Microsoft has officially released Virtual PC 2004 SP1 to the public, FOR FREE!
This is an excellent tool to test new Operating Systems or beta software that may bork your box.
Anything that occurs in the Virtual PC will remain only in the Virtual PC and not cause harm to your main Operating System. Also, you can actually choose not to save the changes to the image, and return the system to the state it was in at the start of your session. It really is an excellent testing tool. I often use Virtual PC or VMWare for development using beta software.
I am really happy Microsoft has decided to offer this product for free.
Virtualization really is an excellent technology, and should take away the fears many users have about beta testing Windows Vista, Office2007, or other beta software and operating systems.
I might also recommend allowing guests to surf the web in a VirtualPC. If you have friends who frequently download and install spyware loaded applications on your machine, this will save you hours trying to undo their damage. Your box will thank you for it
“Imagine a computer that is the size of a grain of sand that can test
keys against some encrypted data. Also imagine that it can test a key
in the amount of time it takes light to cross it. Then consider a
cluster of these computers, so many that if you covered the earth with
them, they would cover the whole planet to the height of 1 meter. The
cluster of computers would crack a 128-bit key on average in 1,000
years.”
That is a staggering number. Imagine the difficulty of brute force attacking a 256-bit encrypted key!
He goes on to offer several other quotes, and analogies which really put the difficulty into perspective.
This leads me to another point I would like to make. Always encrypt passwords in a database. Except in extremely rare circumstances there is no reason to store user passwords in plain text. If the user forgets their password it is trivial to generate a new password for them, and store a 1-way hash of the new password in the database. When the user logs in, simply 1-way hash the password they entered (with the same algorithm) and compare the hash to the one stored in the database.
For security, user passwords should never be recoverable, even by administrators. This not only prevents a rouge employee from retrieving a list of all usernames and passwords in the system, but also protects against SQL injection attacks if you make a mistake securing you forms based authentication system.
For a greater level of security, I recommend using a salted-hash, which
appends a number of random characters to a string prior to hashing.
This method will also prevent potential dictionary attacks. For those interested, David Hayden provides a simple method for adding a salt to hashes.
I highly recommend reading the blog posts by Jeff Atwood and David Hayden for more information of this subject.
If you have not read these documents in a while, I highly recommend giving them a look.
In a world where Bi-Partisan politics consumes our government and media, it is important to remember the goals for our founding fathers as they separated from England to form our nation.
Related to my post yesterday, friends and family members often ask me why I recommend Firefox as their primary browser. I am frequently asked questions like, “What’s wrong with Internet Explorer?” Despite the fact that alternative browsers are gaining market share, the vast majority of users still use IE, simply because they don’t feel they are advanced enough to use something else.
In addition to the added security and features, I use Firefox for one other very important reason. Believe it or not, other programmers have actually asked me why I test webpages in multiple browsers! I know this is hard to believe, but the logic is that since the overwhelming majority still uses Internet Explorer, why worry about the last 10%. Obviously there are flaws in this logic which brings me to the other important reason I use Firefox. Standards Compliance.
The problem is, writing code for IE6 is a bit like Black Magic. It will cause a programmer to rip their hair out, which I will use as an excuse for my receding hairline :). Therefore supporting standards compliance is the battle cry of most web designers.
This brings me to this hilarious, yet truthful graph from Poisoned Minds which shows how web designers divide their time.
*Note: I have slightly modified the image to keep the site family-friendly.
Although I primarily use and recommend Mozilla Firefox due to its wonderful extension support, I thought I would take a moment to discuss other browsers.
Microsoft Internet Explorer Team has officially released Internet Explorer Beta 3 for Windows XP.
If you refuse to use any browser other than IE, or if you absolutely need IE specific technologies such as ActiveX, I highly recommend giving IE7 Beta 3 a try. Security has been greatly improved, and the interface is growing on me, although slowly. The tab support works well, and the browser seems quite speedy and responsive.
In other news Opera has released Version 9 of their web browser. I must say, I am really impressed with the newest version of Opera. Although it lacks the vast extension support of Firefox, the browser it self is very, very, good. It is speedy, lightweight, and stable. Version 9 sports an impressive list of features including support for the holy grail of CSS compliance: Acid2.
Although I will likely stick with Firefox on the desktop because of its extension and plug-in support, I think Opera is an excellent browser for alternative platforms. Opera Mini and Opera Mobile are available for mobile phones and PDAs. If you are still using Pocket Internet Explorer, give Opera a try. Also, Opera and Nintendo have announced that the Nintendo DS and the next-generation Nintendo Wii Console will use the Opera Web browser. I think this is an excellent move for both companies. Nintendo will get a very functional, light weight browser. Opera will gain a large chunk of market share. This is a win-win for not only the companies, but standards compliance and webpage compatibility.
After a few small issues, PiRootOfPi.com has now been successfully moved to the new Web Host. All pages should now be working. The page is now hosted by WebHost4Life. They offer affordable prices and so far have given me wonderful customer service moving the site. Anyone looking for affordable Windows Hosting with great service should check out WebHost4Life. If you decide to use WebHost4Life for your pages, and would like to thank me, simply sign up using one of the links in the post. WebHost4Life will give me credit off of my hosting bill for each signup.
Thanks, Dave
Update Jan 10, 2008: I am no longer with WebHost4Life. I have now moved my blog to another host.
Although I primarily use and recommend