C# and ‘using’

A really useful keyword in the c# language is:-

using (declaration)
…Code here

I use it quite often, especially when setting up database connections, as these are often pooled. The great thing about the using keyword is thaT once the final brace is run in the code the object destroys itself. When I have to make connections that might take me to different servers I use using to make the connection, run the SQL and close the connection. Exiting the final brace clears everything and I am ready to move on to the next connection.

The using keyword will clear all resources as it exits, so if I forget a .close() or want to have several consecutive connections this little helper makes life clean and simple; the other beauty of it is that you can see in the code everthing you are doing within that one session.
It is very, very useful.

Give it a go and see!

Solar Flares – mind your Sat Nav!

With the new solar monitoring satellites in place it is nice to have early warning of impending solar activity. There is currently an ‘alert’ on a solar flare pointing directly at earth.

Apart from the ability to give Hollywood B movie makers a plot line, what on earth do we do? The storm flare will affect earth orbit satellites, so comms could be affected, we may have to fall back onto landlines and park our mobiles up for a day or two.

Power lines and switching stations could be affected, so get some candles in and have an early Earth Hour -or day.

Finally sat Nav systems could error, but who actually trusts these gizmos? I have heard stories of drivers following tracks into ponds and running across fields following ancient trackways still on maps and therefore on the software disk. Surely we can park these up for a while, use our eyes and maps, maybe even a bit of common sense.

Come to think of it, watching the hoards of motorists setting the systems as they leave the local supermarket, maybe solar flares should wipe these gadgets out completely, let us old grumpies get back to proper driving, no mobiles, no Sat Nav. At least I could relax and not keep having to watch my mirrors for the driver who is typing in co-ordinates from a friend on a mobile phone while travelling 2 feet from the rear of my car!

CMS – Still the need for custom builds.

Although we do quite a lot of WordPress work it often happens that we need to look at a bespoke solution to a problem. Recently I was asked to put together a custom built ‘Articles’ page for www.lawschoolonline.co.uk. The articles needed to be easy to administer, and give the site administrator ability to edit articles once posted and allow the user to select articles by category without the need to keep asking me to make the changes.
Selected articles are served up in a solo page so there was a need to ensure that the title tags, header keywords and description could all be customised by the site administrator to fit the specifics of the article’s content.
The solution was was a simple protected admin menu page that allowed the creation of new articles, with form fields for excerpts, tags, headers description and keywords plus the title tags. An editing menu lists all articles by shortcode and then allows a full edit of all the data fields. All data is stored in a MySQL data table. Apart from the category tag joins
only one table was required as normalisation wasn’t an issue.
As PHP is a server side process it was easy to call the data for the individual article into the page so that the title, SEO keywords and description related to that individual article. As the HTML is rendered after the PHP processing it meant that the browser was passed the SQL data to form the required sections of the <head> tag and create an individual SEO specific article.

Data Jim, but not as we know it…

With the coming of ‘Open Government’ a project that it must be said is very laudible, there comes a danger that the overeagerness to get ‘stuff’ out there can sometimes lead to dangers.

I am not being melodramatic here, but data needs carefiul management, not censoring, but management. The new police.uk site shows hot spots of local crime, if you were actually lucky enough to get online. After several attempts I have given up and looked not at the data, but at the source.

It would seem that the data used is quite ‘raw’ that is comes from a variety of sources in a variety of ways. The data can be edited at any time, changed or removed. The key thing here though is that there are probably hundreds of end points all adding data using their own set of definitions. What is a crime? Where was the location (what about at a junction of two roads)? How many were involved? How old is the crime?

Data can only be useful if it has a core set of standards, and not as the case seems to be here - variable set of core standards.


Putting all your eggs in one basket can cause havoc

As users of UK Online are about to find out having all your email addresses in one ISP can be a pain, as UK Online is about to close down.


As I understand it, users will have the Christmas period to move their entire backlog of email messages, and notify all senders of emails of a change of address. Come January 14 2011 all emails to that address will be bounced.

If, like us and most of the online community, you have decided to join the odd mailing list or two, you would need to track them ALL down and amend them. However, how do you deal with accounts that don’t allow you to change the prime email address?

Switching at such short notice is not going to be a quick or easy task. One of the reasons we use several email identities is to avoid this type of situation, so here’s hoping none of our independant service providers go the same way!

SQL Injection attacks

The recent attack on the Royal Navy site using SQL Injection techniques is a timely reminder to anyone still leaving their database unprotected.

The good news is you can quite easily reduce the risk of an injection attack. They take place when a site allows data input fields on a form access to basic SQL commands. By adding extra words to the end of a form input field SQL statements can be run in addition to the original designed statement. These commands can be quite simple for example, firstly select a list of tables, then select the data in the tables. As this operates at the database layer a connection has already been made by the software to the database so login details aren’t required.

There are simple functions that use basic escape mechanisms to protect the data input. The most common  is escaping the data, which may not be the strongest security measure. The input string is read and if the function finds certain characters it will ‘escape’ or add a ‘\’ character in front of the relevant character. There are still ways around this so to be safe the query to the database should be ‘parameterized’ that is the input string is broken up and selected parts are passed to the SQL query. Basic functions exist in most programming languages to do this task.

 Better yet, and good practice anyway, is to use stored procedures as these are totally parameterized. It isn’t particularly complicated, but it is a bit of a pain to do … if in doubt ask your web designer!

Non Animate Objects

Why do certain harmless objects cause such stress?

I personally think that printers are the most likely source of ‘object rage’ that I can think of and this following clip – which contains VERY STRONG – not for the faint-hearted - language seems to agree -

It sums it all up for me. I must spend hours a day talking to screens, printers and various network boxes, all to no avail as if somehow, by giving them a life and personality, they will actually work better.

Basil never had this problem, he just lashed everything with branches – not a bad idea at that.

Security starts at home

As soon as the dust settles on one crisis story about internet security, another pops up.

As developers we are on scores of mailing lists, and it is no surprise to find that the bulk of our alerts come from the security business sector. Usually alomg with a ‘cure’ for the particular ailment. It seems to be a bit like going to the Doctor and being advised to take cough medicine from his own brand medicines, even if you only went with a sore foot.

It is pity really, as it can take a bit of time to sort the wheat from the chaff, or coughs from the limps.

The key theme that comes through again and again is that you must keep yourself secure, regular password changes, careful of the type of data you put out onto the internet, check privacy policies etc..

For those of you who might remember Hill Street Blues the phrase goes – ‘Let’s be careful out there!’

How safe is your phone?

After years of hacking, phishing and other malware in PC’s, the criminal fraternity has moved onto mobiles in a big way.

Using the same tools as we use for our modem development software it is poosible to create an app that steals your data.


The main reason for this is that there is one key difference between PC and mobile hacking. With a PC the user needs to be enticed to a web site to download something onto the PC. It might be a key logger or phishing scam that offers a tax return/lottery win etc. However, on a mobile the connection to your finances is already made as everything you do on a mobile has a charge.

This is the reason why mobiles are so at risk; your mobile could download an app that uses your credit to dial premium rate numbers and you won’t find out until your next bill. The ‘money’ already exists to be taken.

Moral of the story – Don’t buy illegal apps. It is said that up to 90% of certain apps on mobiles are illegal downloads – that is one vulnerability. Code can be inserted into current popular apps and then offered for free, with the extra code and none of the protection of purchasing from the legal supplier.

At last – a use for football?

I was trying to explain why an internet page used ‘F’ as part of the colour designation. “it’s because it is a hex number” I unhelpfully suggested. “How can F be a number?” was the instant reply.

I was surprised as this was a technically savvy user. So I tried to explain the rationale behind using ‘labels’ on a set of binary combinations and realised that I learnt hex as a Unix user as part of the package without really thinking too deeply.

It all stems from Binary, and I suggested that he think about the World cup, 1 winner, 2 finalists, 4 semi-finalists, 8 quarter-finalists, 16 round qualifiers, 32 top of pool teams. Each step is a doubling (or halving) of the teams. So in the same way we have in ’colums’ 1,2,4,8,16,32.

The real trick though is understanding that binary is not a left-to-right read. It is a right-to-left read so the world cup draws would actually be 32,16,8,4,2,1

If you want to express the world cup winner in a way that is simple, take the first ‘column’ and turn this from 0  to 1. As there are two finalists you make the first column 0 and the second 1 making a representation of 10. Third would be a 1 + 2 so that would represented as 11.

This continues and as you add more teams you may want to represent the whole 32 so you can position every team. Therfore to be fourth becomes 100 and so on. Twentieth is 16 + 4 so 10100. Thinking of it in that sense let him see that 16 isn’t actually a number, but a state, a ‘label’ for a binary code of 10000. It also helped him understand the funny numbers used, 512 1024 etc. in computing terms. It is a lot easier to put F on a keyboard input than 010000.

So as a Rugby Union fan I can at last say that football does indeed have some use!

Posted in IT | Tagged