58bits - Tech

Wow - Google and searchers were all over the "URI templates and hackable search engine friendly URLs" line in my short WPF post below, which means there's a lot of interest in URI templates.

I found this post on Creating a Template based URI very helpful. You DON'T have to be building a WCF service to use these. You MUST however include a reference to the System.ServiceModel.Web assembly in your project before you can use the System.UriTemplate type.

Scott Hanselman's presentation at MIX08 on MVC was also very helpful as well as it clarified many things (not to mention being hugely entertaining).

The URI Templates of .Net 3.5 don't have anything to do with REST - they're just a utility class that helps to bind and match templates and parameters to and from URIs. When combined with a URL rewriter they make it easy to present hackable URLs the world.  As Scott said in his presentation - the URLs in a browser window are effectively part of the UI - and so should be treated accordingly when possible.

So... mystore.com/clothing/shirts would be cool, as opposed to mystore.com/products.aspx?type=clothing&category=shirts

Here's an example of the WLW Code Snippet Plugin in action...

   1: /// <summary>

   2: /// Hash utility - pass the hash algorithm name as a string i.e. SHA256, SHA1, MD5 etc.

   3: /// </summary>

   4: /// <param name="input"></param>

   5: /// <param name="algorithm"></param>

   6: /// /// <param name="upperCase"></param>

   7: /// <returns>Hashed String</returns>

   8: public static string HashIt(string input, string algorithm, bool upperCase)

   9: {

  10:  

  11:     if (string.IsNullOrEmpty(input))

  12:         throw new ArgumentNullException("input");

  13:     

  14:     if(string.IsNullOrEmpty(algorithm))

  15:         throw new ArgumentNullException("algorithm");                        

  16:     

  17:     byte[] result = ((HashAlgorithm)CryptoConfig.CreateFromName(algorithm)).ComputeHash(Encoding.UTF8.GetBytes(input));

  18:  

  19:     StringBuilder myHexHash = new StringBuilder(64); //Maximum length required for SHA2-256, SHA1 or MD5

  20:  

  21:     string formatter = string.Empty;

  22:  

  23:     if (upperCase)

  24:         formatter = "{0:X2}";

  25:     else

  26:         formatter = "{0:x2}";

  27:  

  28:     for (int i = 0; i < result.Length; i++)

  29:     {

  30:         myHexHash.AppendFormat(formatter, result[i]);

  31:     }

  32:  

  33:     return myHexHash.ToString();

  34: }

There just aren't enough hours are there. Have just about managed to cobble together an improved looking skin for dasBlog. Will re-write my image gallery component soon with URI templates and hackable search engine friendly URLs.

The application I use to package up my images for delivery is called Gallery Builder (original) - and it's my WPF learning exercise. A hand-rolled set of control templates produced not a bad looking UI. Would love to write an effects control for generating the gallery cover image. Alas there may not be enough hours...    (click the image on the left to enlarge).

Well that's two out of four exams over with - and the end of the silent period on my blog. Successfully sat 'Information Security Management' and 'Introduction to Cryptography' over the past two days.

Both manageable papers, and the first two of six in what has turned out to be a really excellent programme. Check out the Information Security Group at RHUL for the gory details, or the syllabus posted at the London External Programme - MSc in Information Security.

Now that I have my life back... (at least for the summer), watch this space for a re-designed blog and new photo gallery over the coming weeks.

These are interesting. And there I was feeling all warm and cosey with my trusted platform module (TPM). The RAM to USB utility is particularly cool.

http://citp.princeton.edu/memory/

http://www.cs.dartmouth.edu/~pkilab/sparks/

It's always great when you find a company that produces a quality product, backed up by good support.

For a while know I've been looking for a replacement to the Cisco VPN Client that I use to connect my client's VPN. Cisco have produced a version of this software for Vista - but have stated categorically that they will not be supporting the 64 Bit version of Windows. Instead they are expecting their customers to throw away perfectly good equipment - in favour of their new ASA platform of firewalls and gateways  - which in turn will use their new AnyConnect VPN software, which does of course support the 64 Bit Windows.

Along comes NCP and their NCP Secure Entry Client in both x86 and x64 flavours. A 'very' configurable VPN client with a few extras too boot. The CISCO VPN Client doesn't give much away in terms of the detailed settings required to establish an IPSec connection. And IPSec network connections operate in different modes, and have several configuration settings. That said, after a quick email to NCP support, and very helpful reply, I am now connecting just fine to my client's Cisco PIX.

Thank  you NCP.

I posted here a while ago about setting up BitLocker on my PC - without a TPM. Works great.

I've recently been building up a new machine that will become my main development PC in the New Year - having decided to follow in the footsteps of others and build a decent spec Vista Ultimate 64 Bit box.

The spec:

Shuttle SP35P2 Pro
G.Skill 8GB 4-4-4-12 RAM
XFX NVidia GT 8800 Video
WD Raptor 10,000 RPM SATA for OS
SD Barracuda 300GB for Data
Vista 64 Ultimate 64 Bit

Anyway - more on this box later - which of course is going to be way better than others . :-)

BitLocker and EFS are now standard on my PCs and any new notebook I buy will have a TPM in it for sure.

That said - I'll be darned if I could get BitLocker to find the USB flash drive on this new PC to load the BitLocker keys at startup.

There are plenty of threads out there on the topic. Search for 'Bitlocker unable to read USB drive', or 'Bitlocker cannot find keys on USB drive'.

None of these helped me in this case.

Here's the solution (at least for this machine - with a Phoenix Award BIOS - V6.00PG - on an Intel P35 Express Chipset + ICH9R).

1. Be sure to put your USB keyring or flash drive in first!

2. Restart and enter your PC's BIOS (DEL at startup)

3. Go to the Integrated Peripherals menu item

4. Go to your USB Device Settings menu item

5. Set the USB controller to 'Enabled', 'High Speed' and the USB Storage function to 'Enabled'.

6. Here's the trick.... You should see a line like the one below with your USB thumbdrive listed.

*** USB Mass Storage Device Boot Settings***

[Yourdrive MFG name here]   [Auto]

The default is 'Auto'. Change it to 'HDD' and presto - Bitlocker will find the USB drive.

Took me ages to figure this one out...

It's my data and I'll open it if I want to... right? Errr.. not quite. If you've EFS encrypted files on Windows Vista you will not be able to open them under Windows XP. I'd thought I had most of my recovery scenarios covered. Was about to prep my XP Pro notebook for a trip and wanted to take some EFS secured data with me as well...

The following KB article applies...

Error message when you try to open an EFS-encrypted file in Windows XP or in Windows Server 2003 after the file has been opened in Windows Vista: "Access is denied"

A colleague just sent me a link to the MIX07 presentation of ASP.Net Dynamic Data Controls. I'd actually seen this demo before - but something about taking a quick second look made me want to blog about it.

Is it just me, or are there other people out there that kind of wince when they see these sort of presentations? (ignoring the obvious 'prop and holding' behavior of Mahesh Prakriya and his bottle of water).

The tools are definitely cool and I can see how these controls would be useful for knocking together a quick admin UI, or proof of concept app.  But the thing that kind of depresses me when I watch a video like this (with more powerful controls that let you build apps more quickly!) is the thought that there are 'developers' out there that will use this stuff and call themselves programmers - without knowing a whole lot about software development (principles - like searching, sorting, comparing, or how to build applications that are secure, transactional, and scale).

I sometimes wonder if we're headed back the good ol'days of VB6 where whole departments grew up without really knowing much about software development at all.

MS has an evangelical team, but frankly I'd like to see less proselytizing of how technology is going to make our software development lives so much better - and more holistic presentations that combine neat tools like this - with careful qualifiers that put the tools into the wider context of software design, quality and production issues.

I remember the first time I was burgled. It was in 1993 and I was living in London at the time. It was a tad unsettling to come home and see the front door of my apartment smashed open, and things not exactly the way I left them before I went to work!  I lost a bunch of Audio CDs, my TV and some cash that was lying around - but NOT my computer.

Since then being online a LOT more, and needing a safe place to store personal online information - account codes, banking information, subscription information etc. means that I've thought often about the best way to secure my personal (and work related) data.

I've used a couple of third party products in the past - but with Windows Vista Ultimate and BitLocker beckoning - I thought I'd give a combined BitLocker and Encrypted Files System (EFS) combination a shot.

BitLocker (in case you've not heard of it) encrypts the entire system partition - and until a valid key is supplied during system boot - the drive and its contents are effectively a nifty digital paperweight and nothing more. You can even safely dispose of the drive in this state - because again - without the key - it's just a lump of encrypted data.

My biggest concern with BitLocker was going to be performance especially since I was going to enable BitLocker on my main DEV box. Fortunately I have a 'kick it and see' PC I used to test everything on before implementing all of this on my main machine.

Here's the best article there is on how to configure BitLocker... Windows BitLocker Drive Encryption Step-by-Step Guide. In my case my PC doesn't have a Trusted Platform Module (TPM)- so I made the change as detailed in the article to allow BitLocker to be installed without a TMP.

Shortly after Vista Ultimate RTM was released - there was an update that included a BitLocker drive preparation tool. A word of warning here - and this relates to Windows Backup. Use the default partition settings from the drive preparation tool and allow it to create the new (and small) boot partition that will be needed for system startup (so that the boot process can start (unencrypted of course) before loading the OS from the encrypted drive). 

I have two partitions on my drive - my C: drive - which I will enable BitLocker on, and my D: drive which contains all my data. While exploring the command line options for the BitLocker drive preparation tool - I thought that since I already had a second partition (my D: drive) I could make this my boot drive (boot.in and OS loader) - but this was a bad idea. For starters it's a BIG partition - over 100GB. Secondly - when using Windows Complete System Backup (which I now use in favour of my previous third party imaging tool) - the backup will correctly detect that it needs both partitions to do a complete system backup. I don't want my D: drive included in this image (the reason for separate partitions in the first place) and so I switched back to the default BitLocker drive preparation settings - which creates a new small partition (S:) to hold the boot information.

My BitLocker generated key was created and written to a USB thumbdrive (attached to my key ring - along with the other 'real' keys). I put a second USB thumbdrive in a 'real' safe along with the recovery key. If I loose my keys (literally) this is the only way I'm getting back into my machine - so having a safe and alternate location for your recovery key is essential. It's kind of neat having to put the USB thumbdrive in my PC to start it up - like starting a car... :-). And it really doesn't interfere with the way I use my PC - my keys are always there on my desk - and I take them with me wherever I go so it fit fine into my pattern of work and play (you can take the key out of the computer as soon as BitLocker reads it - in fact BitLocker tells you to once it's read the key).

I have to say I was really impressed. I saw no performance difference on the 'kick it and see' PC and when installed on my live box - no difference there either. Impressive.

BitLocker will only work on system partitions - so that left the data on my D: drive. And this is where Encrypted File System comes to the rescue. That said not everything on my D: falls under the category of 'sensitive data' so I wasn't about to encrypt the entire drive. Instead I grouped my 'sensitive data' together in a special folder - and encrypted the contents using EFS. EFS uses a public-private key pair and a per-file encryption key to encrypt and decrypt data. The public-private key pair are stored in your Personal Certificate Store - which you can view by typing certmgr.msc in the search line of the start menu in Vista, or from the 'Run' command in XP. Alternatively you can view the personal store from the Tools, Internet Options, Content, Certificates option in Internet Explorer.

Since the certificate store in on the system partition - and this is now under the protection of BitLocker - the certificates are safe (although you still need to take a backup of the EFS certificate and keep this someplace safe too).

EFS is pretty cool - and they way it uses public keys to protect a per file symmetric key is neat - since it allows you to use several public keys - from several users - to encrypt a file - and then share it amongst those users if you needed to.

Here's an excellent description of how EFS works... Windows XP Resource Kit: Using Encrypting File System.

So I now have a production PC - working hard every day - with BitLocker on the system partition, EFS where I need it on the data partition - a set of keys safely tucked away in two locations - and I feel better about the prospect of getting robbed - because at least this time if they choose to take the PC - they'll be getting a lump of iron and silicone - and not a whole lot more than that.