Monday, January 19, 2009

Unable to Start Debugging on the Web Server

Unable to Start Debugging on the Web Server

I hate that, and it seems that every time I (or a co-worker) gets the error “Unable to Start Debugging on the Web Server” on a machine when attempting to debug an ASP.NET project, I have to scramble to remember what to look at. Here's a few things that has worked for me to get things working so you can debug your ASP.NET project when/if you ever get this error:

  • Make sure that IIS is configured to use Integrated Windows Authentication. Look for the checkbox on the Authentication Method dialog launched from the Directory Security tab of the site properties.
  • Make sure that HTTP Keep Alives are enabled. You'll find that checkbox on the Web Site tab of the properties dialog, in the connections section.
  • This one is strange, but it seemed to do the trick for many out there, add http://localhost to the trusted sites in Internet Explorer. To tell the truth, this seems to be a fix for the symtoms, not actually fixing the problem itself, but if it works it works. BTW, you'll have to uncheck the “Require server verification (https:) for all sites in this zone“ checkbox to add it as a trusted site.

Good luck.

(For main source of the above article Click Here)

The following error may occur when trying to run/debug an ASP.NET 2.0 web app, when the web server is not configured properly:

"Unable to start debugging on the web server. The web server is not configured correctly. See help for common configuration errors. Running the web page outside of the debugger may provide further information."

This is usually caused because of one or both of the following problems:

  1. The directory the web app resides in has not been registered as a web application.
  2. The correct ASP.NET version has not been set for the web app (note that this cannot be set until 1. has been sorted out).

To fix problem 1:

  1. Open the IIS admin app.
  2. Right click on your app's directory (/virtual dir) and select Properties.
  3. On the Directory tab, under Application Settings, next to Application Name there will be a 'Create' button - click it. Once the dir has been registered as a web app then this button will say 'Remove'.
  4. Click Apply (or OK).

To fix problem 2:

  1. Open the IIS admin app.
  2. Right click on your app's directory (/virtual dir) and select Properties.
  3. Select the ASP.NET tab.
  4. Select the correct ASP.NET version. Note that this field is disabled if the dir has not been set as an application (see above).
  5. Click Apply (or OK).

(For main source of the above article Click Here)


Thursday, January 15, 2009

Dangerous coding errors revealed

Dangerous coding errors revealed

Binary code and fiber optic strands
Experts say many of these errors are not well known

The US National Security Agency has helped put together a list of the world's most dangerous coding mistakes.

The 25 entry list contains errors that can lead to security holes or vulnerable areas that can be targeted by cyber criminals.

Experts say many of these errors are not well understood by programmers.

According to the SANS Institute in Maryland, just two of the errors led to more than 1.5m web site security breaches during 2008.

It is thought that this is the first time the industry has reached agreement on the worst things that can creep into software as it is being written.

More than 30 organisations, including the US National Security Agency, the Department of Homeland Security, Microsoft, and Symantec published the document.

"The top 25 list gives developers a minimum set of coding errors that must be eradicated before software is used by customers," said Chris Wysopal, chief technology officer with Veracode.

"There appears to be broad agreement on the programming errors," says SANS director, Mason Brown, "Now it is time to fix them."

"We need to make sure every programmer knows how to write code that is free of the top 25 errors."

"Then we need to make sure every programming team has processes in place to find and fix these problems [in existing code] and has the tools needed to verify their code is as free of these errors," he said.

Patrick Lincoln, director of the Computer Science Laboratory at SRI International, told the BBC that if programmers prevented these errors appearing in their code, it would deter the majority of hackers.

"This list is primarily for people who have first responsibility for designing a system. Veteran programmers have probably learnt the hard way whereas a brand new programmer will be making more basic errors."

"The real dedicated serial attacker will probably find a way in even if all these errors were removed. But a high school hacker with malicious intent - ankle-biters if you will - would be deterred from breaking in."

Previously, most advice has focused on vulnerabilities that can result from programming errors. The top 25 list examines the actual programming errors themselves.

The US Office of the Director of National Intelligence, the principal adviser to the President, the National Security Council and the Homeland Security Council also lent their support to the list.

In a statement, they said: "We believe that integrity of hardware and software products is a critical for cyber security. "

"Creating more secure software is a fundamental aspect of system and network security, given that the federal government and the nation's critical infrastructure depend on commercial products for business operations."

"The top 25 is an important component of an overall security initiative for our country. We applaud this effort and encourage the utility of this tool through other venues such as cyber education."


CWE-20:Improper Input Validation

CWE-116:Improper Encoding or Escaping of Output

CWE-89:Failure to Preserve SQL Query Structure

CWE-79:Failure to Preserve Web Page Structure

CWE-78:Failure to Preserve OS Command Structure

CWE-319:Cleartext Transmission of Sensitive Information

CWE-352:Cross-Site Request Forgery

CWE-362:Race Condition

CWE-209:Error Message Information Leak

CWE-119:Failure to Constrain Operations within the Bounds of a Memory Buffer

CWE-642:External Control of Critical State Data

CWE-73:External Control of File Name or Path

CWE-426:Untrusted Search Path

CWE-94:Failure to Control Generation of Code

CWE-494:Download of Code Without Integrity Check

CWE-404:Improper Resource Shutdown or Release

CWE-665:Improper Initialization

CWE-682:Incorrect Calculation

CWE-285:Improper Access Control

CWE-327:Use of a Broken or Risky Cryptographic Algorithm

CWE-259:Hard-Coded Password

CWE-732:Insecure Permission Assignment for Critical Resource

CWE-330:Use of Insufficiently Random Values

CWE-250:Execution with Unnecessary Privileges

CWE-602:Client-Side Enforcement of Server-Side Security

Source: SANS Institute


Monday, January 5, 2009

The 'first true scientist' By Professor Jim Al-Khalili

The 'first true scientist'


By Professor Jim Al-Khalili


University of Surrey


http://news. 2/hi/science/ nature/7810846. stm


Isaac Newton is, as most will agree, the greatest physicist of all time.


At the very least, he is the undisputed father of modern optics,­ or so we are told at school where our textbooks abound with his famous experiments with lenses and prisms, his study of the nature of light and its reflection, and the refraction and decomposition of light into the colours of the rainbow.


Yet, the truth is rather greyer; and I feel it important to point out that, certainly in the field of optics, Newton himself stood on the shoulders of a giant who lived 700 years earlier.


For, without doubt, another great physicist, who is worthy of ranking up alongside Newton, is a scientist born in AD 965 in what is now Iraq who went by the name of al-Hassan Ibn al-Haytham.


Most people in the West will never have even heard of him.


As a physicist myself, I am quite in awe of this man's contribution to my field, but I was fortunate enough to have recently been given the opportunity to dig a little into his life and work through my recent filming of a three-part BBC Four series on medieval Islamic scientists.


Modern methods


Popular accounts of the history of science typically suggest that no major scientific advances took place in between the ancient Greeks and the European Renaissance.


But just because Western Europe languished in the Dark Ages, does not mean there was stagnation elsewhere. Indeed, the period between the 9th and 13th Centuries marked the Golden Age of Arabic science.


Great advances were made in mathematics, astronomy, medicine, physics, chemistry and philosophy. Among the many geniuses of that period Ibn al-Haytham stands taller than all the others.


Ibn al-Haytham is regarded as the father of the modern scientific method.


As commonly defined, this is the approach to investigating phenomena, acquiring new knowledge, or correcting and integrating previous knowledge, based on the gathering of data through observation and measurement, followed by the formulation and testing of hypotheses to explain the data.


This is how we do science today and is why I put my trust in the advances that have been made in science.


But it is often still claimed that the modern scientific method was not established until the early 17th Century by Francis Bacon and Rene Descartes.


There is no doubt in my mind, however, that Ibn al-Haytham arrived there first.

In fact, with his emphasis on experimental data and reproducibility of results, he is often referred to as the "world's first true scientist".


Understanding light


He was the first scientist to give a correct account of how we see objects.


He proved experimentally, for instance, that the so-called emission theory (which stated that light from our eyes shines upon the objects we see), which was believed by great thinkers such as Plato, Euclid and Ptolemy, was wrong and established the modern idea that we see because light enters our eyes.


What he also did that no other scientist had tried before was to use mathematics to describe and prove this process.


So he can be regarded as the very first theoretical physicist, too.


He is perhaps best known for his invention of the pinhole camera and should be credited with the discovery of the laws of refraction.


He also carried out the first experiments on the dispersion of light into its constituent colours and studied shadows, rainbows and eclipses; and by observing the way sunlight diffracted through the atmosphere, he was able to work out a rather good estimate for the height of the atmosphere, which he found to be around 100km.


Enforced study


In common with many modern scholars, Ibn-al Haytham badly needed the time and isolation to focus on writing his many treatises, including his great work on optics.

An unwelcome opportunity was granted him, however, when he was imprisoned in Egypt between 1011 and 1021, having failed a task set him by a caliph in Cairo to help solve the problem of regulating the flooding of the Nile.


While still in Basra, Ibn al-Haytham had claimed that the Nile's autumn flood waters could be held by a system of dykes and canals, thereby preserved as reservoirs until the summer's droughts.


But on arrival in Cairo, he soon realised that his scheme was utterly impractical from an engineering perspective.


Yet rather than admit his mistake to the dangerous and murderous caliph, Ibn-al Haytham instead decided to feign madness as a way to escape punishment.


This promptly led to him being placed under house arrest, thereby granting him 10 years of seclusion in which to work.


Planetary motion


He was only released after the caliph's death. He returned to Iraq where he composed a further 100 works on a range of subjects in physics and mathematics.


While travelling through the Middle East during my filming, I interviewed an expert in Alexandria who showed me recently discovered work by Ibn al-Haytham on astronomy.


It seems he had developed what is called celestial mechanics, explaining the orbits of the planets, which was to lead to the eventual work of Europeans like Copernicus, Galileo, Kepler and Newton.


It is incredible that we are only now uncovering the debt that today's physicists owe to an Arab who lived 1,000 years ago.


Professor Jim Al-Khalili presents Science and Islam on BBC Four at 2100GMT on Monday 5, 12 & 19 January


Popular Posts