Scott Hanselman

Google Desktop Search - I knew they'd get it right

October 14, '04 Comments [14] Posted in Musings
Sponsored By

It's freaking brilliant.  Everyone will blog about it, and will tell you this and that.  So, instead of filling your RSS Reader with the same nonsense, I'll just offer my first impressions about what I found so clever.

  • It sets a Cookie (appears to do it in FireFox as well) that makes DESKTOP appear as a choice when you visit Google.com. 
  • The link to desktop is like: http://127.0.0.1:4664/&s=1444031046.  Notice that it's running a local Web Server on my box at port 4664.  Clever.
  • In installs a few things to C:\program files\google\Google Desktop Search including:
    • GoogleDesktopOffice.dll - To index .DOC, .XLS, etc.
    • GoogleDesktopIE.dll - To index visited sites form your IE cache.  I don't see FireFox being indexed, but it's clear they are using a plugin arch and I suspect we'll see other plugins coming.
  • As most "alpha/beta" Google stuff, it's very polished.  They've really raised the bar on what it means to pre-release software.
  • They've installed an Outlook AddIn, no doubt to get to bypass MAPI and go straight to the Outlook Object Model.  They also appear to directly index Outlook Express files on disk.
  • Your desktop results are INCLUDE with standard Google results.  They appear at the top of the page: "306 results stored on your computer."  It gets an image from your local Google Web Server which is interesting:
       GET /onebox.gif HTTP/1.0
       Accept: */*
       Referer:
    http://www.google.com/search?hl=en&q=hanselman
       Accept-Language: en-us,es-mx;q=0.7,en-gb;q=0.3
       User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR     2.0.40607)
       Host: 127.0.0.1:4664
       Connection: Keep-Alive
       Pragma: no-cache
  • OY! Google's hooked WinInet.dll I think.  This works in Opera, in FireFox, in anything.  They are grabbing all traffic that goes to Google and injecting their own stuff in the results.   When I launched Opera, I noticed that Google's two networking DLLs loaded in-proc.

It's going to change the world.  Certainly more than Segway. ;) 

Now, I hope they don't try to include Desktop AdSense.

"Looks like you're searching your hard drive for Porn! Try our sponsored links!"

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Kindness from an INETA Group and Kudos all around

October 13, '04 Comments [0] Posted in INETA | ASP.NET
Sponsored By

I spoke at South Colorado.NET a little bit ago and had a blast.  It was a great crowd, very active and outspoken.  David Yack is the group organizer and did a fabulous job of hosting me.  Today I was told he posted an Open Letter to INETA on Scott Hanselman on his blog.  Wow, that's VERY kind, apparently the talk was well thought of.

Here's a few choice tidbits that helped make my day:

I honestly think that if more people knew how good the session would have been I could have doubled attendance!

After Scott’s presentation, I can’t tell you the number of members that expressed their feeling that he did an excellent job presenting and keeping the group engaged.

While all of our speakers from INETA were great, Scott just stood out a little more and I felt he should get recognition for that.

I also want to continue to express our thanks for INETA providing the speakers to our group – this is by far in my opinion is the biggest impact that INETA provides to our user group.

I agree that Kudos go to INETA and everyone in the Speaker's Bureau. I do about 4 to 6 of these a year, and I always have a blast.  It's cool to be a part of such excitement around .NET. Thanks to Dave and to INETA for providing such a great service.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Getting a BASE64'ed Adobe Acrobat PDF file out of a Soap Envelope with Classic ASP

October 11, '04 Comments [0] Posted in ASP.NET | TechEd | Web Services | XML
Sponsored By

UPDATE: Simon Fell caught me in the midst of evil, as he rightfully points out that when one bypasses a SOAP Stack and "does their own thing" as I have here, I must perform the SOAP Processing Rules.  I've update the code below, changes in RED. 

NOTE: In the interest of correctness, I've included namespace qualification in the NEW code.

A fellow emailed me wanting to get a PDF file out of a SOAP Envelope and write it directly out to the browser using Classic ASP.  Here's the code I used:

<%
Set m_Doc = Server.CreateObject("MSXML2.DOMDocument.4.0")
m_Doc.async = false
m_Doc.ValidateOnParse = false
'This could come from whereever, ADO, a file, another Web Service.
m_Doc.Load Server.MapPath(".") + "
\\soapresponse.txt
m_Doc.setProperty "SelectionNamespaces", "xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/' xmlns:def='http://localhost/'"

'There's nothing that I DO understand, so if there's anything I must, I'm screwed.
Set oHeader = m_Doc.selectNodes("//soap:Envelope/soap:Header/*[@soap:mustUnderstand = '1']")
If (Not oHeader Is Nothing) Then
   If (oHeader.Length > 0) Then
      Response.Write("Crap! I can't continue! What to do?")
      Response.End
   End If
End If

'Yes, it's a // XPath, but that's the LEAST of our problems before we get into microperf
Set oNode = m_Doc.selectSingleNode("//def:GetImageAsBase64Result")
'This is the Magic that makes it possible.  Otherwise you'll get a string.
oNode.dataType = "bin.base64"
Response.ContentType="application/pdf"
Response.AddHeader "Content-Disposition", "filename=whatever.pdf"
Response.BinaryWrite oNode.nodeTypedValue
%>

This is given a SOAP Response like this:

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<GetImageAsBase64Response xmlns="
http://localhost/">
<GetImageAsBase64Result>JVBERi0xLjI SNIP....etc...

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Superman is dead, world mourns

October 11, '04 Comments [2] Posted in Musings
Sponsored By

 

Truly a great man who was dealt a massive blow and took it with stride.  I'm inspired not to complain about my own chronic illness when faced with Christopher Reeve's strength.

- Scott Hanselman, 10/10/2004 11:14pm

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

ASP.NET Security Vulnerability

October 8, '04 Comments [0] Posted in ASP.NET | HttpModule
Sponsored By

This has been blogged about over and over.  This is another case where if you had UrlScan or any decent security url filter installed on your box, you'd be fine.  Certainly it's a problem in ASP.NET, and Microsoft has an HttpModule to fix it.  This means you can install this once and get the fix on all your systems, rather than adding it in the BeginRequest of the Global.asax.cs.

One interesting note, if you're confirming the user's Security Principal and Identity (WindowsPrincipal, FormsIdentity) via code, or are using a custom Principal (as I do as a best practice) your code will catch this problem even if ASP.NET Form's Authentication's AuthorizationModule didn't.

1) Updated http://www.microsoft.com/security/incident/aspnet.mspx with new information about the reported vulnerability.  This should help clear up some of the confusion we've seen about what is affected by this.  To be super clear, all ASP.NET applications, on ALL OS's should follow the guidance provided.

2) A new HTTP Module mitigation best practice.  This is in the form of an MSI installer that will help protect all ASP.NET applications on a Web server.  This MSI installer will place a binary into the GAC and update the machine.config file for ASP.NET.  You can find download information at http://www.microsoft.com/downloads/details.aspx?FamilyID=da77b852-dfa0-4631-aaf9-8bcc6c743026&displaylang=en

You can also download the MSI directly at http://download.microsoft.com/download/4/6/1/461433d5-cbac-4721-85cb-c5a514fd0049/VPModule.msi

3) Detailed guidance about the HTTP Module, how the MSI works, and how to deploy it.  You can find this KB Article at http://support.microsoft.com/?kbid=887289

 

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.