Jimiz.net – Jim Becher on the web

The project known as “Kin” is now being killed inside microsoft. Engadget is running a post that explains what they believe is going on.
http://www.engadget.com/2010/06/30/what-killed-the-kin/

The concept behind the Kin was to create a low price device that would allow people to stay connected to social media / cloud information. Essentially a blackberry to those not needing a blackberry. What I found interesting during the discussions of the “kin” project was how this all fit together with the upcoming windows 7 phone OS.

From the article it is unclear what Microsoft’s direction is. What I did take away was that a device that many people did not think would succeed is no longer being offered.

What are your thoughts on the KIN?

I was reading my daily RSS feeds and came across this headline.

“More than 10% of all PCs worldwide now on Windows 7″. (http://windowsteamblog.com/blogs/windows7/archive/2010/04/22/more-than-10-of-all-pcs-worldwide-now-on-windows-7.aspx)

It stood out and made me interested. That is pretty amazing, since Windows 7 has only been out for a few months. Considering the volume of users that have a PC that is huge number and to get to 10% this quick is just outstanding. I have been lucky enough to use 7 for quite a while at home, but still use XP at the office.

I am continually amazed at how people upgrade and update their home PC’s. Not many of the people I know who are not technical would even be able to tell you how to upgrade their OS. In fact, most of the people I end up helping with their tech problems just purchase a new PC rather than upgrade the OS.

I wonder how many of the sales are tied to a new PC? I would even love to know what the numbers were of people upgrading from XP or Vista?

Today I had the need to go to MSDN and look up some information. I have not directly gone to MSDN for a while. when I opened up the site I got this banner bar across the top

It offered me the advise that I should use IE8 instead of my current browser (Firefox). The reason is that IE is Faster, Safer, and easier. I was amazed, I did not know IE8 was safer.

Then when I went to the root of MSDN I got this advertisement (POP over)

I find it hard to believe that IE is better than firefox, but I guess Microsoft thinks so.

— Update —
I just got another site with a different advertisement for ie8. This time I was using chrome.

The site iisinformation.com has recently gone through a re-launch. Head on over to www.iisinformation.com to check it out.

The move from community server to wordpress was successful.

I have been working with VS 2005 a bit. One of the things I keep hearing people talk about, mainly a friend of mine who is using VB.NET 2005, is the “MY.OBJECT“. He was telling me how easy it is to grab a file and to check if the application can touch the network. So I figured I would give this a try. With that said, I should mention that I started with the new version of VS.NET 2005 using C#. I was excited to use the My.computer.network.isavailable. After about 30 min of messing around with help and intellisense to find the MY objects, I gave up and did a quick search. It was then I only realized that the “my objects” are only for VB.net.

Discovering this I was very confused. Why would Microsoft create these simple objects to gather information and not include them in c#? Very dissapointing.

I did some googling and found a few references to a helper object that will bring “MY” features to C#, called “that“. (download that)

After reading some of the comments out there, I found it would be easy to just reference vb and grab the MY logic. To do this you simply have to reference VB in your application “using Microsoft.VisualBasic.MyServices;” You then would have access to the My namespace.

Armed with that information and the joy of turning IISREPORTER PRO into a 2.0 C# app, I have completed about 40% of the re-write.

A friend of mine is currently in the process of writing a AJAX .NET book. He is expecting a May / June release. The publishing company released a summary of the contents of the book today. Head on over to Apress and view the upcoming “Pro Ajax and the .NET 2.0 Platform” summary.

Dan keeps his blog (www.danwoolston.com) up to date with upcoming AJAX topics

I have had a few people ask me questions on some open-source or alternative portal sites to sharepoint. I have seen a few linux based systems that perform similar tasks to sharepoint but nothing that was on the windows side. Until recently, I ran across (http://www.alfresco.org/)

Alfresco is a great project that allows for a good alternative. I was able to install in a few min (about 20) on windows. They also make a linux version. So go look at the site and view the flash demo.

My last blog post last week on Network Intrusion has generated a lot of traffic and emails. It was interesting to know that people actually read what I post. A lot of people responded in emails asking to know some more information on wireless security. I think this is due to the popularity of wi-fi, both in our municipalities and in hotspots such as coffee shops. I is amazing to see where wi-fi is available. You can catch a hotspot anywhere in our little town of Grand Rapids. If you are interested in finding a HotSpot near you head on over to grwifi.net, James has a great site that allows users to rate and discuss wi-fi hot spots.

Since my last post I have been thinking of ways to respond to the emails and feedback I have received. I think it may be best to do a 2 part series on wireless security. The first part will be to show what kind of information your laptop our application is sharing on the wireless network. I will just briefly walk through some typical situations where you may be sharing more information then you know about. In part one; I will discuss the common applications that may share information. I will also discuss the tools used to gather that information, to show how easy it is for someone to steal.

The second part of the series, I plan on discussing and showing methods to help prevent unknowingly sharing information to others. This will include software applications and techniques for securing your applications and systems.

It is amazing to me how many people are unaware of what their computer or applications do on the network. In reality your computer is very chatty, it likes to send information and it is up to the user to help secure and limit the amount of information that is sent. In the next few blog posts, I hope to show people what they can do to secure, encrypt, and defend when using their computers.

To keep everyone up to date from my last post. I did go back to the wi-fi hotspot and did not see the kid their sniffing the wireless network. But, if I do see him I plan on confronting him head on. I have not seen a clear argument that Sniffing a network is illegal yet, and plan on doing more research. It feels like it is illegal, but in a sense it is not much different than listening to people talk in a room.

Network Intrusion / Invasion

I typically stop at a local coffee shop to get some caffeine and use their wi-fi network to check email and surf the web. I am gathering this is not unlike most people out there in the business world. I tend to visit places that offer wi-fi because of their ease of use. But the other day I saw some thing that upset me. The story I am about to tell is not anything new, but rather just an eye opener for me.

As I was standing in line for coffee I noticed a fellow wi-fi user in the corner and happened to glance at his laptop. Being a tech geek I noticed he was running linux (you may ask how?), well I noticed etherape running and ethereal. These are both tools I use often. Especially when trouble shooting applications or networks.

At first I did not think anything about it. Then as I was firing up my laptop, I started to think why someone would be using ethereal and etherape here? Then it hit me. This guy was grabbing network traffic on the wireless network and sniffing, probably for passwords and usernames. At this point I came up with a plan. I looked around at the other 10 or so people on their computers and realized that they were unknowingly giving their information away. Usernames and passwords were floating in plain text all over that coffee shop. The girl next to me was on yahoo mail, the guy on my right had outlook express open. I figured that the kid had at least 10 or so usernames and passwords by now, and I was angry.

To see if my mind was just crazy or corrupt I decided to test my theory that he was sniffing usernames and passwords. I first ssh’ed into my box and created a new email account. I created a username called jvandenbon. I figured since I am in a Dutch area that a dutch username made sense. I created a password of Alice6232001, hopefully a real enough password. Then I hoped into my inbox using mutt and forwarded some of my spam emails into the jvandenbon user account. So now I had a real account that had some mail in it.

I then fired up ethereal and then thunderbird. First I took a quick capture of what was on the network, and as I suspected there were lots of POP accounts being used which show Username and PASS in clear text. I opened Thunderbird and checked my mail, I use SSL / TLS when I connect to my mail server so I was not worried about this kid grabbing my info. But I had to make sure that I was safe so I watched my traffic and sure enough it was encrypted with TLS. I closed ethereal, and created a new account in thunderbird using the above jvanderbon account name and told it to use POP as the means of communication. Again, I opened ethereal and then did a send receive to watch my fake username and password be sent across the wire. I then wrote an email and deleted some others to create traffic. I closed Thunderbird and waited. I set a string filter for Alice623001 in ethereal and watched. Sure enough in a few min later(about 10) I saw my fake username and password being sent over the wireless lan. I captured the kids source address.

This kid was trying to access my fake account. By this point I was angry. I got to thinking about what kind of stuff I could do to him. I easily could have kicked his ass; however I am not sure that it would have helped. All these people had been cheated of their info and privacy. That is when I started to think about legal options. I don’t even know if it is illegal to sniff a public network. I have never even thought about it. I did a quick google search and did not find much. I guess you can kind of relate this to yelling across the room to a friend with your username and password. Whoever happens to be in the room has access to that information. The analogy does not sit well with me. I would like to think that people can be safe or feel safe even when their trusted programs (outlook, outlookexpress, thunderbird, and hotmail) send their information in plain text over the network.

Right now I am just angry. If I do see this kid again, I plan on approaching him and asking what he plans on doing with all the usernames and passwords he stole. I can only guess he is going to just mess around. But, what happens when he comes across a guy who happens to have admin rights on a system and sends his username and password over the line. I realize this is a gray area of the law, but what about people privacy. I am not a malicious person by any means. I have sniffed networks in the past to gather information to help me learn how to protect them. But when I watched this kid and the speed of which he attempted to open my POP account, I am a bit worried. He must have had a program that would just take a username, password, and mail server and check validation.

I guess I am now asking the community what they think of this event. Do you know if you are secure? Do you go to a coffee shop and check mail via POP and send your info? Do you use ftp at the coffee shop to update your web site or worse; your corporate web site? I would love some feed back on what people think. Just think, if someone got your email password? Does it match your bank account password or your paypal password? These are the questions on my mind. And how can I do something against this punk kid. Should I just walk over and kick his ass or should I call the police? And if I call the police, what do I say?

Ever wonder what google index’s or does on your site? Well, here is some instructions on how to use this information.

http://www.sitepoint.com/blogs/2005/11/16/google-sitemaps/

It is some very good info and interesting stats. Somewhat like google analytics.

The Microsoft Patterns and practices is a useful control set for global logging, error handling and database connections. This tool set is great for development, but when you go to deploy it is not so fun.

I have added some references of how we were able to get Patterns and Practices on a production box.

One of the constraints of Patterns and Practices is that it requires / needs Visual Studio installed. This is great if you are developing on a box, but in the real world (i.e. Production boxes) you do not really want to install a development tool.

To make this happen you need to update a few things:
1. Move your compiled DLL files from your development box to the production box. This is everything under your C:\program files\Microsoft Enterprise Library\bin directory.

You need to move these files because it is not possible to build these dll files with out visual studio.

2. Modify the install script to accommodate for not having Visual Studio. I have made a few changes that just remove the 1) check for visual studio 2) change the path to the .NET framework folder.

The install service.bat (located at C:\program files\Microsoft Enterprise Library\src) needs some files out of the visual studio directory to register path settings. I have simply just removed a few statements and updated the path to use the .NET framework directory.

You can get a copy of the bat file here (installservice.bat.txt)

I hope this helps people trying to use Patterns and Practices.

There has been so much talk in the news about AJAX these days. It is strange, I have heard that AJAX is the Microsoft Killer, the new technology, or the wave of the future. I personally think that it is a great method of using technology to speed up a web application and also extend the usability.

It is hard for me to view AJAX as the next big thing. I think because the concept and idea has been around for a long time. Until someone coined AJAX, I don’t think people knew how to describe it or even where or why to use it.

Anyways, one of the guys I work with and NuSoft is writing a book on AJAX. You can read more about it here. (www.danwoolston.com)

I have been so busy at home and work I have not been blogging much. So I will try to pick up a bit.

With .NET version 2.0 out I have been busy with updating IISREPORTER and the next version. I have to admit, 2.0 is awesome to develop with. So far, I keep hearing people say that it is too buggy and has a few flaws. From my perspective I have not seen too many issues.

I did have an issue with updating the VB.NET version of IISreporter. But, that was VB, the C# version had no issues.

If you do a lot of file migration or exchange with Microsoft SQL server you have probably had to grab a file via ftp. In most cases if you have automated this task you may have done this by either a vbs file or a bat file, or a DTS package that calls an FTP client. Well, Dan Woolsoton (A new Co-worker) has found a great tool to replace the default DTS FTP calls. It is called SQLDTS, it has many features and settings you can dynamically replace. You can read Dans full article HERE

I am switching computers and needed to migrate my Thunderbird email client data to another machine. I did a little googling and did not find too much until I found Thunderstor It allows you to take your thunderbird account and exprt to eml files. Then import into system of your choice.

If you are moving from one thunderbird account to another you can also just move your profile. It is located at c:\documents and settings\yourusername\application data\thunderbird\profiles\****.default

I migrated those files and then pointed the profile.ini file to my old profile. All is well