Is There a Good Web Programmer That Doesn’t Use Fiddler?

by Alexandru Lungu 10. April 2011 01:02


In the last half of the year I’ve slowly decrease my reading of Tech Republic’s articles. And not by intention, but because there was few things of interest for me. And I become aware of this by reading this article about Fiddler. I’ve been using Fiddler for about eight years – practically from its beginnings; since then so many articles were posted about it, most of them on very popular sites and it probably has millions of users. Now, I was expected some new cool feature to be presented; instead of that, just basic info bout Fiddler – for me, their article is eight years too late.

If I can imagine working with SqlServer without Profiler, I cannot imagine programming for web without Fiddler. What goes over the wire is something that every web programmer should check. Check for your site (or for other sites!) the size of the request/response, POST params, cookies, headers, ajax calls, compression, pausing the request and changing it, etc., and all this with different browsers. The last is my favorite because I can easily try to bypass authorization – the authentication is usually done right – but the authorization is so easy overlooked; and I’m not referring only to the standard sql injections. Actually, many years ago, my first try, was a success – a sql injection didn’t worked, but I changed the id of a post that I was editing on a forum – the server applied the changes without complaining that I’m not authorized to change the post of another user.

Back from where we’ve started, I would’ve understood if the article was presenting some other tool similar to Fiddler, but unknown to the web programming community. Thus, it brings no novelty to me or the community. This is what happens when people post because they have to, not because they have something to say.




My Javascript Unit Testing Engine

by Alexandru Lungu 28. March 2011 03:01


I’ve created this more than 5 years ago and from then I did very few modifications/addings to it.

The idea is simple – we have a test object that has methods that start with “test” word. I never pollute the global namespace with anything – including functions – so at the start individual/anonymous functions could not be added. Recently, I also added this feature.

It still remains with only one assert, $Test.ok – if its first parameter is false the test fails. I had in plan to implement others, but it was enough because it can simmulate all the others.

The example should explain how it should be used:

var MyTestObject = {
    testMethod1: function ()
        $Test.ok(true, "True assert");
    testMethod2: function ()
        //Multiple asserts - al must be true in order for the test to pass.
        $Test.ok(true, "True assert");
        $Test.ok(false, "False assert");
    name: "MyName",
    testName: function ()
        $Test.ok(this.name == "MyName", this.name + "!=MyName");
    changeName: function ()
        this.name = "ChangedName";

//adding a test object; all its methods that start with "test" will be executed
$Test.Add("My Test Object", MyTestObject);

//adding a test function and with the name "Func" for the test
$Test.Add("Func", function ()
    $Test.ok(5 == 4, "5==4");

//adding a test function with no name for the test
$Test.Add(function ()
    $Test.ok(5 == 5, "5==5");

//Runs all added functions and all functions that start with "test" from the added test objects
And this will produce the following output:

First are shown the anonymous functions (Test Object: Functions) and then the test methods from the test objects.

I know that it may appear rudimentary comparative to the actual unit testing frameworks like jsUnit, Screw.unit, js-test-driver, etc, but it did, and still does the job.


Download UnitTesting.js (5.52 kb)
Download Example.htm (1.70 kb)

Tags: ,



WCF Client Server Application with Custom Authentication, Authorization, Encryption and Compression

by Alexandru Lungu 23. March 2011 23:52


About two weeks ago I published on CodeProject.com the article called WCF Client Server Application with Custom Authentication, Authorization, Encryption and Compression. 

It offers solution to this complex situation (very unlikely that you’ll have all these constraints):

- Client-server application – http protocol – NO IIS
- Authentication – user/password from a database – NO SSL/X509 certificate
- Authorization – roles from a database
- Encryption for the credentials (with option for the entire request/response)
- Compression for both the request and response.

It is in 2 parts, part 1 contains the logic, considerations about WCF and security, how to use the code. The second part contains explanations about the implementation.

I was surprised by the large numbers of views (more than 15.000), because there are few WCF readers compared with ASP.NET readers for example (this can be seen extremely well in the percentage of WCF monthly published articles on codeproject – about 1%).  Probably a big contribution had the fact that the article quickly became first on google and bing searches for wcf client server keywords (though I don’t know how long it will stay there).

Hence, the article had more than 60 codeproject bookmarks and more than 20 comments – most of the comments praising the organization and the explanations. And it ranked 5 (so far) in March popularity top (from about 400 articles).

I'm sure that 90% of the people that read this article won't use it in this form (all things combined together); some will use only the custom authentication/authorization; some the encryption and some the compression - as starting examples for their specific projects.




Windows – The Universal Code Breaker

by Alexandru Lungu 17. February 2011 23:47


Because both the system's privacy and the security of digital money depend on encryption, a breakthrough in mathematics or computer science that defeats the cryptographic system could be a disaster. The obvious mathematical breakthrough would be the development of an easy way to factor large prime numbers# (Bill Gates, The Road Ahead, 1995)

Actually, there is no need for breakthroughs; Bill Gates/Microsoft can “defeat the cryptographic system” by themselves with the simple formula:

+ Distributed computing = No cryptographic system##


Almost 90% of the world’s computers have a Windows version installed (which is more than ONE BILLION computers). All of these individual machines can be guided to a common goal by distributed computing implemented in Windows (which isn’t a hard thing to do).

And this can actually be done without you knowing. Because Windows is not a common application, it is an Operating System (a closed source operating system). And what it does inside it’s out of your reach.

Moreover this extends to updates also; 99.99% of Windows users have no idea what every update is supposed to do; and those who have, have no certainty that the update is exactly what Microsoft says it is.

So, Microsoft has the possibility to harness the power of almost all the computers in the world. 

Does it do it? And if it does, what for?


# To factor prime numbers is trivial (no matter how small or large they are). Gates probably meant to factor the product of large prime numbers (which is used in asymmetric cryptographic algorithms).

## I expressed the same idea more than five years ago on my previous blog in a post called “The” Code Breaker. I considered to be the time to reiterate the idea after reading this article: Debate Over Internet Backdoors Heats Up in Congress and in Court.

Tags: , ,



New Chapter in the Search War

by Alexandru Lungu 4. February 2011 23:19


Google to Microsoft: Cheaters!
Microsoft to Google: Is this the way smart guys are called today? 

The above is my personal interpretation of what started with this post in which Google say that they have proved that Bing copies their results, by making tests with some unusual words. Microsoft responded here and then the entire web went frenzy.

Let’s look from the Bing user perspective.  He wants to get better results so he agrees to let Microsoft get what it needs to improve its service. And Microsoft gets user’s data stream; if the user searches something on any search engine Microsoft records what the user has chosen and improves Bing. It records user preferences.  

But, for those preferences, Google (or any other search engine) helped with good search results. Maybe better than Microsoft's, otherwise the user would have used only Bing.

We all learn from our collective customers, and we all should, say the Bing Team. “We all should” means Google also, as it has also a browser and a toolbar and can do the same, but Google didn’t think of it. Maybe because this isn’t convenient for the number one on the market with the engine still considered the best; the competitors have more to learn from it than it has to learn from them. So, it wants Microsoft to stop.

I don’t think Microsoft will stop as there doesn’t seem to be anything illegal. (If it were, we would’ve probably already had a law suit). The PR war has started and the impression on user might be surprising – the copy thing might be a two edges sword – the user might interpret it this way: if we search with Google we have the Google engine, if we use Microsoft’ service we have Bing + Google engines together which sounds better so we’ll chose the latter. But, most of them couldn’t care less what Google or Microsoft does.

In my opinion Google saw themselves as the winners of the search war too early. Microsoft didn’t give up. They got more specialists, more innovative ideas and lately the results are starting to be seen; their search engine if not outperforms at least caches up Google’s.  And Google is off guard; and will try  everything to undermine Bing; this time by inducing the idea that if Bing improved so much is just because it copies Google’ search results.

Hopefully the war will never end; this way, we the users will have the most to benefit.

Tags: , ,



Overcharged Because You Are Successful

by Alexandru Lungu 17. January 2011 09:40


From time to time I see products (latest: SharpKit) for which the developer company can charge you for who you are, not for what their product worth.

So,  you see their product on the website (or you can even try it) and if you want to buy it you’d have to fill up a form or send an email to the producer selling department, telling them who you are and what intend to do with their product, and they will reply you with the price.

I have nothing against paying for software, but I think it is normal to see the price policy that applies to everybody.

To me it looks like this: if you’re an obscure garage company will cost you 10$, but if you’re the second biggest company in India for example, or want to develop something that seem to bring a lot of money, you’ll have to pay $1000. 

Can they actually fool anyone?

P.S. One of the most comprehensive questionnaires about you and the product you want to develop is on the Price Inquiry page from the db4o site – of course only to meet your demands best.



Powered by BlogEngine.NET
Original Design by Laptop Geek, Adapted by onesoft