My web wanderings

This app allows auditing and security.

FreeMind - free mind mapping software

Linux.com | Creating a project dashboard with RSS and rawdog

Statistics for all Wikipedias (test site)
Statistics for all Wikipedias. Here is an example for Wikipedia

A look at Microsoft’s internal SDL with the new Trustworthy Computing initiative.

An in-depth exploration of the art of shell scripting
By: Mendel Cooper

XSS (Cross Site Scripting) Cheatsheet: Esp: for filter evasion - by RSnake

This is going to come in handy during my pen test of our web site.

IIS 6 Peformance Paper - Worth the read

By Brett ‘brett’ Hill on IISFAQ Front Page

Papers from Microsoft are often hit and miss. Some are stellar and some are overbroad overviews filled with marketing jargon. This one, however, is well worth the read. He’s an excerpt from Web and Application Server Infrastructure - Performance and Scalability

COM General

With the new IIS 6.0 architecture, it is important to question some of the existing guidelines where COM is concerned. A major consideration is that, before Windows Server 2003, COM application components were configured (by default) to run out-of-processes from the caller. The default for COM applications is for them to run as Server Applications, executing in a DLLHost.exe process called into from the object instantiate, or over DCOM.

The performance downside of doing this for every method call, is that there are extra threads running on the system, and every call to a method must be marshaled across process boundaries. This is not noticeable on a small implementation with low request/transaction rates, but on a high volume, large multiprocessor, this kind of overhead can greatly decrease the overall scalability of the system.

Therefore, on Windows Server 2003, it is best to change the default configuration for a COM Server Application to Library Application to aid scalability of the calling per use of that application

< Soap Box> The entire world is not using Microsoft technologies to develop. So PLEASE do NOT embed non-standard code into web standard code. Such as do not embed C# into an XSLT. XSLT’s are meant to be platform agnostic. That is what makes XML and its supporting technologies so valuable. What if someone wants to use the XSLT in say Java or some other language. < / Soap Box>

Peeking Into Google
Peeking Into Google
By Susan Kuchinskas

BURLINGAME, Calif. — The key to the speed and reliability of Google (Quote, Chart) search is cutting up data into chunks, its top engineer said.

Urs Hoelzle, Google vice president of operations and vice president of engineering, offered a rare behind-the-scenes tour of Google’s architecture on Wednesday. Hoelzle spoke here at EclipseCon 2005, a conference on the open source, extensible platform for software tools.

Here is an article on Filesystem integrety checkers. There are several filesystem integrity checker applications, both commercial and open source. I chose to deploy afick, because it is written in Perl, which makes it lightweight and easily portable between different operating systems. Though by nature designed for the command line, afick also has an optional Webmin module and a graphical interface written in perl-Tk.

Here is an article on Filesystem integrety checkers. There are several filesystem integrity checker applications, both commercial and open source. I chose to deploy afick, because it is written in Perl, which makes it lightweight and easily portable between different operating systems. Though by nature designed for the command line, afick also has an optional Webmin module and a graphical interface written in perl-Tk.

Here is an ONLamp article that is interesting. “By recording performance metrics, web server administrators can have a historical record of how the server handled incoming HTTP requests. This article expands on that concept by adding a couple of logging directives and recording the logging data directly in a MySQL database.”

QueryCommander is a Open Source Query Analyzer that you can use to work with the following Databases.

Netron Light: a lightweight version of the Netron graph control is available for download . Read the article entitled ‘Diagramming for dummies’ (PDF fromat, 15 pages) to find out what it is. The article is enclosed in the download as well. Hopefully this simple control will reach even more developers. This simplified version is filling a gap in the market or, at least, this is my conclusion from the mails and forum postings. The article can also be found on the CodeProject space.

Overview and Background

Microsoft’s terminal services client (also called ‘Remote Desktop Connection’) has one main thing against it. Remote applications do not appear as if they are running on the local desktop, instead they appear in a separate window which represents the server’s desktop. This is fine if you just want to work exclusively on the server, but can be a pain if you want to switch between applications on the server and the local desktop or want to run applications on different servers. What is needed is a way to display the remoted applications as ‘Seamless Windows’ on the client.

Commercial products have been written to achieve this in a Windows enviroment, the most well known would be Citrix. Citrix uses it’s own protocol (ICA) to publish applications to the client. Others have used Microsoft’s protocol called RDP (Remote Desktop Protocol) with additional software to achieve the same effect (the most notable of these is Tarentalla’s Canaveral IQ – I suspect they use a similar, but more sophisticated, method to the one presented in this article).

While these products provide a lot more than just seamless windows, they are also quite expensive. It would be nice to have this feature in a regular RDP client without having to buy a whole application publishing product.

This article provides a possible solution to this problem by extending Microsoft’s RDP client using virtual channels to communicate between the server and client. This option has been chosen over writing or extending an existing open source RDP client (such as rdesktop) because we will still be able to take advantage of all the features in Microsoft’s client (and presumably all new features they add in the future). Also an advantage to using Microsoft’s client is that we can get some rudimentary application publishing over a web page since their terminal services client has and ActiveX component to do this.

By Martin Wickett

Build an Open Source Network Sniffer
This article reviews common issues of wireless security, and shows how to use open source software to suss out wireless networks, get information about them, and start recognizing common security problems. You will learn how build a lightweight wireless sniffer that runs on open source software and see how simple it is to interact with wireless networks

I have found the following useful items for my project at work to automate our deployment process.

freshmeat.net: Project details for LinkChecker
With LinkChecker, you can check HTML documents for broken links. It features recursion, robots.txt exclusion protocol support, HTTP proxy support, i18n support, multithreading, regular expression filtering rules for links, and user/password checking for authorized pages. Output can be colored or normal text, HTML, SQL, CSV, or a sitemap graph in GML or XML format. Supported link types are HTTP/1.1 and 1.0, HTTPS, FTP, mailto:, news:, nntp:, Gopher, Telnet, and local files.

SourceForge.net: Project Info - Enterprise Monitoring, Windows Systems
Centrally monitor eventlogs, no agents needed; Send alerts to different people on different events; Integrated with ticket tracking system; Forward events to syslogd; Archive events into MYSQL/MSSQL; Web interface to search for events;