Scott Hanselman

.NET Versioning and Multi-Targeting - .NET 4.5 is an in-place upgrade to .NET 4.0

April 2, '12 Comments [89] Posted in Learning .NET
Sponsored By

Say what you will about the past ridiculousness of .NET Framework versioning, since the confusion of .NET 3.5SP1 they've  been trying to get it right. It's not the magic of Java Version 6 Update 31 (build 1.6.0_31-b05) but it's a start. O_o

Back in July of 2011 I wrote a post on Issues with .NET and Microsoft Product Versioning that got the attention of some folks. I was most concerned about some "platform updates" to .NET 4 and the way they were named. Meetings were had and those small updates now have simpler names versions like NET 4.0.1, etc.

I'm not going to tell you it's not confusing today. I do think that things are getting better and becoming less confusing. .NET 4.5 is a step in the right direction of transparency in versioning.

The .NET Framework can version in two ways. There are "side by side installs" and there are "in place upgrades." A major version means side-by-side and a minor version means in-place.

Side-by-side means that different versions of .NET can live together on the same machine.

Diagram: .NET CLRs can live side by side

In-place upgrade means that the CLR is the same but new libraries are added as well as bug fixes and performance improvements:

Diagram: .NET 4.5 builds on top of .NET 4

There's been some concern about how .NET 4.5 is an "in-place upgrade" of .NET 4. That means .NET 4.5 is still the v4CLR and adds new libraries as well as improvements to the core CLR itself.

Rick Strahl said on his blog:

Note that this in-place replacement is very different from the side by side installs of .NET 2.0 and 3.0/3.5 which all ran on the 2.0 version of the CLR. The two 3.x versions were basically library enhancements on top of the core .NET 2.0 runtime. Both versions ran under the .NET 2.0 runtime which wasn’t changed (other than for security patches and bug fixes) for the whole 3.x cycle. The 4.5 update instead completely replaces the .NET 4.0 runtime and leaves the actual version number set at v4.0.30319.

Rick has a great post with a lot of detail and information. However, respectfully, I don't think .NET 4.5 vs. .NET 4 is as different as Rick implies. In fact .NET 3 and .NET 3.5 both upgraded the system (and CLR) in place as well.

Perhaps if 3 and 3.5 were called .NET 2.5 and .NET 2.8 it would have made more sense. The community is always concerned about breaking changes, much like we are here with .NET 4 and .NET 4.5. Unfortunately reality and marketing names haven't always matched, but going forward I think we all agree that:

  • Major Version = New CLR
  • Minor Version = Bug fixes, new libraries
  • Revision = Bug fixes, no breaking changes, small improvements

.NET 4.5 is not a radically different side-by-side CLR. A new CLR would be a theoretical .NET 5 In my opinion.

Could something break with .NET 4.5? This is why it's in beta now, so now is the time to speak up. It's possible something could break but unlikely according the .NET Blog. Here are the known .NET 4.5 breaking changes - most are pretty obscure. The kinds of breaking changes I've seen myself in the wild have been primarily when folks are relying on reflection or internal data structures. These internals aren't public contracts so they may have changed. I realize that when a change breaks YOU it feels like a situation when "100% of applications will break....mine did!" situation. It sucks, but in fact there are minimal breaking changes in .NET 4.5.

Can I get .NET 2.0, 3.5, 4 and 4.5 apps all running together on my system? Yes.

Can I develop apps with different versions with Visual Studio 11 Beta? Sure, you can multi-target all these versions and even plugin more targeting packs. I'll do a blog post later this week on Portable Libraries, a new version in .NET 4.5 that makes creating libraries for any CLR (including Xbox, Phone, Mono and others).

Screenshot of the multi-targeting dropdown in Visual Studio

Developing Safely for both .NET 4 and .NET 4.5

It's been implied on blogs that if you install .NET 4.5 on your machine that you can't safely develop for .NET 4. In Rick's post, he compares two DLLs on a .NET 4 machine and again after the .NET 4.5 in place upgrade. How can you target safely against .NET 4 if you've installed .NET 4.5? You don't have those .NET 4 DLLs anymore, right?

Actually you do. They are in C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework.

Reference Assemblies

Let's prove it on a machine with Visual Studio 11 Beta. I'll make a DLL and reference System.Web and make use of one of the added types in that assembly. Yes, it's a screenshot of code, but hang in there.

Using the .NET 4.5 ModelBinderDictonary Type

Now I'll change the properties of my project from .NET 4.5 to .NET 4. I won't change anything else. I'll build. Note that the type isn't there, I get a build error and I can't reference the namespace. You will know if you're using new .NET 4.5 functionality. The multi-targeting build system was designed for this and existed as far back as .NET 3.5. Those reference assemblies are there to catch this kind of thing.

Referencing .NET 4 and using a type we don't have will cause a compiler error

So while .NET 4 and .NET 4.5 don't live side by side on your system at runtime, Visual Studio knows about all the different versions of .NET and the compiler will reference different versions when you build.

If you are making a client app, like WinForms, Console, WPF, etc, this is all automatic. Your app.config contains that fact that you need .NET 4.5 and you'll even get a prompt to install it.

<?xml version="1.0" encoding="utf-8" ?>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />

So if I run my .NET 4.5 Console App on a .NET 4.0 machine now I get a nice dialog.

A dialog that pops up when running .NET 4.5 apps on .NET 4 to prompt an update

Looks like this technique doesn't work on ASP.NET (I would expect a Yellow Screen of Death)...I will talk to the team about that. I think this is a good thing and ASP.NET should respect it also.

UPDATE #2: The system will throw an error when an ASP.NET 4.5 application is deployed to an ASP.NET 4 system. The default templates on for ASP.NET 4.5 applications include the targetFramework attribute set to 4.5 like this:

<compilation debug="true" strict="false" explicit="true" targetFramework="4.5" />

This will throw a YSOD if you deploy a 4.5 to a 4 machine like this: "The 'targetFramework' attribute currently references a version that is later than the installed version of the .NET Framework."

UPDATE: If you really, really want to detect .NET 4.5 at runtime, don't check versions or build numbers. Check for the existence of the feature you want to use. For example, from this Stackoverflow question by Christian K, here's how to detect .NET 4.5 programmatically.

However, David from the CLR team (in the comments) says that this is not a good idea. He says to check if an important feature is there and use it. Don't cheat and infer .NET versions.

"The IsNet45OrHigher example is not what we'd recommend. By feature detection, we mean 'detecting the presence of a feature before you use that feature', <i>not</i> 'using the presence of a feature to determine what version of .NET you are runnning on."

public static bool IsNet45OrNewer()
// Class "ReflectionContext" exists from .NET 4.5 onwards.
return Type.GetType("System.Reflection.ReflectionContext", false) != null;

Microsoft has said the same thing about Operating System features:

Identifying the current operating system is usually not the best way to determine whether a particular operating system feature is present. This is because the operating system may have had new features added in a redistributable DLL. Rather than using GetVersionEx to determine the operating system platform or version number, test for the presence of the feature itself.

Related Posts

Sponsor: My sincere thanks to Axosoft for sponsoring this week's feed! Imagine agile project management software that is brilliantly easy to use, blazingly fast, totally customizable, and just $7 per user. With OnTime Scrum, you won't have to imagine. Get started free.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

ASP.NET MVC 4, ASP.NET Web API and ASP.NET Web Pages v2 (Razor) now all open source with contributions

March 28, '12 Comments [75] Posted in ASP.NET | ASP.NET MVC | Open Source
Sponsored By

Happy Tuesday! It's indeed a happy day as I am (literally this moment) at a conference in Las Vegas and have just pressed Publish on this blog post to announce that we are open sourcing ASP.NET MVC 4, ASP.NET Web API, ASP.NET Web Pages v2 (Razor) all with contributions under the Apache 2.0 license. You can find the source on CodePlex . Be sure to read all the details on ScottGu's blog.

Ya, I bolded, underlined and italicized that last part and yes, it was gratuitous. Fight me. ;)

This is the culmination of a lot of hard work by a lot of folks in our organization. It's the very reason that I came to work at Microsoft. So, what’s happening here?

While the source for ASP.NET MVC has had source available since its inception, and converted to the MS-PL license in April of 2009, the developers didn't take contributions from the community. While we were open source we were not “open source with takebacks.”

Today we continue to push forward and now ASP.NET MVC, Web API, Web Pages will take contributions from the community. NuGet from OuterCurve also is open source, and now huge parts of ASP.NET are as well. We shipped community code in NuGet with Visual Studio 2010 and NuGet has taken community contributions. Now we will ship community code inside ASP.NET in this upcoming version of Visual Studio.

We are opening sourcing these ASP.NET components on CodePlex using Git as our repository. CodePlex now supports TFS, Subversion (via a bridge), Mercurial and now Git.

Why Open Source?

If you’ve been following our exploits, we’ve actually been shipping open source with ASP.NET and Visual Studio for quite a few years. We started shipping the jQuery open source JavaScript library back in 2008. Since then we’ve added Modernizr, Knockout, jQuery Mobile, JSON.NET, and jQuery UI. These are all shipping and available today. Betcha didn't know that.

Microsoft started using an open development style with the Windows Azure SDK last year. It’s worked and worked well, so now they’re expanding the style to include some of the popular frameworks like ASP.NET. This will let us get feedback and respond to it faster than ever.

Over the last four years at Microsoft I’ve worked closely with the community to get feedback and voices heard by the developers. However today, as we introduce more open source projects that take contributions, you can get more directly involved.

  • Find a bug? Send a unit test or fix.
  • Think our coverage isn’t sufficient? Submit a unit test.
  • Got a feature idea? Get involved more deeply with the developers and help write it.

Like every large open source project, every check-in (open source or otherwise) will be evaluated against the existing standards used by the developers. Even better, you’ll get to see our developers' checkins to the product out in the open.

It’s really important to remember that ASP.NET MVC, Razor, and Web API are fully supported Microsoft products and will still be staffed by the same developers that are building them today. The products will be backed by the same Microsoft support policy and will continue to ship with Visual Studio.  Also, to be clear, Microsoft is maintaining the same level of development resources as we always have. There’s still a roadmap and actually, there are more Microsoft developers working on ASP.NET today than ever before.

Why are you doing this?

Why shouldn't we? We like open source and you do too. Many of us come from open source backgrounds and many of us work on open source in our spare time.  We think our products are great and by moving to an open development model we think even more people will be energized, excited, and help make the products and the community even stronger.

Are you going to open source more things in ASP.NET?

Did I mention we love open source? We are going to continue to do open source in ASP.NET as we can when it makes sense.

Why isn’t ASP.NET Web Forms open sourced?

The components that are being open sourced at this time are all components that are shipped independently of the core .NET framework, which means no OS components take dependencies on them. Web Forms is a part of System.Web.dll which parts of the Windows Server platform take a dependency on. Because of this dependency this code can’t easily be replaced with newer versions expect when updates to the .NET framework or the OS ships.

What about Mono?

The Web Team digs Mono. We love that ASP.NET MVC can run on Mono and we look forward to getting contributions from the Mono community. In fact, I called my friend Miguel last week so he could be the first one to submit a pull request.

Why not on GitHub?

The Visual Studio Team has big plans for CodePlex, including adding Git support and modernizing the experience. Right now CodePlex supports TFS, Mercurial (Hg) and just added Git! As we're a partner with the Visual Studio Team we think the right thing for us to do is to support their plans to make CodePlex a thriving place for open source software again. We push them hard and they're releasing weekly now.


Here's how I look at it: Open Source == Increased Investment. ASP.NET is a part of .NET, it will still ship with Visual Studio. It's the same ASP.NET, managed by the same developers with the same support. It's ASP.NET except now you can get involved. You'll be able to see our developers' check-ins in public, offer feature ideas of your own, perhaps even become a key committer.

I'm pretty jazzed that we pulled this off at Microsoft. Still, it's just the beginning. I’m looking forward to working with you! ;)


Related Links

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Turning 105 gigs of Digital Video into a one hour Wedding DVD with Windows Live Movie Maker

March 25, '12 Comments [16] Posted in Musings
Sponsored By

Here's the tale of how I took 7 hours of PAL DV tape and digital video, two CD's worth of music, 322 photos that totaled 105 gigs of digital assets and turned it into a DVD of my brother in law's wedding. The result was 66 min, 364 cuts and included music, overlays (who's that cousin?) and some nice transitions, as well as a DVD menu.

I know next to nothing about digital video and I'm sure all of you who will comment on this will say stuff like "Dude, why didn't you use Adobe Premiere/Avid/iMovie/an IPad" or whatever. You'll also say that you have created much more interesting/complex/impressive projects. Poop on you, I say. I'm feeling pretty darned proud of myself here because I just made a DVD that my family will love. ;)

OK, here's what my amateur self did.

My wife went to South Africa for a month last year to her brother's wedding. I stayed home with the kids. She returned with five hours of digital video on a bunch of PAL Digital Video Cassettes. PAL is essentially the non-US format. We use NTSC here.  PAL is 576 lines interlaced. She also brought over 300 photos across a half dozen digital cameras as well as an other two hours of 720p video shot with our little Canon S95.

Importing/Ripping Video from Tapes

First, I needed to get the PAL video off the mini-DV tapes. If you want to rip PAL DV tapes you really need a PAL DV player, then you can just hook up a Firewire (IEEE 1394) cable and import the video directly.

I decide to use Windows Movie Maker because it was free. I have a Mac around here somewhere but it's a few years old and I really wanted to edit this as fast as possible so I used my more powerful machine which is my Windows Desktop.

Back in the Windows XP days I remember this experience sucking badly. There were Firewire drivers to find, and most machines were too slow and too small to import video without dropping frames. In this case I just plugged in the cable to the camera, then to the PC and got a dialog.

Importing Digtal Video

I selected import and it even chopped up the scenes into separate files. About 60 gigs and 5 hours later I had all my PAL mini DVD tapes in an uncompressed AVI format.

That's 55 gigs of Video Files

Getting Assets Organized

Cool. I also had some CDs and music we bought I knew I wanted to use, as well as all the other AVIs from digital cameras, some DVDs of other video and all those photos. I put them each into folders like this:

Raw DVDs, Source Audio, Source Photos, Source Tapes, Source Videos

This is as far as I went for "asset management," although we did go through the video and give them descriptive filenames like this (yes, that's an actual filename):

"17A - Ceremony Begins; MC, Pastor Arthur prayer & welcome; Choir sings; Mbusi, Fatty & other girl arrive; Mbux & Groomsmen Bridesmaids Phili waiting in car Vusi4 2011-09-27 08.23.20.avi"

That file name might seem silly, but the  gamble paid off later. It's totally unambiguous. At this point we're organized and have 105 gigs of files on an external drive.

105 Gigs of Digital Assets

Editing in Windows Live Movie Maker

As I recall around the Windows XP times Windows Movie Maker wasn't very good, but I thought I'd give it a try, because it's free, sure, but also because I didn't want to do lot of multi-layered super complex editing, I just wanted to make a wedding DVD. I did want to do some reasonable interesting editing though because I had multiple camera angles on the same event. I also had the source music that was playing the background.

This meant I would/should be able to, for example, take three angles on the ring along with the music in the background and assemble a series of quick cuts in order on the same event while cleaning up the music using the original source. That was about the trickiest thing I'd want to do.

Here's an example sequence. The bride is coming in, I've got cross fades between some (indicated by the white triangle in the corner of each segment) and tight cuts between others. There's music coming in as she walks up, that fades out, the ring, then another song starts up and some photos come in.

You can mix photos and videos and get a "Ken Burns effect" automatically with pans and zooms around the stills. I mixed and matched video and photos along with audio and didn't have any trouble. I ended up with 364 scenes/cuts in the end, about 80% video and 20% photos.

The Bride coming in and the Ring

Each box there is a segment of video. You can split, trim, set starts and ends and move them around. The green lines are audio files that I brought in of the music that was playing at the time. That made the audio a lot nicer when it was just music playing and allowed for fun dance sequences like this excerpt video below. I really like the crazy color effect starting at 10 seconds in. It really works with the bridesmaids dresses.

I even published that segment above directly from within Windows Live Movie Maker with the built-in YouTube Plugin.

YouTube Plugin in Windows Live Movie Maker

I can zoom in to make the segments lengths expand which makes their size more representative of their length in seconds I can also hover over a segment and see how long it is, the filename it came from (see now why I used big filenames?) as well as it's speed, effects, etc all in a tooltip. This segment is about 8 seconds long.

Lots of information in the Windows Live Movie Maker Tooltips

The whole video ended up being 66 minutes and 35 seconds long. It rendered into a 10Mb/s5 gig HD WMV file and fit nicely on a 480p DVD.  I may do a 25Mb/s or 50Mb/s Blu-Ray also. Remember that the PAL tapes were 576i and the HD video from the digital cameras were 720p so there isn't really a reason to do a Blu-Ray, but the still photos are all >5 Megabits so they'd be improved by a 1080p treatment. I was pleasantly surprised to see 1080p as an option in Windows Live Movie Maker:

1080p is an option in Windows Live Movie Maker

Size of Videos

I was a little concerned that maybe Windows Live Movie Maker (WLM) couldn't do large videos or long videos or complex videos. With 105 gigs over 5 hours turning into an hour of video I figured I'd be taking a chance. Turned out it worked fine. I kept all the videos in their folders and the WLM file is just pointers to all the things I wanted done. The final video editing file from WLM was about 500k. It looks like an XML file with a bunch of time codes.

NOTE: I did have one technical issue where I was getting all black video previews in Windows Live Movie Maker. It turned out to be an NVidia Display Driver issue. Mine was old, and when I upgraded to the latest drivers I was all set.

It took two sessions of four hours each to edit the video and about an hour to render. I rendered into a large WMV file that was about 5 gigs. I did have three 'hang' crashes in Windows Live Movie Maker over the 8 hours, although I'd been saving every few minutes the whole time. The hangs seemed to be related to me moving audio around too fast then right clicking immediately, but I need to check on that.

Then I ran Windows DVD Maker and dragged the final file in. It automatically created scenes and a DVD menu. The opening title also includes a music background and the menu moves (it's not static) which is nice.

Windows DVD Maker includes a lot of options

One of my other obscure requirements was that I needed to be able to make both NTSC and PAL versions of the DVD. I didn't see any options for this in Windows Live Movie Maker, but there are options in Windows DVD Maker. I was able to burn two master DVDs, one PAL and one NTSC. I'll then make copies and send 20 of these home to South Africa knowing they will play in their DVD player.

PAL and NTSC in Windows DVD Maker


The couple of crashes were irritating but I crash Adobe Premiere a lot too. Overall, I was impressed. Windows Live Movie Maker was easy to use, had hot-keys for things like Split that sped me up once I got a rhythm going and handled a VERY large amount of high quality video without any issues. I'll use it again for family stuff, weddings and the like.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

The Privacy Chain - Your Site's Privacy Policy as the 3rd Party services pile up

March 23, '12 Comments [7] Posted in Musings
Sponsored By

There are so many really innovative products online right now. A good friend was showing me amazing product called Intercom that lets you see who of your users are online, their social profiles, even direct message/chat them live on your site.

You just add this JavaScript to your site. Here's the snippet from their home page:

<script id="IntercomSettingsScriptTag">
var intercomSettings = {
app_id: 'tx2p1ufd7g30c',
email: '',
created_at: 1234567890
(function() {
function async_load() { var s = document.createElement('script'); s.type = 'text/javascript'; s.async = true; s.src = ''; var x = document.getElementsByTagName('script')[0]; x.parentNode.insertBefore(s, x); }
if (window.attachEvent) {
window.attachEvent('onload', async_load);
} else {
window.addEventListener('load', async_load, false);

My buddy was thrilled and thought this was an amazing product. It totally is. With modern browsers and modern JavaScript we can more quickly integrate applications like Intercom, Google Analytics, UserVoice, JanRain and a thousand others into our websites. It's a LEGO web, indeed. Just add some JavaScript like above and you're off.

However, after looking at this for about 5 minutes, I rained on my friends parade.

"Hey, is that the user's email address there?

"Yes! The 3rd party needs that so they can populate their dashboard and keep track of who's who."

"Ah, OK, but you're sending that email to them, right?"


"And they're storing that, right?"


"So, what's their privacy policy and how will it be added into yours? There's a chain of privacy policies that needs to happen here. What 3rd parties does this company use? And theirs?"

"You're totally raining on my parade. But you're right."

We emailed the folks at Intercom and they knew immediately what we were talking about and answered exactly as they should. Here's their email:

Sure thing, firstly our official terms & privacy policy are here:

The short summary is...

1. You own your data, when you kill your account we don't keep it. We never sell it. We never contact your users. We will never do anything with your data that we wouldn't be proud to tell the world about.

2. We have a feature where we use a 3rd party service called FullContact, to augment your data, for example find an twitter/linkedin/facebook/github account that matches an email address. This can give you extra insight into the types of users  you have. You can easily disable this in your app settings.

Regarding updating your privacy policy, you obviously should note that you send data to Intercom for the purposes of providing support and extended communication with your customers. You might already have this covered under other areas (for example if you use helpdesk software, certain analytics packages, etc then you're already doing precisely this)

Ultimately you should check with your lawyer who created your privacy policy to ensure that using Intercom doesn't violate your existing privacy and find out precisely what changes are necessary.

Exactly. Knowing is half the battle. Are you using a number of 3rd party services? Are you integrating "on the glass" with JavaScript? Step 0 is making sure your Privacy Policy reflects the chain of Privacy Policies for all the products you use.

Sponsor: Again, I want to thank my friends DevExpress for sponsoring this week's feed. There is no better time to discover DevExpress. Visual Studio 11 beta is here and DevExpress tools are ready! Experience next generation tools, today.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Technical Analysis: The Abercrombie and Fitch Brown Pants Fiasco, "Splogs," and you

March 22, '12 Comments [25] Posted in Blogging
Sponsored By

Offensive Abercrombie and Fitch Pants on a Chinese Knockoff SiteWARNING - This post will ultimately lead you to sites using offensive racial terms.

My Twitter friend Wesley pointed me this apparent Abercrombie and Fitch website advertising a pair of N***** Brown Pants. Here's a screenshot if that link dies. After the shock and frustration wears off, you ask yourself "How could this happen?" This link is spreading all over Twitter and the social web right now, and I'm sure that the Abercrombie PR machine will jump on it when their Twitter person wakes up.

Let me walk you through a few things.

  • First, what a technical-type person does (or should do) in this situation.
  • Second, why the internet is WAY WAY more screwed up than you ever thought
  • Third, why no one should really be buying anything on the web.

The Technical Details

While it's possible that an idiot at Abercombie entered the N-word text, my eye immediately went to the domain:

Note the dashes and the "and?" No internationally-known and copyrighted brand would have such a lousy domain. I'd expect, full stop. In fact, it is.

I loaded up Domain Tools to see who owns this obvious knockoff. Like actual physical knockoffs of pants, there's no good way to tell what's real and what's not. I hit:

Registrant Contact:
   su ye
   ye su 
   +86.095156230147 fax: +86.095156230147
   NO.217 North Street, Yinchuan Qinghe
   yinchuanshi ningxia 750000

The domain is registered in China. OK, this is NOT Abercrombie's site. It can also be confirmed by the poor English on the site's about page as well as the throwaway reference to Chinese piracy:

A&F is the favorite brand of American college students, a lovely deer printed on the front of the youth fashion. Its fashion and personalized style always the certain reason some youngsters follow. Nowadays, Abercrombie and Fitch piracy in China has spread to unimaginable proportions. Soft cotton is comfortable in the apparel.

OK, so how much of a problem is this and these pants? The combination of the N-word along with a unique brand-name like Abercrombie makes for a good hash. That means these words together, especially if you add "pants," makes for a search term that is unlikely to happen in the wild.

It's worse than you think

If we then Google for the four words together (forgive me) you can see hundreds if not thousands of fake domains. For Example:


You get the idea. There are at least hundreds. All with the same pants, all registered in China. I can't imagine, sadly, that there's ANYTHING that Abercrombie could do about this except try to get the domains shut down - one by one.

How could your Mom possibly know this?

These are automatically generated sites, like "splogs." Splogs are spam blogs. They aren't real stores, there aren't real people behind them. They are almost like computer viruses, except they make stores. In this case, it appears that someone in China at some point designed a system that could churn out fake stores from a single database. That's why these pants keep appearing on hundreds of other sites.

Imagine if you just wanted a regular pair of pants and didn't see this pair? How could you possibly tell if this the site you want? There's no good way. Here's what you CAN do.

  1. Make sure the URL starts with https:// when you are checking out.
  2. Click the lock in your URL and see if the company name looks legit. Sadly, these can be faked also, but it's a start. HTTPS (SSL) doesn't mean "I can trust this site," it means "this conversation is private." You still might be having a private conversation with Satan.
    Check the lock
  3. Even better, if your Address Bar is green, click on it! This is a special "high trust" certificate that says you are really talking to who you think you are. This screenshot means "I am having a private conversation with a company that is KNOWN to be Twitter." Banks and big companies often use these special certs.
    Green Address Bar is good

Ultimately, you, me, Mom and the Web need to develop a better "Internet Sense of Smell." The bad guys want our credit card numbers and will do everything they can to get them, even make ten-thousand fake Abercrombie and Fitch sites.

UPDATE: Thanks for the comments! If you (or Mom) had the Web of Trust installed, this is what you would have seen when visiting an evil site like this. I'm installing this free tool on Mom's machine today.

web of trust

Good luck out there. It's a messed up web.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.