Friday, September 03, 2010
Google AdSense is not supported for https (see here). If you attempt to use it on an SSL page, you will see this warning in IE8.
The user would have to click No to allow the request (for a .js file in this case) to complete. Answering Yes will block it (the working seems backwards from what you’d expect).
Some postings I saw said to change the .js url in the script to use https://pagead2.googleadservices.com/pagead/show_ads.js but while this will work for this one .js file, the script then attempts to pull in other .js files using http so you still get the warning popup.
The best solution is to not let the warning pop up on your secure pages.
This is the standard AdSense code:
<script type="text/javascript">
if ("http:" == document.location.protocol) {
google_ad_client = "pub-1234567890123456";
google_ad_slot = "1234567890";
google_ad_width = 728;
google_ad_height = 90;
google_ad_format = "728x90_as";
}
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
This is the new version that will suppress the AdSense code and prevent the popup on your SSL pages. Simply insert the document.write statement and remove the second script.
<script type="text/javascript">
if ("http:" == document.location.protocol) {
google_ad_client = "pub-1234567890123456";
google_ad_slot = "1234567890";
google_ad_width = 728;
google_ad_height = 90;
google_ad_format = "728x90_as";
document.write(unescape(
"%3Cscript src='http://pagead2.googlesyndication.com/pagead/show_ads.js' type='text/javascript' %3E%3C/script%3E"));
}
</script>
This fix uses the existing conditional block for non-SSL pages that initializes some google_ad variables to also emit a <script> element to pull in the necessary show_ads.js file. For SSL pages, the variables will not be initialized and the script will not be emitted for the page.
Wednesday, September 01, 2010
I signed up with a PayPal Plus MasterCard some time ago and started to accumulate some rewards points. When I went to investigate how to redeem my points, I found out there were some pretty unusual restrictions. Instead of buying an item from a catalog and applying the points, the PayPal credit card rewards is based on vouchers that may be redeemed during some site’s PayPal checkout process. There are three vouchers – $7 to be applied to shipping for 1000 points; $25 for an item for 2500 points and $100 for an item for 9500 points.
Vouchers must be used within 60 days or you lose them. Also, not all websites that take PayPal support payment via voucher. Searching the Internet, I saw may postings about people having trouble finding out how and where to redeem these vouchers. It turns out that a website that I am familiar with does work with the vouchers. It is www.blowitoutahere.com which sells CDs, DVDs, games and accessories which is a great way to use your rewards and not lose out of your redeemed voucher value.
Basically, you first go to the PayPal site, log on, click on the View card details link on your My Account Overview page. Click on the Rewards link on the left to select the voucher you want. In this example, I plan to buy Avatar on Blu Ray with a $25 voucher.
Once you get the voucher, the 60-day count-down starts. The voucher is not something you see, or a number you have to copy down. It is tied to your PayPal account and will be available for you to apply during checkout.
I had heard there was a delay in being able to use the voucher but in this case, I was able to complete my checkout immediately using the voucher.
Now that you have the voucher, go to the BIOH website. Search for the item(s) you want and add them to the cart. The voucher will be used up in this purchase so you want to make sure your cart has enough stuff in it so you don’t lose any value from your voucher. Any amount over the voucher value will come from another PayPal funding source like your PayPal balance. This includes shipping and sales tax.
Click to checkout and when you see the PayPal Express Checkout button on the second checkout page, click it instead (see image on right) of entering you address information and going through with the standard checkout. Standard checkout will not give you the opportunity to use your voucher but Express Checkout will.
You will now be redirected to PayPal to log on and select the shipping address and payment information.
When you have the opportunity to select the payment method, click the link to Enter gift certificate, reward or discount as shown on the left. This will open up the entry panel and you now click on select from this list. Your voucher(s) will show up to allow you to make your selection and click the Apply button.
At this point, you will continue with the checkout process at the BIOH website.
You can go back to your PayPal account and see details of the transaction such as the amount redeemed from the voucher (hopefully all of it) and any balance pulled from your PayPal account or other funding source.
I understand that the PayPal Plus credit card may be changing the rewards program to use a more traditional approach rather than the voucher system. I am not sure if existing accounts will be changed over or how this is to be implemented.
In any case, this is one place that you can use your rewards. Other sites that offer Express Checkout probably also will work just fine. Please leave comments on other sites that can be used for reward redemption.
Friday, August 06, 2010
I received error message "Unable to start debugging on the web server" in Visual Studio 2010. I clicked the Help button and followed the related suggestions without success.
This happens with a newly created local ASP.Net project when modified to use IIS instead of Cassini (which works for debugging). It immediately pops up the error. Nothing shows up in the Event Viewer. This also happens with VS2008. Debugging used to work.
I am able to attach to the w3wp process to debug. It works but is not as convenient as F5.
I posted the problem at Experts-Exchange and StackOverflow. The answer came from Jeroen at StackOverflow:
- In Regedit, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
- Right-click Lsa and create a new DWORD value
- Name it DisableLoopbackCheck
- Set its value to 1
- Reboot (instead, I killed the msvsmon.exe process and restarted Visual Studio)
My website (and IIS7.5) is on my local PC (Windows Server 2008 R2).
After finding that solution, I searched a bit on LSA and found this related KB article: http://support.microsoft.com/kb/896861 – it’s about IIS 5.1! It is something about a loopback security check that helps prevent reflection attacks.
Also reference Min Kwan Park’s blog which has lots of possible solutions for various debugger issues (though this is and old posting): http://blogs.msdn.com/b/mkpark/archive/2004/03/09/86872.aspx
[Update]
The debug started to fail again in the same way, immediately displaying the Unable to start debugging error after the compile. Killing the msvsmon and restarting VS2010 did not help. As soon as I click F5, msvsmon.exe shows up on the taskmanager list and the error displays.
Tuesday, August 03, 2010
Yesterday, there was a major computer room power outage at my company. All Internet connectivity was down. Even the phones were not working. Fortunately, our websites failed over to our business continuity site without a hiccup.
However, everybody at their desks had nothing to do since even internal network connectivity was affected. My desktop computer is actually a laptop which I had configured to use my Blackberry as a tethered modem to allow Internet access when traveling. I plugged in my BB, started up the Desktop Manager, clicked the Start->Connect To->Blackberry Bold 9700 and was quickly connected to the outside world. People walking by my office looked in and saw me typing away and raised an eyebrow. Power was restored 5 hours later and the servers all back to normal in another 5 hours.
This is the way I configured my system. My laptop is running Windows Server 2008 R2 (64bit) which is similar to Windows 7. A similar procedure may work to tether other cell phones that have a data plan though the parts about Desktop Manager will not apply.
Install the Desktop Manager (DM) software (click here or search Google to locate the download). This will install a modem named Standard Modem assigned to a com port.
There is a setting needed for the Standard Modem. Go to Control Panel->Phone and Modem. Modem tab. Select Standard Modem and click Properties.
Click the Advanced Tab and enter this string into the Extra initialization commands field:
+cgdcont=1,"IP","wap.cingular"
I have also seen isp.cingular used in some postings I have read, so if you have problems, you can try changing the above command. Click OK to close out the dialog boxes.
I don’t remember if you have to add a Dial Up connection or if it is already done as part of the DM install. I named my connection “BlackBerry Bold 9700” (see image below). If necessary, you may have to run the Setup a New Connection procedure in your network center.
To connect, plug in your BB (or use Bluetooth if your laptop has it and you can get that working). Run the DM program; it should say it is connected and you can minimize it.
I connect using the Connect To link below or the connections icon in the tray. There are a few ways.
Click the Connect button and the DialUp displays:
The fields are already filled in. There is no need to change the defaults – even the user id and password can be left blank or whatever they are. The phone number to dial is *99# and should already be displayed.
You can click on Properties and change some settings so when you click to connect, it will dial automatically and not bother displaying the above step.
Click Dial. It will progress through a few steps (dialing, registering) and you will then be connected.
If an error code displays, various things could be wrong. Maybe you need the tether plan added to the Blackberry account; maybe the DM is not running or your BB is not connected, etc.
I just tried to close down DM with the connection still active and it looks like this is supported – you don’t need to keep it minimized:
If I try to connect without having DM running, I get this Error 692:
I get the same error code if DM is up but my BB is not plugged in to the USB cable.
I mentioned Bluetooth earlier. If you can get this working, it is really nice. My wife’s laptop has it and to connect, DM is not needed. I just click to connect for the connection and my BB may be on the desk or in the holster – it just connects and off you go. When connected (Bluetooth or USB), you still can make and receive calls without interrupting your connection.
Good luck!
Monday, July 05, 2010
The event was a great success. In addition to the 500 of us walking up and down the halls of the three congress buildings and the three senate buildings and having our meetings and drop-offs, over 2000 of you called in to your elected officials as part of the National Call-In.
As of today, we now have:
- 225 co-sponsors for the House of Representatives bill (HR 745)
- 17 co-sponsors for the Senate bill (S. 3320)
In order for a bill to become a law, the bill must pass separately through both the House of Representatives and Senate.
To see the current numbers, visit http://pancan.org/section_get_involved/advocate/congressional_update.php.
Monday, June 21, 2010
My wife, Deborah, and I are in Washington D.C. for PanCan National Advocacy Day, June 22nd 2010. Today we learned how to become lobbyists to advocate for helping to solve the problem of Pancreatic Cancer. Tomorrow, almost 500 of us will head to Capitol Hill to meet with our senators and congressmen to ask two things. First, that they co-sponsor the (House or Senate) bill in support of Pancreatic Cancer and second to increase funding for Pancreatic Cancer research.
Pancreatic cancer is the only one of the top 10 cancer killers with a 5-year survival rate in the single digits (6%).
There are currently no early detection tools or effective treatments.
[Update]
We all went visiting the senators and congressmen and visited with their health liaisons to discuss their co-signing the bills (or thank them if they already did) as well as letting them know we want them to increase the Pancreatic Cancer funding level.
Weather was wonderful and we made all our appointments. In some cases, it was simply to drop off the packets of information for the congressmen of other districts.
Wednesday, April 21, 2010
Unlike earlier Tivos, the Premiere requires a multistream cablecard called an M-Card.
My first chat asked if I could pick up an M-Card self-install kit and the operator said yes. I went to the Pompano office, stood in line an hour and the counter person said that was not true. She wrote up the initial order to send out the installer.
My second chat was to make sure the order had instructions to bring M-Cards and not charge me for the installation. The chat person said she added the info to the order.
The installer came last Wednesday with no M-Cards and nothing on the order that said M-Cards were required for the Tivo Premiere.
I heard nothing for days so called and the operator set up the 2nd appointment for today – it had to wait for M-Cards to be available.
As I said, the installer came today with no M-Cards and nothing on the order that they were requested.
If things continue as they have, I will not hear again from the Comcast installer (contractor) that went to get an M-Card.
We shall see.
[Later that day…]
Well we have success. An M-Card was located and installed without incident. Contacting local Comcast supervisors may have helped – once they got on board with the issue, they kept me in the loop with several emails up through completion of the install.
Cablecard installation into Tivos (Series 3, HD Tivo and the new Tivo Premiere) have had frequent problems, generally due to bad cards, installers not familiar with Tivos and communications between the installer and the service department that has to provision the cards. See this long forum thread for more info: Official Comcast CableCard Thread.
This is an email that Comcast makes available to help in cases like this: we_can_help@cable.comcast.com.
This is a link to a direct online support forum through Broadband Reports: http://www.dslreports.com/forum/comcastdirect. This is a useful forum to join for other reasons.
Sunday, March 21, 2010
Some time ago, I blogged about setting up my home email server to support incoming email using the Rollernet.us service (How I Solved Comcast's Block of my SMTP (Email) Port 25). Most of my incoming email is through the webguild.com site but in this case, it is business-related email for my wife’s site, www.debsrealty.com which is hosted by the same home server.
The Webguild email was spam-filtered fairly effectively but the email coming in to Debsrealty via Rollernet was leaking lots of Canadian pharmacy and other spam. Lots of this spam is originating from some network of infected computers like the Waledac botnet). These spam emails are very difficult to block using the Outlook rules so I logged on to the Rollernet account to see what they offered for spam filtering support. It turns out there is pretty good support.
There five filtering options available. 
I had not configured any of them but two of the five were already enabled (DNSBL and SPF). I then turned on two of the remaining three options (Greylisting and Anti-Virus) to see if that solved the primary problems. Greylisting keeps track of incoming emails looking at three things (sender’s IP, From and To). If it is new, it replies to the sender to retry later. Normal senders will retry but spambots don’t bother. Retries are passed on by the filter and it remembers so future email with the same “triplet” are pass without delay. This technique is very effective and did successfully block all of the pharmacy spam that Deborah was receiving. There are logs of all incoming email kept by Rollernet to see whether or not an email was filtered and why.
The final option is the SpamAssassin filter which looks at the content to see if it can recognize spam and add **SPAM at the start of the Subject of suspicious emails (easily checked by Outlook rules). SpamAssassin assigns a score to each email on how certain (on not) it is that the email is spam. Then you specify the score that you want to use and if an email has a higher score than your threshold, it will be flagged as mentioned (or you can block it). I may enable this if Deborah gets more spam not blocked by the other methods.
Thursday, March 18, 2010
|
Ave.exe Removal Instructions
If you have this ave.exe rogue anti-virus infection and are too anxious to read this posting, these are the removal steps that worked for me on Windows XP:
- Type Ctrl/Shift/Escape to bring up the task manager.
- Kill the ave.exe process. The popups will disappear. Leave the task scheduler up.
- Type Windows/R (to get the Run box) and type regedit and OK.
- Ave.exe will start again, just do step #2 again.
[Note: Be careful with regedit. If you are not familiar with it, use other solutions for this infection]
- In Regedit, go to HKCR\.exe\shell\open\command. You will see something like this for (default):
"C:\Documents and Settings\[your account]\Local Settings\Application Data\ave.exe" /START "%1" %*
- Modify the value to be:
"%1" %*
- Do the same with HKCR\secfile\shell\open\command.
- Delete ave.exe from the location in step 5.
At this point, you have control back and no more popups.
- Download the current version of Malwarebytes' Anti-Malware and run it.
- Choose to fix the items the scan found.
- Run a scan of your regular anit-virus program.
- Now you can read the rest of this post and add a comment about your experience!
|
This week I attended the Microsoft MIX10 Web Designer/Developer conference in Las Vegas. After the last session of the last day, before they kicked me out of the hall with the free WiFi, I somehow contracted a virus (I think from isohunt.com though just from browsing the site; I did no downloads). I actually did not realize it until the next time I started the laptop. I got a virus infection warning popup and then another window opened automatically running a scan and finding lots of infected files.
Then a tray notification bubbled up with more warnings.
The laptop was really scared out of its mind!
Well, I did not recognize the program displaying the warnings. The laptop is an old Dell running WinXP and is up to date with patches and runs AVG Free as its anti-virus software. The window title of the warning and scanner was Total XP Security. I suspected the laptop was infected with a virus that mimicked an anti-virus program. Process status showed ave.exe, a process that I did not recognize. Killing the process closed the popups. Until the next run of a program (like explorer). Some programs would not start at all (like my AVG scanner).
I searched for ave.exe but the search did not find it (it was there but hidden). I then searched for all files modified today and it found lots that shouldn’t have been. Exe’s that were installed long ago had a timestamp of the time the conference ended.
So with my laptop basically disabled, I used my BlackBerry to googled for ave.exe virus. There were several hits and I selected the Virus Removal Guru site. Looking at the manual removal instructions, I killed the ave.exe process and then I located the ave.exe (C:\Documents and Settings\[username]\Local Settings\Application Data\ave.exe) and removed it.
Well all of a sudden, none of my programs would start. They displayed the Windows dialog box to select a program to run the exe(?). That indicated to me that the programs first ran the ave.exe and then it did its work and transferred back to the originally requested program. Without ave.exe around, the requested program could no longer start up. The program I really wanted to run was regedit to fix up the registry. The running explorer still worked but I could not start up a new one.
I noticed that the programs in my launch bar (PowerBar) still ran but the same program would not run from explorer. I dragged regedit into the launch bar and clicked it and it did run! OK, Now I was back in business. I continued with the manual instructions from Guru but the registry keys it mentioned did not exist. I was hesitant to run their automatic removal tool since I am not familiar with their site. My next step in regedit was a search for ave.exe. There were several hits (ignore the scnsave.exe hits). The hits showed how it intercepted the execution of programs to do its deed first.
The first hit was:
HKCR\.exe\shell\open\command
(default)
"C:\Documents and Settings\Gary\Local Settings\Application Data\ave.exe" /START "%1" %*
I changed it to match others that were not altered:
"%1" %*
This did not work. The programs still failed to start. I went to the next hit
HKCR\secfile\shell\open\command
This did work (phew!)
There were a few more hits related to Iexplore and FireFox.
So things are working better now. I started up a complete scan with AVG Free and it is still running. I will research some more to make sure everything is cleaned out before claiming success.
Here’s another link and there are several others. As this post mentions, manual removal of viruses is generally difficult and if you make mistakes changing the registry, you may damage your system.
Well, I am now at the Las Vegas airport, waiting for the time to board my midnight red-eye back to Ft. Lauderdale. I was wondering what I was going to do to fill the time between 6pm and midnight. So a successful virus eradication plus a blog post were not on my plans but I guess you do what you’ve gotta do:)
[Update] Some of the research shows that this virus may be removed by recent versions of Malwarebytes' Anti-Malware. Anti-Malware found many infections which I chose to fix all. I then ran the AVG scan and it found none.
Some references about this virus:
I think the way I got infected was at isohunt.com. I clicked a link in the right nav Top Searches; went to the second search-results page which partially displayed the hits and then displayed a warning about the site containing malicious software. I clicked in the warning and exited the site completely. I think clicking on the warning is what initiated the download of the infection.
Sunday, February 28, 2010
Yesterday was the South Florida Code Camp 2010 in Miramar (that’s between Miami and Ft. Lauderdale). I gave a presentation on integrating PayPal Website Payments Standard with ASP.Net C#. I included a demo web application showing four different options to program the application though from the buyer’s point of view, all four examples looked and acted the same.
PayPal standard is the familiar option that displays PayPal buy-buttons to the buyer and when clicked, control is transferred to PayPal for the buyer to complete the payment and hopefully return to the website.
Each Buy Now button is a <form> with some hidden <input> fields and the button <img>. The four examples show different ways to implement or create the <form> fields. The first two examples redirect directly to PayPal as specified by the form’s action parameter and the last two examples post to an aspx page that controls building the post form to cause the redirect to PayPal.
- Example 1 – This page builds the form and fields and may be seen with a View Source. This is easy and can be dynamically built by the code but may be hacked by a user that can copy and modify the page source (like the amount field) to buy your product or service at whatever price they want. Automated fulfillment sites may miss this fraudulent purchase.
- Example 2 – The seller used PayPal’s button factory to build a hosted button. This solves the security issue but at the expense of the dynamic nature of the form field generation and the issue of manually having to create a button for every product of your inventory. View Source shows the main field in the form is the identifier of the hosted button.
- Example 3 – In this example, clicking the button does not sent the buyer to PayPal immediately (though it appears that way to the buyer). View source will only show the product’s ID is passed in the form which calls PayPalRedirector.aspx. The aspx page looks up the product in the database to get its name, price, etc. and builds the html needed by PayPal (much the same as seen in Example 1. It pushes this html to the buyer’s browser with an automatic form submit. This is a bit more secure than Example 1 but a knowledgeable user can capture the generated html to forge a similar fraudulent order.
- Example 4 – This final example solve the hackability problem and still allows dynamic buttons to be generated. The button form is generated as in Example 3 but is encrypted before sending the redirect form to the buyer’s browser. This does require that the seller obtain an encryption certificate and upload the public key to PayPal so PayPal can decrypt your button.
The PayPalRedirector.aspx code used in Examples 3 and 4 used a class library (PayPalStdLib) I wrote to allow easy strongly-typed access to build and initialize the object with the payment parameters and a method to initiate the redirect to PayPal. This is a bare-bones class you can enhance with additional properties as needed for your own use.
The presentation was the last of the day but was well attended by a lively group who had many questions. See my article about PayPal Encrypted Website Payments for additional information about that part of the code in Example 4. Source code and PowerPoint slides are available at http://code.msdn.microsoft.com/webguild.
Plug: Webguild does PayPal development, integration and consultation including full-blown PayPalStdLib and PayPalProLib class libraries.