Last night I posted a webcontrol that I wrote to my website that makes life more difficult for spammers. It's a substitute for hyperlink control in ASP.NET named the obscure hyperlink control
One of the ways that spammers get email addresses is that they have programs that spider the web, looking for email addresses embedded in webpages. They target forum based sites because people are more likely to leave their email addresses there. This has caused people to start leaving their email addresses in cryptic formats (for example: me {at} mydomain.com). I find these techniques annoying as an end user trying to contact someone, but I also have to believe that spammers have caught on and look for variants with the word "at" in them. The obscure hyperlink control can be used for any hyperlink, mailto or http. Besides thwarting spammers, another use of the control would be to link to an objectionable site without contributing to its search engine rank.
What the obscure hyperlink control does is scrambles (note - I'm not saying encrypt) the hyperlink when the page is being created on the webserver using a random technique. An scrambled example of my email address is 'mcstiostucoe@ipolamit:hldnnorascae.o'. You can see a functioning example here. A matching javascript function is added to the webpage that unscrambles the hyperlink when the user clicks on it. When you view the source of the webpage, the link is removed, and an onClick handler is added to the hyperlink. Nowhere will you see the text of the hyperlink. It is present in the onClick handler, but it is not very legible. The Url is not stored in Viewstate, so it can't be taken from there, either.
Here are pros & cons of this control:
Pros:
- Easy to use (works exactly the same as the existing hyperlink control)
- The hyperlink information is not in the href attribute, but in the onClick (an area that spammers don't always pay atttention to)
- The diversity of scrambling algorithms makes it difficult for spammers to target a specific implementation
- Doesn't require a lot of server resources
Cons:
- Doesn't completely prevent spammers from getting email addresses. A determined spammer could reverse engineer the control. This is just adds a roadblock for spammers.
- Requires that the user's browser supports javascript and that it is enabled.
- Limited number of scrambling algorithms. Right now there are 5. If this fills a need, I intend to add more, but it will still be a finite number.
I've just finished uploading the presentations I did at the New Jersey Code Camp to their site . The demo files can be downloaded at my website under the file tab. Sorry for the delay!
Microsoft has released details for the next generation of .NET Certifications. (Information here). I've been certified by Microsoft for 10 years now (my MCP ID is in the 36000 range) and I currently hold the MCP, MCP+SB, MCSD, MCDBA, MCSA, MCSE, MCAD, and MCSD.NET certifications. I was fortunate enough to work for a Microsoft Partner for a few years who paid the testing fee for as many tests as I wanted to take. These certifications haven't gotten me jobs by themselves or increased my billing rate. But they do help employers/clients overlook that I didn't get a 4 year degree in Computer Science (I just have a two year degree) and have made clients feel more comfortable with my skillset.
It looks like that I just have to take an upgrade exam to bring my certs current. 4 tests for all the developer stuff. However, I also have the DBA certifications. There is an upgrade exam for the DBA Cert, but if I want to become a MCITP: Database Developer, or MCITP: Business Intelligence Developer , I have to start from scratch for a total of 5 exams.
One of my pet peeves is developers who think certifications are worthless. For the most part, the rant sounds something like this: "I know everything I need to know to do my job, I'm a .NET god, why do I need to prove it to other people?". Well, you don't know what you don't know. Take one of the practice tests. Every developer I know who has taken one is humbled by the results. For the most part, developers use only a fraction of the .NET framework. Until I started preparing for the exams, I had never used EnterpriseServices, Reflection, or Code Access Security. You can write a lot of good applications without ever touching any of these areas. But, by knowing these areas, you can write more complete applications, and troubleshoot all those weird problems that crop up every now and then.
It's been known for some time that Microsoft is going to offer a Microsoft Certified Architect program. I'm on the fence with this one. It strikes me as Country Clubish. You begin the program by having someone who is an architect recommend you. To gain acceptance, you are grilled by a "board" of other Architects about your solutions and experience. I would like to see it be a little more capability based. The costs are unclear, but I can't see that it would be cheap, and I'm not sure what advantage this credential gives me compared to some other guy who doesn't have it.
Apparently, the servers that host my site are based in Boca Raton, Florida and have been without power for the past two days. They're working off of generators right now. This is a tremendously minor inconvenience compared to what the people who live there must be going through. My prayers go out to all the people affected. Donate as you can.
Visual Studio 2003 stores Reference paths for projects in the .User file. Not in the csproj file. I can't see why they wanted to store that information in a separate file. The settings pertain only to the specific project. Anyway, if your application's build is dependant upon having the reference paths set, make sure you are adding the .User files to your source control system. The csproj file is not enough.
Normally you can find the .User file in the same directory as the project file... Unless it is a web application/service. Then you will find the file in the VSWebCache folder. Which makes it very difficult to put that file under source control. I don't see a good solution to this problem. Maybe porting the build to use NAnt. Although that would be burdensome if we just wanted to debug the project.
I guess the best solution is to architect your project so that it isn't dependant on a reference path.
The New Hampshire Dot Net User Group meets tomorrow:
Boston University Corporate Education Center
72 Tyng Road
Tyngsboro, MA 01879
The meeting schedule is
The third Thursday @New Hampshire Dot Net
Oct 20 Jesse Liberty - Creating Personalized Sites with ASP.NET 2.0 and C#
Topics will include: forms-based security, roles and personalization including: anonymous personalization, personalization with user-defined types, master pages, themes and skins and personalizing with web parts and catalogs.
I'm not sure if this critisism violates the agreement I have with gooogle. It seems everybody is talking how great their ad technology was and how easy it is to implement. So I put in on this site just to play around with it. While it is true that it is very easy to implement, I think their matchmaking sucks. Right now, if you go to the homepage of this blog, you are presented with ads for the XXXXXX XXXXXX (The name of the basketbal team from bostom). How did that happen? I don't even like that sport (I'm a small guy). Am I missing something? There are no references to that team on this page (I misspelled stuff in this entry so that there wouldn't be in the future, either). I think I'm going to try ads from other companies to see if they do a better job.
Nowadays there is a lot of discussion about TDD (Test Driven Development). While I think that anything that forces developers to pay more attention to testing their code is a good thing, I am not convinced that TDD is going to reduce my defect rate. My methodology is to write the code for a problem, document it, ruggedize (add range checks, errorhandling, and verify that resources will always be released), and then write unit tests.
When I talk about unit tests to developers, with the goal of trying to get them to place their unit tests in a unit testing framework like nUnit, there is a tendency for them to balk. "You want me to spend time writing code that an end user will never run" (read - Can I bill for that?), or "That would mean we'd have to start managing our previously disposable test harness code" (read - That means if I change my interface, the test code won't compile), or "Who is going to test the test code?" (read - I'm skeptical this will work and I'm trying to get out of doing this)
My experience with the three projects I've implemented full unit testing is that it is well worth the effort. Obviously, there is going to be more overhead when building the first version. However, it has saved me tremendous time when deploying the 2nd, 3rd, 4th.... time. Not only am I able to test the new features quickly, I can run the entire battery to make sure that I didn't break something when adding a new feature.
There is a utility called "Reflector Graph" that writes test skeletons for you. It is an addin to reflector. To generate a test skeleton, make sure you add the addin to reflector. Find the class you want to create a test for; right click and select Code Generation. On the drop down, select which type of object you are interested in.
Next Meeting October 13th
5:30 - 6:00 .NET Trauma Center
Stumped? Frustrated? Is your forehead sore from banging your head against the keyboard? Bring in your application and see if some of the area's local experts can provide some guidance.
6:00 - 7:00 Visual Basic 9.0 Language Changes
Joe Sarna of JJS Systems will outline the changes that VB has undergone in the upcoming release of Visual Studio 2005. Come learn about the new features such as operator overloading and the My namespace.
7:00 - 8:00 C# 2.0 Language Changes
Phil Denoncourt of Denoncourt Associates will highlight the changes that C# has undergone. He will cover templates, anonymous delegates and other fun features.
November 10, 2005 - We got Sam Gentile! An INETA sponsored event. Boston .NET expert Sam Gentile will give us a look a C# 2.0 Generics. Pizza will be served.
December 15, 2005 - Visual Studio .NET Launch event. Come learn about the new version of Visual Studio and SQL Server. Door prizes will be available.
Back in the mid 90's, I hypothesised that everybody had a distinctive pattern to the way that they typed specific words. The pattern that I typed my password was predictable and consistant. Meaning that if my password was "toyota", the time it took me to type the letters "t" and "o" was relatively static, but would be completely different from someone else typing the same word. So my idea was to build a product that added keyboard recoginition as another layer of authentication. With this technique, I could tell you my password and unless you were a proficient percussionist, you wouldn't be able to autheniticate with my credentials. I did some prototypes, writing a Gina dll and tested with a few people, but before I took the time to refine it, this company published their implementation.
Today I read of a new technique (link) that uses a microphone to listen to someone typing. Apparently, by recording the sound of someone typing, they are able to reconstruct the keys that were pressed. A new reason to be paranoid...
I've given a introductory talk on Code Access Security a few times now. As I'm showing all the pieces from an administrative point of view (Code Groups, PermissionSets), and I go to create a code group, there is an option in the wizard that allows you to import the settings from an XML file. People listening to my talk always, without fail, ask, "How can I generate that XML file". It's fustrating, because there is no clear way to do. No menu option, no command line utility. I alway mean to research how to do it, but never seem to find the time. A couple of nights ago, I looked into it. It turns out on each PermissionSet, or CodeGroup, there is a ToXml method. Since it appears the only way to get the XML is using that method, I wrote a utility that will export the XML to a file. You can download it here.
|
Copyright © 2008 Phil Denoncourt III. All rights reserved.
DasBlog 'Portal' theme by Johnny Hughes.
Pick a theme:
|
|
|