Rob Kraft's Software Development Blog

Software Development Insights

Archive for June, 2011

JustDecompile set to dethrone Reflector

Posted by robkraft on June 16, 2011

Telerik will be releasing the tool many of us have been waiting for, a replacement for Reflector.  Reflector was, and still is, a great and helpful tool for analyzing .Net code, but every since RedGate renigged on their promise to keep it free forever, we have been upset and worried about our options for the future.

JustCompile from Telerik is your new alternative to Reflector.  Telerik declares the tool will be free forever.   http://www.telerik.com/products/decompiling.aspx

I tried it out and the basic features are very similar to Reflector, so it will succeed it doing what I almost always want from it.  I don’t see support yet for add-ins, but this is just a beta of a free product.  Who knows what else is to come.  I only mention the add-ins because I had one I liked for Reflector that gave a diagram of the Cyclomatic Complexity score of all my classes and methods, which I occasionally made use of.

Advertisements

Posted in Free tools | 1 Comment »

My Twitter account got hacked

Posted by robkraft on June 14, 2011

My recent blog post about passwords appears to have invited attempts to hack my account. Unfortunately for me they succeeded.  I recommended, and still recommend, re-using a simple easy to remember password across all those accounts that you don’t care about.  For me, that included my twitter account.  When I set up my twitter account years ago I used my simple password because I was just checking twitter out.

However, I started indirectly making use of that twitter account when I linked my blog posts to it, primarily just to test how well that link worked.  I still don’t follow or observe twitter much, but I checked it out yesterday and happened to notice that not all of the posts on my twitter account were made by me and were not coming from my blog.  Since my blog posts were still posting to my twitter account, and someone else was directly posting to my twitter account, I deduced that someone had guessed the twitter account password and was spamming on it.

So I changed my password on the twitter account and re-linked it to this WordPress blog, and hopefully the problem is resolved.  For my 14 twitter followers, I apologize for the spam.  This could have been a lot more damaging to me if I had been a congressman!

Posted in I.T. | Leave a Comment »

Test post after having my twitter account hacked.

Posted by robkraft on June 14, 2011

Test post after having my twitter account hacked. 😦

Posted in Uncategorized | Leave a Comment »

If you seek for a pattern long enough, you will find one.

Posted by robkraft on June 10, 2011

If you seek for a pattern long enough, you will find one.  Many people have sought numerical patterns in books, particularly in the Bible.  They keep applying different numerical algorithms until the find an algorithm that produces the results they seek.  Then they claim they have found some sort of truth.  If you apply this approach to any document, you will eventually find the truth you are looking for.

Our brains have evolved to search for patterns.  If you flip coins in groups of 10 hundreds of times, and you count how many times it lands on heads in each group of ten, and then you analyze the results, you will find some patterns.  This is not because there is a pattern (such as if you have 8 heads in one set, you will have 3 in the next set), but simply because you claimed that to be the pattern because it happens to fit all the existing data.  If it truly is a pattern, then it will always hold truth for the future coin tosses.

Posted in Thoughts about life | Leave a Comment »

The Contrarian Guide to Passwords

Posted by robkraft on June 9, 2011

Not everything you believe about passwords is correct.  In fact, some of what you believe is totally incorrect.  Allow me to explain some of the rules for computer passwords.

Rule #1 -Don’t hide the password.

This rule is for those who develop web sites and desktop applications.  Back in the 70’s, a co-worker looking over your shoulder represented the biggest risk for password theft.  To combat this risk, application developers resorted to showing asterisks on screen instead of the password characters as they were typed.  What is wrong with this?  First, it creates account lockouts because users enter their password incorrectly too many times, and users do so because they cannot see and confirm what they are typing.  Second, it causes users to choose shorter passwords in order to reduce the challenge of entering a mistake free password on screens where you cannot see the values you are typing.  Third, very few people  today are concerned about the person looking over their shoulder to steal their password.
We are far more concerned with hackers on the Internet guessing our passwords  through brute-force attacks.  Therefore, most web sites and applications should show the password as it is typed.  This will improve the accuracy of password entry and provide a more pleasant logon experience.  Most applications should include a checkbox labeled ‘Hide password as I type’ to give the user the option of masking the password as it is entered.

Rule #2 – Write your passwords on a piece of paper.

If you would prefer to use a long and complex password but are afraid that you won’t remember it, write it down on a piece of paper.  Remember, in most cases we are trying to protect our account from getting hacked by someone on the Internet, and they don’t have access to your basement office where you do all your work.  So feel free to write down passwords and tape them to the wall or monitor.  A long and complex password
written on a piece of paper is more secure than a short and simple password that is easy to remember.

Rule #3 – Put all your passwords in one document on your computer.

Let’s face the truth, we all have a lot of passwords and we need to keep track of them somewhere besides in our heads.  The convenient place to do so is on the computer so that you can find them when you need them.  So how can we keep this document safe in case someone else gets on our computer, or our computer gets stolen?  Well, you can store your passwords with a program like kee-pas that will encrypt them all for you.  You could also put them in an Excel spreadsheet, but if you do so, I recommend you name that spreadsheet something like system.dll. Make sure the file does not have the .xls extension.  Most laptop thieves would never think to open system.dll in Excel or notepad to see if it contained passwords.  Of course, if your computer is stolen you should begin changing your online passwords soon.

Rule #4 Print all of your passwords on a piece of paper and stash it somewhere.

A locked, fireproof safe in your house is an ideal location for this.  You want to put the list somewhere convenient for easy reference, but you don’t want to paste it on the refrigerator for the first burglar to spot.  Taping it below the desk your computer is sitting on, or tucking it in the refrigerator work well also.

Rule #5 – Use the same passwords over and over.

Do you need to create an account on a site you’ve never been to and never plan to go back to after you download their white paper?
Then use the same simple password you have used on hundreds of other similar sites.  I use the same simple password on the Pizza Hut web site, the Papa John’s web site, the On The Border web site, and a hundred other sites that have no financial information about me and no profile of myself that I am concerned about being vandalized.  But you should never use a password used on an important site on any other site because if someone at one site learns your password they may attempt to use it on other sites.

Rule #6 – Don’t change your passwords…

all at the same time.  Ok, I admit that I was just trying to trick you into reading this rule.  You should change your passwords probably at least once a year or more.  I don’t.  But do as I say, not as I do.  I change my passwords at work regularly, but not the passwords on my bank accounts, facebook, email accounts, etc.  I mean to change them though!  I have a reminder to myself to change them.  But I already have them all memorized and it takes a while to memorize new passwords, so if I change them I need to have my list of passwords accessible for a while as a backup to my brain.  Also, it takes a few minutes to come up with new good passwords and to go through the process of changing them.

My real advice here is that you should not try to change all your passwords at once.  Instead, pick a few to change every month.  Doing so will make it easier for you to remember the few new passwords you changed instead of trying to remember the fifty you changed all in one day.  Also, in case your computer happens to be infested with a keystroke logger, you don’t want to change all your passwords at the same time and give away all your passwords to every account you own in one day to the villain on the other end of the keystroke logger.

Rule #7 – Don’t even bother to remember or write down your passwords.

Most web sites provide links to send you a new password or a password reminder in case you have forgotten your password, so why even bother trying to remember it.  Just enter a long, complex password; and then every time you need to log in use the ‘Forgot Password’ option to email the
password to you.  However, you probably don’t want to do this for sites you login into frequently.

Password guidelines

For really secure passwords, use a pass phrase at least 10 characters long with upper case, lower case, numbers, and a special character.
TheRoyalsWon8-2!  MyChiefsLost49-0!  If you want to write it down, write down a mnemonic like SWOIyear for StarWarsOpenedIn1977.  Then anyone can see your mnemonic password, but hopefully only you will know how to decode it.

Another approach is to use a pass phrase for your password, but substitute some of the letters for numbers and special characters.  Then,
write down the pass phrase without substitutions.  If your password is IH@veNoP@ssword write down IHaveNoPassword.

One more option is to use foreign language phrases for passwords.  In Spanish, Muy Caliente means very hot and MuyCal1ent@ is a very strong
password that is also resistant to English dictionary attacks.

But if you really need a great password, go to https://www.grc.com/passwords.htm to have one generated for you.

Posted in CodeProject, I.T. | Leave a Comment »

Find bugs in your javascript using Closure

Posted by robkraft on June 5, 2011

Just in case you have not found the Closure tool from Google yet, I’m making this little post to help you discover it.  Closure is a free online tool at http://code.google.com/closure/ that will examine your javascript for bugs and compact it for you.  If you write javascript and are not using any tools to assist you in finding coding errors, check out closure.  It is online and it is free.

Posted in Code Design, Dev Environment, Free tools | Leave a Comment »