- TrIpLeZoNe -

Top 75 Security Tools
Here's a page with all the tools *ahem* security *ahem* professionals *ahem* use regularly. Lots of useful tools that I've been using since way back when I was *ahem* *ahem*. So yeah, if you're looking at where to start being a *ahem* security *ahem* professional *ahem*, that's a page where to start trying out tools that we use.

Note to self: Must specify precision and scale of decimal types, even within stored procedures. e.g. decimal(18,9).

Precision means the whole numbers, scale means the decimal number. :P

The Future of MFC
For those who came from way back in the olden days of C++ where MFC was "supposed" to save our lives in Windows Programming. There are still people using MFC, instead of .NET, and it's been very neglected in the past few years. But here's a comment from Somasegar, Corporate Vice President for the Developer Division at Microsoft regarding the future of MFC. It doesn't seem bleak at all, and MFC seems to be here to stay, for the time being.

I was just searching around randomly, and actually found someone who linked to one of my blog post. Wow! Happy! :P Anyway here's the link to the entry of this blog.

The beauty of "readonly"

And here's the link to his blog. Dinesh's Blog ::::::: Being Compiled :::::::

Btw, Dinesh has a lot of useful code snippets on his blog explaining about some C# tricks. Apparently I just found a few that I'm planning to cover during my presentation in June. :P So if you want to be able to answer the questions I'm going to ask during my presentation, be sure to read his blog. Hehe!!

File System Forensic Analysis: PC-based Partitions
This chapter dives into the details of the partition systems used in personal computers from DOS partitions, to Apple partitions, to removable media. Find out how it works in this sample chapter.

Great information on the details of partitions, but too bad they didn't cover NTFS in this sample chapter.

Low Level Virtual Machine (LLVM) is:

1. A compilation strategy designed to enable effective program optimization across the entire lifetime of a program. LLVM supports effective optimization at compile time, link-time (particularly interprocedural), run-time and offline (i.e., after software is installed), while remaining transparent to developers and maintaining compatibility with existing build scripts.

2. A virtual instruction set - LLVM is a low-level object code representation that uses simple RISC-like instructions, but provides rich, language-independent, type information and dataflow (SSA) information about operands. This combination enables sophisticated transformations on object code, while remaining light-weight enough to be attached to the executable. This combination is key to allowing link-time, run-time, and offline transformations.

3. A compiler infrastructure - LLVM is also a collection of source code that implements the language and compilation strategy. The primary components of the LLVM infrastructure are a GCC-based C & C++ front-end, a link-time optimization framework with a growing set of global and interprocedural analyses and transformations, static back-ends for the X86, PowerPC, IA-64, Alpha, & SPARC V9 architectures, a back-end which emits portable C code, and a Just-In-Time compiler for X86, PowerPC, and SPARC V9 processors.

4. LLVM does not imply things that you would expect from a high-level virtual machine. It does not require garbage collection or run-time code generation (In fact, LLVM makes a great static compiler!). Note that optional LLVM components can be used to build high-level virtual machines and other systems that need these services.

For my reference. Need to read up on this when I'm free.

Just as the title states, it's a plugin that converts your Visual Studio .NET code into Java bytecode. That's about it. I don't see the purpose to do that, if it's to run applications on Linux, since there's already Mono, and a Mono ASP.NET plugin for Apache. And I don't see the purpose of VS developers deploying a Java application in their environment. Then again, I don't know. Maybe it's just cool.

Anyway, here's the link, that's Grasshopper from Mainsoft.

Channel9 has always been renowned for their ad-hoc interviews, and the C# Development Center has compiled the links for all the C# related interviews and video clips into one page, C# Programming Videos. Some of the videos are great stuff, and a lot of it is from Anders Hejlsberg and Eric Gunnerson.

Interestingly, Bjarne Stroustrup have an audio clip on how to pronounce his name, because everyone kept mis-pronouncing it. Anders Hejlsberg should do that too, coz I've no idea how to pronounce Hejlsberg. Hehe! :)

Mono-Live CD
With my interest in Mono, I always felt that it takes too much time just to set up the environment for Mono. You'll have to set up a linux machine (partition), install Mono, install this and that, which takes too much time. And people do not want to do that. Well, now, there's a Mono-Live CD available. It's your entire Mono development environment in a CD. You just pop in the CD, boot it up, and viola. You've got your Mono. I've just burnt a CD, and will be testing it out later. The CD contains these few things:

• Develop, compile and run software with MonoDevelop.
• Listen to your music collection in style with Muine.
• Take notes with Tomboy.
• Manage your photos with F-Spot.
• Search music, photos, chats, and documents with Beagle.
• Explore web applications such as ASP.NET Forums, IBuySpy, and mojoPortal.

This CD also contains the files necessary to install Mono on Windows computers. It also contains all the required SDKs needed to get your Windows development going for Mono.

UPDATE:
I'm currently running this Live CD on my virtual machine, and here's a short review on it.

Mono Live CD is based on Ubuntu Linux 5.04 "The Hoary Hedgehog", not really my choice of Linux distribution for Live CDs. I would have prefered Knoppix Live CD instead. It takes rather long to detect all your hardware devices and such, around 1-2 minutes, which I had better speeds with other Live CDs, but then again, the wait was good as everything was actually properly configured, especially the graphics card and network card, and you get presented a nice Gnome environment (well, it's Mono, not KDE. :P).

The applications are very limited (hey, you're not really getting a full fledge Linux here, you're just getting your development environment, don't expect much), but enough to get you started with developing on Mono. Everything seems perfectly well done, and compiles properly. The environment for the entire development seems complete and everything's already configured for you.

Oh yes, not to mention, PostgreSQL has been included also for your database development too, which wasn't mentioned in the "list" of applications. I think it's somewhat important to list PostgreSQL, as most of us are in fact developing with a database.

Overall, the Live CD choosen was quite ok, but it provides a clean and uncluttered environment that's focused on Mono development, which is good. I think this Mono-Live CD is a great job. Thanks Joseph Hill. Great job! It's something valuable to get people to try out Mono without going through all the installation hassles, like my friend Shunjie did for his Fedora. One thing to note is that I think the CD should also include installation files for Linux, which I can't find on the CD. It only contains installation files for Windows. I would love to bring this CD around and load it up on people's Linux machines and just install it like that. BTW, this is a Live CD. Anything you do does not get saved, unless you save it on your local disk itself.

Well, that's that. I hope you guys try it out. For those who want the CDs, I think I'll be distributing them out during the SgDotNet user group meeting. Let's see whether I can get enough CDs and time to burn them, that is if there's any interest.

Oh and talking about the user group meeting., there's going to be a surprise "give-away" during the next SgDotNet User Group Meeting in June. Do sign up and join us!

I made this blog post by parts because I'll be adding more links and resources for free asp.net controls I find. It's quite difficult to find free ones, as you'll have to pay to use it commercially. So I've been trying to find good and free asp.net controls that most websites might need.

ComponentArt Snap for ASP.NET
Ever wanted the functionalities of customizing your website just like WebParts in ASP.NET 2.0? The dragging modules feature like DotNetNuke? Here's something that's free and available for everyone to use. Perfect, free, and works for cross-browsers. What else can one ask for?

Solution Partner's ASP.NET Menu
This Menu control is used by DotNetNuke. It's supposed to be cross-browser-abled, but I can't seem to get it working for firefox. It might just be my ASP.NET configuration for browser detection, because it works perfectly fine for their website. Anyway, it's a good and free menu control that allows you to customize it using XML. It takes some work to make it look good, but once you get it working, it looks sweet. There are better menu controls out there, but you'll have to pay to use it.

I've yet to find a very good library of ASP.NET Controls that are free like the previous post I made on XP Common Controls. Oh well, I guess I'll have to keep looking for it.

Some details from CNet News on Office 12.

Microsoft offers peek at next Office suite
The new Office edition is slated to come at roughly the same time as Longhorn, the next version of Windows. However, the company has scrapped earlier plans that would have seen the two products tightly coupled together. Office 12 is expected to run on both Longhorn and older versions, with the major changes to Office not dependent on any shifts in Windows.

Read more from that link on CNet.

TestDriven.NET
Ever wanted to enable your Visual Studio .NET 2002/2003 IDE to have unit testing integrated into the IDE just like Visual Studio 2005? Well, TestDriven.NET (previously called NUnitAddIn) enables you to do just that. It also supports Visual Studio 2005!

TestDriven.NET is a free, zero friction unit testing add-in for Microsoft Visual Studio .NET The current release of TestDriven.NET supports multiple unit testing frameworks including NUnit, MbUnit and MS Team System and is fully compatible with all versions of the .NET Framework.

TestDriven.NET allows a developer to run (or debug!) their tests from within Visual Studio with a single-click.

Foundstone S3i Free Tools
Some good security tools for the .NET framework from Foundstone. Notably is the new release (well, not so new anymore since I intended to blog this 2 weeks ago) of their .NETMon™. Here's a short description of it.

The .NETMon tool monitors the .NET common language runtime enabling developers to conduct detailed analysis of how the .NET framework enforces security controls, including setting custom profiling filters and logging of specific events.

They also have Validator.NET™ which enables developers to programmatically determine user input locations that could be potentially exploited by hackers and provides proactive steps to build data validation routines which are loaded into a protection module. The tool helps eliminate common vulnerabilities such as SQL Injection and Cross-Site Scripting.

And SecureUML Visio template which defines a custom Unified Modeling Language (UML) dialect to help system architects build roles based access control systems (RBAC).

And instead of downloading all of these 3 fantastic tools seperately, you can also download their .NET Security Toolkit which consist of all of the 3 above mentioned.