Feed Icon  

Contact

  • Bryant Likes
  • Send mail to the author(s) E-mail
  • twitter
  • View Bryant Likes's profile on LinkedIn
  • del.icio.us
Get Microsoft Silverlight
by clicking "Install Microsoft Silverlight" you accept the
Silverlight license agreement

Hosting By

Hot Topics

Tags

Open Source Projects

Archives

Ads

Interview with a Comment Spammer

Posted in General at Monday, January 31, 2005 10:17 AM Pacific Standard Time

At The Register via Backcountry Conservative:

So Sam, like other link spammers, uses the thousands of 'open proxies' on the net. These are machines which, by accident (read: clueless sysadmins) or design (read: clueless managers) are set up so that anyone, anywhere, can access another website through them. Usually intended for internal use, so a company only needs one machine facing the net, they're actually hard to lock down completely.

Sam's code gets hundreds of open proxies to obediently spam blogs and other sites with the messages he wants posted. They usually target comments to old posts, so they won't show up to people reading the latest ones, though search engine spiders will spot them and index them.

This explains why you see so many different source IP addresses when you look at a comment spam run in the log files. They are using web proxies. That is why it is so hard to stop them based on IP filtering. However, the article reveals what really works against comment spammers:

So what does put a link spammer off? It's those trusty friends, captchas - test humans are meant to be able to do but computers can't, like reading distorted images of letters. "Even user authentication can be automated." (Unix's curl command is so wonderfully flexible.)

"The hardest form to spam is that which requires manual authentication such as captchas. Or those where you have to reply to an email, click on a link in it; though that can be automated too. Those where you have to register and click on links, they're hard as well. And if you change the folder names where things usually reside, that's a challenge, because you just gather lists of installations' folder names."

So adding a captcha control is effective. I would have to say I think this is true. Since I added the captcha control to blogs.sqlxml.org I haven't seen a single comment spam. If you're not using one, it is easy to implement.

RsWebParts Update

Posted in Reporting Services | SharePoint at Friday, January 28, 2005 7:42 AM Pacific Standard Time

Ok, I've created a new project site at SourceForge.net which you can find here. Everytime I try to figure out the CVS stuff I end up feeling dumb because I can't figure it out. So hopefully I'll “get it” this weekend so that I can put some files up there. For now the project site is just an empty shell.

In the meantime I would really like to figure out this reported bug about a security issue with the web parts. I'm not really sure if I understand what the problem is but I don't think it is really an issue with the web parts but rather a configuration issue.

The reason I think it is a configuration issue is because the main web part (the report viewer) is basically just an iframe that loads a report services report. The machine that I test my web parts on  is a different machine than the reporting services server so that shouldn't be an issue. I'm just wondering if the problem is that the user viewing the web parts doesn't have access to the reporting server. But I don't really know so let's talk more about this problem either here in the comments or in the forms.

While we're at it, please post any other bugs you've run into at the project site.

Battling Comment Spam

Posted in General at Monday, January 24, 2005 5:19 AM Pacific Standard Time

Well I've been battling comment spam a lot here at the SqlXml Blogs. Vinod gets up to 50 comment spams per day. Up until now I've just been using a stored procedure that inserts the offending URL into a banned url table and deletes all the comments associated with that url. New comments are checked against the banned url table and are not added if a match is found.

It was interesting to read today that Scott Mitchell is doing something similar. It seems that everyone is dealing with this problem. I'm sure a good community based solution will emerge soon (maybe something like Cloudmark's Safety Bar which I love).

In the mean time, I've added the Clearscreen HIP-Captcha control to the post comment controls to see if this at least slows them down. So sorry about the extra step in posting comments, if it doesn't work I'll remove it.

Clippool

Posted in General at Monday, January 24, 2005 3:52 AM Pacific Standard Time

Here at work I use two computers and have different applications on each. Sometimes I want to copy/paste from one computer to the other but never knew how. So today I looked into it and came across clippool.

Clippool.exe is a command-line utility (available in Windows 2000 Server Resource Kit) that allows you to transparently share a single logical clipboard between computers that are running either Microsoft Windows XP, Windows 2000, Microsoft Windows NT 4.0, Microsoft Windows Millennium Edition (Me), or Microsoft Windows 98. After you install and configure Clippool.exe, use it to copy and paste information from programs between computers on the network. For example, you can copy a screenshot on one computer to a document on another computer.

Information on this cool utility can be found here. It is really easy to setup (just copy the clippool.exe into the System32 folder of the two computers and follow the instructions). BTW - you can download the resource kit from MSDN if you have a subscription.

Some Random ASP.Net Notes

Posted in ASP.Net/Web Services at Monday, January 24, 2005 2:37 AM Pacific Standard Time

Last week I was doing a lot of ASP.Net development and ran into some real time wasters. Things that make you want to beat your head on the desk. Especially this first one.

1) I would rebuild my project and would then try to access the page on my local web server (I'm running IIS on Windows XP). I would randomly get the error that Access was denied to “some.framework.of.mine.dll”. It would then seem to go away for no reason. After a little googling I found the answer here. The problem is that the Indexing service in Windows XP locks the temporary ASP.Net files so you get the error for about five minutes and then it goes away. Talk about frustrating. Disabling the indexing service solves the problem.

2) Another thing I ran into was trying to disable a button after the user clicked it so that they couldn't click it twice. After several tries I was able to get the client side onclick event to work but if I disabled the button then it didn't submit the page for postback. Hmmm.. After soom googling I found a great solution here. It is called the ASP.Net Ghost Button Hack and it works very well.

3) I wanted to add checkboxes to my datagrid and also a checkbox in the header to select/unselect all the checkboxes. I found a nice example here, however the example didn't work. I'm not sure what version of ASP.Net the example is based on but there are some things you have to change to make it work. If you're interested let me know and I'll post them. Other than that the example worked great and I have it working (and the users love it).

4) Url Rewriting was the final thing that I ran into trouble with. I was able to get the Url Rewriting working just fine (I already had my own library set up to do this) but for some reason the postbacks were giving me problems. I read about this issues with url rewrites and postbacks here in an article by Scott Mitchell. The article describes how to create your own form control that doesn't output an action tag which solves the problem. This is the most elegant solution that I've seen for this problem and it works great.

So this is kind of a note to myself so that I'll remember them and hopefully they might save someone else some time as well.

Reporting Services WebParts Space Heats Up

Posted in Reporting Services | SharePoint at Monday, January 24, 2005 2:17 AM Pacific Standard Time

I haven't done much with the RsWebParts for since I released the last beta version (sorry if you've sent me email or posted questions in the comments, I've been too busy), but it looks like they are getting some more attention with the release of Reporting Services SP2 beta.

One thing that seems to have gone unnoticed is that the new version of BI Portal has been released [via Duncan and Patrick]. What does BIP have to do with Reporting Services WebParts? Well the BIP viewer can view Reporting Services Reports (and the BIP Viewer is a WebPart). It also has a Report Browser. In fact, the BIP viewer was the inspiration for the RsWebParts and you will even see that I borrowed some of my client side scripting from the BIP viewer.

So now there are 4 Reporting Services WebPart Packages (that I know of) so it will be intereting to see what happens next. I would expect the MS WebParts to come out on top unless they don't provide the functionality that people need. I would really like to continue working on the RsWebParts or at least get it out as an open source community project (especially since GotDotNet is so pathetic, right now the workspaces are down and there is no message explaining why or when things will be back).

What would you suggest? Should I create some kind of open source project for the SharePoint/Reporting Services community to extend? If so, how should I go about this?

 

 

Maxtor Can't Touch

Posted in General at Wednesday, January 12, 2005 6:55 AM Pacific Standard Time

My dad got a Maxtor OneTouch II 250 GB external hard drive for Christmas. I'm the IT guy for my parents so my job was to set it up so that he could use it to backup his computer. Simple, I thought.

I plugged in the drive and installed the software. The drive was recognized, however, I couldn't get any farther. I read through the instructions on the website and the ones that came with the drive which told me to push the OneTouch button on the drive to activate it, but pushing the button did nothing. I could see the drive under computer management, but the drive was uninitialized and couldn't be initialized. When I browsed “My Computer” the drive was listed as a Maxtor Locked Drive. Grrrr..

So after fooling around with it for about an hour I gave up. I was basically locked out by the Maxtor DriveLock Security (nice). I think the problem was the button on the drive was faulty so it never allowed me to register the drive. My dad is taking the drive back to Costco to get a new one so hopefully I will be able to report that the new one works soon.

I have three Maxtor OneTouch drives, but this is my first experience with the DriveLock technology. I definately would recommend against buying a drive with this technology at this point. At the very least, Maxtor should ship the drives unlocked and only lock them at the user's request. To ship them locked puts the user at a greater risk of running into problems. That is my two cents.

ASPX Pages Without a Form

Posted in SharePoint | ASP.Net/Web Services at Thursday, January 06, 2005 9:34 AM Pacific Standard Time

One of my recent projects was to develop a new menu system for our SharePoint portal to replace our old menu system (which was a custom menu as well). I decided to create an ASP.Net server control to do this. I created my control, signed it, deployed it to the GAC, added it to the safe control list, and then our web master put it into production after we did some basic testing. So far, so good.

However, today our web guy hit a snag when he put the menu on the SharePoint administrator pages (located in the  layouts/1033 folder). When the menu was put into these pages the menu would display but the scripting didn't work. I looked into the problem and quickly realized that my client side script was not being rendered into the page, basically my RegisterClientScriptBlock calls were being ignored (or so it seemed).

After some doing some googling and running some tests I finally realized that the SharePoint admin pages have no form tags (mark this down as YASPQ). So the problem I was running into was that since there were no form tags, the client side script blocks were not rendered as decribed here:

Server controls that post back or use client-side script will not work if they are not enclosed in the HtmlForm server control ( ). These controls can call this method when they render to provide a clear error message when they are not enclosed in the HtmlForm control.

The method referred to here is Page.VerifyRenderingInServerForm. I could call this method in the Render method of my menu control, but this just throws an HttpException (which in this case is clearly not beneficial). Instead of allowing the exception to bubble up I simply trapped for the exception and if it was thrown I added an HtmlForm control to my menu's controls collection and then rendered it after my menu was built.

This allowed the client script to be rendered even if the form tag was missing. So if you're developing a control and run into this problem this is a quick work-a-round. If your control has other controls that need to be posted back you could add them as child controls to the HtmlForm control and it should work as expected.

YASPQ

Posted in SharePoint at Wednesday, January 05, 2005 7:03 AM Pacific Standard Time

Scott posted a cool trick to map a WebDAV or FontPage website to a drive letter. Since I do a lot of SharePoint work I immediately started thinking of all the cool things I could do with this once I had a folder mapping to my SharePoint portal site (like start using VisualStudio to edit pages, easy backup, etc.). However, I was disappointed that it didn't seem to work with SharePoint. YASPQ!*

* Yet Another SharePoint Quirk

Catching Up

Posted in Sql and Xml | General at Monday, January 03, 2005 6:02 AM Pacific Standard Time

Well I'm finally getting caught up here at work after taking two weeks off. I must say that being a dad is a great thing and I would highly recommend it to anyone, but it is a lot of work :)

Prior to my wife going into labor on Sunday, December 19, I took a the Designing and Implementing Databases with Microsoft SQL Server 2000 Enterprise Edition Exam. I passed it without studying at all and took it since my free exam certificate was going to expire on December 31, 2004. The test seemed pretty fair and now I have to decide if I actually want to persue a certification or not. I think the main reason I passed it was that I took the advice of one of my fellow SQL Server MVPs and quit using Enterprise Manager to manage SQL Server and instead learned all the T-SQL syntax for doing things. This taught me quite a bit.

I was planning on posting this on Sunday evening but I got caught up in a much bigger event. :) Now that I'm caught up on my blog reading from the last two weeks I'm hoping to start blogging more. I'm also gearing up to revamp the SqlXml.org website for Yukon. If you have any suggestions let me know.