Wednesday, January 28, 2004

Another article ...

Another article of mine have been published now in MSDN. Its regarding database documentation. Do check my article and let me know your feedback.

Microsoft Consumer Virus Alert:

Why We Are Issuing This Alert

W32/Mydoom@MM spreads through e-mail. This worm can disguise the sender's address, a tactic known as spoofing, and may generate e-mails that appear to have been sent by Microsoft. Many of the addresses Mydoom uses are valid addresses that are being spoofed for malicious purposes.

Mydoom Virus Alert: What to Do

Treat all e-mail attachments with caution, particularly .zip files in the case of this virus, even if they appear to be from a trusted source. Learn what to do about virus infections. http://www.microsoft.com/security/antivirus/mydoom.asp

Complete Information: http://www.microsoft.com/security/antivirus/mydoom.asp

New Virus ...

This is an Informational update about the mass-mailing computer virus, W32.novarg.A@mm:

The virus can infect several files on your computer and spread itself by sending an email to all addresses in your address book.

E-mails with the following subject line and characteristics can contain the virus:

Subject: Random - "Test" or "Hi" or "Hello"
Message:
Attachment: Files with the extensions of .exe, .pif, .scr, and .zip.

If you receive an e-mail with one of the subject lines and attachments listed above YOU SHOULD DELETE the e-mail immediately.

Thursday, January 22, 2004

Good link ...

The easiest way to see all classes inside a namespace is to check this Class Library Comparison Tool. The interesting part is, this page contains a "Display options" go and explore that for yourself :)

Wednesday, January 21, 2004

Security Bulletins released last week ..

Important information:

On Jan 13th, Microsoft have released 3 security bulletins. Of these one that deals with ISA is a serious one (critical). If you are running ISA as a firewall in your organizations, you should consider patching it. Here are all of them for your reference.

a.) Vulnerability in Microsoft Internet Security and Acceleration Server 2000 H.323 Filter Could Allow Remote Code Execution (816458): http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS04-001.asp

b.) Vulnerability in Exchange Server 2003 Could Lead to Privilege Escalation (832759): http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS04-002.asp

c.) Buffer Overrun in MDAC Function Could Allow Code Execution (832483): http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS04-003.asp

Do you know this?

We can get complete information about each table in a database using the following syntax:

Execute sp_help <<tablename>>

But if we have hundreds of tables in a database then the above method would surely be a tedious way to do. So to over come that we could use the following query:

Execute sp_MSForeachTable @command1 = "sp_help '?'"

As sp_help lists information about a single table this sp_MSForeachTable displays all information about all tables within the existing database. Neat isn’t it?
Dear Reader,

Bitwise, the annual online programming contest organized by the Computer Science & Engg. Department Society, Indian Institute of Technology Kharagpur, India, is being conducted this year on Sunday, the 8th of February. Bitwise is an algorithm intensive programming contest which aims to provide programmers across the globe, a platform to compete, testing their ability to develop efficient algorithms to problems within a given time constraint.

It is a non-profit competition organized by 4th year undergraduate students of CSE, IIT Kharagpur.

Over the last three years, the contest has become extremely popular around the world. In Bitwise 2K3, over 900 teams participated, with a team from Singapore bagging the first prize.

The registration is free and open to all. Contestants solve a set of problems posted on a site using C or C++. The solutions are evaluated, not only on the basis of correctness, but also on execution time and space complexity. The top 50 contesting teams will receive prizes worth Rs. 60,000!!

REGISTRATION STARTS: 20th Jan, 2004.

For registration and more information please visit our website at: http://www.iitkgp.ernet.in/bitwise

If you know of anyone who would be interested in taking part in Bitwise 2K4, kindly forward this message to them.

Thanks!

Bitwise Organizing Committee
CSE, IIT Kharagpur
Email: bitwise@cse.iitkgp.ernet.in

Tuesday, January 20, 2004

How to detect a 2-way mirror?

Not to scare you, but to make sure that you are aware. Many of the hotels and textile showrooms cheat the costumers & watch them privately :(

HOW TO DETECT A 2-WAY MIRROR:

When we visit toilets, bathrooms, hotel rooms, changing rooms, etc., how many of you know for sure that the seemingly ordinary mirror hanging on the wall is a real mirror, or actually a 2-way mirror i.e., they can see you, but you can't see them). There have been many cases of people installing 2-way mirrors in female changing rooms or bathroom or bedrooms. It is very difficult to positively identify the surface by just looking at it. So, how do we determine with any amount of certainty what type of mirror we are looking at?

CONDUCT THIS SIMPLE TEST:

Place the tip of your fingernail against the reflective surface and if there is a GAP between your fingernail and the image of the nail, then it is a GENUINE mirror.

However, if your fingernail DIRECTLY TOUCHES the image of your nail, then BEWARE, IT IS A 2-WAY MIRROR!(there is someone seeing you from the other side). So remember, every time you see a mirror, do the "fingernail test."

It doesn't cost you anything. It is simple to do.

The reason there is a gap on a real mirror, is because the silver is on the back of the mirror UNDER the glass. Whereas with a two-way mirror, the silver is on the surface. Keep it in mind! Make sure and check every time you enter in hotel rooms. May be someone is making a film on you.

Ladies: Share this with your friends.
Men: Share this with your sisters, wife, daughters, friends, colleagues

Wednesday, January 14, 2004

Wanna move from PHP/JSP to ASP.NET?

As you know Microsoft has been developing a new tool to help developers move to ASP.NET called the ASP to ASP.NET Migration Assistant. You probably played around with it earlier on. On 9th Jan 2004 they have announced the Beta release of this tool.

The ASP to ASP.NET Migration Assistant is designed to help you convert ASP pages and applications to ASP.NET. It does not make the conversion process completely automatic, but it will speed up your project by automating some of the steps required for migration.

Here’s how to try the ASP to ASP.NET Migration Assistant Beta:

1) Visit www.asp.net/migrationassistants to learn more and download the tool.
2) Visit www.asp.net/migrationassistants/forums to post your questions and feedback.

BTW – there is a PHP to ASP.NET and JSP to ASP.NET migration wizard too.

Source: Deepak Gulati ...

Tutorial and Presentation Creation Software...

Wink is a Tutorial and Presentation creation software, primarily aimed at creating tutorials on how to use software (like a tutor for MS-Word/Excel etc). Using Wink you can capture screenshots of your software, use images that you already have, type-in explanations for each step, create a navigation sequence complete with buttons, delays, titles etc and create a highly effective tutorial for your users.

Using Wink, you can create tutorials, by capturing screenshots, mouse movements and specifying your own explanations with them. And all this in a standard Windows-based UI with drag-and-drop editing makes it very easy to create high quality tutorials/documentation.

It is estimated that Macromedia Flash Player is installed in more than 90% of the PCs. Using Wink you can now create high quality tutorials/documentation which will be viewable across the web in all these users' desktops.

Similar applications sell for hundreds of dollars, while Wink is free with unrivaled features.

Download it free from here.

Saturday, January 10, 2004

Good book for beginners ....

OOP with Microsoft Visual Basic .NET and Microsoft Visual C# Step by Step by Robin A. Reynolds-Haertle. This Microsoft Press book is a good one for beginners.

Thursday, January 08, 2004

(Re)Initializing an identity column to 0

Reinitializing an identity column is of two folds. If there is no foregin key on the table where we want to reset the identity to 0 then the following process would work.

create table testTable1
(
  sno int identity,
  lastname varchar(25)
)

insert into testTable1 values('lastname1')

truncate table testTable1 -- This statement alone would do the trick for us :)


If there is a foreign key relationship then we can't use the above statement instead follow the steps explained below:

create table testTable1 -- example table 1
(
 sno int identity primary key,
 lastname varchar(25)
)

create table testTable2 -- example table 2
(
  sno int references testTable1(sno),
  email varchar(50)
)

insert into testTable1 values('lastname1')
insert into testTable2 values(1,'vmvadivel@yahoo.com')

delete testTable2 -- remove all the records from the child table first
delete testTable1-- remove all the records from the parent table


After deleting the content in the table(s) you need to give the execute below statement.

dbcc checkident(testTable1,Reseed,0)

There are cases where we want to reinitialize ALL identity columns in a database. In such cases make use of the below script.

Select
  'dbcc checkident (' + sysobjects.name + ', Reseed, 0)' as 'Reset Identity for the whole database'
From
  sysobjects, syscolumns
Where
  sysobjects.id = syscolumns.id and
  syscolumns.colstat & 1 <> 0 and
  sysobjects.xtype = 'U' and
  sysobjects.name <> N'dtproperties'


The result of the above query would be 'n' number of sql statements. Just copy those statements and execute it to reinitialize ALL identity columns in a database.

Wednesday, January 07, 2004

Test Drivers ...

Sample program which we write to test the newly written CLASS is called as drivers. It's always good to test your class with a driver before adding it into the actual program.

Find the product of a field ...

There isn't a prebuild function for finding the product of a field (or) set of values in SQL Server. But there is a workaround by using a combination of SUM(), POWER() and LOG10() functions. To read my complete TIP on this visit techtarget.

Needless to say, if you like this tip do rate it so that I could be in contention for winning the best tip of the month award :)

Comments ...

Today, I have made use of Haloscan a free, easy to use commenting system for my Blog. I think this would fecilitate the readers to add their comments to each post.

Protection bypass vulnerability in Ms-Word ...

Microsoft Word 2003 and 2002 contains a protection-bypass vulnerability. By performing a simple process outlined below, a user can unprotect a protected document without the use of a password cracker or other special tools. :(

This bug was discovered by Thorsten Delbrouck.

To see the bug for yourself follow the below demonstartion!!

1.) Open a protected document in Word.
2.) Choose the Save As Web Page (*.htm; *.html) option and close Word.
3.) Open the HTML document in any text editor.

4.) Search the <w:UnprotectPassword> tag for a line that looks like: <w:UnprotectPassword>ABCDEF01</w:UnprotectPassword>. Gather the password.

5.) Open the original .doc document with any hex editor.
6.) Search for hex values of the password (reverse order).
7.) Overwrite all four double-bytes with 0x00. Save, and close.

8.) Open the document in Word. Select Tools, Unprotect Document. Password is blank.

Source: winnetmag.com

Tuesday, January 06, 2004

Want to know the Processor ID of a machine?

Use the below code snippet in your page to display the Processor ID of the machine. Don't forget to add "using System.Management;" at the top.

ManagementClass managementClass = new ManagementClass("Win32_Processor");
ManagementObjectCollection managementObj = managementClass.GetInstances();

foreach(ManagementObject mo in managementObj)
{
 strResult ="Processor " + mo["ProcessorId"].ToString();
}

Surviving a heart attack

Don’t know about the authenticity of this information, but better to leave no stone unturned!!

Let's say it's 6.15p m and you're driving home (alone of course), after an unusually hard day on the job. You're really tired, upset and frustrated. Suddenly you start experiencing severe pain in your chest that starts to radiate out into your arm and up into your jaw. You are only about five miles from the hospital nearest your home. Unfortunately you don't know if you’ll be able to make it that far. You have been trained in CPR, but the guy that taught the course did not tell you how to perform it on yourself.

HOW TO SURVIVE A HEART ATTACK WHEN ALONE

Since many people are alone when they suffer a heart attack, without help, the person whose heart is beating improperly and who begins to feel faint, has only about 10 seconds left before losing consciousness. However, these victims can help themselves by coughing repeatedly and very vigorously. A deep breath should be taken before each cough, and the cough must be deep and prolonged, as when producing sputum from deep inside the chest. A breath and a cough must be repeated about every two seconds without let-up until help arrives, or until the heart is felt to be beating normally again. Deep breaths get oxygen into the lungs and coughing movements squeeze the heart and keep the blood circulating. The squeezing pressure on the heart also helps it regain normal rhythm. In this way, heart
attack victims make it to the nearest hospital. Tell as many other people as possible about this. It could save their lives!!

Sunday, January 04, 2004

New Virus ...

Two new viruses have been detected. One which is not so destructive is Jitux.A virus and the other one which is more troublesome is PE_QUIS.A worm. Check out the full artilce here.

Friday, January 02, 2004

GUID Vs. IDENTITY

For inserting a unique value for each record in a table, we can either create a GUID (Globally Unique IDentifier) with the help of the function NEWID() (or) create an IDENTITY column which would take care of inserting the unique value itself.

The major advantage of using GUIDs is that they are perfectly unique :) We can blindly use this if we are planning to consolidate records from different SQL Servers into a single table. The disadvantage is that the value of GUID are quite BIG. Hope it won't be too much if I say that this is "one" of the biggest datatypes in SQL Server. Due to that if we create an Indexes on a GUID field it would have a considerable performance hit. Other disadvantage which I see is it is not that easy to understand / remember a GUID value.

On the flip side, we can use IDENTITY column which would most probably be an Integer field. Due to the less space it occupy it has an upper hand when we compare this with GUID with respect to performance. However, since it is server-generated, an insert into the database requires that we query the database for the new key value. This also complicates the process of submitting new parent and child data.

Also, there is no standard for auto-increment functionality across databases. Relying on GUIDs can simplify some of these issues, since you're generating your key values at the client. If at all you are planning to port your SQL Server database to some other database then you might run into problems!! Not all databases natively support GUID. Even in those cases the work around is to cast the GUIDs as strings :)

So in my opinion we need to decide whether we can use GUID or IDENTITY column on a case by case basis.

Fetching IDENTITY value ...

The question is "How to fetch the IDENTITY value of the record which we INSERTED now?". Till the days of SQL Server 7.0 we used to rely on @@IDENTITY function. But in my experience that function isn't that reliable. i.e., @@IDENTITY isn't dependent on the current scope. Even if we have inserted some records in a different table it would fetch us that identity value ;) I am sure we wouldn't be interested in that.

From SQL 2K there is a new function by name SCOPE_IDENTITY which returns the last IDENTITY value produced on a connection and by a statement in the same scope. So its better to use SCOPE_IDENTITY in our select statement to retrieve the identity value for the record which we inserted now.

Example: SELECT SCOPE_IDENTITY()

Passing data between pages ...

Some of the common methods of passing data between pages (web forms) are:

1. Query String
2. Session Variables
3. Server.Transfer

Querystring and Session variables has its own limitations. ( For example, you can't pass objects or sensitive data using Query string method. More over there are limitations on number of characters which can be passed on a URL etc.,). So Server.Transfer is the better method for passing data across pages.

Note: If you use Server.Transfer inside a Try..Catch Block it would throw an ThreadAbortException. Its not a bug that's how they have designed it to clean up the Stack :) In order to overcome that either opt for Server.Execute or Response.Redirect('page.aspx', false).