May 29, 2014

Use Recycle Bin for network drive (Windows Vista/ 7 / 8)

If you’re working on a network drive and you accidentally delete some files – you’ll realize that this file is not going to the Recycle Bin. NO EASY WAY to recover it!

OMG !

Yeah it happened, and to prevent this disaster from happening to you, please read this guide (courtesy of Russel Riley):

Method 1:
1. Map a network drive to the network share you want to use. Make sure that the drive is re-connected on logon. If you don't know how to do this, search Google.
2. Browse to C:\users\<user name>.
3. Right-click on one of the folders in this location (I chose saved games) and click properties.
4. Select the Location tab.
5. Click Move, browse to to root of the drive you mapped in step 1, and click Select Folder.
6. Click Ok and click yes in the dialogue box that appears.
7. Repeat these same steps for all users on the computer.

Method 2 : the guide is here: http://social.technet.microsoft.com/Forums/windows/en-US/a349801f-398f-4139-8e8b-b0a92f599e2b/enable-recycle-bin-on-mapped-network-drives?forum=w8itpronetworking . In summary:

Create a *.reg file with this content:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{9147E464-33A6-48E2-A3C9-361EFD417DEF}]
"RelativePath"="X:\\"
"Category"=dword:00000004
"Name"="XDrive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\KnownFolder\{9147E464-33A6-48E2-A3C9-361EFD417DEF}]
"MaxCapacity"=dword:0000c7eb
"NukeOnDelete"=dword:00000000

A few things of note:


  • The GUID in the above .reg file {9147E464-33A6-48E2-A3C9-361EFD417DEF} came from this PowerShell command: "{"+[guid]::NewGUID().ToString().ToUpper()+"}"
  • Each "known folder"/Recycle Bin combination requires a unique GUID. If you don't want to use PowerShell to generate a GUID, you can use an online GUID generator.
  • I don't know what the "Category" value does, but the key I copied had it set to 4, and that works, so I didn't test any other values.
  • The "Name" value is required, but is not the name that will be shown if you right-click on the Recycle Bin and select properties. (At least not in my environment.) In my environment, the name that is shown is the name of the network drive.
  • Making this change adds a "Location" tab to the properties page of your mapped network drives. I suspect this could be removed by changing the "Category" value, but didn't bother to find out.
  • I only tested with mapped network drives. I suspect this would work with UNC paths as well, but I didn't bother testing.

Source:


May 14, 2014

HttpUtility.UrlEncode vs. Uri.EscapeDataString vs. UrlPathEncode


How to proper encode and decode values that were passed from Client to Server and vice versa. Client side is using Javascript methods : encodeURI( ) and encodeURIComponent ( ) ?

This seem to be a very fundamental and popular issues – the real complication is when you’re using MVC routing to pass route-data values between controllers. In our solution, we’re using a proprietary method to perform aliasing-dealiasing, which add up more complexity to perform proper value encode/decode.

I’ll update this blog with the solution I found later.

May 10, 2014

Set your password wisely, to remember them easily, for managing multiple accounts securely?

Most popular (and wrong) passwords

An average Internet citizen will have Facebook, Twitter, probably Pinterest or LinkedIn account – and then your Gmail, Yahoo mail, your Internet banking ID, your favourite forum account and the list goes on.

It turns out that most of us choose a common password for every site – what is the implication ? Well, if somebody gains leverage on one of your account.

It’s true that human brain can only process and memorize certain amount of data – that’s why people tend to choose easy password to remember. And it’s wrong, totally WRONG !

Here are the worst and unfortunately most popular 25 passwords in 2012:

#              Password                Change from 2011
1               password                 Unchanged
2               123456                    Unchanged
3               12345678                Unchanged
4               abc123                     Up 1
5               qwerty                     Down 1
6               monkey                    Unchanged
7               letmein                     Up 1
8               dragon                     Up 2
9               111111                    Up 3
10             baseball                   Up 1
11             iloveyou                   Up 2
12             trustno1                   Down 3
13             1234567                  Down 6
14             sunshine                  Up 1
15             master                      Down 1
16             123123                    Up 4
17             welcome                  New
18             shadow                    Up 1
19             ashley                      Down 3
20             football                     Up 5
21             jesus                        New
22             michael                     Up 2
23             ninja                         New
24             mustang                   New
25             password1               New

Is your password in the list ? Smile If so, read on for my suggestions.

So, how to set password wisely ?

This suggestion below is totally based on my personal experience and I shall not bear any responsibility – OK I am done with disclaimer and if you’re still here, let’s move on:

1.  Separate your important accounts from unimportant ones.
For me, I’ll set a separate password for my junk account (forums, secondary Facebook account, Yahoo mail - sorry Yahoo, your spamming filter doesn’t work !).

For important account such as credit card, Paypal, Amazon or banking-related, I’ll pick a different and much longer password.

That way, at least the chance of getting my credit card hacked reduced by 50%.

2. Set your password long & complex enough for hackers
Every password can be crack given enough time with brute-force.  According to the calculation at this page, at brute-force speed of 1B guesses/ second (cluster servers, super computing node, or a botnet networks) :

  • It’ll be matter of minutes or hours to crack if your password is just pick from alphanumeric values.
  • But it’ll take 83.5 days to crack if your password include all possible characters.
    which are:
    0123456789AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz <SP>!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~

Password

Class of Attack

Length

Combinations

Class A

Class B

Class C

Class D

Class E

Class F

2

9,216

Instant

Instant

Instant

Instant

Instant

Instant

3

884,736

88½ Secs

9 Secs

Instant

Instant

Instant

Instant

4

85 Million

2¼ Hours

14 Mins

1½ Mins

8½ Secs

Instant

Instant

5

8 Billion

9½ Days

22½ Hours

2¼ Hours

13½ Mins

1¼ Mins

8 Secs

6

782 Billion

2½ Years

90 Days

9 Days

22 Hours

2 Hours

13 Mins

7

75 Trillion

238 Years

24 Years

2½ Years

87 Days

8½ Days

20 Hours

8

7.2 Quadrillion

22,875 Years

2,287 Years

229 Years

23 Years

2¼ Years

83½ Days

83.5 days on a super computing node to crack a 8-character password ? So let’s make your password AT LEAST 8-CHARACTER LONG !

3. But how to make it memorable to you ?
”Memorable” is a very subjective term and rely heavily on your personal preferences, so I would introduce only a few techniques from Wikihow – find out which one suit you most  !

How to store my password securely

Most importantly: do NOT write it down and keep it somewhere – you probably spend more time to find where do you store that piece of paper Open-mouthed smile

Instead, with the popularity of today’s smartphone, make use of it: http://www.tomsguide.com/us/pictures-story/662-3-best-mobile-password-managers.html

My personal favourite is LastPassI only wish that them implement finger-print authentication so that I can use it safer on iPhone 5S .

So that’s it – hope you find your own way to create secure and memorable password folks !
Last but not least, even if you come up with the most difficult passwords to crack, you’re still prone “social engineering” !

May 6, 2014

Lucene vs. Solr vs. ElasticSearch vs. Sphinx ? How to do real-time full text search properly ?


Currently I am researching on the solution for a real-time search engine which scourge user submitted contents. The user pool consists of 250+ private institutions which translate into 10K-15K users. I/O will be relatively low, but the data size could be ranging wildly since the users are uploading Microsoft Words, Excel and PDF file.

The index is based on the user uploaded files (mostly are Word/Excel/PDF/PowerPoint, and ASCII files). The I/O is expected at only 10 IOPS -20 IOPS but it can vary depends on the date. Maximum I/O could be 100 IOPS. Current database size is reaching 10GB, it's 4 months old.

For real time search server, I'm considering Solr / Lucene and probably ElasticSearch. But the challenge is how to index these files FAST, so that search server can query the index in real time.

I have found some similar questions on how to index .doc/.xls/.pdf, but they did not mention how to ensure indexing performance:

How to build the index FAST ?

Any suggestion on the architecture ? Should I focus on building fast infrastructure (i.e. RAID, SSD, more CPU, Network bandwidth ?) or focus on the index tools & algorithm?

P/S: this question is asked on Stackoverflow as well