RambleJam

I don’t know if you have been following certain news items regarding NASA but I have and I really can’t work out what is going on.  It seems that someone somewhere in the chain of command really hasn’t got their eye on the ball … any ball in fact …

Firstly, in 2002 you may have heard about the case of Gary McKinnon who was caught ‘hacking’ (I’ll explain further why that’s in quotes later!) NASA computer systems.  He was attempting to find, or rather corroborate, some claims that he had found about the fact that NASA has teams of people that spend their time erasing details from official photos before general release.  These teams of people are apparently referred to as ‘Strippers’ due to their job of stripping details.

So why ‘hacking’.  I’m sure most peoples stereotypical idea of ‘computer hacking’ is some geekoid sat at a computer with streams of digits and characters flowing over their screens in order to ‘crack’ the security layer that protects the inner workings of a corporate or government computer network.  The reality is that Gary was using a tiny dial-up modem (likely running at 56kbps) which is miniscule in comparison to the now ubiquitous multi megabyte broadband connections that are popular today.  Anyone that was taking their ‘hacking’ seriously would not be using such technology.  Gary also didn’t make any attempt to hide the ‘paper trail’ of IP addresses leading back from NASA to him meaning that it was a trivial task to track him down.

However, the most important point about the hole deal is that Gary found that NASA had basically left all their machines wide open.  Computers have what are known as ‘User Accounts’.  If you use a computer at work and you have to log on, you will be logging on using a ‘User Account’.  Once you are logged on the rights and permissions associated with that account govern what you are allowed to do to that machine or the network you have logged on too.  For instance you may not be able to install software, change network settings etc … in order to perform these sorts of tasks there is a default ‘Local Administrator’ account.  These ‘Local Administrator’ accounts have full control over the machine and allow anyone logged on with this account to change any and all settings on that machine.  Gary found that the machines at the NASA facilities he ‘hacked’ HAD A BLANK ADMINISTRATORS PASSWORD … I can’t stress that enough, its amazing, its a school boy IT error to make.  At my place of work this is grounds for an internal investigation and heads would roll basically, its such a fundamental mistake that to my mind it makes NASA grossly negligent in terms of protecting its IT infrastructure.  So basically, Gary didn’t even need to ‘hack’ anything … it was left wide open … unprotected and asking for trouble.  The dictionary.com definition for hack is:

Computers. to devise or modify (a computer program), usually skillfully.

I argue that no skill is involved in order to obtain access to a computer system that is left with a blank administrator password, you don’t have to do any work at all in order to access that machine.  Bascially the person at NASA in charge of IT infrastructure security should be extremely embarrassed over this, if not sacked outright.

This isn’t all …

Yesterday I read in the news that a laptop aboard the International Space Station is infected with a W32.Gammima.AG worm!!!  And it was also admitted that this isn’t the first time!!  Our corporate network at my place of work has not had a virus infection problem in years … I personally have not had a virus infection problem in years either.  OK, its fair to say that NASA has a much higher profile that either of these examples but the virus is not targeting NASA specifically, its a well known 1 year old virus … on a laptop … floating in space … in the International Space Station.  Apparently its ‘OK’ since the laptop is not critical to any command and control operations.  I personally think that is a good thing but its also splitting hairs …

What is wrong with NASA’s IT Department??  What are they doing???

And they have the gall to extradite a UK citizen when in fact its their own utter lackadaisical excuse for IT security that is to blame …

Well I had a hell of a wake up call this weekend. A nasty little ‘Fake Threat’ had leeched into my system somehow. One of the horrid little blighters that pops up a fake warning message when you navigate to *any* directory on your machine. It alerts you to a none existant ‘problem’ and then tries to take you to a phising site. The warning was:

“Critical Error!”
“Attention [name]! Possible spyware found on your system. blah blah … go here to download anti-spyware.”

The most shocking thing about it is that I’m currently running no less than two anti-spyware programs, Microsoft’s own Window Defender and paid for McCafee Subscription!! I performed a complete system scan using both tools. Neither of them found any problems … that is truly shocking. So I proceeded to look into what are regarded as the best anti-spyware applications at the moment. Two names kept cropping up. PCTools Spyware Doctor and CounterSpyv2, I downloaded Spyware Doctor first and kicked off a system scan (very fast scan) to my absolute horror it turned up 15 different threats and over 40 infections. So why the hell did McCafee / Windows Defender fail to find a single problem??? I find performance like that to be so woefully under par that they cease to be fit for purpose (whilst also pinching a lot of system resources to boot). I installed McCafee the day I installed XP over 4 years ago and its been kept up to date ever since, same with Window Defender. Anyway, Spyware Doctor then told me that in order to remove these threats I’d have to buy it, so I uninstalled it and was magically taken to their website and offered a free version not advertised on their web site … cheeky to say the least.

So, I moved on and downloaded AdAware from Lavasoft (the free version) and that took such an obscene amount of time to get anywhere I ended cancelling the scan and uninstalling it.

Next up came CounterSpy which actually offeres a fully functional 15 day trial version. It has a nice interface and worked well, it scanned found all the threats that Spyware Doctor had found and then allowed me to remove them. After the removal process I rebooted complete with cheesy grin thinking ‘wooo, problem solved …’ … WRONG! The spyware in question that had kicked off this whole shebang was still alive and kicking. Dumbfounded I started looking for yet another anti-spyware product to try. I started by having another Google for the fake warning threat. This time I looked a bit deeper through the search results and found a chap having the same problem that had solved it by using … wait for it … SUPERAntiSpyware … what a name!!! And fully justified I might add …

I installed SUPERAntiSpyware and kicked off a scan … strangely it listed all the same threats that CounterSpy and Spyware Doctor had found, I thought to myself ‘hang on, counter spy just told me that it had removed all of these …’ either way, it scanned quickly, found them all and removed them. I rebooted and sure enough, my problem was solved.

So to round up:

McCafee = Overpriced crap that I will not continue subscribing too

Spyware Doctor = might have found them but wants me to cough up the cash before I can even know it actually works = crap

CounterSpy vs = not too bad, found them but seems to have failed to actually remove them

AdAware = no comment, painfully slow scanning process that I didn’t allow to complete

SUPERAntiSpyware = thumbs up from here, and its free … can’t get better than that.

Go forth and AntiSpy !!!

Just found a link on Sacha Barbers blog linking too some really cool Visual Studio code snippet downloads available from The Blendables folks and DrWPF.  Well worth downloading and checking out.

Over the weekend I was doing a fair amount of UI stuff on a major project of mine and stumbled across a very cool and neat solution to using data templates.  One of the great strengths of WPF is its ability to ‘componentise’ things into nice bite sized chunks of functionality/UI.  Anyone using WPF or learning WPF will soon find the need for DataTemplates in order to style and control the display of any data created by an application.  Until now I had been using ‘Inline’ DataTemplates held in the Resources section of a Window or a Page which is nice and still a very valid way of doing things, but this solution in this demo is seriously neat.  Define a UserControl and use that as your DataTemplate.  Keeps your XAML nice and clear and makes it really easy to design the look and feel of a DataTemplate in Expression Blend.

Anyway, that’s enough wibbling.  Grab the demo solution at the link below and have a looksee.

WPF User Control As DataTemplate Demo Solution (VS2008)

You can also view a more indepth explanation of this (with a more complete demo solution included) in my article covering this technique on Code Project.

Anyone that has worked on software development will have come into contact with Source (Code) Control software at some point. I’ve recently been looking for a solution to use at home on my personal projects and I think I’ve found just the thing. TortoiseSVN.  Its based on the very well respected SubVersion control platform which is in use in numerous institutions on all manner of projects large and small.

The main problem I found with finding a solution was to find a Desktop based system that provided all I needed, at least the basics of what you would require from version control software.  I’ve managed to do that and so much more.  TortoiseSVN is about as comprehensive as you would ever want or need.  I installed it in minutes and I had all my current in progroess solutions added and managed within half an hour.  Brilliant.

I’m actually more used to using Visual SourceSafe at work and frankly that is a really poor excuse for version control software, in fact I’d say that it gets in the way of productivity rather than ensures the smooth working of a team of developers.  It’s inconsistent with itself, a nightmare to administer and its merge/branching support is pathetic in all honesty.

Go Tortoise, you’ll never look back (or loose source code) again!

I’ve just been having a little play around with some methods for binding UI elements (in this case a ComboBox) to static data sources. As you may know Blend offers a UI to set up data binding to CLR objects (this is accessed from the main Blend UI using the [+CLR Object] button in the Data window. I had setup a Static class with a Static member that is an ObservableCollection<T>. However, when clicking on the [+CLR Object] this static class is not displayed as a potential data binding source. This is odd since this is a perfectly workable solution using this kind of binding syntax in XAML.

I’m trying to find out why this is the case since Blend should in theory just display this class as a potential datasource for the ComboBox and allow the user to bind to it. You can see this in action if you download the solution I created whilst trying this out:

Download XAML Static Class Binding Example

Well, I’ve spent the best part of a week trying to figure out why my application was constantly falling over on my test machine.  I’ve been taking bits of code out, putting in new bits (debugging code) and trying all manner of things.  Finally I have found the problem.

Its all stemming from wanting to give my users a simple straight forward installation without my installer having to spawn MSI installation in order to get SQL Compact installed and working for my application.  Basically, there is no problem with the Microsoft documentation on how to do this … so long as you aren’t using LINQ that is … as soon as you throw LINQ into the equasion things go tits up.  To get around this problem you need to make some additions to your app.config file.  If you include the code listed below you will find that your private installation of SQL Compact will magically start working!

I’ve spent a large portion of today trying to figure out why my project wasn’t able to create an MSI for me … I found this, no luck … still running this worked!

regsvr32 “ole32.dll”

Just found this really useful collection of byte sized tidbits to improve the performance of your usage of the data context.  Takes less that 5 mins to read some of these things and they will definitely improve your knowledge and use of LINQ to SQL.  Read it here.

http://www.disclose.tv/action/viewvideo/4897/