A day with Paul Cotton, co-chair at W3C HTML Work Group

Filed under Technology

This past Wednesday I had the pleasure to spend my day with Paul Cotton.

Paul Cotton is the Group Manager of Microsoft’s Interoperability team that covers HTML and Cloud technologies. In addition he is currently co-chair of the W3C HTML Working Group that is standardizing HTML5, Microdata, Canvas 2D Context …

During the day we were talking about many different things, but as you can imagine our main conversation subject was HTML5. It was very interesting to see the professionalism of Paul handling the two hats he needs to wear constantly, one to represent Microsoft interests and the other one to represent W3C interests, this means the interests of the entire web community and this is a huge responsibility. The first thing that called my attention on this regards was that Paul was not talking about browsers, but about user-agents in a way to abstract his conversations from specific browsers.

One of the most interesting things to reflect on was how the HTML specification and the industry could evolve from the point we are today. Far from talking about new features or new technologies to be included in the specification, Paul was talking about how the new members of the group could influence this evolution. Until today most of the members were coming from companies with a long trajectory in the web like Microsoft, Mozilla or Adobe, but now there are other members coming from very disparate industries like TV manufacturers like Sony, LG or from the entertainment world as Disney.

This proves how the web of the future is attracting a full new universe of possibilities that might change the panorama as we know it today, simple things like a browser update that is very common in the computer world, might not be desirable anymore when you need update the firmware of your TV to have its embedded browser updated.

Time will tell, but as Paul says also the technologies suffer the Darwinian evolution and I completely agree, it doesn’t matter how much you try to get stuck in one of them they will evolve or disappear, so be prepared for the change.

Using 301 Redirects

Filed under Development

Using 301 redirects are a useful way to indicate visitors and search crawlers that a page has been moved permanently to another location.

This is especially important, for instance, when you move your site to another domain. Redirecting all the pages on the old domain to your new site will help Google or Bing crawlers to indicate your site has permanently moved avoiding SEO issues.

There is another case where you want to make use of 301redirects to avoid hurting your SEO, this is when you have more than one domain pointing to the same content.

In my case I have two domains: www.josefcobonnin.com and www.josebonnin.com pointing to this blog. I don’t want to eliminate the first domain, but if I don’t do it the search engines will consider the content duplicated and will impact my positioning on the search results. To avoid it we can make use again of the 301 redirects.

The way to implement 301 redirects with ASP.NET is very easy, what we do is to capture the requests we receive and add to the response the HTTP header Location with the new URL. 

The next code should be added in the Global.asax file of our ASP.NET projects.

   1: void Application_BeginRequest(object sender, EventArgs e)
   2: {
   3:         string url = HttpContext.Current.Request.Url.ToString().ToLower();
   4:         if (url.Contains("http://www.josefcobonnin.com"))
   5:         {
   6:             HttpContext.Current.Response.Status = "301 Moved Permanently";
   7:  
   8:             HttpContext.Current.Response.AddHeader("Location", url.Replace("http://www.josefcobonnin.com", "http://www.josebonnin.com"));
   9:         }
  10: }

After implementing this short code, all the requests done to www.josefcobonnin will redirect with a 301 to www.josebonnin.com. You can easily test it using the IE9 developer tools and checking the headers returned.

301 redirects

Install Windows 7 from USB

Filed under Technology

Nowadays we can see how CDs and DVDs become more irrelevant in Laptops and Netbooks, lot of them do not incorporate the units to be lighter.

To be honest I like the idea, I can't remember when was the last time I burned a DVD. The problem with it is that sometimes makes it harder to install software on the PC and install an OS is not an exception.

To solve that you have the option to install Windows 7 from a USB pendrive that can be prepared following some basic steps.

  • Plug a USB pendrive (a 4GB USB is enough)
  • Launch the Command Prompt with administrator privileges.
  • Execute the utility DiskPart
  • Run the command "list disk" to identify which disks corresponds to the USB drive
  • Run the command "select disk NUMBER". Replace "NUMBER" by the number associated to the USB drive we obtained in the previous step.
  • Run the command "clean". The command is quite clear, so be careful because it deletes all the data contained in the disk selected.
  • The next step is to create and activate the partition using the commands "create partion primary" and then "activate".
  • Now we need to format the new partition, to do it we run "format fs=fat32 quick".
  • In order we can access the USB drive we need to assign a letter to it, this is done by running the command "assign"
  • The last step is to copy all the contents of the Windows 7 installation DVD to the USB key.

That's it, now you can install Windows 7 from the USB key directly in any PC without having to carry the DVD with you.

Why I use IE8

Filed under Technology

Let’s be clear I like Internet Explorer.

I use IE8 and I have to hear jokes and all kind of comments because of it. Before I joined Microsoft I was arguing for a while until get tired of the conversation, moment where I ended always with a “yeah … it is”. Things like “but IE is not compatible with CSS standards” were very common to hear.  No, please don’t go again into that, it’s clear there is still lot of improvements that can be done for standard compliance. In any case, IE8 is 100% compliant with CSS Level 2 Revision 1.

But after I joined Microsoft the comments were getting worse and stimulating for the conversation, ridiculous things like “but you use it because Microsoft does not allow other browsers to be installed”, not worthy to say that is far away from reality.

Now that there has been the famous attack to Google using an exploit of IE some comments have reached insanity levels.

If you want full information about the exploit and the solution go to The Microsoft Security Response Center (MSRC). I just want to stand up that “to date, the only successful attacks reported have been against Internet Explorer 6” (which is a 9 years old browser). Users with XP (more than 8 years old OS) were more prone to suffer this exploit because XP does not take profit of Address Space Layout Randomization (ASLR), Vista and other later versions are more effective blocking the exploit because they take profit of the improved security protection offered by ASLR.

So, we have that people using a 9 years old browser on an 8 years old OS were the biggest victims. I’m not going to comment about this, just take a look to this video and think about it yourself  … security, hacking attacks, technology … all evolves and, don’t be fool, ALL of us are also responsible for our self-protection.

Whether you like it or not Internet Explorer is one the safest browsers of the market. You can do the comparison by:

1. Technologies applied: DEP, ASLR, Virtual Store, Mandatory Integrity Control, Today IE8 is the only one making use of all these technologies. I have to mention too the Cross Site Scripting filter and the Private Browsing, also known as porn mode but pretty useful and recommended when you browse from airports, Internet points and any other kind of shared computer.

2. Phishing protection: “The average phishing URL catch rate for browsers

Mean block rate for phishing

3. Average time to block phishing: “how long on average must a user wait until a requested phishing URL is added to the block list?”

Browser add time

Worthy to mention that “phishing sites have an average life expectancy of only 52 hours mmm…sigh… Thanks Safari 4 to protect me against phishing sites that no longer exist.

Source: NSS Labs Browser Security – Phishing Q3 2009

“but Everybody recognizes a phishing site”. According to Gartner Group “theft through phishing activities costs U.S. banks and credit card issuers an estimated $2.8 billion annually”

4. Vulnerabilities:

but regardless phishing Firefox is the safest browser

Vulnerabilities by browser 2008

Source: http://secunia.com/gfx/Secunia2008Report.pdf

I couldn’t find the 2009 report so I went manually product per product drilling by version in the Secunia site to get overall vulnerabilities.

Browser Vulnerabilities Release Date Market Share
IE 6.x 184 8/27/2001 20.99%
FireFox 3.0.x 144 6/17/2008 6.91%
IE 7.x 106 10/18/2006 15.53%
FireFox 3.5.x 48 6/30/2009 16.32%
IE 8.x 30 3/19/2009 20.86%
Safari 4.0 16 6/2/2008 3.45%
Chrome 3.x 5 10/12/2009 3.75%

 

As you can see Firefox 3.0.x has had more vulnerabilities in 19 months than IE 7.x in more than 3 years and almost the same than IE6 in more than 8 years. I’m not going to comment about Firefox 1.0.x, which had 209 known vulnerabilities since 11/9/2004 and has a current share of 0.03%.

Vulnerabilities Source: http://secunia.com/advisories

Release date Source: http://www.wikipedia.org

Market Share Source: Market Share Browsers.

but …” Before you mention that Safari and Chrome have less vulnerabilities, please review again the Market Share and Release Date and remember that massive attacks are like business: You always try to maximize benefits, if with one product (exploit) you can reach 60% of market you don’t put all your efforts trying to get 5%.

I’m not going to enter into specific features of IE8 that facilitates the administrator’s work in corporations like: the possibility to manage and configure nearly 1.500 built-in group policies, the IEAK for customization, distribution of updates and patches via Window Server Update Services

So, yes I’m very proud to say I’m a IE8 user … “but browser %replace with your browser% it’s faster” … Yeah…it is

TF Command Tips

Filed under Development

When you work with TFS there are certain situations that will happen first or later like somebody going on holidays without doing checkin, a project that was created wrong, etc. those situations require you might need delete a project, delete a workspace, undo other changes…most of them can be accomplished using TF.exe. That’s the reason why I always say to TFS users that “TF.exe /?” is your friend.

I post some of them here as a kind of reminder for myself. As I will not be using TFS very often from now, I’m afraid my brain will deallocate the syntax to allocate other knowledge pretty soon.

Delete a project:

  • TFSDeleteProject /server:SERVER_NAME “PROJECT_NAME”

View checked out files for a specific project/user:

  • tf status “SERVER_PATH” /user:USER_NAME /recursive

View checked out files for all users:

  • tf status “SERVER_PATH” /user:* /recursive

View workspaces in a computer:

  • tf workspaces /computer:COMPUTER_NAME /owner:*

Undo others code:

  • tf undo /workspace:WORKSPACE_NAME “ITEM_PATH” /s:URL

Baseless merge:

  • tf merge /baseless “FROM” “TO” /version:T /recursive