IEEE Data Breach

web, ,

A few days ago, Radu Drăgușin discovered a data leak at the IEEE servers, enabling him to download about 100.000 plain text keywords (probably mine as well).

On the one hand it shows how critical it is to consider the security off your system, nevertheless if you are a small company or a worldwide organization such as the IEEE. On the other hand it showed that even large organizations you never thought of this might face such fatal security leaks.

However, Radu went ahead and (a) decided not to share the information he gained through this security leak with public (big kudos for this decision), (b) to prepare various statistics on ieeelog.com based on the information (which are indeed interesting without revealing traceable information about individuals) and (c) to inform IEEE about the leak (also kudos for this). As a result you can say, he was quite responsible with the data he received and at least e followed some of the principles, provided by the IEEE Computer Society Code of Ethics.

One result of his analysis is the fact, that about almost 300 users are using the password 123456, reminding me Mel Brooks epic Star Wars parody Spaceballs, Dark Helmet saying

“So the combination is… one, two, three, four, five? That’s the stupidest combination I’ve ever heard in my life! That’s the kind of thing an idiot would have on his luggage!”

As a result, I went straight to my IEEE account and changed the password. Luckily, it was a password not used for any other site beside the IEEE. Said that, if you have an IEEE account, it probably is a good thing to go there directly changing yours as well if not already done.

Most used IEEE passwords

And Radu, whenever you ever read this post, if have the chance please have a look into the log files and let me know if the user aheil is listed there as well.

Feddburner Burnout

blog-o-sphere, , 1 Comment

It is officially, the Google Feedburner APIs have been deprecated and will be officially shut down in the near future after being bought for about $100 million in 2007.

“Important: The Google Feedburner APIs have been officially deprecated as of May 26, 2011 will be shut down on October 20, 2012.”

For all readers of this blog subscribed to the google Feedburner feed, it has not been available using the URI http://www.feedburner.com/aheil probably providing a 404 error code for the last few days. The Feed Stats dashboard already shows that the feed has subscribers anymore.

. Feedburner Stats

Therefore, everybody looking for a RSS feed of this blog should switch over to https://www.hack-the-planet.net/feed?rss2.

I used Feedburner even before acquired from Google. It was a great way to aggregate various sources of information on the web. Even with a deprecation time of three years, it is quite a loss as Feedburner provided a great way of mashing up data sources. Probably this service did not generate sufficient revenue for Google…

Cross-domain Mash-up using Google Feed API

web, , 3 Comments

If you want to retrieve cross-domain content via AJAX/JavaScript to build a mash-up client, browsers might restrict these calls upon security reasons.

Digging through the resources on the Web, you might figure out that there are various approaches. I decided against any server-side processing of the request as I did not want to make an extra call to the my server. Also any jQuery plugin related approach would not work at the moment due to recent unavailability of jQuery plugins.

Looking for an alternative approach I came along the Google Feed API. Basically, it allows you to download any public Atom or RSS feed and consuming it in your JavaScript.

Once you got your API key which is based on the domain you want to call the API from, you can immediately  start using it.  The key is valid for all pages within this domain. Usage of the API includes adding the script your head of the HTML, loading the API using Google Loader’s load()call and finally hooking up your code as call-back in the setOnLoadCallback function. The feed is then provided either as JSON or as XML by the Google Feed API and can be easily used within you code without any cross-domain restrictions.

Google Plus Operator

web,

Google has replaced the + (plus) operator for their search. While looking for a certain expression (using the plus operator) Google tells that from now an double quotation marks are necessary to find an exact expression.

SNAGHTML19b9b0e

Not sure if I like this, however, it looks like there are not many options to ignore this change. This probably has to do with all the G+ notation. It feels to me as bad as product and event names like .net or build which in combination with the new double quotation mark operator find some 2,490,000,000 results not relevant at all.

SNAGHTML19f637b

Bookmark Backup

quick tips, , 2 Comments

Today, TechCrunch reported about Yahoo shutting down the widely used bookmark  service del.icio.us.Right after this, a statement from Yahoo showed a possible alternate future of the service.

Many of you have read the news stories about Delicious that began appearing yesterday. We’re genuinely sorry to have these stories appear with so little context for our loyal users. While we can’t answer each of your questions individually, we wanted to address what we can at this stage and we promise to keep you posted as future plans get finalized.

However, who still wants to quick backup his/her boomarks could use curl following the tips from Martin Koser:

curl --user username:password -o DeliciousBookmarks.xml -O "http://api.del.icio.us/v1/posts/all"

Master Pages and XHTML

troubleshooting, , ,

Today, we encountered a really interesting issue with Visual Studio 2010, ASP.NET and Master Pages. Actually Visual Studio denied the design view for all of the pages within the solution except to the master page.

The page has one or more <asp:Content> controls that do not correspond with <asp:ContentPlaceHolder> controls in the Master Page.

No doubt you would check all the pages as well. After verifying that all pages have been correct, the ID as well as the ConteptPlaceHolderID tags are set correctly, you might see that the issue is till persistent.

Master Page Error

In this case check your HTML source code of the Master Page. In particular check for all HTML tags with self closing syntax. Referring the W3C Recommendation for XHTML section C.3 there are some tags that should be not used with self closing syntax.

Given an empty instance of an element whose content model is not EMPTY (for example, an empty title or paragraph) do not use the minimized form (e.g. use <p> </p> and not <p />).

Eventually, you now will review again your source code for any XHTML tags in their minimized form.

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head runat="server">
    <title />
    <link href="~/Styles/Site.css" rel="stylesheet" type="text/css" />
    <asp:ContentPlaceHolder ID="HeadContent" runat="server">
    </asp:ContentPlaceHolder>
</head>
...

In the example above change the title tag to

<title></title>

and the issue will be fixed. Even better would be of course to give your page a title.

While most browsers are quite forgiving here, the Visual Studio designer quits his job. Unfortunately, the error displayed is misleading and you might waste some time in reviewing Master Pages and ASP.NET controls that are obviously correct. Whether this is a bug or Visual Studio designer doing the right job and failing just for those tags based on the W3C Recommendation – it does of course not help a lot if Visual Studio does provide a misleading error message to the developer.

Migrating dasBlog to WordPress

web, ,

Over the last couple of years, I run my blog using the dasBlog engine. As I started hosting the blog in 2004 on my own server, I choose dasBlog as it did not need any database on the backend, saved everything in XML and did a great job on the full text search over the XML content. Beside that, a blog engine running on ASP.NET seemed the right choice being familiar with the technology. Eventually, I did several fixes and hacks on my installation over the last few years. Unfortunately, there was no new release since March 2009. As I like playing with alternative technologies from time to time and WordPress comes with a rich set of features I miss at dasBlog, I decided to migrate to WordPress. In this article I will describe the steps moving forward to WordPress hosted on a Windows Server 2008.

Overview

Moving forward to the new platform includes several steps. First of all the server has to be prepared to host the new platform. After the new blog engine is set up, the content needs to be migrated. Finally, the old engine needs to be shut down and the server needs to be set up to forward requests to the old engine to the new one.

Installing WordPress

Installing WordPress should be relatively easy as it is available through the Microsoft Web Platform Installer 2.0. However, you might encounter issues during the process on machines running IIS 7 as the required Windows Update KB980363 causes the installation process to hang. The update process only hangs when started from within the Web Platform Installer, so pick it from the Microsoft Download Page and install the hotfix beforehand. Before installing WordPress you need to install PHP on the server. In addition to the instructions how to configure PHP on IIS 7, Ruslan Yakushev provides a very good tutorial how to set up FastCGI on Windows Server 2008.

Migrating from dasBlog to WordPress

Originally, I planned to use BlogML to migrate the content from dasBlog to Worpress. Instead I found dasBLogML which is a simple GUI wrapper around the original BLogML. First you download the content of the old blog to your local machine.

dasBlogML

To import the BlogML data, you might want to follow Edgardo Vega’s article. In order to avoid potential problems during the import, also have a look at Daniel Kirstenpfad’s tip about replacing all &nbsp; occurrences in the XML file. Using the BLogML Importer plug-in you can finally import the previously exported XML file.

Import BlogML

Redirecting dasBlog

In the final step I had to redirect the requests from the old blog to the new one. There are several issues to think about: First of all, all binaries are still referred from the old blog. Consequently it is not possible to just shut it down. Furthermore, there are many entries that are linked from several places all over the web.

My solution is to create a IIS module using managed code, and the ASP.NET server extensibility APIs. First of all I had a look at the schemes of the permalinks or URIs I have chosen for the old blog

http://www.blog.old/yyyy/mm/dd/articletitle.aspx

and the new one

http://www.blog.new/yyyy/mm/dd/article-title/

Consequently the HTTP module has to perform several steps: Replace the domains, remove the technology specific information in form of the .aspx file extension (technology specific information isn’t good practice anyway based on Tim Berner-Lee’s article about cool URIs) and finally add some hyphens. While the later is an somehow impossible task, there is an easy workaround. The scheme for permalinks I have chosen in WordPress will list all articles on a given day if you omit the article title in the URI. Consequently, the requested URI will be rewritten by the module to

http://www.blog.new/yyyy/mm/dd/

and sent back in the response with HTTP status code 301 (moved permanently) base on RFC 2616:

“The requested resource has been assigned a new permanent URI and any future references to this resource SHOULD use one of the returned URIs. Clients with link editing capabilities ought to automatically re-link references to the Request-URI to one or more of the new references returned by the server, where possible. This response is cacheable unless indicated otherwise.

The new permanent URI SHOULD be given by the Location field in the response. Unless the request method was HEAD, the entity of the response SHOULD contain a short hypertext note with a hyperlink to the new URI(s).“

Additional URIs that need to be processed are in the form of

http://www.blog.old/CategoryView,category,categoryname.aspx

Also this one is relatively easy as WordPress expects the category in form of

http://www.blog.new/category/categoryname/

Finally, the selection from the calendar in dasBlog looks like

http://www.blog.old/default,date,yyyy-mm-dd.aspx

and needs to be transformed into

HttpApplication application = (HttpApplication)sender;
HttpContext context = application.Context;

context.Response.StatusCode = 301;
context.Response.RedirectLocation = GetRedirectLocation(context.Request);
context.Response.Cache.SetCacheability(HttpCacheability.Public);

if (!context.Request.Equals("HEAD"))
{
    ...
}

To create the redirect locations I use a set of Regex objects that cover the most important URI types.

Regex singleUriPattern
  = new Regex("http://" + OLD_DOMAIN
  + "/[0-9]{4}/[0-9]{2}/[0-9]{2}/([\w-_\%+]+)*.aspx");
Regex categoryUriPattern
  = new Regex("http://" + OLD_DOMAIN
  + "/CategoryView,category,([\w-_\%+]+)*.aspx");
Regex dateUriPattern
  = new Regex("http://" + OLD_DOMAIN
  + "/default,date,[0-9]{4}-[0-9]{2}-[0-9]{2}.aspx");

Now everything beside the content can be deleted from the old dasBlog installation. In order to avoid any requests not covered by the previously deployed module, the custom error page for status code 404 is set to the corresponding URI on the news blog.

After deploying the module (into the bin folder of the dasBlog installation) it needs to be added to the web.config. Therefore you just have to add it to the httpModules section.

<httpModules>
  <add name="UriRedirector" type="RedirectModule" />
</httpModules>

Edit Custom Error Page Dialog

If the application pool is running in Classic mode, the custom error pages do not cover any ASP.NET content. Therefore add the customError section into to web.config file. Now all requests that do not request any content from the old blog or which a are not redirected by your module are covered by the new WordPress blog.

<customErrors mode="On">
     <error statusCode="404" redirect="http://www.blog.new/404/" />
</customErrors>

Conclusion

Now the content from the old dasBlog instance are displayed on the new WordPress blog, the most important links to your old dasBlog pages are covered by the URI redirection to the new blog and all the rest is caught by the WordPress blog as well. You might want to extend the redirect module with further regular expressions (e.g. to cover CommentView.aspx or other dasBlog pages).

How to use Google Calendar Sync with Microsoft Outlook on Windows 7

troubleshooting, , 21 Comments

There is an urban legend that Google Calendar Sync would not run on Windows 7. Indeed, if you follow the installation instructions Google Calendar Sync will first ask you for your credentials and consequently fail to connect to Google Calendar. In the following you’ll find an solution how to use Google Calendar Sync with Microsoft Outlook 2007 on a Windows 7 system that that is provided under a works on my machine premise.

Google Calendar Sync 0.9.3.5

Once saved, Google Calendar Sync will try to connect but fail with error 2006. There is not many information about this error beside various frustrated users ranting about this and some statements that the current version of Google Calendar Sync (0.9.3.5) is not supported under Windows 7 yet.

Google Calendar Sync Error 2006

In the current case we will even run Google Calendar Sync on a Windows 7 64-bit system. Before you continue, make sure you exit Google Calendar Sync. First of all open a Explorer window and navigate to C:Program Files (x86)GoogleGoogle Calendar Sync or C:Program FilesGoogleGoogle Calendar Sync on a 32-bit Windows 7 system.

GoogleCalendarSync.exe

Right click on GoogleCalendarSync.exe and select Properties. Now select the Compatibility tab, check the Run this program in compatibility mode for and choose Windows Vista (Service Pack 2) from the drop down list. Click on OK and restart Google Calendar Sync either from your desktop icon or from the start menu entry.

GoogleCalndarSync.exe Properties - Compatibility Tab

Once restarted you can happily sync Google Calendar with Microsoft Outlook 2007 on (even a 64-bit) Windows 7 system.

Google Calendar Sync running on Windows 7

The Compatibility mode of Windows is a great feature to make usage of legacy programs that have not been or will never bee updated to the latest Windows version. Since Windows 7 even mode modes (including Windows Server) back to Windows 95 are supported. The number of supported versions might vary depending on the Windows 7 version you use, however, the Vista and XP mode should always be available.

Quickstart with AWStats and IIS 7

tools, , 11 Comments

AWStats is a free, Perl-based analyzer for log files. To get results quickly on a Windows Server 2008 with IIS 7 you only have to follow a few steps. These are not well documented in the AWStats documentation and require some time of research. This post will show you how to set up AWStats with IIS7 in only a few minutes.

  1. Install Perl, e.g. ActivePerl. There are 32-bit and 64-bit versions available. Make sure that Perl is added to your PATH environmental variable. The ActivePerl installer usually provides this option during the installation.
  2. Install AWStats. Remember the path AWStats is installed. Paths used below are based on the installation folder of AWStats. In this example we use c:awstats.
  3. Run the configuration script at c:\awstatstoolsawstats_configration.pl. Follow the on screen instructions. This will create a default configuration file in c:\awstatswwwrootcgi-bin e.g. called awstats.www.example.org.config. The site name www.example.org depends on whatever site name was provided while running the script. When asked for the Apache Web server path type in none.AWStats Configuration File
  4. Open the configuration file awstats.www.example.org.config with any text editor of your choice.
  5. AWStats already supports IIS, however, it is required to tweak the config file. First change the entry for LogFile. Log files for IIS might be found at c:inetpublogsLogFilesW3SVCNNN where NNN is a different number for each web site, IIS creates log files for. Change the entry toLogFile=”c:awstatstoolslogresolvemerge.pl c:inetpublogsLogFilesW3SVC1*.log |”

    This will merge all log files for a site provided by IIS. Adjust the paths corresponding to your installations and desired log file folders.

  6. The AWStats configuration file offers the possibility to set the LogFormat to IIS (LogFormat=2), however, the log entries provided by a standard installation of IIS 7 won’t match. The AWStats documentation recommends to change the settings of IIS. The change will take effect only after restarting the Web site and is only valid for entries after that particular moment. Consequently, this is not an option if you are going to analyze the logs of the last 12 months where the original settings were used. To make AWStats work with the standard log format of IIS 7 change the LogFormattoLogFormat=”%time2 %other %method %url %other %query %other %host %other %code % %other %other %bytesd”
  7. Change SiteDomain and HostAliases to meet the settings of your site.
  8. Change to c:awstatswwwrootcgi-binand runawstats.pl -config=www.example.org

    This will build the statistics database for AWStats.

  9. To create output runawstats.pl -config=www.example.org –output –staticlinks > …example_org_stats.html
  10. Not that example_org_stats.html is created one folder up. In case you do miss this, the output will not work correctly until you adapt the entries for DirCgi and DirIcons in the configuration file.
  11. The output file is now located in c:awstatswwwroot. You might want to create a Virtual Directory or set up a Web site to view the reports via the Web or your Intranet.AWStats Output

Repeat steps 3-7 fore each site you want to create reports for. Repeat step 8 and 9 every time you want to create a new report.

Put your own Search Providers into Internet Explorer 7

how-to, , 3 Comments

Another nice feature, unrevealed in Internet Explorer 7: Adding your own search providers is quite easy. When you select the drop down menu at your search box, you can select your currently installed search providers.

Search Providers Menu

To add more, select Find More Providers… from the menu.

Add Search Providers to Internet Explorer

Now, go to your favorite search engine and perform a search for TEST. I did this for the Beolingus translation provider. Paste the URL from the previous source and specify a name for your new search provider.

Create your own Search Provider

That’s the XML used for the installation. Press install and can directly access this search provider using the search box in IE 7.

<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/">
  <ShortName>Beolingus</ShortName>
  <Description>Beolingus provider</Description>
  <InputEncoding>UTF-8</InputEncoding>
  <Url type="text/html" template="http://dict.tu-chemnitz.de/dings.cgi?lang=en&service=deen&opterrors=0&optpro=0&query={searchTerms}&iservice=&comment=" />
</OpenSearchDescription>

If you want to modify the settings later, you can do so using Tools / Internet Options / Change Search Defaults Settings.

It was the first time I played with these settings of Internet Explorer and I am quite surprised in a positive way about it.

Change Search Defaults Dialog