Find the fastest DNS server with Google NameBench

One of the factors that dictates browsing speed is the time it takes to do a DNS lookup – that is, convert a domain name such as google.com into an IP address such as 209.85.227.105. Generally most people use the DNS servers operated by their ISP. Usually this is fine, but sometimes ISP DNS servers can be unreliable, and they’re not always the fastest choice.

There are many free public DNS services, such asĀ OpenDNS and search giant Google’s Public DNS, but it’s difficult to know which one is best for you. Enter NameBench, a free cross-platform tool which tests a raft of public DNS services using either your browser history or a list of top domains. Once the tests are complete, you receive a summary of the results including suggested primary, secondary and tertiary servers:

So if you’ve got a few minutes to spare, why not see if you can shave a few milliseconds from your page load times?

How to resolve “Virtual PC has detected an invalid or missing Product ID”

I’ve just installed Virtual PC 2007 on my work laptop (which runs Windows XP), and when I tried to start it, I got the following error:

---------------------------
Virtual PC
---------------------------
Virtual PC has detected an invalid or missing Product ID.

A valid Product ID is required to operate Virtual PC. Please
re-run the Virtual PC installer and enter a valid Product ID when
requested.
---------------------------
OK
---------------------------

The solution is basically as described here, except I had to create the registry keys and values as they were missing on my machine.

How to disable proxy server via web.config file

I’m developing a simple ASP.NET page to consume an RSS feed, format and output the content. My default proxy requires authentication, so unless I supply proxy credentials or bypass the proxy altogether, I get a “407 Proxy Authentication Required” error.

Fortunately I can access the RSS feed URL directly without going through the proxy, so the solution is simple – I just need to instruct my application to ignore the default proxy settings by adding the following lines in my web.config file, within the <configuration> element:

  <system.net>
    <defaultProxy>
      <proxy usesystemdefault="False"/>
    </defaultProxy>
  </system.net>

Troubleshooting IDENT_CURRENT() returning null in SQL Server

Recently I was mystified by an issue with one of my Web applications in which the IDENT_CURRENT() function was returning null. I was under the impression that this function (which returns the last identity value generated for a specific table or view) would always return a value. In fact, as pointed out in this post, SQL Server 2005 (and presumably also later versions) requires the database user to have ALTER, CONTROL, DELETE, INSERT, REFERENCES, SELECT, TAKE OWNERSHOP, UPDATE or VIEW DEFINITION permissions on the underlying table, otherwise IDENT_CURRENT() will return null.

I can’t recall exactly how the permissions were set up in my case, but I know that the database user had SELECT permission on the entire database, and therefore was able to SELECT from the table in question – let’s call it ‘articles’. However, IDENT_CURRENT(articles) only started returning values other than null when I explicitly granted SELECT permission to the user for the specific ‘articles’ table.

Using ISAPI Rewrite to redirect domain.com to www.domain.com

My employer’s SharePoint-powered external website – which I look after – uses ISAPI Rewrite to provide “friendly” URLs for certain pages, and also to redirect old URLs to their new locations. Coming from a LAMP background, this is great for me as it basically works the same as Apache’s mod_rewrite.

Previously the website responded to requests for both domain.com and www.domain.com, which is not ideal. SEO best practice is to either redirect the non-WWW version to the WWW version, or vice-versa. In my case, www.domain.com is the preferred format, so I’m using the following rule:

### Redirect domain.com to www.domain.com
RewriteCond Host: ^domain\.com
RewriteRule (.*) http\://www\.domain\.com$1 [I,RP]

If you want to do the opposite, you’ll need this one:

### Redirect www.domain.com to domain.com
RewriteCond Host: ^www\.domain\.com
RewriteRule (.*) http\://domain\.com$1 [I,RP]

In detail: Argos credit card security breach

When I saw today’s The Register article, “Argos buries unencrypted credit card data in email receipts“, I immediately logged into my Gmail account to see if I had been affected.

It didn’t take me long to find an email receipt from an order placed in April 2009, and was able to see the problem first-hand.

Near the bottom of the email is the wording “We take security of your details seriously. We may send you emails from time to time, but we would never send an email asking for your log on or card details. See online security for further information.” The underlined words point to a page on argos.co.uk via an URL of some 1600 characters – ironically, this is where the problem lies:

http://www.argos.co.uk/webapp/wcs/stores/servlet/ArgosStatic
PageSecondLevel?includeName=Security.htm&langId=-1&storeId=1
0001&catalogId=1500001501&returnToURL=PlaceOrderProgressView
?storeId=10001&cardnumber=****************&houseNumber=*&val
idationno=***&readtsandcs=on&availableDeliveryOrder=********
**&LockDelAddressAsBillAddress=false&startmonth=&paymentAddr
essId=*********&javascriptEnabled=true&contactAddressId=****
*****&orderId=**********&creditPlanId=&unavailableDeliveryOr
der=**********&delcity=RUGBY&SCSNum=03&com.ibm.commerce.cont
ext.experiment.ExperimentContext=com.ibm.commerce.context.ex
perimentimpl.ExperimentContextImpl@63656e2a&switchno=&emailT
ype=HTML&vatReq=N&voucherCode=&catalogId=1500001501&creditPl
anShortText=&address2=&address1=**********&delpostcode=*****
**&cardtype=VISAD&FFM2011461168=5&POnumber=&deliveryAddressI
d=*********&langId=-1&startyear=&eccvValidated=Y&paymentName
=MR C BARNES&delHouseNo=&addressId=*********&delcounty=Warwi
ckshire&fromView=DeliveryOnlyPaymentInfo&SECURE_ACTION_RESUL
T=7&postcode=*******&SECURE_ACCEPT_CARD=Y&country=United Kin
gdom&town=RUGBY&endyear=****&isInstantCredit=false&endmonth=
**&issueNo=&nor=0&foundValidBinCardType=valid&address=******
********************&instantCreditOtherCard=true&instantCred
itOrder=N&county=Warwickshire&jspStoreDir=argos&delPostcode=
&continue.y=15&continue.x=108&cardholder=***********&argosIm
pl=1&deladdress2=****************

Obviously I’ve redacted my personal details, but the actual text contains my full unencrypted card number, CVV code, expiry date, name as printed on the card and address – basically all the information needed for an identity theft attack. Not only was the information transmitted in clear-text when the email was sent, but the link provided is a standard insecure HTTP link which, if I were to click it, would once again transmit the information in the clear.

A PC Pro story on the same subject credits the find to reader Tony Graham, whose credit card details had been used fraudulently. While there’s no evidence to link this incident to the Argos breach, my card details were also misused by fraudsters around the time of my Argos order, so this could be more than a coincidence.

My email receipt from a subsequent order made in July last year didn’t seem to expose these details, so presumably the problem had been resolved by then. Nevertheless, I would hope Argos have the decency to contact all customers that may have been affected, making them aware of what has happened and urging them to check their statements carefully.

Stop Ctrl+Enter from sending emails in Outlook 2003

I use Microsoft Outlook at work and have never purposely used the Ctrl+Enter keyboard to send an email. However, I am a fairly fast typist, and sometimes don’t let go of the Ctrl key quick enough after pasting something into an email before pressing Enter for a new line, the result being a half-finished email getting sent prematurely.

Fortunately there’s a registry hack to disable this annoyance once and for all:

[HKEY_CURRENT_USER\Software\Policies\Microsoft\
Office\11.0\Outlook\DisabledShortcutKeysCheckBoxes]
"CtrlEnter"="13,8"

If you’re using Word as your email editor, add this too:

[HKEY_CURRENT_USER\Software\Policies\Microsoft\
Office\11.0\Word\DisabledShortcutKeysCheckBoxes]
"CtrlEnter"="13,8"

Presumably, if you’re using a different version of Office, you will need to replace 11.0 with the correct version (10.0 for Office XP, 12.0 for Office 2003, etc.)