Emmanuel's Blog

A few days ago our team spent some time stress testing our web services.

We divided the team into 'Attackers' and 'Defenders' - the attackers' goal was to generate traffic that would bring down our system, the defenders' goal to understand the attacks and come up with innovative ways to block them - our team leader called this 'War Games'.

If you're under 25 and you don't know what 'War Games' is, you just
pissed me off; see http://en.wikipedia.org/wiki/WarGames

One of the early attacks involved the user of JMeter (http://jmeter.apache.org/ ) - you don't need much CPU or bandwidth to generate tons of GET requests - and we found that a couple of users running JMeter with a broadband connection could hit our servers hard with literally thousands of requests per second - causing invalid and unnecessary traffic

A stress test client that can be used nefariously -
JMeter: http://jmeter.apache.org/

After doing some research, our team (the 'Defenders') came up with a couple of ideas on how to block such traffic. One of these ideas made use of an IIS extension provided by Microsoft called "Dynamic IP Restrictions", which I'll call from now on "Dynamic IP".

IIS Extension: http://www.iis.net/download/dynamiciprestrictions

The 'Dynamic IP' IIS extension is provided as a MSI installer - since our services are deployed to Windows Azure, we found that we needed to use Azure "Startup Tasks" to properly install and configure the extension on our virtual machines in the cloud.

Below I show in detail -

1. Local Development in IIS - how to download, install and configure the 'Dynamic IP' extension when using a local instance of IIS.
2. Command Line Configuration - how to configure the IIS extension using the command line.
3. Local Development in Emulator and Azure Startup Tasks - how to make sure the extension works when running in the local Windows Azure emulator and how to ensure the installation of the extension doesn't run every time you run in the emulator locally.
4. Deployment to Cloud - Window Azure Fabric - how to deploy, install and configure the extension to in the cloud and how to verify it works when running in Windows Azure VM instances.

A few notes to hopefully avoid some trolls -

• This won't stop all denial of service attacks, but that doesn't mean that we should do nothing - and end up at the mercy of all attacks.
• I write these tutorials to contribute to the .NET community - as a buddy once told me: "your stuff is what we should be seeing on MSDN"; that made me happy - but I'm always looking for constructive criticism on the content or style.
• As always, my posts contain tons of screenshots - that saves me tons of typing but also ensures all steps are covered.

Hat tip to my co-worker Matthew T. who did a lot of this work and came up with some of the solutions below.

Continue reading "How to stop a 'Denial Of Service' (DoS) attack on your ASP.NET web site, aka "Using the 'Dynamic IP Restrictions' IIS Extension on Windows Azure with a Startup task"" »

There’s has been a lot of talk lately in the news on ‘payroll taxes’ and how Democrats and Republicans are unable to reach a deal.

A Democrat, Barney Frank (http://en.wikipedia.org/wiki/Barney_Frank), made this point today in ‘The Great American Debate’:

• If you make one hundred thousand dollars ($100,000) per year, you're taxed on 100% of your income.
• If you make one million dollars ($1,000,000) per year, you're taxed on 10% of your income.

Yes, this makes no sense and is completely unfair – thanks to Barney Frank for brining it up.

The rich cats are not paying their fair share in taxes

Breaking it Down
Since this gets confusing fast and most of the media outlets are unable to clearly present facts that are not brain-dead simple, let’s break it down.   Check out this payroll taxes article on Wikipedia - 

  http://en.wikipedia.org/wiki/Payroll_tax

Specifically, let’s take a look at the ‘Social Security and Medicare’ section  -

Social Security and Medicare taxes

Main article: Federal Insurance Contributions Act tax

Federal social insurance taxes are imposed equally on employers^[5] and employees,^[6] consisting of a tax of 6.2% of wages up to an annual wage maximum ($106,800 in 2010) for Social Security and a tax of 1.45% of all wages for Medicare.^[7] For the year 2011, the employee's contribution has been temporarily reduced to 4.2%, while the employer's portion remained at 6.2%.^[8] To the extent an employee's portion of the 6.2% tax exceeded the maximum by reason of multiple employers, the employee is entitled to a refundable tax credit upon filing an income tax return for the year.^[9]

So, confirming our original point above, for payroll taxes, and the amount we pay for Social Security -

• If you make one hundred thousand dollars ($100,000) per year, you're taxed on 100% of your income.
• If you make one million dollars ($1,000,000) per year, you're taxed on 10% of your income.

This is completely unfair – as far as payroll and Social Security taxes, the rich should be taxed the same percentage the middle class does. 

Note: the current maximum social security benefit payment at retirement age of is $2,366 per month, or $28,392 per year.  When the rich start paying their fair share we should take a look at these limits and adjust accordingly.

Maybe Social Security is not doomed after all – if only the rich paid their fair share?

From HBO’s ‘The Wire’: ‘This game is rigged, man’

That's one of the issues that will come up during the 2012 US Presidential elections, with Democrats like Barney Frank and President Obama on the side of the middle class and the Republican nominee on the side of the rich.

There are many issues to think about during a US Presidential election, but if you are not making one million dollars per year, think about your own interests and vote Democrat next year.

About a month ago I transferred my cell number to ‘Google Voice’, a free service that enhances the capabilities of your phone.

A video from Google that gives an overview of Google Voice

Here are some of my favorite Google Voice features, all free except for the (cheap) international outbound calling -

• Free calls in the US and Canada.
• Free texting (SMS) in the US and Canada.  Currently the lowest AT&T text plan on a new line is $20/month, so this can save you a bundle.
• Make and receive calls on my cell or on my PC, through Slype or Google Chat / Gmail.
• Make cheap international calls – really cheap international calls, as low as 2 cents per minute to France or 6 cents per minute to Mexico.
• Email and iOS notifications of voicemails including a transcription and an audio file I can listen to.
• Screen calls and ask callers you don’t know to announce themselves, while allowing friends and family to directly call you (through custom defined ‘groups’).
• Conference calls with multiple recipients for free.
• Filter inbound calls in real-time and send to voicemail or ‘pick up the phone.
• Record incoming calls.
• Cool PC/Mac web based app, and iPhone & iPad apps that integrate with Google contacts, allowing you to send and receive texts, get missed calls and voicemail notifications, listen to voicemails, and more.
• When you travel, your friends and family call you on your US number and you can answer through Skype/Google Chat or on your home VoIP number.
• You own your Google Voice number for life, and you can move across different carriers without having to notify friends and family of number changes.

With all these ‘pros’, what are the ‘cons’ of using Google Voice?  Here are a couple -

• There’s limited support for MMS in Google Voice today – it works with Sprint, but does not work with most carriers yet.  We don’t use MMS that often and we can always send a picture by email if we need to.
• In the case of an earthquake, there’s a consensus that land lines work better than cell or internet based (VoIP) phones.  Since earthquakes are fairly rare, we decided in the worst case scenario we’ll use our neighbor’s land line to coordinate through Janelle’s Dad, who lives in Oregon.

As you can see the benefits of using Google Voice greatly outweigh the minor inconveniences.  I also ported my wife and my Mom’s cell numbers to their own Google Voice accounts and they are enjoying some of the above features as well.  You don’t have to port your number to use Google Voice, but certain features only become useful when you do.

The Google Voice features are not only awesome, but since the service is free, it saves you tons of money.  I wanted to port our home number to Google Voice – but unfortunately Google currently only allows for the transfer of cell numbers.  So I started looking for workarounds - and found one! 

See below for details on how you can port your hone number to Google Voice, and get all of the above features for $5 / month – you can continue using your existing standard home phone system but you get all of the above features for a fraction of the cost of a land line.

Good times!

Continue reading "How to get a home phone number for $5/month with unlimited calls in the US and very low international rates (keeping your home phone number through Google Voice)" »

Recently I travelled to to Europe and Mexico – and unfortunately I was unable to use US based content services such as Hulu.com or Netflix.com -

Sample error message on Hulu.com: access denied from Mexico

These content providers block access to their services, based on your location and IP address.  If you try to access their services from outside the United States, you get a message similar to the one above.

I found a way to get around this unfair blocking (unfair since I am a paying subscriber) and decided to share it here.

Some of the services that block non US based IPs: netflix.com, hulu.com (including hulu plus), hbogo.com, and even youtube.com (some videos are blocked).  Follow the easy steps below and you can enjoy these US based services from anywhere in the world!

As always in the computer world, there are many different ways to achieve the same result. I’m a developer and I like to find simple and cheap solutions that I can share with friends and family - I am outlining here the easiest way I found to not only access the services from outside the US, but also a cool trick to share the same VPN network connection with other devices, such as phones or tablets.

Continue reading "Access Netflix and Hulu from outside the US: make your Windows 7 computer a Wifi hotspot that shares a VPN outbound connection" »

Back in May we purchased a 100% electric car – the Nissan Leaf (http://www.nissanusa.com/leaf-electric-car) - we no longer need to stop at gas stations to “fill up”. 

We charge up the Leaf using our ‘Blink’ (http://www.blinknetwork.com), a residential 240V charger, installed in our garage.

Our Blink 240V Residential charger.

The Blink’s internal web server - Main (Charging Status), Stats, Settings, Info, and more.

The Blink has a bunch of features which you can manage through a touch screen.  It also has an internal web server that allows us to check the Leaf’s charging status, daily and monthly stats, change its configuration, and more.  The Blink runs a custom version of Linux and can be connected to a network through an Ethernet cable (LAN) or through wi-fi.

Once connected to your internal network, you can access the Blink’s web server by opening a browser and pointing it to its internal IP address – in our case 192.168.7.126 (I configured our DHCP server to always give the same IP address to the Blink).

External Access?

A couple of months ago, I was wondering if there was an easy way to access the Blink’s web server from outside my home, for example from my office.  I can easily open a hole in our firewall and access the Blink – but unfortunately, the Blink does not offer a way to password protect most of its pages – so that would be highly dangerous.

I asked a question on the excellent mynissanleaf.com forums, wondering if anyone had any ideas on how to protect the Blink’s web pages so I could access it securely from outside of home -

Password protect Blink when accessing from PC on network?http://www.mynissanleaf.com/viewtopic.php?f=43&t=4152

There were a few answers, including setting up an SSH gateway and from that tunnel connect to the Blink – which is a good idea, but since I didn’t have anything like that already setup, it seemed a bit too time consuming.

A couple of days ago I was researching network software and I stumbled upon CCProxy (http://www.youngzsoft.net/ccproxy/), an awesome proxy server for Windows. 

From its web site, here are some of its features -

CC Proxy Server can act as an HTTP, mail, FTP, SOCKS, news and telnet proxy server. It features powerful account management functions, including Internet access control, bandwidth control, Internet web filtering, content filtering and time control. It also provides web caching, online access monitoring, access logging and bandwidth usage statistics functions. As Windows proxy software, CCProxy is compatible with Windows 7/2008/2003/XP/Vista.

I quickly downloaded the ‘3 user’ version, which is free – and in literally minutes I had set it up so I could safely access the Blink from outside our home.  Below I have additional details on how you could do the same.

Continue reading "How to securely access your Blink electric car charger from outside your home, using a proxy server (CCProxy)" »

A couple of days ago, I started a thread on MyNissanLeaf.com: “Things you don't need when you own a Nissan Leaf” – I started off with a couple of ideas like “gas” and “smog checks” and others added on.

 
My Nissan Leaf – the first 100% electric mass produced car

Currently we have 55 items on our list – see below for the details and more information on the Leaf.

Continue reading "Things you don't need when you own a Nissan Leaf" »

Last week I attended VSLive! 2011 in Las Vegas -

http://vslive.com/events/spring-2011/home.aspx

It was one of the best developers’ conference I’ve attended in a long time.  During the conference, right before or after a session, they had this cool announcement up -

http://search.twitter.com/search?q=%23vslive

This allowed everyone to know that the tag for the conference was “#vslive”.  I thought it would be a good idea to share what I was learning through twitter – both for my co-workers or for anyone following me – appending the “#vslive” tag so others in the conference could also follow.

So I started tweeting all kinds of interesting tips and tricks and great thoughts I was hearing on SQL Server, StreamInsight, Visual Studio, WCF, ASP.NET, Scrum and more -

http://twitter.com/ehuna

Today as I checked my twitter feed, I see this tweet from @VSLive -

http://twitter.com/#!/VSLive/status/63607361650180096

A-W-E-S-O-M-E, thank you @VSLive! 

I highly recommend this conference for anyone who works with Microsoft technologies.  There are different VSLive! conferences around the country – so check it out, you’ll love it!

Good times!

When running your bits in the Windows Azure cloud there are a few Diagnostics data sources you can configure to better monitor your apps -

Click on image to enlarge

I got this from the excellent presentation given by Matthew Kerner at the PDC ‘09 – for the video and PowerPoint slides, see -

  Windows Azure Monitoring, Logging, and Management APIs
  http://www.microsoftpdc.com/2009/SVC15

You can also check out how we used some of this diagnostics data to get almost real-time graphs that monitor CPU, RAM, and other performance counters of our Windows Azure services -

  Visualizing Windows Azure diagnostic data
  http://blog.ehuna.org/2009/12/visualizing_windows_azure_diag_1.html

I also like this slide that shows some of the ways in which you can use Windows Azure Diagnostics data -

I keep looking for this every once in a while, so I thought it would be a good idea to post it here.

Update 4/9: the Prius is sold!

I’m selling my Toyota Prius 2005 – it has served me well, but I am buying a new car next month and I don’t need to own two.  This car is awesome and I have a few pictures and descriptions of some of its features below - 

Check out a slideshow of this Prius at http://prius.ehuna.org/slideshow
I have additional pictures outlining specific features below

Here are some quick facts on this car -

• This Prius is in excellent condition
• It has server me without any issues for 131,031 miles
• I am the original owner and this car was never involved in any accident.
• I have its maintenance history – including every Toyota suggested service - and oil change and brakes/suspension inspections every 5,000 miles at the Toyota dealer.
• Exterior: White Color
• Interior: High-Quality Leather (Black)
• It includes California HOV Stickers, which allow you to drive alone in the diamond lane!
• I installed the XM Satellite Radio add-on, integrated with the GPS unit.
• It has the Toyota ‘High-End’ package: GPS, Bluetooth, Premium Sound, Remote Keyless entry, HomeLink garage door opener.
• I upgraded all 4 tires to premium-grade, high-traction, ‘Michelin Pro’ tires
• The registration is paid until March 2012.
• I just purchased a new 12V battery.
• The EPA Fuel Economy is - City: 48 MPG, Highway: 45 MPG

I have a lot more information below, if you’re interested here’s the asking price and my contact info -

• The price: $10,500 (or best offer)
• My name is Emmanuel Huna
• Email me at s…@ehuna.org or call me at (650) 918-7486

Check out this great site http://john1701a.com/ for information on the Toyota Prius in general.  Below I have additional pictures and details on this car.

Continue reading "Selling my Toyota Prius 2005" »

With the release of the Windows Azure SDK 1.3, the Windows Azure team delivered some awesome features, such as allowing the hosting of multiple sites under one web role, the “ExtraSmall” VM instance, the ability to remote desktop directly into your web and worker roles running in the azure fabric in the cloud, the “VM role” which matches Amazon’s clunky EC2, and much more.

But the azure 1.3 SDK also introduced some problems, which I’ve blogged about in different articles.  Below you can see some of the problems and solutions I propose -

• How to fix the error: “The communication object, System.ServiceModel.Channels.ServiceChannel, cannot be used for communication because it is in the Faulted state” when running a Windows Azure project in the local development fabric/emulator
  http://blog.ehuna.org/2011/02/how_to_fix_the_error_the_commu.html
  
• How to fix the errors “[UnauthorizedAccessException: Access to the path '[{Guid}-mswapd-lock' is denied.]” or “"Response is not available in this context"" when using Azure Diagnostics 1.3 in a web role hosted in full IIS with multiple sites
  http://blog.ehuna.org/2011/02/how_to_fix_the_errors_unauthor.html
  
• How to automate the creation of a Windows Azure 1.3 package in Team Foundation Server (TFS) for a web role hosted in ‘Full IIS’ with multiple sites
  http://blog.ehuna.org/2011/02/how_to_automate_the_creation_o.html

I thought it would be a good idea to list them out – hopefully all of these issues will be addressed when the azure sdk 1.4 is released!