wehuberconsultingllc.com

Simple find/replace compared to Advanced search/replace.

Simple find/replace is found in the Edit menu. Its shortcut is control+H. Advanced find/replace is in the Plugins menu, in the TextFX Quick menu. Its shortcut is control+R.

SourceForge.net: notepad-plus » FindReplaceNewlineHowTo

I finally researched an issue I was having with finding tab, new line, carriage return characters at the beginning of the line. I have an automated SQL procedure to create product data feeds in a tab delimited format. One of the symptoms of a soft SQL failure is that the line will wrap. This situation can be detected by looking for a first character that is either a tab, new line, or carriage return using the regex expression ^[\t\n\r]. . The simple find/replace does not find the problem lines while the Advanced version works as expected.

Build a Generic Histogram Generator for SQL Server

Histograms help people analyze large amounts of data, whether you display them as tables or as charts. This article shows you how to do both.

… 1 day ago

JkDefragGUI - Freeware made by Emiel Wieldraaijer

… saved by 488 other people … 1 day ago

VirusTotal - Free Online Virus and Malware Scan

… saved by 1677 other people … 1 day ago

Meet ratproxy, our passive web security assessment tool

… saved by 1 other person … 4 days ago

The Microsoft Source Code Analyzer for SQL Injection tool is available to find SQL injection vulnerabilities in ASP code

… saved by 50 other people … 5 days ago

PCI Requirement 6.6 has merchants gearing up

… 5 days ago

1. The Histogram Generator for SQL Server looks interesting but I think I will work on making pivot tables easier to use first.
2. I tried JkDefrag last week. I like the look and feel of the Auslogics defrag tool. JkDefragGUI makes JkDefrag a little easier to use and adds a few features. Both tools are nice upgrades to the standard defrag tool.
3. VirusTotal is a nice way to generate hashes for downloadable files.
4. I need to check Ratproxy out. Ultimately I would like to compare this to WebScarab. I need to read this Google document again and play with to figure out why Google re-invented the wheel.
5. Microsoft’s contribution to fight against SQL Injection would have been more appreciated if it worked for me. It did not generate a report for me. The program was more than willing to tell me that I did not have it configured properly. When I finally had it configured properly, the result is no report?!
6. PCI 6.6 is a mess. I am suspicious that the firewall option will ever be a cost effective solution for retail web servers. My first run at automated code analysis was inconclusive. I believe that low cost automated and manual code analysis are probably the best cost to benefit options.

wehuberconsultingllc’s favorites on del.icio.us

Andy wrote:

My jaw dropped this morning as I read Chester Finn’s Wall Street Journal opinion piece titled The Self-Inflicted Economic Death of Ohio.  First, because the piece quantified some of my gut feelings about Ohio’s talent drain, and second, because of the magnitude of the problem.

It’s So Important To Keep Talent In Ohio « Cincinnati IT - an andy erickson blog

Unlike Andy I am still searching for a word to describe how I felt when I read this article. I have a seventeen year old son and we talked frequently about college and jobs over the last year. Our talks were stimulated by what they did not discuss at high school. Let’s just say he is learning a lot more about the job market from me than from his school and he goes to a “good” school. About a year ago his school started the college selection process. This is a lot earlier than when I was going to school so I was duly impressed. I don’t think I even talked about colleges and majors until I took my SAT test. I was pretty clueless about colleges but I was well prepared for a major in a science or engineering field. What shocked me was that my son’s college counselor was encouraging him to pursue a liberal arts major. I was curious about their reasoning so I started asking questions. The deeper I probed the less I liked about the philosophy of our present education system. It was not hard to figure out that the college counselor’s recommendations were a natural result of the educational system that was in place. My son had plenty of opportunities to try out science and technology courses but was generally steered away from them.  When we met with the counselor and I mentioned that the biggest job needs for the next decade are still in the science and technology fields, she said that he should have pursued a course selection with more science and technology courses in it.  Okay, let’s drop “Conversational French”. Her answer was, “He can’t do that!” Besides she said, “He is taking Honors English and History”. Huh! Another point she made and I have heard it repeated several times, is that you what you study in college does not determine your career choice. This is definitely not true for those pursuing a job in a technology field. Wow! When I worked for a large chemical company we rarely interviewed college graduates who did not have an engineering degree. That was just a fact of life. Another fact of life is that engineers are paid well. If you happened to have and engineering degree and work experience from a co-op program you were gold and would get top dollar. It really looks like the high schools are just going through the motions of college/career counseling.

About a month later he got his PSAT results. He got a 700 on the math portion and the PSAT report recommended that he consider a college with science or technology major. Go figure!

As seen from del.icio.us I must be seen as…

Recently I found myself trying to debug an active server page application. It appears to be a simple application. When you go to the page, the server generates a text file which I call a data feed. It is used by search engines to build links to your products. The final step in the process is to download the data feed file and then upload it on the the search engine site. This is such a simple application you could have programmed this in a variety of languages without much effort or concern. The original developer chose to develop the application as an active server page. ASP would not have been my first choice primarily because programming it in SQL is a much simpler solution. In SQL the solution is so simple and straight forward it approaches the holy grail of computer programming, self documenting.

I got involved with re-engineering the ASP application because it was not working anymore. The page was not displaying and their were no error messages. By definition applications are no longer simple if they fail and do not produce an easy to understand error message. I suspected that the error might be related to a “response buffer limit exceeded” issue so I increased the buffer limit. This worked on the development system but it had no effect on the production system. That is not good! Now I was going down a path I did not want to go, fiddling with IIS parameters on a production system trying to fix a problem. Since I am definitely “old school” and evidently SQL centric, I decided to turn this into a batch operation and skip out on the human download/upload process altogether. My plan was to schedule a SQL job to download the data feeds into files using SQL and then use FTP to upload the feeds to their respective search engine sites.

I originally thought I would have this finished this task in a day or two. Boy was I wrong! The combination of ASP, XML, XSL, and SQL stored procedure put the processing in various places and difficult to follow. Of course there wasn’t any program documentation and the original programmer was unavailable. My plan was to combine everything into a SQL view that either BCP or OSQL would use to create a tab delimited file.  Using BCP I can use the ultra-simple “Select *” query on the view.

The first big problem was to create the category field. I needed to recursively lookup the category parent from a table of categories. This was process was originally performed in ASP. After some effort I created a SQL table to mimic the process.

The next problems came in rapid succession. The description field needed the HTML tags removed and some HTML entities needed to be escaped. Then I found that some products were being listed in multiple categories and the category being used by my view was a defunct category.

One of the nice benefits of using the “SQL View” approach was that it was easy to test and verify. I also had a backup plan if the batch process failed for some reason. Although I briefly tried OSQL I found that BCP had a more direct way of creating tab delimited files. Since it only takes a minute and half to create the four feeds, processing requirements are not an issue. Once I had copied the headers to the front of the file I was good to go. I matched the data using WinMerge on the development system since the ASP screen still worked on it.

The data matched and now I am ready to submit the files. This minor re-engineering took a lot more time than I planned but I think the process if very to explain.

The next problems were more annoying. There were permission problems with running BCP. Yahoo created FTP problems for me. They allow you to update files using FTP but your FTP client better support PASV. I was able to upload the file using FileZilla but not Microsoft FTP. I am searching for a command line FTP client I can use. I think MOVEit Freely from Ipswitch might be the answer. Ipswitch is probably best known for WS_FTP. A few years back WS_FTP was the standard bearer for FTP clients and servers.

Finally I am not sure what happened to MSN’s product upload page, http://productupload.live.com. Suffice to say it has had major problems every time I tried to use it. At this time I am not sure MSN wants me to update the data feeds using FTP. It is too bad they are so difficult to use. Most of our traffic comes from Google and Yahoo. Not surprisingly they get the bulk of our advertising expenses. MSN has always been a distant third place.

One of my favorite tools has been updated. It alludes to the possibility of integrating Writer with a couple of services and technologies I have been looking at integrating, Flickr and Lightbox. I was almost motivated enough to try my hand at writing a plugin a while back. The most obvious change is that the interface has been revamped. I have looked but I cannot find how Lightbox gets integrated. The Insert Picture dialog has a web interface. I will check out the web interface to Flickr shortly.

Writer Zone: Technical Preview: Now Available for Download

Recently I installed the pfSense firewall and now I have started to check out some of the packages that make pfSense such an interesting firewall platform. Without going into too much detail here is my impressions on several packages.

• NMAP - It kind of worked for me when I accessed it via the web server. It locked up the pfSense web server a couple of times. It worked fine for me via the command line and the Command page.
• NTOP - I had not heard of this package before but I was impressed. It had lots of information about my network. Some of the information was actually useful. I am keeping tabs on my son’s Internet usage. With all of this info I kept expecting the computer utilization of pfSense to go through the roof. It did not. Whew!
• SNORT - I did not get this package to work. It installs but the service does not start and it had problems downloading rules. I am guessing the rules issue might be related to the fact that the package was version 2.7 and the current rules are 2.8. I saw in a forum where several people were having problems running the package on pfSense. I manually uploaded a rule to see if I could start the package. It still did not start. Since I did not see any log messages, I decided it was not worth proceeding. It is hard to debug problems when you have logging turned off.
• EXEC.php - This goes under the name of Command. It gives you the equivalent of a command prompt and it is for those of us who do not want to crank up SSH for every little thing. It is not a “package” and its disclaimer says it is not supported. However, it worked better for me than the supported packages. Go figure! I used it to verify that NMAP was working. It was a helpful tool to work with SNORT, too.
• Internet Explorer - You need a SVG viewer plugin to view the traffic graph. I used Adobe’s version. The drop down navigation menu is quirky with IE. It opens and closes before you select an item. In IE the navigation menu is blocked by the traffic graph. I might try and fix this.

Although I still believe what I wrote in which I said that the use of wp_nonce in the last steps of the Wordpress Automatic Upgrade plugin is an unnecessary precaution, I am puzzled why it did not work.  According to Mark’s post on nonces, it sounds like in theory this "number use once" should still be valid if you are forced to log in again.  Here is what he wrote.

They are unique to the WordPress install, to the WordPress user, to the action, to the object of the action, and to the time of the action (24 hour window). That means that if any of these things changes, the nonce is invalid.

I guess that if we work through the logic, the only thing I can see that has changed is that the user has logged in again. I must conclude that it is identifying the user by something other than the username. Hmm… This is a puzzle.

I have been using this plugin for almost a year. When it works it is great! When I upgraded to WordPress 2.5 I started having a problem with the final two steps, reactivating the plugins and going to the final page. Before I could activate the plugins I had to upgrade the data base. Then I had to log back in to the blog. At this point the automatic plugin was lost and gave me a screen with "Are you sure you want to do this?" All the plugin could do at this point was to clean up the installation. I had to manually activate my plugins.

Today I figured out that if I remove the wp_nonce stuff at the end of the line I could get the automatic upgrade plugin to continue. Wp_nonce is a security feature. I think it is primarily used with forms but it can be used with links. About the only source on this function is the Writing Secure Wordpress Plugins post by David Kierznowski. I think when I have to log back into WordPress, wp_nonce thinks I am breaking in and slams the door shut. From a plugin design standpoint I am not sure there is a need for this type of security at this point since all I want to do is activate my plugins and get my log report. I guess I will comment out lines 392-394 so the plugin will work.

WordPress › Wordpress Automatic upgrade « WordPress Plugins

I upgraded to WordPress 2.5.1 today and my old theme broke. I have been looking at Cutline for some time but I have not been motivated enough to commit the time.  Today I had the motivation. I am really pleased that I had it ready to go in about thirty minutes.

Cutline 1.3 Released | Cutline Theme for WordPress

Wow, I did not know about this security feature in 2.5.  I did not have the ‘SECRET_KEY’ defined since my WordPress sites were upgrades. Since I prefer to follow the Secure WordPress recommendations and missed that section in the paper, I added a random key to all of my sites. The key does not cause any ill effects. Read the original post, WordPress 2.5 Secret_Key Vulnerability, for more details.

Problem: You have an existing RAID1 array and now you need more disk space. You have purchased two identical 300 GB disk drives to replace the existing 147 GB disk drives. What is the quickest way to replace the disk drives with the least amount of down time?

Answer: This week I ran into a situation this week. The easy part of the answer was to replace one disk drive with a new 300 GB drive and let the RAID controller synchronize the drives. Then you replace the last 147 GB drive with the 300 GB disk drive. The hard part of the question was whether you could partition the remaining disk space into a logical volume without rebooting. The answer is yes. It took about a two and half hours to mirror the first disk. During the first hour Exchange was really sluggish. The next hour and a half the response time was okay. It took about an hour and a half to mirror the second drive. The response time was okay during the entire mirroring operation. When the mirroring was complete I used the Compaq/HP disk array software to check the disk drives. My research on Internet said that it was unlikely that the disk array software would show the disk space that was not part of the existing RAID1 array as being available. I was mildly amused to see that it showed that 292 GB was available(i.e. 146 GB per drive). I used the disk array software to create a 146 GB RAID1 volume. When I went into Disk Management I could see 146 GB was available to be partitioned and formatted. Except for the first hour of mirroring this whole operation was pretty painless and did not require a reboot.

A PCI audit point I saw recently recommended that servers not respond to ICMP timestamp requests. For externally based web servers this probably means asking your host provider to implement a rule on their router to block ICMP packets type 13 or 14 with a code of 0. I haven’t tried this but this should allow normal maintenance packets(e.g. ping) and prevent echo tests using timestamp requests.

Description:

The target computer responded to an ICMP timestamp request. By accurately determining the target’s clock state, an attacker can more effectively attack certain time-based pseudorandom number generators (PRNGs) and the authentication systems that rely on them.

Platforms Affected:

• Apple, Mac OS
• Cisco, IOS
• Data General, DG/UX
• HP, HP-UX
• HP, Tru64 UNIX
• IBM, AIX
• IBM, OS/2
• Linux, Linux
• Microsoft, Windows 98 Second Edition
• Microsoft, Windows 2000
• Microsoft, Windows 2003
• Microsoft, Windows 95
• Microsoft, Windows 98
• Microsoft, Windows Me
• Microsoft, Windows NT
• Microsoft, Windows XP
• Novell, Novell NetWare
• SCO, SCO Unix
• SGI, IRIX
• Sun, Solaris
• Wind River, BSD

Remedy:

Configure your firewall or filtering router to block outgoing ICMP packets. Block ICMP packets of type 13 or 14 and/or code 0.

ISS X-Force Database: icmp-timestamp(322): ICMP timestamp requests

Recently I changed some of my sites to not use the "www" on the front of the URL. It was a little tricky but I got it working right. The first part is to change WordPress to use shorter URL. The second part of the change was to modify the .htaccess file. I found that  the post, Comprehensive URL Canonicalization via htaccess for WordPress-Powered Sites, helped me the most. I checked it in a browser and everything looked fine. Much later I tried to write a post in LiveWriter and it did not work. It gave me the following error message.

blogger.getUsersBlogs method received from the weblog server was invalid

After a little debugging I figured out I could get rid of the problem if I refreshed my account settings for the web sites with the new .htaccess file. I guess LiveWriter is picky about the web site URL.

I recently tried to visit Codeplex and got a an error page with a Server 500 error. It did not take too long to figure out that there was a configuration problem on my firewall, ISA 2004. There were several proposed fixes but the one that worked for me I found on a Techarena forum and it said to either turn on or off the HTTP Compression filter. I turned it on and it worked.

I think I had turned off the compression filter in ISA 2004 SP1 days. According to Lazyadmin HTTP Compression started working in SP2 and he has recommendations for configuring it in his post, Enabling HTTP Compression in ISA 2004.

Recently while upgrading my WordPress blogs I installed WPIDS 0.1.2. WPIDS is a Intrusion Protection System, which is based upon the Intrusion Detection System PHPIDS. It is a nice plugin for those curious about WordPress security. In theory this should improve the security of my blogs.

For the last couple of days I have been monitoring its log. So far I have not found any false positives. It looks like it is blocking some comment spam. Most of my comment spam is caught by Akismet.

I am kind of fascinated with this plugin.  If the developers are looking for ideas, it would be nice if:

1. It would tell me if there is a new filter available. I am not sure how often the filter is updated but with a little modification the plugin could update the file directly. WordPress would like updated plugins to be updated on their web site. An updated the revision number for the plugin would appear in the plugin panel. In a perfect world the use could then update the plugin automatically.
2. The search stats button overlaid the standard report onto the admin page for the plugin. It is not very useful in this format.
3. It would be nice if the report said why the bad request was blocked. I have several blocked requests showing something called “__utmz” in the tag field.
4. It would be nice to download the report as a csv file.
5. It would be nice to have a summary report by type of blocked request.

I installed WordPress 2.5 last Saturday on all of the blogs I support. It had passed some preliminary testing on my development blog so I installed it. It is supposed to have increased security, better administrative panels, and the ability to upgrade plugins automatically. They say there are very few changes that will affect the plugins. It sounded like a safe upgrade so I upgraded. After a little testing I found that ImageManager 2.4.1 did not work at all. I am not sure when it stopped working since I do not use it often and I have alternatives.

While I was at it I did a little spring cleaning. I changed the blog to not use the www subdomain, changed the .htaccess file, changed the blog to use a more descriptive permalink, removed the register feature from the meta widget, and got rid of several old inactive plugins.

Great post Lijin! Sometime ago I struggled to figure out how to install subversion on my WinXP box. The biggest difficulty I had was to understand what the folder layout for Windows box should look like. I ended up using svn1clicksetup to get a standard layout. Due to issues between Subversion and Apache 2.2, I avoided using Apache for Subversion. SVNService worked just fine for me. Recently Subversion has been supporting Apache 2.2. With a slightly modified version of Lijin’s instructions I modified my XAMPP installation to support accessing my existing repositories via Apache. Here are my steps:

1. Install Apache HTTP server if not already installed. I prefer installing Apache via XAMPP.
2. Install Subversion and let it update your Apache configuration. In my case I was updating to the latest version. Here is my file layout:
   1. Install directory - c:\Program Files\Subversion
   2. Repositories - c:\svnrepos
   3. Apache conf file - c:\Program Files\xampp\apache\conf\httpd.conf
3. Since my repositories are not accessible from the network, I did not create a Users authentication file or Acesss - rights file. I can do this later if I need it.
4. In the directory, "c:\Program Files\Subversion", create a etc directory and place another file called subversion.conf with the following data.

   <location repos>
     DAV svn
     SVNPath C:/svnrepos
   </location>
   

5. Add Include "C:/Program Files/Subversion/etc/subversion.conf" to the Apache conf file.
6. Restart Apache and test the repository access.
   1. I cranked up my favorite browser and went to http://localhost/repos. I saw my project directories.
   2. I created a new directory in the My Documents folder and checked out one of my projects using TortoiseSVN and the http://localhost/repos/project1 URL. It worked.
   3. Next I created a test file and added it to repository. It worked, too.

Installing Subversion? Just follow this 7 Steps « Lijin’s Localhost

Okay, Markus said I shouldn’t do this but I installed Opera@USB on my USB drive and renamed a few files. I wanted Opera to appear as a menu item in the PortableApps Menu.  Here is how I did this.

1. First I created a directory under the PortableApps directory called, OperaPortable. You can name it anything you like.
2. Next I installed the USB version of Opera into this directory.
3. Finally I changed the extensions for operausb.exe and gsr.exe to com and changed the extension for opera.com to exe. You should see the pretty opera icon now.

Next time I started the PortableApps menu I had a pretty little Opera icon next to a title that said "Opera Internet Browser". It could not been sweeter. I went to my web sites and they looked fine. The only way I have been able to crash Opera so far is to go to the acid3 test.

DISCLAIMER: I do not use Opera on a regular basis. Your mileage may vary!!!

Opera@USB : EN : download your free version of mobile Opera:

I just finished checking my WordPress sites with both a dork and a FTP. Google says that there 29,000 infected sites. I guess that I was left out of the party since my WordPress sites are at the most recent stable release.

Cyberinsecure recently posted details of an automated WordPress hacking tool that is doing the rounds. This malicious worm or program appears to create the directory, "wp-content/1/" as well as spam comments:

The blogs are most likely attacked by some kind of automated tool since the amounts of spam are too big to work manually on all those spam pages creation. It seems there are also spam comments in posts as well. Spam comments are pointing to internal infected blog pages in folder “1″ to get them spidered and to get people to visit them.

Smackdown also has a nice blog entry about this issue.

Automated WordPress Hacking Tool Cached by Google
DK
Wed, 26 Mar 2008 23:52:40 GMT