Scott Hanselman

Router redirecting to unwanted Adobe Flash update malware site - Moon Virus?

May 29, '15 Comments [3] Posted in Tools
Sponsored By

1000wmainBear with me, for now this will be a tiny post, a placeholder, but I am looking for feedback, ideas, comments and I will keep this post updated.

The scenario: My local sandwich shop where I often hang out and work remotely has a wireless router that started to redirect me to a fake "update your flash" and download a "Install flashplayer_10924_i13445851_il345.exe" malware file. There are no viruses, rootkits, or malware on my PC. This affects their PoS (Point of Sale) system, tablets, iPhones. Also, it's not a DNS hijack, as the URL from the HTTP doesn't change. It's a MitM attack (Man in the Middle) where x number of HTTP GETs work fine and then every few hundred the router returns it's own HTML. The requestor doesn't know the difference.

The router he has is a V1000W Wireless N VDSL Modem Router. I'm suspecting the "Moon" virus but I'm not sure, as this isn't a Linksys. The firmware is ancient from 2009 and that's the latest one I can find.

Before you reply:

  • I'm technical, but the public is often not. Comments like "run openwrt" are certainly valid for a techie, but I'd like to know something more populist:
    • Can this router (and others like it) be fixed? Or is this bricked? Can I flash it with the original firmware to restore?
    • Remote management isn't enabled. What port did the attack happen on?
    • How can I confirm it has it (all signs point to it) with some curl command?
  • What routers have this? What is the source?
  • What can a regular Jane/Joe do about this if they have Frontier/FIOs/CenturyLink, etc?

Thoughts?

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by ORCS Web

Totally stressed out? Sync to Paper

May 29, '15 Comments [36] Posted in Productivity
Sponsored By
Messy Moleskine photo by Alexandre Dulaunoy and used under Creative Commons

One of the things I often talk about when I give presentations on Personal Productivity is that more people should Sync To Paper. I first had this idea in 2006 while working on a completely overwhelming project at my last job. I was already deeply into using OneNote, which was rather new at the time, so I was putting everything onto my laptop. I was convinced that my unorganized brain could "get organized" if I just wrote everything down in some cloud-based text file.

The problem is, at least for me, is that there isn't a great way to see the big picture when you've just got pixels to look at. Life is much higher resolution than I think folks realize. I'm frankly surprised that so many of you can feel organized and productive on those 11" laptops. What a tiny window into your life!

Anyway, when I was working on this huge project the database was extremely complex. Hundreds of tables and relationships to manage. It was far too much for anyone to keep in their heads or view on a screen. So they turned to the plotter. Remember those? The database team would print out massive posters and hang them on the wall. They'd stand together in front of them and stare and think.

You see syncing to paper a lot with user interface/user experience teams (UI/UX). We'll wallpaper entire hallways with mockups of what the system should look like, putting them in high traffic areas so everyone can absorb them and collaborate.

When my life is overwhelming and I am at PEAK STRESS, I do a three things.

  • I get a haircut, because at least I got that handled.
  • I clean my office, so I'm not reminded of the chaos of my life by the chaos of clutter around me.
  • And I sync to paper. I get a Moleskine notebook (Here's how to pronounce Moleskine, BTW) and I find a clear page and I write down what's stressing me out. I sync all my devices to paper. Calendars, Todos, thoughts, life, to paper.

The physicality of it is very satisfying in a visceral way. I've tried to do the same on a Surface or iPad with a stylus, but it doesn't work for me. The removal of technology and the scratch of a good quality pen on paper (I use a space pen) is very cathartic. Often I'm working on solving a technical problem so stepping away from tech is as important as the paper. It's a forced context switch. Even more, as a kinesthetic learner I feel like the moving of my hands differently, even if I never refer to the written notes again, the process helps cement the issues.

True Story: If you watch the Microsoft BUILD Keynote (a big deal, in tech circles) you'll see me come out for my 15 minute demo holding my Moleskine notebook. No one else does this. In fact, they tease me a little about my notebook. In fact, I'm usually given a 30 page typed script to memorize. It includes screenshots, talking points, gotchas, demo instructions, passwords, all the stuff I need for my demo. Folks work on these scripts for weeks and then deliver them to me. It's VERY stressful for everyone. We sit together for days and go over these huge documents and I freak out and panic and then get out my Moleskine and synthesize 30 pages into one. Here's what I took on stage with me for the BUILD 2015 keynote. Insane isn't it? But without it I would have freaked out. Now the stage crew knows me as "the guy with the notebook." And yes, I know my handwriting sucks and that this is an unintelligible pile. It still worked, and worked well. ;)

I have horrible handwriting

When I'm completely a mess OR I'm trying to get my head around a large problem, I'll cover the floor with paper, or find a wall or large whiteboard and try to work it out.

We focus on touchscreen and pinch gestures a lot these days, but for me "zoom out" means literally and figuratively taking a step back from a piece of paper and trying to absorb the big picture.

Paper is the cheapest retina display you'll ever use. Give it a try, at least until I can afford a Surface Hub for my office. ;)

Microsoft Surface Hub

Do you sync to paper? How does it work for you?

UPDATE: I was pointed to a post from Robert Greiner who promotes the same idea! Great minds think alike. I encourage you to also read his thoughts on the concept, as they are different from mine. He likes the temporary aspect of paper, and the pain of writing as ways to keep one focused.

Related Links

* Messy Moleskine photo by Alexandre Dulaunoy and used under Creative Commons

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by ORCS Web

Publishing an ASP.NET 5 app to Docker on Linux with Visual Studio

May 27, '15 Comments [12] Posted in ASP.NET | Docker | Open Source
Sponsored By

Docker Apps are mostly portableIt's early days, but this is a nice preview of the possibilities of things to come. I often use LEGO bricks in the way of an analogy when talking about software systems. I like the idea of choice, flexibility, and plug-ability. Choosing your language, operating system, deployment method and style, etc are all important.

There is a preview of an extension for Visual Studio 2015 (the release candidate at the time of this writing) that adds Docker support. If you have VS2015 RC you can get the Docker Extension here. You can certainly manage things from the command line, but I think as you go through this post you'll appreciate the convenience of this extension.

NOTE: It's also worth pointing out that there is a Windows client command line for Docker as well. You can "choco install docker" and read about it here.

The Brief What's Docker Explanation

If you aren't familiar with Docker, here's the super basics.

  • Virtual Machines: You likely know what a virtual machine is. It's the whole operating system, the whole computer, virtualized. If you have a 10 megabyte app you want to run, you may end up putting it in a 10 gigabyte virtual machine and carrying it around. That gives great security and isolation as your app is all alone on its own private VM, but it's a little overkill. Now you want to deploy 100 apps, and you've got space, CPU, and other things to think about. VMs also start slow and have to be actively maintained.
  • Docker/Linux Containers (and Windows containers "Docker for Windows Server"): Docker containers are sandboxes running on the same OS kernel. They are easy to deploy and start fast.  As a side effect of running on the same kernel, containers let you share most of that 10 gigabytes (as an example number) of support software between lots of apps, giving you less isolation but also using a LOT fewer resources. Containers start fast and the underlying shared resources are what's maintained and kept up to date.

Docker also is a way to package up an app and push it out in a reliable and reproducible way. So you can say that Docker is a technology, but also a philosophy and a process.

Docker will work on Windows and Linux

Docker and Visual Studio

Once you have the Docker for Visual Studio 2015 extension (preview) installed, go ahead and make an ASP.NET 5 app. Right click the project and hit Publish.

Publishing to Docker from Visual Studio

Note the Docker Containers section that's been added? You still have PAAS (Platform as a Service) and can also publish to VMs within Azure as well. Select Docker and you'll be here:

Selecting a Docker VM

We'll make a new VM to host our Docker stuff. This VM will have be the host for our containers. Today it'll be an Ubuntu LTS VM. Note that the dialog includes all the setup for Docker, ports, certs, etc. I could use existing VMs, of course.

Making a Docker VM

If you don't have a VM, then the initial create takes a while (5-10 min or more) so hang back. If you already have one, or the one you created is ready, then march on.

Visual Studio put in all our Docker details

Make special note of the Dockerfile option. You'll usually want to select your own manually created Dockerfile, assuming you're doing more than just a Hello World like I am.

The ASP.NET Dockerfile is up on GitHub: https://github.com/aspnet/aspnet-docker and in the Docker registry: https://registry.hub.docker.com/u/microsoft/aspnet/

In the build window you'll see lots of docker-related output. Here's a snipped version for flavor.

VERBOSE: Replacing tokens in Dockerfile: C:\Users\Scott\AppData\Local\Temp\PublishTemp\approot\src\WebApplication6\Properties\PublishProfiles\Dockerfile
VERBOSE: Package output path: C:\Users\Scott\AppData\Local\Temp\PublishTemp
VERBOSE: DockerHost: tcp://hanseldocker.cloudapp.net:2376
VERBOSE: DockerImageName: webapplication6
VERBOSE: DockerPublishHostPort: 80
VERBOSE: DockerPublishContainerPort: 80
VERBOSE: DockerAuthOptions: --tls
VERBOSE: DockerAppType: Web
VERBOSE: DockerBuildOnly: False
VERBOSE: DockerRemoveConflictingContainers: True
VERBOSE: LaunchSiteAfterPublish: True
VERBOSE: SiteUrlToLaunchAfterPublish:
VERBOSE: Querying for conflicting containers which has the same port mapped to the host...
Executing command [docker --tls -H tcp://hanseldocker.cloudapp.net:2376 ps -a | select-string -pattern ":80->" | foreach { Write-Output $_.ToString().split()[0] }]
VERBOSE: Building Docker image: webapplication6
Executing command [docker --tls -H tcp://hanseldocker.cloudapp.net:2376 build -t webapplication6 -f "C:\Users\Scott\AppData\Local\Temp\PublishTemp\approot\src\WebApplication6\Properties\PublishProfiles\Dockerfile" "C:\Users\Scott\AppData\Local\Temp\PublishTemp"]
VERBOSE: time="2015-05-27T10:59:06-07:00" level=warning msg="SECURITY WARNING: You are building a Docker image from Windows against a Linux Docker host. All files and directories added to build context will have '-rwxr-xr-x' permissions. It is recommended to double check and reset permissions for sensitive files and directories."
VERBOSE: Sending build context to Docker daemon 28.01 MB
VERBOSE: Step 0 : FROM microsoft/aspnet:vs-1.0.0-beta4
VERBOSE: vs-1.0.0-beta4: Pulling from microsoft/aspnet
VERBOSE: e5c30fef7918: Pulling fs layer
VERBOSE: e5c30fef7918: Pull complete
VERBOSE: e5c30fef7918: Already exists
VERBOSE: Digest: sha256:27fbe2377b5d4e66c4aaf3c984ef03d22afbfee3d4e78e10ff38cac7ff162d2e
VERBOSE: Status: Downloaded newer image for microsoft/aspnet:vs-1.0.0-beta4
VERBOSE: ---> e5c30fef7918
VERBOSE: Step 1 : ADD . /app
VERBOSE: ---> cf1f788321b3
VERBOSE: Removing intermediate container dd345cdcc5d9
VERBOSE: Step 2 : WORKDIR /app/approot/src/WebApplication6
VERBOSE: ---> Running in f22027140233
VERBOSE: ---> 7eabc0da4645
VERBOSE: Removing intermediate container f22027140233
VERBOSE: Step 3 : ENTRYPOINT dnx . Kestrel --server.urls http://localhost:80
VERBOSE: ---> Running in 4810324d32a5
VERBOSE: ---> e0a7ad38eb34
VERBOSE: Removing intermediate container 4810324d32a5
VERBOSE: Successfully built e0a7ad38eb34
The Docker image "webapplication6" was created successfully.
VERBOSE: Starting Docker container: webapplication6
Executing command [docker --tls -H tcp://hanseldocker.cloudapp.net:2376 run -t -d -p 80:80 webapplication6]
Docker container started with ID: 6d4820044df200e87f08cb5becbec879d1b58fcab73145ca3aa99a424c162054
To see standard output from your application, open a command line window and execute the following command:
docker --tls -H tcp://hanseldocker.cloudapp.net:2376 logs --follow 6d4820044df200e87f08cb5becbec879d1b58fcab73145ca3aa99a424c162054
VERBOSE: received -1-byte response of content type text/html; charset=utf-8
Executing command [Start-Process -FilePath "http://hanseldocker.cloudapp.net/"]
Publish completed successfully.

The interesting parts are the calls to dnx (the .NET Execution host), the warning that I started on Windows and I'm going to Linux, as well as the fact that we're using the "microsoft/aspnet" docker image.

ASP.NET in a Linux Docker Container

In my example, I had VS and the extension make my certificates. If I want to connect to this instance from the Windows Docker command line, I need to either pass those certs in, or set an env var. Here I'm running "ps" to see the remote docker containers in this Azure Linux VM. The Docker client looks in %USERPROFILE%\.docker for certs., so you just need to set DOCKER_HOST or pass it in like this.

C:\>docker --tls -H=tcp://hanseldocker.cloudapp.net:2376 ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6d4820044df2 webapplication6:latest "dnx . Kestrel --ser 58 minutes ago Up 58 minutes 0.0.0.0:80->80/tcp silly_poincare

It worked great. Also be sure to explore the PublishProfiles folder that gets created in your Visual Studio project under "Properties." A PowerShell script and a Shell script get created in that folder that you can use to publish your app from the command line. For example:

.\hanseldocker-Docker-publish.ps1 -packOutput $env:USERPROFILE\AppData\Local\Temp\PublishTemp -pubxmlFile .\hanseldocker-Docker.pubxml

or from Linux:

cd ProjectFolder (like WebApplication/src/WebApplication)
source dnvm.sh
dnu restore --no-cache
mkdir ~/Temp
dnu publish . --out ~/Temp/ --wwwroot-out "wwwroot" --quiet
cd Properties/PublishProfiles
chmod +x ./Docker-publish.sh
./Docker-publish.sh ./Docker.pubxml ~/Temp/

I'm looking forward a cross-platform cross-tools choice-filled future. Finally, there's a great 7 part video series here called "Docker for .NET Developers" that you should check out on Channel 9.


Sponsor: Big thanks to Atalasoft for sponsoring the blog and feed this week! If your company works with documents, definitely check out Atalasoft's developer tools for web & mobile viewing, capture, and transformation. They've got free trials and a remarkable support team, too.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by ORCS Web

Syncing Windows Live Writer Drafts to the Cloud (Dropbox) and other bug fixes

May 21, '15 Comments [27] Posted in Tools
Sponsored By

I still use Windows Live Writer (http://www.windowslivewriter.com) to post to this blog. It remains the best little blogging app out there. It has a nice plugin ecosystem, great WYSIWYG editor (using IE) even though it hasn't been updated since 2012. A bunch of us are working to get it open sourced, and I'll let you know the second I know something.

But for now, let me fix two things about Windows Live Writer that have been bugging me.

Clearing Cached Blog Themes

First, a small bug. My HTML Styles look like this, and have for a while. See how the background is black? Annoying. I always assumed it was a GDI or graphics bug. In exploring the Windows Live Writer code I learned a few things.

Windows Live Writer with black styles

It turns out that Windows Live Writer is trying to render your styles by using your download blog theme's CSS inside those little boxes! My blog (and others, I've heard) doesn't render nicely.

The downloaded them is stored in %AppData%\Windows Live Writer\blogtemplates and you can easily fix this annoyance by simply deleting the folders below blogtemplates.

Using the Default Windows Live Writer Theme

Ah, much nicer.

Syncing your Windows Live Writer Drafts with OneDrive or Dropbox

I've seen some blog posts with folks suggesting junction or reparse points (symbolic links) to hack together a way to "roam your draft blog posts" with Windows Live Writer. It's much easier than that, in fact. You can just set a registry key with your preferred Drafts folder. I put mine in my Dropbox, but you could also use OneDrive or Box. This means your local draft blog posts will "roam" to all your machines. If you're someone who works on a blog post for a few days you'll appreciate this new ability. You can start a post at work and finish it at home. Even the images will roam.

Head over to HKCU\SOFTWARE\Microsoft\Windows Live\Writer in your registry (via Regedit.exe) and make a new String Value called "Posts Directory."

image

Windows Live Writer will make new Drafts and Recent Posts folders in the location you specify. I set this registry key on all my machines that I have Dropbox installed and now all my blog post drafts are there too!

I hope this helps you out! And I'll be sure to let you know about our plans with Windows Live Writer as soon as I know more. ;)


Sponsor: Big thanks to Atalasoft for sponsoring the blog and feed this week! If your company works with documents, definitely check out Atalasoft's developer tools for web & mobile viewing, capture, and transformation. They've got free trials and a remarkable support team, too.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by ORCS Web

Git-deployable F# based Web Applications in the Azure Cloud with WebSharper

May 19, '15 Comments [5] Posted in Azure | Open Source
Sponsored By

Web Apps with WebSharper and F#Last month after I wrote a small prototype to get the F# Suave.io web framework running on Azure Web Apps (a git deployed managed Platform as a Service) I started looking for more F# Azure resources.

Here's a list of some other existing F# programming technologies that are great with Azure. Did I miss any? I surely did. There's a huge list up at FSharp.org for resources running F# on any cloud.

  • Fog (an F# Azure data scripting API)
  • MBrace (a scalable distributed programming model for F#)
  • FSharp.Data (a set of F# type providers for common cloud data manipulation scenarios)
  • Suave (a simple web development F# library for lightweight microservices including route flow and task composition)
  • FSharp.CloudAgent - a simple framework to easily distribute workloads over the cloud using standard F# Agents as the processing mechanism. Support exists for both simple and reliable messaging via Azure Service Bus, and for both workers and actors.
  • AzureStorageTypeProvider - An F# Azure Type Provider which can be used to explore Blob, Table and Queue Azure Storage assets and easily apply CRUD operations on them
  • Try F# - A web programming console for F# that can be reoriented towards Azure programmability
  • HadoopFs - A lightweight F# implementation of the Hadoop Streaming API
  • FSharp.Azure - A wrapper over WindowsAzure.Store using idiomatic F#

There's also the WebSharper web framework. WebSharper isn't ASP.NET with F#, it's its own idiomatic thing. What's that really mean, "idiomatic?"

You know how when you Google Translate a sentence it doesn't quite work? I mean, it works, but it doesn't feel right. It doesn't feel right because the translator understands the words, and some phrases, but not the idioms - the underlying thoughts that are unique to that language. There was a time a few years back when folks were constantly looking for C# to VB convertors. This is something that's quite possible, almost line for line. However, changing an imperative language into a functional one is not like turning American English into British English. ;) Let functional languages be functional.

F# people like to do things their way and the language has very different goals and ideas than C# so it makes sense there would be a opinionated web framework for F#. I like it.

(Although I'm sure there will be a way to use ASP.NET 5 and MVC with F# in the future, this post isn't about that.)

WebSharper has a VS Extension so you can File New new projects, and here's a hello world ToDo List app (minus the HTML view, which you can see here)

namespace UINextApplication1

open WebSharper
open WebSharper.JavaScript
open WebSharper.JQuery
open WebSharper.UI.Next
open WebSharper.UI.Next.Notation

[<JavaScript>]
module Client =
type IndexTemplate = Templating.Template<"index.html">

let Tasks = ListModel.FromSeq ["Have breakfast"]

let Main =
JQuery.Of("#tasks").Empty().Ignore

let newName = Var.Create ""

IndexTemplate.Main.Doc(
ListContainer =
(ListModel.View Tasks |> Doc.Convert (fun name ->
IndexTemplate.ListItem.Doc(
Task = View.Const name,
Done = (fun e -> Tasks.Remove name)))
),
Task = newName,
Add = (fun e ->
Tasks.Add(newName.Value)
Var.Set newName "")
)
|> Doc.RunById "tasks"

More interesting is the recent blog post by Adam Granicz where he expands on my "Suave to Azure via GitHub" prototype and shows how to deploy a real F# WebSharper app to Azure Websites via GitHub.

One of the main improvements is that my solution used FAKE and I found myself wanting a binary version of the FSharp compiler as  NuGet. An issue was open and closed within days, simplifying the deployment. Additionally their WebSharper solution creates an ASP.NET app that runs in the context of ASP.NET and IIS, while my Suave solution needed a separate process. WebSharper 3.1 was recently released, and you can see their sample running live in Azure here: http://websharper-clientserver.azurewebsites.net

And of course, you can deploy it to Azure right from here using the Deploy to Azure button!

Deploy to Azure

Do you dabble in F#, are you doing F# professionally? What do you think about F#-based web applications?


Sponsor: Big thanks to Atalasoft for sponsoring the blog and feed this week! If your company works with documents, definitely check out Atalasoft's developer tools for web & mobile viewing, capture, and transformation. They've got free trials and a remarkable support team, too.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by ORCS Web

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.