Good, paranoid bookmark design, and Google's Firefox extentions

2007-01-02 Andy BurnsFirefoxLeave a comment

So, I use Google’s Firefox plugin to synchronise my bookmarks between work and home. It worked well – or used to until I started using Firefox 2 at home. Anyway, for no apparent reason, yesterday it trashed my bookmarks at home. And then today, at work, it decided it would synchronise after all, and trashed my bookmarks at work to.

I guess the lesson is to always maintain redundancy. Fortunately, the guys writing Firefox (presumably ‘cos they had problems with the bookmarks too) took to storing backups of the bookmark file – and that has worked nicely in this instance.

Anyway, it’s enough to put me off – I shall be looking for something else. I gather that Delicious (insert your own dots) has a good Firefox plugin, and works by tagging, which is good also. I’m just a wee bit worried as I really want to have a heirarchy too – so I can drill down, rather than just getting a ‘pool’ of matching tags.

AES and Rijndael – AES is a subset…

2006-12-282014-11-30 Andy BurnsSecurityLeave a comment

Useful article from the .NET Security blog about AES and Rijndael. Essentially, Rijndael is more flexible than it’s use as defined in the AES standard. Can’t say I’ve ever come across a situation where I’d want to less than 256 bit, but then I’ve never had to do time critical encryption. Might benchmark it, that might be an interesting task.

The short of it is:

Essentially, if you want to use RijndaelManaged as AES you need to make sure that:

The block size is set to 128 bits
You are not using CFB mode, or if you are the feedback size is also 128 bits
The key size is 128, 192 or 256 bits (Added by Andy)

RSACryptoServiceProvider – "Key not valid for use in specified state"

2006-12-212014-11-30 Andy Burns.NET, Security4 Comments

So, I was trying to do some encrypted comms over TCP, only rather than using SSL, I thought I’d try to RSA encrypt and decrypt at client and server myself. I know, it’s re-inventing the wheel – the point is to get to know the APIs though, and it seemed a good exercise.

I started getting an error though – “Key not valid for use in specified state”. Odd. I was importing the key from an XML file, using the FromXMLString() function. It all seemed to work just fine. So, WTF? It’s not like the code is complicated:

RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); rsa.FromXmlString(publickey); byte[] encryptedData = rsa.Encrypt(data, false);

So what gives?

Well, eventually, I tracked it back to this – I was trying to send too much data. Not very much – less than a couple of hundred bytes – but this was too much.

The obvious thing to do was change the way this works to match the way it’s supposed to work – use RSA encryption to transfer the key to a block cipher, and then encrypt all your data with that block cipher. But I couldn’t be arsed – I just wanted to see the asymetric encryption work – so I reduced my data…

Comments from my old blog:

Sounds like you where in the 70-536 Self Study book from Microsoft. In chapter 12 doing some suggested practices.

Anyway.. that’s where I am and your message here on the blog helped.

I too will send a smaller file 😉

By Micke at 17:13:02 Monday 24th September 2007

Yup, I think I was. It was a bit daft that they didn’t mention the limits on the size of the data.

But that book has a _lot_ of issues.

By Andy at 10:18:03 Thursday 27th September 2007

Creating Test Certificates with MakeCert

2006-12-182014-11-30 Andy BurnsSecurity, Web ServersLeave a comment

I was having a bugger of a time setting up an SSL connection using a test certificate until I found this article by John Howard. One thing I would say – when using MMC to look for newly created certificates, remember to ‘refresh’ the view. Otherwise this works – shame I don’t entirely understand how… … still, at least my error “The server mode ssl must use a certificate with the associated private key” is now gone…

Remove the annoying Event Toaster

2006-12-152014-11-30 Andy Burns.NETLeave a comment

Remove it like this. Annoying Effing thing, I’ve no idea why they put this into Visual Studio

The speed of collections and For loops in C#

2006-12-042014-11-30 Andy Burns.NETLeave a comment

Some of the .NET training I’m doing started me wondering about speeds and things. So, I wrote some testing and turned up some interesting things…

First off, I tried comparing the speed of populating and reading from generic and normal collections. I found that Generics are much faster to populate as well as read from. I’d expected the latter (no type conversion needed), but not a better speed at population. I guess this is because the types can be checked at compile time. I tried this with both a value type (so there might be boxing/unboxing), and a reference type – each time the result was the same, non-generics took ten times as long as generics.

Populating a generic list is twice as fast if it has its capacity assigned. E.g.

List<SomeObj> myList = new List<SomeObj> ( 10000 );

Populating a non-generic list is actually slower if it has its capacity assigned. I have absolutely no idea why.

FOR Loops are slightly faster than FOREACH loops. However, the difference is piddling, so I’d actually recommend not worrying. Out of preference, I’ll use FOREACH, ‘cos it’s easier to read.

Looking at converting types (well, an integer in most of my tests) I found that:

AS is slightly faster than a cast
(cast) is much faster than System.Convert

It’s worth noting that if a conversion fails, AS will just return NULL, whereas a cast returns an exception. Raising an exception is slower than testing for null. Therefore, AS has a definite speed advantage, and hence why you shouldn’t handle expected exceptions using, um, exceptions. Instead, test something and then deal with the exception case. For example, you something like TryParse. (Actually, I should give that a whirl, see how long it takes.)E.g.

int w = 12; Object o = w;

//fastest conversion and error handling
int x = o as int;
if( x == null) { };

//Okay speed, very slow error handling
try {
int y = (int) o;
} catch ( InvalidCastExpection e ) {}

//Don’t do this
try {
int y = System.Convert.ToInt32(o);
} catch ( InvalidCastExpection e ) {}

I’ll get back to you all about the TryParse thing.

Developer Day 4

2006-12-042014-11-30 Andy Burns.NETLeave a comment

So, I went to Developer Day 4, and it was very good. I’m now looking forward to WebDD. So, what of the talks at this one…

I went to Ben Lamb’s “How to write crap code in C#”. It was pretty simple, but showed just what you can do to compromise performance. Actually, the biggest message I got from it was that it’s worth testing some of the standard ‘performance tips’ – which was funny as I did that just last week.

The other notable talk was “Securing ASP .NET Websites” by Barry Doran. Apart from it being nice to listen to someone with a proper accent, it was a good high level view of the decisions that you have to make when building a website like that. Some of it was new, some of it was old hat, and it was nice to see the reasoning too. He’s a characterful speaker too.

Also, the talk “Securing Web Services using WS-*” by Chris Seary was a good ‘un – finally, I have an answer to the question “Why Bother? Why not SSL or IPSec”. Nice to have a bit of a higher level view explained

In addition, I went to one about “Using and Abusing Reflection” – which seemed a bit too specialised to be of use generally – and making fun of the Irish isn’t a great laugh. Our HR manager would have me warned if I ever did something like that – and quite right too.

Finally, there was the “Technet Highlights” talk, which was great fun, but pretty content free. It did say it wouldn’t be techy. I guess I’d just wanted to hear more of what the buzz was in Barcelona, what things are hot and what’s not (and what the stylish developer will be coding in this season). Still, they were generous with the swag – I’m not sure who they mugged to get all that.

The conclusion – I’ll be going to the next one (unless I’m promoted into management and never touch code again (Not likely))

Comments from my old blog:

Thanks for swelling my ego; I’m glad you enjoyed it and found it useful.

By Barry Dorrans at 21:09:42 Monday 4th December 2006

CLR Runtime Profilers

2006-12-032014-11-30 Andy Burns.NETLeave a comment

List of them here. And the normal Microsoft one.

Interesting article "WSS 3.0s suboptimal support for anonymous access scenarios"

2006-11-302014-11-30 Andy BurnsSP2007 Architecture, Web Content ManagementLeave a comment

Funny, I heard about a similar thing at the SharePoint UK user group meetings, and it didn’t sound very hard. This article suggests it is harder than I thought. Shame – I’ll have to do something similar to this shortly…

Accessibility Guidelines

2006-11-302014-11-30 Andy BurnsAccessibility, HTML & WebLeave a comment

Yeah, not exciting, but a reminder to myself of the W3C accessibility guidelines at WAI (Web Accessibility Initiative).

Also, the Cabinet office guidelines.

Andy Burns' Blog

Whatever I'm working on

Author: Andy Burns