Archive for the ‘Uncategorized’ Category
HACKED! Trials of self hosting
Filed under: Blogging, Uncategorized | Tags: Blogging, dotnet-host, hacked
Comments (7) Okay folks, for the last two days my domain www.sumitmaitra.com was hacked and was showing a hackers’ page! As soon as I found out I redirected my domain to this blog instead of the hacked name servers of dotnet-host.
Before I go into lessons learnt if you are still having trouble with the hacked site content, try to log in to your panel at http://panel.dotnet-host.com/. The forgot password was also working till yesterday.
Delete all the Index.php, Index.chm, Default.asp, Default.html, Index.html and Index.chm files. These were injected by the Hacker. I tried it but before I could see the results my name server change kicked in so I can’t vouch it works but most people have been able to restore their sited by deleting these files recursively off every folder.
Multiple lessons learnt
1. For all my love for Scott Hanselman, I should set the default home page of my favorite browser to my site. Sorry Scott, nothing personal, you are still my fav tech blogger! Basically keep an eye on your site. I dropped the ball for two full days (facepalm).
2. When a hosting provider is giving a deal that’s too good to be true, it might just be so! I think I was paying $4 per month. It was an awesome deal and I paid for the whole year in advance! Doesn’t look like my provider will last till the end of the year! Next time on, I am trying out a provider for a month before I put more money into them. There were some feelers I got about the amateurish-ness of www.dotnet-host.com but hey it was a suggested site from www.asp.net so I just went with it. I think dotnet-host cancelled monthly subscriptions but I don’t think anyone heard of reversal of yearly subscriptions pro-rated!
3. Things to look out for
- Are they sending you passwords in plain text?
I cringed when they sent me the password in plain-text via email, but by then I had paid them for the year, so thought heck go with it. Didn’t work out well.
- Do they have a good admin console?
Their admin console was very amateurish, functional but amateurish. GoDaddy.com on the other hand is a over done pile to junk! Need something in the middle but better be on overdone side than underdone and amateurish.
- SQL Server access
Their SQL Server access gave me access through Management Studio. Though an awesome feature this is one less layer of security. So be warned. However if you are able to see every other database on the server then your alarm bells should be ringing loud and jangling!!! I had a screen shot of this and I wanted to send it to them but never did! My bad, if you see something like that, raise hell!
4. If you are doing any serious hosting don’t be cheap look around and be safe. I wanted a place to host my .net code and play around. My home page was actually a pass-through to this blog. In other words it was non-critical hosting. I probably lost some SEO points and looks silly to people who visited my URL in the last two days (sorry folks from LinkedIn). My sample apps on a subdomain are still working. Now I gotta find a new provider and move them.
UPDATE:
5. Having domain registrars different from hosting providers help! Make it a policy if you can.
In case of the dotnet-host fiasco, my domain registrar was different from dotnet-host so I was quickly able to change the name server and forward my domain to this blog through my domain registrar (took about an hour to propagate).
6. If the hosting provider is so thoroughly hacked rest assured your credit-card info and passwords are NOT safe anymore. Take precautions as required.
That was my first ‘getting hacked’ experience, not a nice feeling!
Stay alert and stay safe folks!
Interview Questions I have collected
Okay, I am starting this article with the intention of blogging every good/bad/ugly question I come across in interviews for a .NET Developer position. Some of them I knew the answer, some of them I look up after the interview. Aim is to have a one stop shop of questions that I’ve come across in interviews. I can’t reveal where I was asked these questions because most companies have NDA with respect to interviews and what’s discussed in the interviews so some of the questions might be really come in much later than when asked.
ASP.NET
1. What’s the difference between Server.Transfer and Response.Redirect and when and where would you use each?
Server.Transfer does not send the new URL to browser and the change in URL happens at the server end. User still gets to see the initial request URL sent.
Response.Redirect sends the new URL back to the browser and browser navigates to the new page. The URL changes for the user on the browser
Pro and Cons
Server.Transfer
- Faster since it saves the round trip to browser
- Initial page’s data can be transferred using the Context
- Cannot transfer out to an external link
Reference: http://msdn.microsoft.com/en-us/library/ms525800(VS.90).aspx
- Server.Transfer cannot be called from an ASP.NET AJAX post-back because Server.Transfer returns an entirely new page where the AJAX post was expecting a partial html fragment.
Reference: http://forums.asp.net/p/1023949/1391157.aspx
Response.Redirect
- Slower but user has actual link to the page being served.
- First page data is not available in the second page unless transferred through query string, cookie, application state
- Can be used to redirect to external links
Reference: http://msdn.microsoft.com/en-us/library/ms524309.aspx
2. What’s Server.Execute and how is it different from Server.Transfer
Server.Execute is a legacy command from ASP. It executes an ASP script as it it were a part of the current page. It’s like a method call. I don’t see any resemblance to Server.Transfer which is an ASP.NET API call.
Reference: http://msdn.microsoft.com/en-us/library/ms525849.aspx
3. How is Session state maintained between a client and server given that HTTP is stateless protocol
Session state is maintained on the server in three possible ways
InProc – Session is stored in server memory.
StateServer – Session is stored in a dedicated server on the web farm.
SQLServer – Session is stored in the SQL Server.
Custom – You could also roll your own Session state manager if required.
Excellent primer of Session state is available in the URL below.
On the client ASP.NET uses cookie by default. If cookies cannot be used you have to use URL munging and the session ID is a part of the URL.
Reference – http://msdn.microsoft.com/en-us/library/ms178581.aspx
http://technet.microsoft.com/en-us/library/cc776818(WS.10).aspx
SQL SERVER
1. What’s a clustered and non-clustered index
Clustered indexes physically sort the data. You can have only one clustered index. Non-clustered indexes are where the data is sorted logically.
2. What’s the difference between Delete and Trunc
I got this ‘nearly’ right in the interview where I was asked about it, or so I thought until I found this excellent thread on stackoverflow.
http://stackoverflow.com/questions/139630/whats-the-difference-between-truncate-and-delete-in-sql
3. Maximum number of columns allowed in SQL Server? (really dumb question because I don’t see the point in remembering this) because if you are needing the max number of columns in a single table something is horribly wrong with your data design!
Latest SQL Server spec sheet is as follows:
http://msdn.microsoft.com/en-us/library/ms143432.aspx
Fun Stuff (The Basics)
These are some of the questions are enjoy answering debating in an interview. These have no right/wrong answer so some of them may have only what I think is the right answer
1. What is Scalability in context of a web application?
Scalability is usually measured as a factor of performance at given load. Most common performance factor is response time. So if acceptable performance for response time is say 1ms-3ms; an application is deemed scalable if it is able to deliver on that performance for all load conditions. All, is again highly subjective hence more measurable criterion like requests per second should be used. So a system would be deemed scalable when it delivers on the the required response time for an acceptable number of requests-per-second. It is however deemed scalable and robust when it is pushed beyond acceptable limits and it responds gracefully by either queuing requests or reducing response time (or both). When a system crashes in face of un-chartered load it’s not deemed as a robust system.
2. Given same farm configurations how would you increase scalability and performance of a web application
There is no perfect answer to this, the basic answer is Caching. As soon as you say that you will be asked how would you implement caching.
3. How would you implement a size limited hashtable?
This question has it’s roots in other questions like what is a Hashtable. What’s the Big O for a hashtable lookup? What are the features of a linked list? etc. What the interviewer is looking for is your hold on basic Data Structures and thinking on your feet abilities to come up with a new data structure in the interview itself.
Well, there will be more to come in the near future, so watch out.
Life in reverse gear!!!
Filed under: Uncategorized | Tags: job, new-year resolution, pay-cut
Leave a Comment Let’s admit it, everyone was happy to see the end of 2008… Stupid presidents, stupid ideologies (aka jihad), supid financial decisions (I firmly believe the wall street collapse is a nicely manufactured crisis by the finance guys who’ve made and continue to make tons of money at the expense of the common man – who in turn is stupid to say the least); everything was ready to be designated to history!
Hope being the keyword, I also started my new year with a lot of enthusiasm and (you guessed it) Hope. Primary goals were -
1. Spend more time with family
2. Payoff my mortgage as fast as I could
3. Buy my dream BMW
I told myself that these three were not impossible to achieve. The common thread to achieve all three was to make more money than I was currently. Yup all boils down to the ‘green’.
As people who’ve read previous blogs of mine know, I am a good ol’ software developer. I don’t have extraordinary skills of making money out of thin air. I believe in hard work and giving my 100%. In fact sometimes I am so devoted to work I ignore important things in life (hence the first resolution above). Entrenched in my firm belief that if you are good at what you do and you are true to your work, I was beginning to set stage for asking my boss for a raise. Knowing very well the current state of the economy (specially in US) some people might think I was stupid (too). Well actually I was pretty sure my offer would be turned down. Actually, some people (like me) by nature settle into a comfort zone in life which prevents them from taking the smallest steps that might disturb the sense of security. I’ve been in that rut for almost 2 years now. So I was hoping if I was turned down it would act as the correct kick-in-the-butt I need to move my lazy ass and find myself another job (and deep down I was hoping that my boss would give me a token raise so that I had some reason not to move out of my ‘rut’). Eitherways, I’ve never been smart with money talk. Only twice in life I’ve argued over salary, once when I joined the current company in India and second when they sent me to US with a salary lower than promised. Apart from these two ocassions I’ve never argued over the %hikes or ‘appraisal’ percentages, or haggled for evening out the percieved deficit in appraisals. I’ve worked around them by creating opportunities for myself to come to the US one short trips and ‘makeup’ what I didn’t get in appraisals. Honestly, I was never dissatisfied with my appriasals.
Given this background and cocooned in the (seemingly false) sense of ’worth-to-the-company’, I was going about my job, trying to reach that elusive project deadline and ‘hidden’ agenda that with the delivery I’ll present my request for a salary hike.
CUT to yesterday afternoon. Mail from CEO – Please attend all hands meet on Friday January 16, 2008 for some ‘important’ updates. This mail sent the entire company in a tizzy. Past couple of weeks had given hints that we had an increasingly large number of people on ‘bench’ and with project pipelines shrinking by the day some drastic action was due. As day progressed news got more and more grim till today morning where it was certain that we were headed for a pay-cut and possibly layoffs!!!
Finally the meeting happened, CEO announced three brackets for pay-cuts and I fell in the lowest percentage cut (as if that’s a consolation). The meeting went for an hour and all meaningful questions on upper management accountability or future plans of the company were answered by swishy-washy comments or ignored all together. In the end I was left with something I had never envisioned for myself – going lower than a bottom feeder in my salary. Suddenly life is in reverse gear now!!!
WHAT NOW? Well it definitely serves as the right kick in my butt. It’s upto me now to move my (lean) lazy ass and prove to myself I am not a complete loser. It also proves (again) – ‘Make hay while sun shines’… They say when going gets tough the tough get going… Never was a better opportunity to find out how tough I am… Will keep things ‘posted’…
