Monday, 29 October 2012

Metadata file could not be found in a solution path with escaped spaces

Monday, 29 October 2012

After a short exchange of friendly but accusatory cross-continental messages, I’ve learned something new about .NET projects today. Let me start with the symptoms as that’s the first thing I Googled for and how I suspect others will find this and save themselves some pain in the future.

Let’s say you have a solution like this:

Solution with two projects

This is a brand newie right out of the box to demonstrate the problem. The web project references the ClassLibrary project as a project reference. In other words, the project file contains something like this:

<ProjectReference Include="..\ClassLibrary\ClassLibrary.csproj">
  <Project>{705479f2-2820-44ea-a983-f03c70ae0754}</Project>
  <Name>ClassLibrary</Name>
</ProjectReference>

So far, so good. However, when you go to build it gets decidedly unhappy:

Build error: Metadata file could not be found in a solution path

Read more

Wednesday, 17 October 2012

She did WHAT in school?! The mechanics of a Facebook worm

Wednesday, 17 October 2012

I’ll admit to some amusement when I see friends liking pages such as this:

[SHOCKING] At 15, she did THAT in public high school EVERY day! How Terrible!!

I’ll admit to even more amusement when they’re mature adults (of either gender) or as seen recently, when they’re my mother in law. Of course when confronted about their salacious ways they’ll always swear black and blue that they never “liked” the link. Except they did, they just didn’t know it.

What you’re seeing here is a Facebook “worm” or in other words a script which replicates itself. Someone sees it, clicks the link then it automatically appears on their wall without their knowledge. Three of their friends then see it on their wall and click through then three of their friends do the same and so on and so forth.

But how can this happen? Why does Facebook allow someone to inadvertently “like” a page they would never actually intentionally like, or at least not intentionally broadcast that they like it! It’s actually both very simple and quite clever so let’s pull it apart and figure out how this is working.

Read more

Monday, 15 October 2012

Hacking is child’s play – SQL injection with Havij by 3 year old

Monday, 15 October 2012

You know what really strikes me about a lot of the hacks we’ve seen lately? It just seems too easy. I mean we’re seeing a huge number of attacks (an unprecedented number, by some figures) and all too often the perpetrator is a kid. I don’t mean that in a relative sense to myself as I get older, I mean literally a child.

The problem, of course, is that many of these “hacks” have become simple point and shoot affairs using freely available tools. In the case of SQL injection, tools such as Havij mean that even if you don’t know your indexes from your collations or your UDFs from your DMVs, so long as you can copy and paste a URL you can be an instant “hacker”.

In fact I reckon it’s so easy that even my 3 year old can be a successful hacker. Turns out that’s not too far from the truth:

Read more

Tuesday, 9 October 2012

How your website is being pwned while you’re not looking

Tuesday, 9 October 2012

Who’s hacking us? How are we (as developers) making this possible? What are some of the common flaws we’re building into software? And what exactly is “pwned” anyway?!

All these questions and more come up and get answered in the presentation I made to Developers Developers Developers! in Sydney a few months ago. Fortunately the good folks at SSW were kind enough to record and very professionally produce a number of the sessions then make them available via their SSW TV channel.

Despite the managers of the conference facility doing their best to emulate a Swedish sauna by cranking the heat up to 11, I was very happy with the way the presentation went. For those around Sydney, I’ll be giving a talk in a similar style at the Web Directions South conference next week with mostly new material.

One last thing – I need to give some credit to Mikko Hypponen for the material relating to the three sources of hackers (criminals, hacktivists and governments). I was inspired by his TED talk titled Fighting viruses, Defending the net where he refers to these threats among many other insightful observations about the online security landscape. In fact I’m inspired by most things Mikko says and the way he delivers his message so do yourself a favour and check out his material.

Wednesday, 3 October 2012

5 ways to do source control really, really wrong

Wednesday, 3 October 2012

Last week, with the help of the good folks at Red Gate, I set up a little competition to give away 5 licenses of their very excellent SQL Source Control product. The entry criteria was simple – share your most painful experience which could have been avoided by using source control.

Many painful stories emerged but I thought it worth sharing and commenting on the 5 winners as I’ve felt this pain time and again in years gone by. So enjoy these stories and hopefully take away some nuggets of knowledge that might help you avoid the same pitfalls in the future.

To the winners: hopefully those licenses will help ease the painful memories of mistakes gone by! I’ll be in touch with your prizes shortly.

Read more