’s’ too low, given the amount of connection to port 135 I received back then (and still: I just received 4 port 135 connections and 7 ICMP pings over just the last 15 minutes according to ZoneAlarm). As these ICMP pings are perfromed to check on the vailability of the victim PC, these will add up to 11 hack attempts. Every one of them would have resulted in infection I guess, to a vulnerable PC.
What's your opinion?

The Absolute Minimum Every Software Developer Absolutely, Positively Must Know About Unicode and Character Sets (No Excuses!)

2003-10-12T14:33:00.000+02:00

[LINK] The absolute...
As being a *Dutch* software developer I'm reading this article now. You also do, no excuse.....

By the way, this is the first post which has the possibility to add comments to, thanks to BlogComments

Remotely editing logfiles

2003-10-09T09:52:00.000+02:00

The defence counsel asked Stunt if it was possible to cut some text from one log file and paste it into another log file from a remote computer. Stunt dismissed the idea: "Remotely, the answer would be no. It is impossible, the technology does not exist," he said.

Article: Accused port hacker says log files were 'edited'
Well Cut and paste something from your local PC to a remote one is not possible I guess. But why shouldn’t you just download / edit / upload the log. It has the same result and is trivial… it looks like one of:
- the above article is an incomplete representation of the mentioned trial
- the researcher is incapable of doing the research in question
You name it

SQL Server BLOGs

2003-10-06T08:19:00.000+02:00

Didn’t know that there would be any BLOGs entirely devoted to SQL Server. But there are SQLTeam, sqljunkies.com and more. Just go to ... http://www.daypop.com, enter "sql server" in the search box and you’re on your way to discovering much more blogs I assure you! Just wanted to let you know, don’t know whether you’re the database type at all. As for myself I’m working on databases on a daily basis. Both as Sysadmin and DBA.This broad job description is interesting on the one hand, but complicated on the other as you might understand. You get to learn all kind of interesting stuff on databases, new technologies and systems, as well as software.However I feel myself strugggling with things every now and then, as deep insight into what I’m doing is lacking sometimes, which is just art of the type of job I have. I wouldn’t know what to do without Google for example :) And then again, it’s only a part of my job, which is total IT management of my company. It extends to keeping a website on air, supporting users with all kind of technical problems. Furthermore even replacing the toner catrdidges of the companys printers will be done by me most of the time. Luckily, the last thing is accompanied by more exciting tasks as installing new servers adn things like that

Well, I’m on the internet serveral times a day, to keep up with tech sites, some forums, following the security news. And yes, to try to keep up with SQL Server also. I know myself as a curious person on the technical level, I want to know every detail about every technology that can be found (to give an impression, articles and websites I follow the last months are about: Computer Security, Computer Science, Tech news, Software Engineering , Web building (HTML, Active Server Pages, CSS), databases in general, SQL Server more specifically, data enabling websites. I try (tried) to follow a lot of BLOGs also from people working in these areas. But it is just too much: Since some time there a baby around in our house, who also claims (read: deserves) a lot of attention. During the evenings, after he’s falling asleep, and the house turns more quiet, would be a good time to keep up with all this info, but I’m tired then and go to sleep. Also, time goes into volunteering work of our local church. What I need is not to read as much as I can, but to focus on what is best for extending my knowledge, and appreciate the little time available to me. Imagine, right now I’m bashing away on a little notebook in my sons room, where at the start of this post he was crying aloud, and now peacefully asleep :) I guess I have about 2 more hours, but in that time I want to also put some plants into the garden at the back of our house.

voting machines

2003-10-03T14:44:00.000+02:00

Bruce Schneier’s lates CryptoGram had a reference to an interesting article about voting systems. Systems in active use in the US seem to be substantially flawed in a security sense. According to the article it’s relatively easy for an attacker to shutdown elections early, and even modify voting results on the machines. Also contifuration settings of the machine might be altered. This way a voter selecting Candidate A can result in the system wrintg a vote on Candidate B into the vote log (MS Excel equivalent of reordering Column B with candidate names while not selecting Colum A with their ID’s). It is *realy* worrisome that voting machines like this are actually in real use. I can only think of software instructing some hospital’s Intensive Care facilities, or a nuclear plant, of being more essential than a voting machine. And I can asure you the aforementioned software works a lot better,. At least it won’t be flawed as the software described in the specific article.
Reading about these machines, I wondered how the systems work we have here in the Netherlands. The’re other systems definetely, as the’re not working with smart card in the first place. As a voter you are presented a big plate of buttons which you’ll have to push to make your choice. This is not a real touchscreen however, but still your vote must be saved on some persistent memory. However, how the results are sent to the central computer I don’t know. Let’s hope at least they dial in directly to it, so the data is sent over a private line instead of the internet. Only now time is lacking me to do some more Googling into this matter

Security Steve

2003-10-01T20:53:00.000+02:00

Well, as I was telling you the other day: I’m more and more on the hand of MS. But lo and behold… - well, don’t say that, the phrase is so popular there days that it becomes just noise in the background- now I just read this article above, where Microsofts’s CEO Steve Ballmer compares hackers to skyscraper destroying terrorists showing absolutely no morale.

“Hackers are criminals," Ballmer says, plain and simple.

and another quote about the ‘criminals’:

"There's no way to way to look these people as anything other than what they are: malicious people who are violating the law"

Unfortunately, this leaves no room at all to the interpretation that at least *some* so-called ‘criminals’ serve the general public by announcing security holes. In the end, making software errors public, just forces software manufacturers to addressing security issues promptly, thereby preventing the exploitation in the future. Let’s make a comparison: some
In the end this will make software more secure. I can draw no other conclusion that Mr. Ballmer must be a big fan of the principle of security by obscurity (correct me if I’m wrong). Well, there’s an abundance of information about why this is a bad thing. For starters, read what Bruce Schneier has to say about this in his famous Cryptogram newsletter, or in his book Secrets and Lies. It just does not work, and it is a dangerous way to just hide something secret in this digital age (thought added: well it will not work *in the end*, as there’ll can / will always be someone reading your mind someway – and figuring out your cmd.exe resides in c:\mytools instead of the systemdir…). I will not go into it any further, as I’ll only do that when I’d have something new to tell you. Repeating what others have already said is only boring and not attributing anything to the discussion.

But we were talking about Microsoft. When they take the issue of security seriously, that is: are trying their best to make software more secure, they can only be happy with so many people finding security holes in their products. What I don’t mean is that you should just write an exploit, release it on some hacker ftp site, and not tell the manufacturer about the issue. A reasonable amount of time should be given to them to fix the hole and subsequently release a patch to the general public

(whatis: reasonable. I have no distinct opinion about the time that should be given, other people are more capable of deciding this. I guess a complicated problem could need more time to fix than some minor thing. But on the onther hand, it shouldn’t *too* long, given that knowledge about the issue will spread on the net, giving others the possibility to make their exploits). I still think the Thrustworthy Computing Initiative from Microsoft is a serious one. And maybe it’ll really (link??) take a substantial amount of time before improvements will show.

(whatis: general. Patches should always be available to the general public, and not just the manufacturers list of clients. Everyone should have the option to download them somewhere from the web. I know people are using illegal software, but what’s the use of excluding them from patches? It will only keep their machines vulnerable to attack, and no one is served with that. The use of illegal software is a bad practice, no doubt about that, but other measures must be taken to handle this)

Google robot requests old links

2003-09-29T09:10:00.000+02:00
what I’m wondering: On the webserver of my company I find a lot of requests from Google and Scooter robots for *very* old pages, resulting in 404 of course. Trying to reduce the number of 404 messages, I thought search engines would automatically remove outdated links from their databases. At least after trying for 100 (or more accurate 1000’s) of times. Is their something wrong, please let me know, because I really don’t know how to ‘talk’ to Google and say something like “hey, stop requesting this outdated file on my server”

Weekend is over...

2003-09-29T09:02:00.000+02:00
...all back to work! I got a message from my friend @FIRSTNAME $LASTNAME. Well, looks like some spammers didn’t know how to spam. Like trying to execute Active Server Pages on a php/Linux server…I also see emails with subjects like $RANDOMIZE the last weeks. Is there some newbie spammer around or something.

Security Steve

2003-09-28T16:20:00.001+02:00
Well, as I was telling you the other day: I'm more and more on the hand of MS. But lo and behold - well, don't say that, the phrase is so popular there days that it becomes just noise in the background- now I just read this article above, where Microsofts's CEO Steve Ballmer compares hackers to skyscraper destroying terrorists showing absolutely no morale.

"Hackers are criminals," Ballmer says, plain and simple.

and another quote about the "criminals"

"There's no way to way to look these people as anything other than what they are: malicious people who are violating the law"

Unfortunately, this leaves no room at all to the interpretation that at least *some* so-called "criminals" serve the general public by announcing security holes. In the end, making software errors public, just forces software manufacturers to addressing security issues promptly, thereby preventing the exploitation in the future. Let's make a comparison: some
In the end this will make software more secure. I can draw no other conclusion that Mr. Ballmer must be a big fan of the principle of security by obscurity (correct me if I'm wrong). Well, there's an abundance of information about why this is a bad thing. For starters, read what Bruce Schneier has to say about this in his Cryptogram newsletters (worth reading!) or his book Secrets and Lies. It just does not work, and it is a dangerous way to just hide something secret in this digital age (thought added: well it will not work *in the end*, as there'll can / will always be someone reading your mind someway - and figuring out your cmd.exe resides in c:\mytools instead of the systemdir. I will not go into it any further, as I'll only do that when I'd have something new to tell you. Repeating what others have already said is only boring and not attributing anything to the discussion.

But we were talking about Microsoft. When they take the issue of security seriously, that is: are trying their best to make software more secure, they can only be happy with so many people finding security holes in their products. What I don't mean is that you should just write an exploit, release it on some hacker ftp site, and not tell the manufacturer about the issue. A reasonable amount of time should be given to them to fix the hole and subsequently release a patch to the general public

Thrusthworty Computing

2003-09-28T16:20:00.000+02:00
I was thinking about their Thrusthworty Computing initiative they started last year (Feb 2002 if I remember correctly). Of all the opinions I read about it, and which for the majority – at least the ones I read – are laughing about it in more or less obvious terms, I tend to lean to the camp applauding this Initiative more and more. I think their meaning with this is serious, why would someone like Michael Howard devote a whole book to the subject of writing secure code. One can laugh, but I think MS could also have fixed the public opinion problem in a less troublesome way, namely just hiring some more marketing managers preaching about all serious trouble they give themselves writing better software… and instead just produce code-and-fix products. Why write a whole book like this and not meaning anything it says is beyond me. I’m on the MS side a bit, but they should be taking the customer serious. Maybe that’s something they forget in their near-all-mighty situation. Just wanted to share this thought with you. Do you agree, don’t’? Let me know. Which reminds me that I should look into a way to put comments on this site. I guess it must be possible, but I just didn’t take any time to look into the matter

So much blogs

2003-09-28T16:16:00.000+02:00
Been reading a lot of blogs this afternoon. Also added some to the list on the left of your screen. What occurs to me is how difficult it is to bring some interesting thought in a blog instead of just repeating all news items of the past days, which can be found on any other blog (Verisign domain hyjacking, ICANNs objection, Verisigns refusal to take the much insulted page offline, MS working on better code – this one we see every week (see the other posting of today), the next virus or worm appearing, software engineers being responsible for their own code – hmm, this is one to give some more thought to because of its implications for developers
Anyway, all these newsitems can be found on a major number of blogs all referring in the end to the big news sites

delayed access to secure webserver

2003-09-26T09:52:00.000+02:00
For some time I have this problem with a secure website. On a testmachine (Win2000) in our internal network the response on a https request was immediate, which is fine. On the live webserver, it took about 6 seconds before the client is given the option of accepting the vertificate (we are our own CA). Well, for the time being this is within acceptable borders, however I’m trying to find a way to make this response quicker. Now the real problem: on the testwebserver I installed a fresh Win2000 copy on a different partition which should in no way be able to influence the other installation. But… now it takes almost 2 minutes before the certificate screen pops up in the client, and another 1 ½ minutes for the test webserver to process the credentials. Seems like something is looking for something until some timout occurs. By now I have no solution for it. Tried the wfetch.exe utility from MS to troubleshoot the connection. What happens now is that, given correct credentials, the complete page is loaded within seconds in the utility. Maybe something wrong with the IE install, but nothing changed on my PC lately. I tried it with making the test webserver trusted, tried it without the trusted option... no difference. Well, tried another machine then: this works! A Win2000 server acting as client gets a response within 5 seconds, which is, as we concluded, within an acceptable range. I'm still working to get a fast response back on my own PC, as, well it could be any other outside client connecting to our secure server having this problem. And that certainly shouldn't happen, I've never encountered a client willing to wait for 3 1/2 minutes getting access to a website

Something for the weekend

2003-09-20T03:16:00.000+02:00
Felt like at least I had to write *something* for the weekend but couldn’t think about what. Write before the bug we discovered this week that effectively deletes data from our database under certain unforeseen circumstances. Or about the email blast which took me some time to start. This was because after moving to Exchange 2000, there suddenly seems some problem with sending email as another person. This “"you do not have the permission to send the message on behalf of the specified user" message was getting annoying after some time. And this even while I had the rights to “send as” this user :(
Anyway, the problem solved itself the next morning, probably due to some synchronising between the servers during the night: I said we’re in the *transition* to Exchange 2000, didn’t I…
Or should I write about the total lack of sleep from the last days (crying baby at night), which make working a bit uncomfortable. Well I don’t know. The last subject doesn't seem suitabel 'cause it make me look like a moaner. Let me just wish you a good weekend... at least I hope someone reads this: please send me mail

Print Landscape

2003-09-15T16:24:00.000+02:00
Looking for a way to have webpages automatically print on landscape format. But, although JavaScript has access to the ÂprintÂ window, no settings on it can be changed however. This page told about doing this using CSS. But, testing on IE6 did not result in the hoped for result. This means that the feature can only be used when the majority of my users users some version above IE6 (which will take a substantial amount of time I can tell you :) Or wait untilll they changed to some other obscure browser capable of handling the @page command. Or .. well , I guess I should forget about the feature anyway, use PDF or something. But it would have been nice to have automatically uploaded web pages printed in the format I want it