What is the Sphinks looking at (the credits go to my friend Patrick Hynds for thinking of it)

Pizza Hut and KFC ...

1/28/2004 9:43:23 PM UTC    Comments [0] 

MDC04 is over, and it was a great conference, and a very warm atmosphere for all of us speakers.

One great thing about conferences is the get together, and on this one, my good friends Stephen, Cigdem, Goksin and Patrick were here, and I made new Friends ... and that certainly keeps the level of suckiness very low ...

We were a nice gang of RDs and Microsoft People out here in Cairo. Stephen Forte , Patrick Hynds, Goksin Bakir, Cigdem, Lee, Shiraz and I formed a happy gang, that did most of our visiting and shopping together. I have quite a few stories to tell, and I'll catch up with them as soon as I get back home. But to keep suspens high (and to have a chacklist to help me not forget anything), I have stories about sleeping by the Pharo's toumb in the pyramid, the american selling souvenirs in a shop in Khan El Khalili, Cigdem's pyramids, the whidbey barter, partying to damascus, public bargains, and other things as well ...

1/28/2004 1:49:13 PM UTC    Comments [13] 

   Today, I did my 3 Office 2003 developer Sessions at MDC, all in a row.  Tomorrow I will be doing a Compact Framework session (I will cover PocketPC and SmartPhone development and I will touch on SPOT).

   This afternoon, I started with Infopath, followed with XML in Word and Excel (including Smart Tag Lists, Smart Docs using the MOSTL XML Lists, and finished with Visual Studio Tools for Office 2003). I have attached the slides (I still will revise then, and pack the demos, then I will post the apdated version) ...

XML in Word and Excel.ppt (805 KB)

Infopath.ppt (1.13 MB)Visual Studio Tools.ppt (1.79 MB)

Visual Studio Tools.ppt (1.79 MB)

1/25/2004 11:44:41 PM UTC    Comments [17] 

What is the Sphinks looking at (the credits go to my friend Patrick Hynds for thinking of it)

1/25/2004 11:13:03 PM UTC    Comments [18] 

Very simply put, I got to the conference a little bit late (after Billg was already there, although not yet speaking), and was siddered to see lots of people standing at the entrance gates (on the street) and not able to enter. The gates were closed and the guards at the gates didn't understand what being a speaker meant...

I had to stand in the street until the Keynote ended and Bill Gates left before they let us in...

Well, the trip is great, and overall, this really soen't suck ...

1/25/2004 11:03:06 PM UTC    Comments [10] 

The MDC is a great information source for Developers. Started last year, the MDC is becoming "The" Microsoft conference in the middle east ...

For those who missed the PDC (Los Angeles, October 2003), this is a great opportunity to have a look at the future with Longhorn, Yukon and Whidbey ... The three products that will change Microsoft technology, and place managed code at the center of every Microsoft product ...

This year, the conference will be opened by Bill Gates himself (for the first time in Middle East).

There are a few of my friends and fellow RDs speaking :

Stephen Forte

Patrick Hynds

Goksin Bakir

Selçuk Uzun

Hossam Khalifa

For myself, I'll be giving 4 sessions. 3 sesions on Office System development (using XML in Word and Excel, InfoPath, and Visual Studio Tools for Office), and a mobility session on developing mobile applications with the compact framework (I will dwell quite a bit on smartphone development, on performance considerations and tips, and I will introduce the new mobility features of Visual Studio Whidbey).

1/13/2004 10:49:10 AM UTC    Comments [0] 

One intersting simple thing I have worked on today (to solve a problem encountered by a couple of friends), is streaming a dynamically generated pdf or other types of files to the user without storing it first in the file system.

Well, it is easy to change the header information (content-type essentially), remove all the unwanted headers and content (Response.Clear() ) so that the normally generated HTML does not corrupt the pdf file ... etc.

The problem is to deal with what will happen when the client doesn't have a pdf reader (acrobat reader) add-in installed in his browser. Then, the browser will simply propose to saven the file, and the filename will be that of an aspx file (or whatever server side page is used), since the client requested an Asp.Net page ...

To handle this situation, there is a simple (comment if you think it is complex) way :

• Map the pdf extension to the ASP.Net engine : simply, in IIS, go to the application configuration and add the exension .pdf as needing  executable C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll, as shown in the following picture

This by itself can do the trick, but it will force a very inelegant (and having great error potential, ...etc.) solution ... this solution would be just renaming the .aspx page to a .pdf ... A more elegant solution is not to use an aspx file at all for this pdf generation and do the next two steps

•  Create an HttpHandler, that deals with the pdf generation. it can get the request parameters (or form parameters), generate the pdf, and stream it right back to the client. The code to do That is illustrated in the following sample :

namespace Malek.Utils{

public class PdfFileHandler : IHttpHandler {

    public void ProcessRequest(HttpContext context) { 

            if (context.Request.RawUrl.ToLower().EndsWith(".pdf"))

            {

                  // do the pdf generation, and get it in a byte array (here, a variable called content)

                  context.Response.ClearHeaders();

                  context.Response.ClearContent();

                  context.Response.ContentType="Application/pdf";

         context.Response.OutputStream.Write(content, 0,

                                            content.Length);

                  context.Response.End();

            }

      }

}

}

The dll generated needs to be placed in the bin directory in the virtual directory of the application

• Add configuration code to direct calls for pdfs to the handler, as illustrated in the follwing Web.Config excerpt :

     <configuration>

          <system.web>

               <httpHandlers>

                     <add verb="*" path="*.pdf"

                     type="Malek.Utils.PdfHandler, PdfHandler" />

                </httpHandlers>

                <!-- rest of the config file -->

          </system.web>

     </configuration>

1/12/2004 9:05:41 PM UTC    Comments [3] 

   In an article by Jaikumar Vijayan on Computer World, titled "Flaws raise red flag on Linux security", a compilation of nonsense takes place (my remarks in blue)... :

<< The rise in such incidents can be attributed to Linux's growing popularity, which makes it a more attractive target for malicious attackers, said David Wreski, CEO of Linux security vendor Guardian Digital Inc. in Allendale, N.J. >>  If this is true, then the problem is just starting. This same message has been used by Microsoft for some time, and the Linux community was simply saying it is not true, and that Linux was a better and more secure environment

<< "The underground hacker community is very interested in Linux as a potential target," he said. "Because of the accessibility of the source code to everyone, it provides an equal opportunity for malicious attackers to find vulnerabilities and ways to exploit them.">>  In simple words, this reads as : Linux is less secure than others because everyone has access to source code, and hackers have a better chance to find and exploit the vulnérabilities. Point well taken ... This guy is great at shooting his own foot ...

<< "I would say it is more secure than Microsoft and other environments because the code is looked over by so many people and it's so widely available that any vulnerabilities can be quickly identified and patched," Cahill said. Piedmont uses Linux for several e-mail-related functions and is considering its use for antispam purposes.>> Well, I thought the opposite has just been stated on the preceding paragraph. Then, what does quickly mean ? The latest vulnerability discovered by iSec is found on versions 2.2, 2.4 and 2.6 (I have seen reports saying it exists on every kernel version). version 2.2 exists at least since january 1999 (I found a version from 1/26/99 that can be downloaded from kernel.org). so, if 4 years is quick, I don't know what slow is ... If what is meant is that after the vulnerability has been exploited and that it has made all the damage it wants, it will not take long before a patch is there, I bet the same goes for any system (I am a big Windows user, and usually, when a vulnerability that was not known before is found, a patch comes out in the following couple of days, so what is the argument ? ...)

<<"There's not very much we've needed to do to secure Linux [applications]," said Joe Poole, manager for technical support at Boscov's Department Stores LLC in Reading, Pa. The company runs several virtual Linux servers on its mainframes that are protected by network and internal firewalls. All nonessential services, such as file transfers and Telnet, have been disabled. But there has been no need for the kind of constant patching and maintenance required for Windows, Poole said.>> Again, talking about security as relying on network and firewall only is a huge idiocy, especially when the issue is elevation of privilege through buffer overruns. No firewall will stop a legitimate user from accessing with his restricted rights; the problem is that it is all that is needed to exploit the buffer overrun, and gain access as root... On disabling nonessential services, it is absolutely not a valid argument against Windows, because you can disable nonessential services on every version of Windows, and it is the default on Windows 2003. So if the message is that Windows was not secure before Windows 2003 ...

1/11/2004 7:38:19 AM UTC    Comments [22]