Archive for June, 2007

ReSharper 3.0

Jun 22

So ReSharper 3.0 was released and I see that it does have VB support finally (although I don’t touch as much vb as I used to I keep hitting the shortcuts and getting mad when nothing happens). The thing that gets me is that you only get a free upgrade if you purchased 2.0 or 2.5 after April 15th, 2007. I really like resharper but I don’t see dishing out $200 when I got my license for 2.5 in Feb. I guess I will just stick with 2.5 and keep avoiding vb :D

Filed Under: General

Easily Move Objects From .NET to Javascript

Jun 22

For those of you who are (un)fortunate enough to do web development you will probably run into the issue of wanting to move a .NET DTO and be able to access it in JavaScript. The simple way to do this is to use JSON (I know this is nothing new but a lot of people have not heard of this technology). JSON stands for the JavaScript Object Notation and is a simple string representation of an object that can be parsed using the JavaScript eval() method.

Simply the way this works is that a .NET library (I am using the free newtonsoft library in my project) takes an object and serializes it to a string. We then call var object = eval(serializedString) and then we can access all the properties off the object (and it seriously is that simple).

.NET Code:

public interface IResource
{
      IList<IResource> Resources { get; set; }
      string Name { get; }
      bool IsOnline { get; }
      void Check();
}

public string GetServers()
{
      return Newtonsoft.Json.JavaScriptConvert.SerializeObject(resource);
}

JavaScript Code:

function ShowObject(input)
{
      var resource = eval("(" + input + ")");
      document.getElementById("txtName").value = resource.Name;
      document.getElementById("chkIsOnline").checked = resource.IsOnline;
      //we could actually walk resource.Resources in a recursive fashion here as even the 
      //child collections get serialized and sent across the wire.
}

And it is just that easy. You can also modify the object in JavaScript and return it to .NET and call JavaScriptConvert.DeserializeObject() and have the object back in the .NET form and process it. The possibilities for this are quite powerful.

I would watch for security issues with this though as calling eval on a string with JavaScript can be quite dangerous if the input is not validated properly! This is because the eval() function evaluates a string and executes it as if it was JavaScript so the injection of dangerous code is a very simple possibility.

Filed Under: Web

Speaking at the Vancouver User Group

Jun 20

I will be speaking at the Vancouver User Group on July 4th, 2007. The topic is “Security So Easy, Your Goat Could Do It!” (hey why not). I will be covering injection attacks, validation techniques, hashing and cryptography at a minimum. Time permitting I will get into securing configuration files and least privilege.

Hope to see you there!

Filed Under: Security, Speaking

Something cool from…. Microsoft?

Jun 13

I found this to be a really cool and promising idea: http://labs.live.com/photosynth

Basically you will be able to upload your photos of an area and the app will join them togeather to form a model in which you can navigate. Pretty cool stuff. I can see lots of potential in it leading up to forming 3d models from joining several 2d photos (it kind of is already doing that I guess).

Filed Under: General

Unexpected Results

Jun 6

While working on a presentation about iterative hashing techniques (hashing a hash n times to make it harder to break) I decided to do a few simple performance tests to see what the time tradeoff would be for more iterations. The results though confused me. When running a thousand iterations it took an average of 0.36 seconds but when I upped the iterations to 10,000 the process took less time (0.19 seconds average). I am not 100% sure why this is happening.

Iterations Time (seconds)
1,000 0.36
10,000 0.19
100,000 1.32

Here is the code I am using right now:

protected void Button1_Click(object sender, EventArgs e)
    {
        this.lblInput.Text += DoIterations(1000);
        this.lblInput.Text += DoIterations(1000);
        this.lblInput.Text += DoIterations(10000);
        this.lblInput.Text += DoIterations(10000);
        this.lblInput.Text += DoIterations(100000);
        this.lblInput.Text += DoIterations(100000);

    }

    private string DoIterations(int count)
    {
        DateTime start = DateTime.Now;

        byte[] bytes = System.Text.Encoding.ASCII.GetBytes(“ThisIsMyPassword”);
        for (int i = 0; i < count; i++)
        {
            bytes = ComputeHash(bytes);
        }
        TimeSpan span = DateTime.Now.Subtract(start);
        return count + ” : ” + span.Seconds + “.” + span.Milliseconds + “<br />”;
    }

    private byte[] ComputeHash(byte[] input)
    {
        SHA512Managed sha = new SHA512Managed();
        return sha.ComputeHash(input);
    }

Anyone have any ideas on why this might be happening?

Filed Under: General