Category: Uncategorized

BBC news have just reported that Google have purchased £883m ($1.65bn) worth of shares in YouTube, however Google have said the two companies will operate independently.

This is going to be a very interesting deal.  Two of the major plays in the video sector joining partnerships, and with Google’s CEO, Eric Schmidt, joining the Apple board of directors this could mean we are about to enter another huge media revolution. 

Now YouTube, Google, and Apple all in partnership together and with iTV just around the corner this could be great news for all us geeks. 

But where does this leave Microsoft?

 

Read more here:
http://news.bbc.co.uk/1/hi/business/6034577.stm

More on the Google and Apple partnership:
http://www.webpronews.com/insiderreports/marketinginsider/wpn-50-20060918IsGooglePolishingAnAppleAdDeal.html

 

The NxtGenUG have just posted information regarding a 2 day training course entitled “Advanced ASP.NET Exploits and Countermeasures” run by Dinis Cruz.  Dinis was one of the presenters on the Ed Gibson roadshow, and he has ran this training course at various conferences such as at Black Hat.  The course will be run in both London and Birmingham.

Dinis is a great presenter and I have heard great things about the course.

More information on the course itself can be found over on the Black Hat website however I am not sure if the content will be 100% the same.

More information on the NxtGenUG training course can be found on their website.

Personally, I would love to attend.

 

NxtGenUG

NxtGenUg was been created by 3 evangelists of Microsoft technology and hold regular meetings in Coventry, Birmingham and now Oxford every month with excellent speakers on a wide range of topics, together with some food and chat it makes for a great evening. 

If you have never been to a user group meeting before I strongly recommend you attend a local one.  The guys at NxtGen are great and I have really enjoyed the meetings I have attended (just a shame they haven’t got a meeting in Hertfordshire yet) – well worth the monthly subscription and the group seems to be getting bigger and better every month.

For more information visit www.NxtGenUG.net

Paperback: 522 pages 

Publisher: Hungry Minds Inc,U.S. (14 Jul 2006)

Language English

ISBN: 0471789666

Buy

Book’s Website

 

“At the end of the day, it all comes down to code.  There are few information security issues out there that cannot be traced back to bad code, lazy coding, ignorant programming, something have to do with bad software, or bad practices in the creation of software. The fact that it all comes down to code is one of the deeper points to pick up about application and software security because programmers hold those keys.”

My complete review of this book has been posted on the NxtGenUG site. 

 

This just got slashdotted.  Article on how you can still get IE7 injected with toolbars just like IE6 (assumes that the end-user clicks ‘yes/apply/accept/next’ to just about anything – which of course they are going to do).  One of the nice things about it was that the reset built into IE7 worked.

http://www.windows-noob.com/review/ie7/

Good to read if you have nothing better to do on a Sunday afternoon.

 

This is one for all you UK students out there.

Samsung are running a competition to allow “Dirty Pretty Things” to play on your campus for free! I saw them live in Coventry just before their album was released – they where amazing!!

Hertfordshire are fifth at the moment – I’ve placed my vote, help your uni by placing yours…

Visit http://www.bandonyourcampus.com/ to vote.

 

Microsoft have just announced that the Microsoft Certification Exam 70-540 will be in Beta form again starting October 23 until November 10 2006.

If you are in the area of mobile development then maybe you should look into taking this exam. If I remember correctly, these beta exams are free – so why not give it a go?

The Preparation Guide is available for the Exam at: http://www.microsoft.com/learning/exams/70-540.mspx

Visit http://blogs.msdn.com/jasonlan/ for information on how to sign up.

Voting for the agenda has now opened on the DDD4 website.  If you are unsure how the voting works, you pick 10 talks you think you would like to attend, then then this gets to decide the day’s lineup. You are allowed to change your choices up until the voting ends, which will be around mid October (or so the website says)

Nice to see they have taken my advice (and others I guess) and put the Level of the talk next to it.

Vote here:
http://www.developerday.co.uk/ddd/votesessions.asp

Ones i’m interested in, sure they will get my vote are:
Next Generation Data Access   (Style: Presentation – Level: 300)
Can Erten

The Use and Abuse of Reflection   (Style: Presentation – Level: 300)
Joanna Carter

How To Give Great Presentations   (Style: Presentation – Level: 100)
Guy Smith-Ferrier

TechED Highlights   (Style: Presentation – Level: 200)
Richard Costall & Dave McMahon

An Introduction to Microsoft Robotics Studio   (Style: Presentation – Level: 200)
Steve Tudor

How your web site gets owned   (Style: Presentation – Level: 300)
Barry Dorrans

Securing applications and communications in ASP.NET   (Style: Presentation – Level: 300)
Barry Dorrans

Yesterday afternoon was the first of five events of the Ed Gibson on the road tour, the event was held in Birmingham with Dinis Cruz, Barry Dorrans there to give a helping hand…

First up was Ed Gibson who gave another great talk on the dangers of organized crime on the Internet and some of the realities which we face – very thought provoking, if not a little bit scary.

Dinis Cruz then gave another great presentation on hacking applications, didn’t do his Rooting the CLR presentation however he did demostrate Metasploit which was great to see (only heard of it, never used it before).  Also did his HacMeBank demo which was great, as this time I was looking at it from the view of my final year project and a pen tester more than a developer…

Quick break, and then the panel discussion about what is security. There where some interesting points come up from the guys and was a good active dicussion.

Overall, a very good afternoon/evening. Presentations where excellent, and the organisation by nxtgen was really good (or at least it appeared to be…).  Looking forward to more events like this is.

For more information on the remaining four events visit http://www.nxtgenug.net/EdGibson/ . I would strongly recommend going if are interested in the area of security, or just because you can get out the office for an afternoon.

Paperback: 520 pages

Publisher: Mcgraw-Hill Osborne Media; 2 edition (June 5, 2006)

Language: English

ISBN: 0072262990

Rating: 4 Stars

Buy

Book’s Website

The evolution of the web is changing faster than most normal people can keep up with.  New website applications are popping up online daily, most of which contain some important, and sometimes financial information which the company wants to display or sell.  Most applications also contain information only ‘certain’ users can see in a secure area where you might have to pay to access, and only you are allowed to see.

This book describes many different ways in which the application can be used as a weapon against the company, allowing the ‘hacker’ to access restricted data, corrupt databases or bring down the server hosting the site.

Over the 13 chapters, this book describes all the common ways of attacking a website, from profiling the application to find out what OS and webserver it is running, or launching a full DDoS attack on the server.

After reading the book cover-to-cover, I am now aware of the dangers online and as a developer what my application must be able to withstand and block against. It also has information about the not-so common attacks, and various ways hackers attempt to break into websites – such as encoding the XSS attack to get around blacklists.  The book also covers almost all languages and platforms, allowing everyone to have a good understanding.  The  code samples included are an excellent way to seeing for yourself the potential harm, and if you can’t see it – have it explain to you in the next paragraph of the book.

At the end of every chapter there is a “references and further reading” section, contains all the links to items discussed within the chapter.  This ranges from Microsoft’s security alerts to PoC (Proof of Concept) applications and recommended applications to provide excellent additional reading.

At the very end of the book, there is a checklist to make sure your application is up-to scratch and secure.

I highly recommend this book to anyone who wants a good understanding of all the different ways in which web apps can be attacked.  If you are currently developing applications (both internally and externally) I strongly recommend you having a read of this book – you never know, it might just save your application and confidential database from hackers.

Over the next few weeks / months I plan to blog about my experiences of using Ruby on Rails, with this being the first post.

I will be using my iBook (OSX 10.4) to work with rails, one reason is because I want to use my ibook more – I can then justify a new one, and also because it enables me to understand creating websites for linux servers.

In case you don’t yet know, Ruby on Rails is all the rage at the moment. Their website says

“Ruby on Rails is an open-source web framework that’s optimized for programmer happiness and sustainable productivity. It lets you write beautiful code by favoring convention over configuration”.

I have to admit, I tried it when it was first released and found it really cool, however never thought it would take off – won’t make that mistake again.

Locomotive

Locomotive is an application for OS X to allow developers to drag and drop the installation into the Applications directory, and have a full working Ruby on Rails environment instantly.

Download : http://locomotive.raaum.org/

Strongly suggest you install (sorry, drag and drop) this. It will save you hours!

MySQL

I’m sure everyone has heard of MySQL. MySQL is a open source database application running on almost every platform, offering both commercial and a free community edition. 

I went ahead and installed MySQL 5.0 Community Edition (free) from http://dev.MySQL.com/downloads/MySQL/5.0.html .  OSX installation of this is very simple, has two packages – a main and a startup – I installed the main package first.  After installing both packages you will need to edit your ~/.bash_login script to set the path directory for MySQL.

pico ~/.bash_login
PATH=”/usr/local/bin:/usr/local/sbin:/usr/local/mysql/bin:$PATH”

The default username is root.  Default password is blank – nice and secure.

You can login to the server by loading a new terminal window and entering the command MySQL.  If you have problems accessing the server, you might need to start the MySQL service (or just reboot).

First RoR Application

The application will look something like below (with Aqua effects which got lost in the screenshot)

From within the application you can start/stop the application, open a terminal with RoR commands (like gem), show the application in finder as well as create new applications.

To create a new application, select the Applications menu, and click Create New… which will launch the dialog below.

 

Enter a name, and a directory where the app will live and click Create.

Next, click Run on the toolbar which will start the pre-configured webserver.  Then go Applications > Preview in Browser to view the new application.  The application runs on http://localhost:3000

That’s your first application created.

Conclusion

Just to sum up, Locomotive solves a whole host of problems when configuring RoR on OSX. It gives you a great environment to develop applications.

Over time, I will post more on RoR, locomotive and MySQL.