James Wiseman

Have you heard of 419 Eater?

Well, this is a site set up specifically for the baiting of pretty much any internet scam. The name originates from the original Nigerian 419 Scam, known internationally as “4-1-9″ fraud after the section of the Nigerian penal code which addresses fraud schemes.

It has several hilarious examples of how the scammers have had the tables turned upon them and have themselves succumbed to an elaborate counter-scam.

The man in adjacent image has become something of minor celebrity, with his face now recognisable as the bungling criminal who was persuaded to put a fish on his head and bread in his mouth in a nefarious attempt to get a grieving church to pay him money.

Well, I have been waiting and waiting for a call from the Indian telephone scammers, my webcam poised! Why? Because I want to scam them back, and not just keep them on the phone for hours.

No, I want them to place various fruits or vegetables about their bodies, and then send me a picture. I then want them to call me, and record their reaction when they read the future blog post that has the picture emblazened with “HAHAHA YOU HAVE BEEN SCAMMED’ or something.

But it doesn’t have to be me! Why not try it yourself? Many folk are taking to wasting their time, but I say, take it further. These people are trying to rip off, con and embezzle your hard-earned money from you! They deserve everything they get.

So take some time to peruse the 419 Eater, and maybe concoct your own elaborate scheme.

Have you ever found yourself wanting to test out a bit of HTML/CSS/JavaScript without having access to an IDE or being bothered to fire it up?

Do you want to hack prototype a bit of code quickly without fuss?

Or maybe you’re one of those StackOverflow answerers that Race To Get The First Answer In.

If your answer is ‘yes’ or ‘I am actually’ then there’s probably a myriad of different resources you can call upon to help out, but you might consider JSFiddle

I created  a really simple bit of code:

HTML

<input type="checkbox" />

JavaScript/jQuery

$("input").click(function(){alert("test");});

Then I selected ‘jQuery 1.4.2.’ from the ‘Choose Framework’ section and clicked run.

When I clicked on the checkbox, everything hung together like a dream:

At the time of writing the blurb stated that it was still under heavy development, however I still thought it was a genuinely nice little tool that I wanted to share.

Not in production environment, anyway!

Recently, I have been involved in implementing functionality that requires a modification to the structure of a SQL Server table. In fact, the nature of the change was a simple addition of a new column to the table in question.

Logic would dictate that that wouldn’t be too problematic. Right? Wrong!

The fact is, that when you use ‘*’ to reference all columns on a table, you’ll make it impossible to perform any reliable impact analysis on your code base. Columns will be used without being explicitly referenced.

If you add more columns to the table in future, who can guarantee that your existing views or stored procedures will actually need them? If you have code in them that performs a ‘Select *’ then they will, regardless. The obvious problem with this is the overhead of returning unwanted data from the database, and the potential degradation of performance inherent therein. However, there is another pitfall surrounding table joins, which I will now attempt to demonstrate:

Imagine you start out with two tables:

create table Test (Id int, code char(1))
create table Test2 (Id int, TestId int, name varchar(10))

And you would like a query that joins these two, so you create a view

create view vwJoinTests as
select t.code, t2.*
from test t
inner join test2 t2 on t.id = t2.testid

You can select from this, no problem

select code from vwJoinTests

A year later, another developer comes along and adds a new column to Test2:

alter table Test2 add code char(1)

Now, the column ‘Code’ exists on both tables.

Selecting from the view is still fine:

select code from vwJoinTests

And, because our original ‘select’ remains intact (it doesn’t break anything), this fault will not be picked up by testing.

But, if I want to reapply the view code, I get the following error:
Column names in each view or function must be unique. Column name ‘code’ in view or function ‘vwJoinTests’ is specified more than once.

Why would I want to reapply the view? Well:

1. You may want to modify it
2. You may want to rebuild a database
3. You may want to install a brand new database on a client site

Technically, 2 and 3 are the same, but I thought I’d emphasise the potential for embarrasment when it comes to your clients.

It also emphasises the point that structural changes to the database, should be accompanied by a full database build test to ensure its integrity has been maintained.

As part of my continuing efforts to give prominence to this scam, I thought I’d provide a quick update. The Scam Tag on this blog contains the full list of posts regarding this.

Charles Arthur is continuing to investigate this  has recently covered this in a Blog posting: Those ‘PC virus’ phone call scams: the unanswered questions.

One of the unanswered questions that he highlights is how exactly are they getting this information? Several people have intimated that they give out spam-trap contact details whenever they are asked to provide them, so maybe this is a good long-term strategy to attempt to wheedle out the scammers.

Take this example. I am fortunate enough to have my own domain name (JamesWiseman.com). My email account is set up such that all mails sent to @JamesWiseman.com will end up in the same mailbox. So, think of a word, put it in front of @JamesWiseman.com, send me an email, and I will get it.

So, when I sign up for SomeService.com, the email address I give is ‘someservice@jameswiseman.com’. For anything that needs a credit card, or requests more sensitive information, I use something more obscure, but, nevertheless still identifies the company to whom I originally gave the address.

Obviously, not everyone has their own domain, but for email this can be overcome by signing up to multiple GMail or Hotmail accounts (hassle, granted). And what about physical address details? Well, if you never intend to receive mail, then you can always fake it, for example (again using the SomeService company name):

James Wiseman,
22 SomeService Road,
Gondor,
Middle Earth

But what if you do want to receive mail? Well, just pretend you have given your house a personalised name (like those ‘quaint’ Dunroamin house names you sometimes see)

So, your address might look like

James Wiseman,
SomeService,
999 My Real Road Name,
My Real Town
MY8 8PC

Granted, this isn’t going to obtain results quickly, but could well make it more difficult in the long run for scammers to operate effectively.

And, as always, some of the best reference material and anecdotal accounts regarding this can be found at http://www.digitaltoast.co.uk/supportonclick-systemrecure-scam

Ever wanted to an Ad-Hoc database connection test that you can perform wherever you are on whatever computer you happen to be logged onto (security permissions permitting)?

Well, you can use a Windows Universal Data Link (.udl) File. This Microsoft post gives details on how to create and configure a UDL file for use.

We are just creating it to test a connection, so we can follow the Microsoft steps:

1. Open Windows Explorer. (Although, your desktop will do).
2. Select the folder in which you want to store the .udl file. (Again, the desktop is fine for this).
3. Create a new Text Document file. A new file named New Text Document.txt appears in the directory. Rename this file, removing all spaces and changing its file

   

   extension to .udl.

Note A warning that changing file extensions can cause files to become unusable might appear. Disregard it.

If you are running Windows 98 and Windows NT systems with Microsoft Data Access Components (MDAC) installed, right-click the right pane, or results pane, select New, and choose Microsoft Data Link. A new file named New Microsoft Data Link.udl appears in the directory. You can rename this file.

Next, right-click the new file and select Properties. A dialog similar to the one in the adjacent figure appears.  Specify your provider on the Provider tab and then enter the connection information on the Connection tab.

Clicking ‘Test Connection’ will perform you desired test.

One thing I never quite realised before I started writing these post was just how reliant I was on command-line shortcuts. I have a growing number of posts on the various command line options I find useful.

Recently I’ve found myself having to launch various Windows control-panel applications, and have been finding it hassle to f ollow the various navigation links or icons. So I set about finding the shortcuts for the most common ones that I use.

Extensions given in square brakets are not requried (e.g. [.exe]), however are included to denote the type of application you are launching.

Service Control Manager: Services.msc

IIS Admin: inetmgr[.exe]

Event Viewer: eventvwr[.msc]

Add/Remove Programs: appwiz.cpl

System Properties - sysdm.cpl

This is also accessible by pressing windowsbutton-break

Terminal Services – mstsc[.exe]

There are more available on this website:

http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/Admin/LaunchingControlPanelAppsfromtheCommandLine.html

I received an enquiry today about a requirement to copy text to the clipboard from JavaScript. The customer seemingly wanted to press a button on their browser to have the data ready in their clipboard for pasting elsewhere.

It seems that this is indeed possible, but only after what I would say is an unashamed bodge using Macromedia Flash.

The sites detailing the solution for are sufficiently numerous to preclude me from replicating the code here. Some of which include:

• http://www.logiclabz.com/javascript/copy-to-clipboard-with-javascript-on-mozilla-firefox-and-ie.aspx
• http://www.dynamic-tools.net/toolbox/copyToClipboard/

In a nutshell, the solution is as follows:

1. Perform some Object Detection for the clipboard object. If it exists, we can use it. If it doesn’t we go to 2. Generally, the browsers that are more fastidious about security will block access to the clipboard. In years to come I expect this to be all new browsers.
2. Use an embedded flash object to monkey around with manipulate the clipboard in an alarming clever way.

As it turns out, most of the solutions around will not actually work in Flash 10, where you can only copy to the clipboard if the action originates from user interaction with another Flash object. (Read related section from Adobe’s Flash 10 announcement)

Flash 10 seems to have a number of changes that cut down on workarounds for some JavaScript limitations.

Zero Clipboard is reported to circumvent the restrictions. Here is the explanation for this, taken from this StackOverflow Post:

Zero Clipboard is currently the only library that tries to solve this, by overlaying a Flash object above the Copy button, or whatever element initiates the copy. The current problem with Zero Clipboard is that it uses absolute positioning on the viewport, which breaks when the page is resized. It would be more natural if Zero Clipboard did a 100% height/width overlay inside the wrapper that caught the event.

Got that? In short, it all sounds a bit unreliable to me.

So there it is. Anyone straying here hoping to find out how to do a copy WITHOUT flash can expect to be sorely disappointed. And, to be honest, I’d be nervous about it anyway; who’s to say that a less-than-reputable website wouldn’t put down JavaScript to silently copy the contents of your clipboard into an HTTP request periodically. I’m pretty sure a number of people copy/paste passwords from some stored text-files on their PC.

So what was my solution to the problem? Well, as it turned out, the client actually wanted to copy from a few simultaneous cells in row on an HTML table. When you try to highlight these cells, cells in adjacent rows become highlighted. Give it a try in the hastily-constructed table below:

The client was wanting to highlight the three address lines and copy them. Actually performing the copy/paste using Control-C and Control-V was the recognised user experience, and putting a ‘Copy’ button on the page would have removed that.

We got around it by embedding a table within a cell and using the trusty old ROWSPAN attribute on the cell. Try it now:

It is, of course, slightly misaligned, but a few hasty styling fixes should address this.

If you’re interested here is the noddy HTML:

Data1





Address Line 1


Address Line 2


Address Line 3






Data2



Data3

And finally, the irony of the fact that there is a ‘Copy To Clipboard’ option on the syntax highlighted code above is not lost to me!

I don’t know about you, but I find it hassle having to navigate to the Windows Services list in order to stop and start IIS at will:

Start Menu -> Control Panel -> Administrative Tools -> Services

So, how can we do this quickly without all the fiddly and tedious navigation. Easy! Simply use these command-line commands:

Stop:
net stop iisadmin

Stop All Dependent Services:
net stop iisadmin /y

Start:
net start w3svc

Kill

Taskkill /F /FI "SERVICES eq w3svc"
Taskkill /F /FI "SERVICES eq iisadmin"

Ater this the services may be displayed as being started, so be sure to stop them again.

Because DEC25 = OCT31

Boom Boom!

Sorry, couldn’t resist that. What are the chances of those two dates coinciding in that way?

Its a bit like the the other one that goes:

“There’s only 10 types of people in the World. Those that understand binary and those that don’t.”

Which, is maybe even cleverer, as it can be told by either type of person and still make sense.

Anyway, here’s hoping you’ll forgive me for this nonsense!