Scott Hanselman and Scott Stanfield did a fantastic job of creating a deep zoom collage of all of the frontpages collected from 11/5/2008 by Newseum. You can see it here:
Ran into a problem today where I needed to kill a process on a server that I didn’t have remote KVM access to and couldn’t RDP into. This particular machine had only VNC and the VNC service was hung.
Windows Server includes two commands tasklist and taskkill that allow you to remotely list the processes running on a machine and then kill these processes.
To view the processes just use the command:
tasklist.exe /S SYSTEM /U USERNAME /P PASSWORD
Once you have the PID of a process you can execute
taskkill.exe /S SYSTEM /U USERNAME /P PASSWORD /PID PID_NUMBER
I found this great tool by googling it and finding the watching the net blog article on it, there’s more information on their blog (along with a ton of google adsense ads..).
With the move of my blog to a new server, so comes a few new tweaks. Fortunately, I’m on an Windows 2008 Hosting account and I have had delegation enabled so I can remotely manage all the features in my IIS7 website with the IIS7 manager (but more on that in a later post).
Earlier this year I fired up firebug and the Y!Slow application from Yahoo to really dial in my website’s performance. One of these changes was to disable ETags. On the IIS6 server I was on I found an ISAPI filter that I could load on the site and call it a day. Turns out there’s an even easier way to disable ETags. Before we go disabling ETags though it’s probably a good idea to learn just what they are.
An Entity Tag is a validator which can be used instead of, or in addition to, the Last-Modified header. An entity tag is a quoted string which can be used to identify different versions of a particular resource.
By sending an entity tag you promise the recipient that you will not send the same ETag for the same resource again unless the content is ‘equal’ to what you are sending now (see below for what equality means).
The above was taken from the mod_perl documentation on Issuing Correct HTTP Headers. So basically an ETag is a unique identifier your webserver sends to a web browser and will only change that ETag if the content it’s assigned to is changed.
The above taken from LangleyBen Leon’s blog. So any time the service restarts (and I need to check if this is affected by application pool restarts but I suspect it may be) the ETag is actually reset regardless to whether the content changed or not.
What Yahoo actually recommends is you use the Last-Modified-Date or set an Expires header.
I’ll leave it up to you to decide if you want to disable your ETags or not and up to you to do the necessary research. I have decided to disable ETags and here’s how I’m going to do it. I’m going to add a custom header to web server named ETag with a value of “” (nothing in there). So every item sent will have a blank ETag (and thus mission accomplished).
First select HTTP Response Headers
Then add an HTTP Response Header as mentioned earlier called ETag with a value of “” (yes, that’s two double quotes):
Next browse your site with Firebug or some other tool and you’ll see the Etags are gone! No ISAPI’s, no use of a metabase editor, just a quick added header.
From within the MMC you select the HTTP Headers tab
Select the Add button and enter a new HTTP Header
Enter Etag and “” and then click ok and close out the MMC saving your changes.
That’s all you need to do to disable your ETags.
Microsoft released Hyper-V Server 2008 yesterday and it’s now available for FREE download. This is a bare-metal standalone hypervisor, meaning that you don’t install a host OS on the machine before installing this. You just install this and then create your VM’s and install the OS of choice into your VMs.
I think the best way to think of this is as Server Core but with only one role: Virtualization. Or think Hyper-V without the overhead of a full Host OS. Here’s a few cool facts:
The maximum number of guest instances is 192.
The maximum number of Logical processors supported is 24.
The maximum amount of Memory? I don’t know but I know it supports more than 32GB!
Licensing for Hyper-V Server is free however you’ll have to have a license for each guest instance of Windows you install. The screen cap below shows the different licensing options for Hyper-V:
(my advice: Go datacenter and save on licensing).
I started this post at the beginning of September and today saw something pretty amazing…
I was adding people to follow on Twitter today (I have yet to figure out what to twit about) and after a few adds and tweets I got this email today:
Finally, a Presidential Candidate that recognizes my brilliance!! Ahh, it’s nice to have followers :) Now I just need to find out his gamertag on xbox live so we can play some COD4 :).
In all seriousness though I am truly amazed with the way the Presidential candidates have embraced the Internet and are using it to spread their message and the fact that they are using social networking as one of these tools is even more amazing.
As I mentioned earlier I had shelved this post because it wasn’t that interesting.. It’s cool but not really interesting. Anyway, I did start following Barack Obama on twitter because I was curious what the campaign would post. Before I continue, no I don’t really believe Barack is reading my tweets.. He should but he’s probably not.. but he’s probably is subscribed to my blog ;). Anyway, Today they tweeted about an official “iPhone App.”!!.
Now this is clever and really shows how technology and the Internet is changing the world. Back in 1988 we had a student project to volunteer for the campaign of a candidate running for election. At that time I opted for Dukakis in his Presidential run. I had 3 jobs:
1. Hang door hangers on all the houses in my neighborhood (after sitting for days in my bedroom my younger sister went out and hung them all out for me).
2. Hold a sign at a rally for Dukakis at a local union office and wave as the Bus carrying Dukakis comes in. Turns out I got to shake his hand be on TV, so for a high school kid this was impressive.
3. I was handed about 20 pages of computer printouts (the crappy old green and white paper used in 9 pin dot matrix printers), a script to read and shown to a phone where I was to sit for hours and make phone calls.
From this experience I learned a few things:
1. Dukakis was a short man but had a solid handshake and made a point to make eye contact, even with some punk high school kid wearing his cool high school mascot jacket. I was impressed.
2. I’m not one for hanging door hangers but my sister will gladly do it for free!
3. People don’t like to be called during dinner time. If you call a stranger’s house about a candidate they don’t care for they will probably rip you a new one and scream vulgarities at you and finally many people will just say “Yeah, we’re voting for him” just to get you off the phone.
4. Politics was not for me.
The reason I mention this is that the Barack Obama campaign continues to impress me with their grasp of the Internet and how they are using it to reach voters. The Iphone app is just pure genius. Instead of setting up a phone pool and trying to get people to come in and make these calls to strangers (that are going to curse them or just say yes for the sake of getting someone off the phone) they are providing a phone app that will allow you to make these calls to your contacts AND provide information upfront on key topics that you’re most likely to get hit with when talking to your friends and contacts about Obama.
This is truly clever. You know I often think back to that first batman movie website. I believe it was the first movie to launch a website to promote their movie. I was amazed with the graphics, the layout, the animation but more importantly excited about what it meant to the entertainment industry and was cool new websites we’d see. So I’m equally excited to see not only what else Obama’s campaign will do with the Internet but how other candidates will continue to raise the bar.
If you wish to pick up the Barack Obama IPhone app you can get it here.
NOTE: I’m not Political. I don’t care who you’re voting for and whether I vote or who I vote for is none of your business. So don’t bother me with political crap.
And a WARNING: Never give the NRCC money as a joke to tease your buddy who thought it was cool he got an award for being such a good republican because you got the award too and you’re a democrat! They’ll never leave you alone and will send you tons of crap awards, pictures, statues, letters, invites, etc. You’d think they’d look at your voter’s registration but I guess not.
Last week AppliedI.net announced support for Windows 2008 shared hosting and SQL Server 2008 shared hosting and I have immediately moved JessCoburn.com over to the new platform.
My blog is based on WordPress which is a PHP application. On the IIS7 platform we’ve enabled FastCGI and are using the newest build of PHP5 with the ‘non-thread safe’ DLLs for better performance in a CGI type environment.
Speed: because of the new DLLs and the FastCGI infrastructure.
Security: IIS7 is even more secure with only those components needing to be enabled, enabled.
Management: Thanks to delegated management I’m not locked to using some control panel. I have full access to the IIS7 Management tools remotely and can tweak just about everything available in IIS. If I want new mime-types, I got it. If I want to change my error pages, I got it. If I need to set a directory as a virtual directory, DONE! What about enabling content cacheing? I got full control over that.
Those are my favorites. There’s more of course and there will be many other blog posts but you just gotta love Windows 2008 shared hosting. I have the ability to use the integrated pipeline and full support for ASP, ASP.NET as well as PHP. Plus with delegated management I can update my website’s settings in a shared hosting environment just like I would locally and am not locked to just a handful of settings some control panel thinks I find useful.
I give you Jess Coburn, Heavy Weight Boxing Championship fighter… 6′ 6″ and 255lbs of pure ripped muscle.. On the XBOX 360 anyway…
EA Sports has a new video game coming out called FaceBreaker. What’s innovative about this game is that it’s going to allow you to upload your own faces and then build your own boxer. I know you’re thinking: “Great, I’ll get to put my ex-wife’s face and box her”. Well yes you will! Or you can upload McCain and Obama and let them slug it out old school style.
Anyway, what’s interesting is that the game developers are allowing you to upload your own images through their social networking website www.easportsworld.com, then the video game downloads the pictures, allows you to select some key points and then renders your face based on those points you selected. I find it interesting for several reasons:
I think this is the next new twist we’ll begin seeing in video games. People are bored with playing as master chief and now they want to see themselves in the game.
Finally, here’s a close up of my face. When it renders your character it’s bald and hairless. So I added the hair and gave myself a bit of a 5 o’clock shadow as I hadn’t shaved that day.
Microsoft released another update to Deep Zoom Composer on August 3rd. The latest build of Deep Zoom Composer includes a feature that generators the silverlight code for you and also support photo-stitching. Photo-stitching is where you take multiple pictures and stitch them together to create a panoramic photo. Deep Zoom is the seadragon technology from Microsoft that allows you to pan and zoom in an image and the browser downloads only those pieces of the image in detail that you’re looking.
So recently I went to San Francisco and found a little time to took a few pictures. If you’re wondering what a Florida boy takes pictures of in California, it should be pretty easy to figure out… Bridges and Mountains ofcourse!
So here’s the good stuff: Deep Zoom from the top of Mount Diablo. Deep Zoom of the Golden Gate Bridge.
You can open those files and if you have the newest Silverlight 2 beta installed you’ll be able to pan and zoom all through the images by either using your mousewheel or doubleclicking on an area. Cool stuff.
So here’s the coolest thing about this whole process. The pictures of the golden gate bridge aren’t actually in order and in fact they were taken with the camera at 90 degrees so I could get more landscape in. What’s cool about that? Well deep zoom composer (we’ll call it DZC) figured out the order of the pictures and did the best job I have found yet for photo stitching. I don’t use a tripod or any fancy fish eye lens so it’s got some work to do but it does it faster and with better accuracy than anything else I’ve used yet.
Here’s what the pics looked like in Picasa2 (you can see I went left to right and then back to the left to take two more pics of the fog rolling in)
Here’s another cool thing about these pictures. This effected is created using 770+ different smaller images and it only streams to you in detail the area you’re looking at. So instead of downloading 7 images that are all 3MB each you’re downloading bits and pieces needed for that area you’re viewing. Pretty cool stuff.
Okay you’re probably thinking right now “big deal it’s just a photo stitching application with some flashy zoomy-zoomy stuff”. But here’s where it really shines. Look at the first Golden Gate Demo app I created. You’ll see this picture:
Yeah it’s a nice picture. But then start to zoom into that little light brown weed bush:
Yeah that’s a little more detail right? But Zoom in some more…
Oh look it’s got some other leaves… But zoom in some more..
Now the details really start to come out… Okay you want to zoom some more don’t you? I don’t know if it’s a good idea but go ahead, indulge yourself..
EEK!! You went too far! But now you get the idea of just what can be done..
Alright here’s a few more pics:
And one more Deep Zoom of the Golden Gate Bridge (taken from the other 5 images in the screen capture above and it’s 1500+ smaller images).
The number of SQL Injection attacks across the Internet continue to rise. I’m seeing regular posting on the SANS RSS feed related to SQL Injection and XSS these days and clients are finding that applications they thought were not vulnerable turn out to be vulnerable because of patches and custom mods they’ve had made to them. For most site owners this meant going back to the developers and getting updates and this is generally costly and time consuming. Fortunately, Microsoft has stepped up to the plate and brought us a little relief in the form of URLScan 3.0 beta/go-live release.
Microsoft Security Bulletin: http://www.microsoft.com/technet/security/advisory/954462.mspx
Link to download HP’s custom SQL injection scanner and how to use it. They created this for Microsoft to help you identify possible vulnerabilities in your site.
A source code analysis application that can help identify vulnerable code in your application.
UrlScan 3.0 Beta. I’m generally opposed to installing beta software on a production webserver but I think if you’re getting hammered, it’s probably better to just bite the bullet and do it. As you probably know UrlScan was for the most part built into IIS 6 but it doesn’t have querystring filtering, this build does and it works with IIS5.1 and later including our beloved IIS 7.0. Kudos to the IIS Team!
Word of caution, I’ve installed this for a few people and a couple times it wouldn’t load after the initial install (Beta software). My fix for this was to install the ISAPI filter directly on the website in question. I used Filemon to watch for when it triggered and referenced the log files to tweak out false positives from there. Each site is unique so you’ll need to tweak your settings accordingly.
LogParser is another great tool for reviewing your server logs and searching for information such as hack attempts. Steve Schofield has a nice write up about using LogParser and URLScan.
Q: Is it Microsoft’s fault and if not then who’s fault is it?
A: It’s yours and your developer’s fault. As hackers evolve so much our techniques to combat them. Coding methods and ways to access SQL server have changed over the years as a result of this and if you haven’t had your site updated, then it’s your fault.
Q: I just moved my website to a new server and I’m getting hacked now and I wasn’t before. It’s the new server right?
A: No. This is a new type of worm if you will that affecting websites the fact that you changed hosts, websites or applications probably doesn’t have anything to do with it at all. This really started to become a huge problem around late April of this year and we’ve watched it grow into a bigger problem since then.
Q: Is URLScan the answer to my prayers?
A: Consider it a stopgap you’ll be able to employ until you’ve had your web applications updated. You really need to get your application secured.
Q: I haven’t been attacked, how do I know if I’m vulnerable?
A: Use the two tools above and also you might want to hire a service to do website security scans. If you’re hosted with Applied Innovations you can you get free quarterly security scans from scanalert.com.
Q: What kinds of applications are vulnerable? Is it just shopping carts?
A: Every application that accesses a database server of any kind is potentially vulnerable.
Q: My website is written in XXXX language and it’s supposed to be very secure, am I vulnerable?
A: Potentially, YES! Any web application that uses a database can be vulnerable.
With the new addition to the family I’ve got a renewed interest in taking photographs (and video) and ofcourse sharing them. Yeah, I’m one of those Dads. So today I wanted to crop a image for William’s website (yeah, not even 5 days old and he’s already got his own website at http://williamcoburn.net ). The image I wanted to crop and enhance was of the wallpaper border in his room of Pooh Bear. The only tools I had available on my desktop were picasa and snag-it.
So the first thing I started to do was download a trial of photoshop elements or paint shop pro (I miss the days JASC provided it). Then it struck me that Adobe recently made an online version of photoshop available called adobe photoshop express. I created a free account, uploaded the image was able to enhance, rotate and crop it within 5 minutes and the finished product is visible on William’s site.
So here’s a few online photo editors available for free (I love freebies):
Adobe Photoshop Express - Adobe’s actually late to the game but they have the name and reputation to bring them to #1 pretty quickly if not already.
FotoFlexer - This is actually my favorite of the ones I played with tonight. It has a lot of features the others don’t seem to have and little gadgets I love like inserting your own face in a picture, creating little inspirational posters, etc.
Splashup - It seemed pretty basic to me and I really didn’t get that involved with it.
Picnik - I enjoyed using this one and found it really intuitive.
I also found a couple ASP.NET projects that seemed to offer basic features and could make a nice little runner up. Who knows maybe you’ll see photoeditor.jesscoburn.com before long 