Just sharing some of my inconsequential lunch conversations with you... RSS  

Friday, June 27, 2008

Supermarket of the future

This is one of the geekiests supermarkets I've ever seen! A German supermarket is inviting customers to use their mobiles cameras to scan the product bar codes and check out without the help of a cashier. Trust on the customer seems to be a key point of the model...

Interesting enough RFID technology was not chosen, preferring good old bar coding. In my experience, reading barcode on the mobile introduces new problems - low quality cameras, scratches on lens or low quality display just don't help.

Check it out: "Future Store".

Wednesday, June 25, 2008

Tools to deal SQL Injection

Ok, the best way to avoid SLQ Injection is really writing SQL Injection safe code. Now that the obvious is out of the way, here are two great tools to assert, a an old one to protect:

Tool Usage Pros Cons Users
MSCASI Identifies SQL Injection vulnerabilities in ASP code through static source code analysis. Identify the root cause of the bug at the source code level. This version currently only works on ASP pages. Web developers
Scrawlr Detect SQL vulnerability using runtime analysis by crawling a website. No source code is required. Cannot identify the line of code responsible. IT/DB Administrator,Web developers
UrlScan v3.0 Beta Runtime filtering that blocks the types of HTTP requests that Internet Information Services (IIS) will process. URLScan filter can be easily deployed to mitigate SQL injection attack while the root cause is being fixed. Not fixing the root cause, thus the risk has not been eliminated completely. IT Administrators


Taken from Security Vulnerability Research & Defense

Monday, June 23, 2008

The day I crashed Vista and OSX

Yeap, this doesn't happen everyday. In the morning a friend of mine was complaining about a BSOD on Vista after killing csrss.exe. XP didn't allow this, so I had to try it... and bum, blue screened on me!

Later today, when I got home, I've started setting up my wife's Palm on OSX and... it crashed!

Thank god for leaving the car in the garage today :) What a day...

Sunday, June 22, 2008

Tool of the day: soldering iron!

Yes, it's true, today's log entry doesn't have to do with software. Today I'm writing about the most annoying tool I have to use from time to time: a soldering iron.

Yesterday I finally changed my wife's Tungsten E's battery. I had already received a cheap battery from 100000volts.com, and yesterday was the day. Palm's idea of soldering the battery to the board was just an unhappy one - oh, well, I'm being unfair, at least they put the on/off button on the right place, on the exterior!

Ok, the battery replacement was not as bad as I though. It is just clumsy. The truth is I hate soldering, maybe because I had to soldier a bunch of cables on one of my first professional projects.

The project itself was a software one - I had to port a VT220 application to a series of other terminals (VT100, Data General DG412 and 460?, IBM 3270?, Bull?, Unisys?, hell I can't remember...). Clients sent us terminals, and I configured a termcap like layer I had developed. The problem was getting the right pinout - mostly a try-and-error process.

Yes, just soldering a simple cable is a stressfull task for me - I can't imagine myself performing a precision soldering on a board.

Thank god for software :)

Wednesday, June 18, 2008

Velocity and NInject

I can measure the amount of work I have by the inverse contributions on devCatharsis. Boy, these have been a crazy weeks...

Anyway, and even not having time to test drive them, here are two cool products: ninject, a cool .NET IoC, and velocity, a in-memory distributed cache engine.

Oh, and now that I'm recovering old news, SysInternals tools are now accessible by http://live.sysinternals.com/. For example: http://live.sysinternals.com/tcpview.exe. And I think they have also opened it by SMB (strange...) at \\live.sysinternals.com\Tools - not working right now, I'm afraid...

Oh, well, back to powerpointing...

Monday, June 16, 2008

Apple report

Now that I have my Mac for some weeks, here's what I feel about OSX:

  • Not so different from Windows anymore - at least as I expected.
  • More app support now.
  • Above all, a simple and elegant OS. Windows is packaged with feature most don't use. OSX still lacks some of them, but they are being added with each version.
  • Being Unix-like is a life-saver to me! And lots of fun. Though some interesting software Linux doesn't get proper support on OSX - not unlike what happens on Windows...

What I lack:
  • some USB drivers support
  • that cool utility I've found - and only gets Windows support
  • a decent 2 buttons mouse (I know, I could just hook up a 10€ one...)
  • Vista's explorer! Finder is just too simple.
  • interesting enough, stability (when firefox, WindowServer or ATSServer start wasting 200% CPU, I'm in trouble...). Probably because of repeated ofenses from an inexperienced Mac OS user, I admit. Nevertheles, unstable.
  • writing on NTFS - I've just trashed my NTFS external drive after 2 weeks using MacFuse and NTFS-3G. Don't have a clue about what happened, it just returns a lot of -47 and -36 errors. Vista, Windows 2008 Server and XP can't mount it anymore.
I'll try and recover what I can from my external drive and re-install OSX. It will be fun!

Bottom line is: get an OSX, but keep your XP, Vista and your favorite Linux distro. Techno-diversity is here to stay :)

And the less intelligent configuration set goes to...

Panda GateDefender Performa! Here's why:

Last Thursday I sent a mail from my corporate account to a private one. The mail had a PowerPoint 2007 document attached. Here's what I received:


Panda GateDefender Performa has detected restricted content (SuspiciousCompressed) in this message.

Action: The file has been sent to quarantine to protect your network security.
06/12/2008 19:18:42 [GMT+0100]



Uauuu! Awesome! The receiver was informed. But wait, it gets worst, the sender wasn't!

The error itself is annoying. Yes, PowerPoint 2007 is a compressed package, so what?

Tuesday, June 10, 2008

Microsoft has pulled Sandcastle from CodePlex

Oops, since Sandcastle is not an open-source project, it should be hosted in MSDN Code gallery. Most of us would prefer the obvious alternative: open-source it! Boy, do I miss NDoc...

Here's the announcement.

What has happed to my VPN?

Yeap, it has been a crazy week. I've changed my ISP (from Clix to Zon), and the shit as definitely hit the fan!

For a start, I can no longer establish a VPN from my OSX. I have to start XP on Fusion to get VPN connectivity, and still dropping from time to time. The problem can be related to the router - now that I no longer have a DSL line, I've stopped using my Huawei and recovered my old Linksys WRK54G. Yes, K, not T :(

As always I'm having problems with the quality. Clix sold me a 24Mbps service and couldn't get me nothing pass 4Mpbs... Then there were the trafic limits - who needs trafic limits these days?

For my needs Zon is a lot cheaper, but it comes with a price: reliability! I've lost my connection for a couple of times, including the phone - yes, on Zon the phone is brought through cable... Let me get you reading from modem right now:

Downstream Power Level

-15.4 dBmV

Upstream Power Level

56.0 dBmV

Ooops. I phoned Zon and had this interesting conversation about it:

  • [operator] I'm reading your modem and the signal are in order;
  • [me] ok, so what should be the limits for my parameters?
  • [operator] I'm reading your modem and the signal are in order;
  • [me] you told me so, but what are the thresholds that define being in order?
  • [operator] the signal are in order;
  • [me] can you tell me what these limits are? Does you company policy allows it?
  • [operator] no I can't...
And our conversation ended. The fact is we all know (or think we do). Here are the limits:

Downstream (Rx) Receive Power Level:
- 15 dBmV / +15 dBmV : min / max.
- 12 dBmV / +12 dBmV : recomended min / max.
- 0 (zero) dBmV : optimal

Upstream (Tx) Transmit Power (aka Return Signal) Level:

+8 dBmV / +58 dBmV : min / max QPSK. (DOCSIS 1.x)
+8 dBmV / +55 dBmV : min / max 8 QAM e 16 QAM. (DOCSIS 1.x)
+8 dBmV / +54 dBmV : min / max 32 QAM e 64 QAM. (A-TDMA DOCSIS 2.0)
+8 dBmV / +53 dBmV : min / max S-CDMA (DOCSIS 2.0)

+35 dBmV / +52 dBmV : recomended min / max

So until I have this situation solved, I won't be able to blog much - I usually do it over Writer on my office workstation over VPN...

Wednesday, June 04, 2008

Picking Dates with a Free RJS PopCalendar, a Free ASP.NET Popup Calendar Control

Here's what seems to be a cool ASP.NET calendar, RJSCalendar. It looks like a great candidate to substitute our home-brewed one :)

I haven't tried it yet, but it seems AJAXware enough for our needs. Yes, filling in appointments in calendar is a must.

Heard about it at 4GuysFromRolla.

Tuesday, June 03, 2008

Yet another web collaboration suite

After Google and Microsoft (ok, and other smaller players), here's Adobe's version: Acrobat.com.

These tools are getting pretty cool, but I'm still resisting using them. Why?

Maybe because we don't have yet enough communication service. Maybe because they are still a little clumsy. Maybe because the desktop experience is still greater. Maybe because the offline experience is still better on native desktop applications. Maybe because Office ubiquity.

Monday, June 02, 2008

Android Scan

Here's a great killer app for the Android project: Android Scan:

Scan is an Android application that finds pricing and metadata for anything with a barcode. Here are some key features that make Scan stand out:

  • Automatic barcode recognition using onboard phone camera using ZXing library
  • Shows CD, DVD, or book cover along with detailed reviews from Amazon.com
  • Searches over a dozen stores, both online and brick+mortar
    • Highlights brick+mortar stores that are nearby, with option to call the store or get directions
    • Links to online storefronts to buy online from the phone
  • Tracklisting for CDs, along with option to play sample tracks right on phone
  • For books, searches local libraries to see if they have a copy

Here's something I'd really like to have on my WM6. But the coolest thing here isn't actually the app, but the business model. Goggle is giving $3.000 to 50 of the best apps on Android. So with only $150.000 they have a bunch of great applications running on Android. Google marketing gals and guys, your are simply the best :)

We finally found out the Twitter business model

I've been postponing this post for a while, but here it is. It just couldn't get any easier then this: Twitter business model isn't as different as many others: if you can in touch with million of people, that is in fact a business model per se. Where Twitter innovated was on the risk management - they did play mostly with no net.

This isn't really something we didn't know about, it is just fun to watch. The question is: now that Twitter has been injected $15.000.000, can we finally start demanding better service? Or did we just get used to be complacent with Twitters's outages?

Development Catharsis :: Copyright 2006 Mário Romano