Hagrin.com

Google recently started their Online Security blog which discusses security related issues encountered on the web and with the infrastructure that powers the Internet. While they only have 3 posts currently, I can see this blog becoming one of my favorite blogs since Google has access to so much security data that I believe that they will be able to identify Internet trends extremely fast and potentially police the Internet in a "gray hat" manner.

Their most recent post talks about web server software and malware infection rates. The Google Online Security team drew some pretty interesting conclusions about web server software and its infection rate in different sections of the world. According to the data they uncovered, malware infected machines were split right down the middle 49% to 49% when talking about infection rates on Apache web servers and IIS servers. However, when looking at the regional infection rates for each, we see that IIS is extremely more vulnerable in the Pacific than anywhere else. Now, one might conclude that people in the Pacific can't secure IIS well, but that would be a poor conclusion. Instead, the Google Online Security team identified (correctly IMO) that the issue stems from the rampant piracy in those areas and the fact that piracted copies of Windows are not privy to receiving updates from Microsoft. Google's Online Security team goes on to state that this may show evidence that Microsoft needs to change their policy and allow for pirated copies of Windows to still receive security updates since pirates will continue to run the software and that these infections hurt valid users more than pirates.

Google has the opportunity here, with their unparalleled data collection abilities to really make a difference in web security and I look forward to seeing exactly what their online security team comes up with in the future.

Speculation is running rampant as Blizzard announced that they will be giving away a beta key to BlizzCon attendees for "an upcoming Blizzard game". Now, while Blizzard probably has several games in development, I almost guarantee that the beta key will be for Starcraft 2. Why? Most likely because there were early beliefs mentioned by Blizzard that they could get the game out by Christmas 2007 which would meant that they would have to be in beta by August which is exactly when BlizzCon takes place (BlizzCon takes place in early August).

In other Starcraft 2 news, there was an interview with Blizzard's Cinematic Creative Director, Nick Carpenter, where he talks about making cinematic tools used to make certain images available to users with the Starcraft 2 release. I find this pretty interesting and should allow for users to create some pretty nice fan content.

After reading about another vulnerability found in the Google Desktop software (a new man-in-the-middle attack), I was reading through some user comments at Slashdot and was hit by one of them like a ton of bricks -

Why doesn't Google offer secured search?

Wait a second, they don't? They offer a secured version of their Gmail application. Although Google doesn't make it very public that a secured version exists, you can login through a SSL page and all pages will be appended with the https prefix. But, what happens when you try to navigate to https://www.google.com ? Simply, you are redirected to the basic Google search page.

So, is this even a big deal? Probably not since many services are not encrypted over SSL. In addition, the data being passed are simply search terms. However, if search terms can be sniffed and recorded and indexed by parties outisde of Google, there is a certain level of privacy that doesn't exist that maybe should. When Google released their search history and web history functionality, many outsiders complained about the privacy violations. However, if a third party could garner the same information through back channels, should we be as equally concerned? When you think about the biggest sites around on the Internet, I cannot think of one single site that gets nearly the smae traffic Google does and that offers a SSL connection for all their pages. Therefore, one has to wonder how well the secured search solution would scale and what type of overhead would be involved on offering the solution at all - no less by default.

My final thought - I think it would be nice if the option existed, but it definitely doesn't need to be a default connection that "normal" users need to conern themselves with. I think that you will see a secure search page within the next year or two for sure.

Today, Google officially announced the purchasing of FeedBurner, the RSS analytical company providing statistics for RSS feeds such as subscriber counts, clickthroughs and other web metrics. This is an extremely wise purchase by Google because this closes a gap that their other analytical offering, Urchin (and its free web based version for webmasters), didn't provide RSS metrics. Prior to the FeedBurner purchase, Google could only provide RSS metrics through Google Reader subscriber counts for a specific feed - highly inaccurate due to the fact that Google only had access to only a slice of the RSS-using population.

What does this mean for webmasters? Well, I would think that the SEO implications are pretty obvious - either take advantage of the FeedBurner service or sacrifice the RSS metric potentially effecting your site's ranking. Sure, Google could still get some of the information from the user side (i.e. Google Reader subscribers to your feed), but webmasters would lose the metrics race to those optting-in to the Google services. Since Google currently drives a large portion of traffic to all sites, webmasters really do need to make a decision on linking all of their site's information into Google related services and what that means to their search position on other engines.

While most of all the other Google analytic initiatives still allowed webmasters to not sacrifice their position with other search engines, redirecting your RSS feeds through FeedBurner directly is a dangerous move long-term. Instead, I would suggest webmasters redirect their original feed URL to FeedBurner and display the original feed to site users. This will allow webmasters to relinquish control in some manner, but still does not solve the problem of having to potentially muticast the feed to other RSS analytic services.

In an interview with MSNBC, Blizzard's Vice President Rob Pardo announced that Starcraft 2 would not be released in 2007. At first, he stated that some inside Blizzard thought that they could have Starcraft 2 released by Christmas 2007 so I have to imagine that they are pretty deep in the development cycle. When you think about Starcraft 2 and the fact that much of the gameplay and how a unit works, etc. has already been done, most of the work that needed to be done was with the 3D engine and the Battle.Net enhancements.

I admit - I'm crying a little inside right now.

Although there are numerous free bulletin board software packages available, ever since Hagrin.com was registered I made phpBB my board of choice. Recently, phpBB announced their version 3 Release Candidate 1 package and I decided that I would give the new version a test run and see how the package is shaping up. Since barring any major bugs this RC would be made the final release, I felt comfortable evaluating the package in a production environment and to evaluate it under the same careful eye I would any production application.

The one area that I will cut them some slack is in the documentation department. Unfortunately, when you're installing and setting up a piece of brand new software you rely on the documentation heavily sometimes - especially, like in my case, where you are upgrading an older system and your main concern is data preservation. Problems started immediately when I went to read the upgrade instructions from the phpBB website and found limited "just point and click" instructions to perform the conversion. What this page fails to tell you is that it's the furthest thing from the truth for completing a sucessful 2.0 to 3.0 upgrade. To actually successfully upgrade, you need to:

• Do not, I repeat not overwrite your phpBB 2.0 files. You need to keep these in place.
• Copy phpbb 3.0 files onto your webserver into a directory different than your current forums directory.
• When creating the database tables, you need to make the new phpBB 3.0 tables in the same database/schema as your old 2.0 tables, but remember to use a different table name prefix.
• Complete the installation process.
• Complete the conversion process (the point and click interface mentioned in the link posted above).
• Move your old phpBB 2.0 files out and move your new phpBB 3.0 files into your old forums directory.

Not so point aned click huh? However, I'll cut them some slack because I was able to find the documentation somewhere eventually and documentation usually catches up over time. Oh, and don't forget to clean out your database of the old phpBB 2.0 tables that are still there.

Once the board is up and running, you do have to marvel out how things have progressed for phpBB over time. Most of the changes you see are on the backend; however, the default prosilver theme definitely gives users a brand new experience when using phpBB 3.0. First, in the prosilver theme, user information for a post is located on the right hand side as opposed to the traditional left hand side. New user options such as reporting posts and being able to grab in-depth information about a poster/poster in a single click proves a worthwhile feature. A "Friends & Foes" option was introduced to give users the ability to create a more social networking/Slashdot like feel to their forums where having friends and foes allows users to filter through data easily. On the admin side of things, phpBB did tremendously great work when handling how bots are able to crawl your site by not assigning them a SID or session ID so that your URLs remain consistent and void of any long, always changing querystrings. phpBB developers also improved the caching system which should help server load in times like the "Digg Effect" and other large sites picking up your site's content. Finally, phpBB finally gave admins the ability to edit templates through the Admin Control Panel as opposed ot having to edit files manually.

However, there are a few missing features from the newest phpBB version which disappointed me. The lack of a RSS feed for the user's board really seems the biggest missing feature especially with the advent of iGoogle, Netvibes, RSS readers, etc. In addition, especially with the explosion of CSS layouts, I'm surprised that users do not have the ability to move poster information from the right to left side in the default prosilver theme and that type of functionality isn't introduced.

Overall, I give phpBB a thumb up on their newest release, but would still like to see some very rudimentary improvements and features added to bring the board more inline with how users are using the web these days.

After a long overdue hiatus from writing in my Search Engine Optimization Guide, I have finally added a new entry in a series of hopefully many new articles covering SEO issues raised on today's Internet. Today, I added an entry concerning Drupal 5 and assigning unique META tags to help differentiate your content. Check back for more SEO articles as I can crank them out (hopefully one a day for a while).

Blizzard announced an early Christmas gift for gamers around the world when they confirmed the existence of Starcraft 2. The Official Starcraft 2 website has launched and actually holds a lot of important information concerning the sequel. Starcraft enthusiasts learned the following pieces of info:

1. There will be no new 4th race and we will still have the Zerg, Protoss and Terran as the 3 races implemented in Starcraft 2. For years people speculated that there would be a 4th race, but Blizzard has kept the original's integrity and kept the racial balance simple.
2. While there will be a new 3D engine powering the game's graphics, if one was to look at the screenshots you will see that while units have much greater detail, the engine still remains somewhat simplistic probably to not sacrifice network performance.
3. Many of the unit names will stay the same; however, from the screenshots, you can see such units as battleships and other air units have been dramatically redesigned.
4. At this time, I don't see any Brood Wars related units mentioned on the site.
5. While only the Protoss profile has been completed by Blizzard, you can see the inclusion of new units such as the Immortal, Stalker, Phase Prism and Gateway/Warp Gate.

One note from their site that is slightly disappointing is that Blizzard will be selling a limited edition statue for the whopping price tag of $250 USD. I mean, does Blizzard think that Tychus Findlay is going to be the next ceramic hummel?

Most importantly - there is no scheduled release date for Starcraft 2 at this time. Blizzard has always released quality games and they take their time during the game creation process. Now, from a business perspective, I would guess that Blizzard is going to hold onto Starcraft 2 and release he game as they start to witness the downward decline of World of Warcraft subscriptions. There would be no feasible business reason to encroach on their WoW franchise until absolutely necessary. Therefore, if you're a Starcraft and Blizzard fan, you can put money on the fact that you won't hear anything about a Starcraft 2 release date until WoW has run its finanically successful course.

Starcraft 2 will be the only game I will play in the near future.

Today, at work, I was working on creating an application that would perform validated, bulk updates to our accounting system software (Deltek Vision). So, I create a very simple Windows Form, create a real quick GUI, write all the necessary validation and then started writing the stored procedures needed to perform each of the functions. I had already written the SQL syntax as before this application I was manually changing the variables to fit the needs of our business units. However, as I was trying to "generalize" the statements to allow for different types of queries, I started to run into a SQL problem. I was attempting to use dynamic cursors that were being fed by dynamic SQL statements. Yikes.

In English, I had created two cursors - one to read through all the "target" projects and one for all the "source" information. I also gave the user the ability to specify whether or not the target was "equal to", "starts with" or "ends with" a certain criteria. This causes a problem since if you know general cursor syntax you know that a cursor is fed with a select statement as such:

Now, by giving users the ability to dynamically change the entire WHERE clause (including the operator), you suddenly run into a syntax issue because you can't just store the entire clause in a varchar variable and then have it EXEC SQL (@stmt) because of later references to the cursor. Since that eliminates one major way of preparing dynamic SQL statements, I developed a very dirty solution that revolved around IF statements -

Pretty dirty right?

Most of the time when I post code here, it's generally the non-dirty version, but I really couldn't find a non-dirty version to this problem and would really like to see if someoone has any ideas on a better, cleaner solution. It seems that all of the sample code I saw online when searching "dynamic cursors" only made table names or WHERE criteria (not the operator) dynamic and therefore fails to appropriately address my issue. I got away with this solution since the problem was simplistic, but what about if I had to deal with 1000 conditions - I wouldn't want to write 1000 IF statements.

Thoughts?

P.S. - As I read through the SQL Books Online, it seems that the PREPARE statement might be able to solve this problem, but I don't have much experience with PREPARE.

Today, I started working on an application to perform bulk changes to our Deltek Vision database to change tasks, sub-tasks, budgets and billing terms. So, as I go to write the SQL connection string, something I have done 100s of times, I kept getting the following error from my app:

While the error is pretty descriptive, there is one slight problem - I'm not trying to access a 2005 SQL Server, but a SQL Server 2000 box. So, I do what any good programmer does - he searches the major search engines for a solution, but most of the examples are of users trying to 1) build a Web application and have a web.config error or 2) are actually trying to access a SQL Server 2005 database. Yikes, now what?

I can't stress this enough - check your connection string. I was actually passing a blank Data Source (I was using SelectedValue as opposed to SelectedItem) and since I have SQLExpress running on my development machine, I assume that's why I was generating a 2005 error when trying, in theory, to connect to a SQL 2000 machine. The lesson is - verify your connection string when getting this error and trying to access a SQL 2000 machine. If you're trying to access a SQL 2005 machine, follow the enabling remote connections info that you'll find on the hundreds of pages that come up in he search engines for this error.