Find the fastest DNS server with Google NameBench

One of the factors that dictates browsing speed is the time it takes to do a DNS lookup – that is, convert a domain name such as google.com into an IP address such as 209.85.227.105. Generally most people use the DNS servers operated by their ISP. Usually this is fine, but sometimes ISP DNS servers can be unreliable, and they’re not always the fastest choice.

There are many free public DNS services, such as OpenDNS and search giant Google’s Public DNS, but it’s difficult to know which one is best for you. Enter NameBench, a free cross-platform tool which tests a raft of public DNS services using either your browser history or a list of top domains. Once the tests are complete, you receive a summary of the results including suggested primary, secondary and tertiary servers:

So if you’ve got a few minutes to spare, why not see if you can shave a few milliseconds from your page load times?

How to resolve “Virtual PC has detected an invalid or missing Product ID”

I’ve just installed Virtual PC 2007 on my work laptop (which runs Windows XP), and when I tried to start it, I got the following error:

---------------------------
Virtual PC
---------------------------
Virtual PC has detected an invalid or missing Product ID.

A valid Product ID is required to operate Virtual PC. Please
re-run the Virtual PC installer and enter a valid Product ID when
requested.
---------------------------
OK
---------------------------

The solution is basically as described here, except I had to create the registry keys and values as they were missing on my machine.

FoneM8store: Buyer beware!

I recently did some online shopping for an automatic air compressor to keep my car tyres topped up, and decided upon the Ring RAC600 Automatic Digital Air Compressor. Ring Automotive are a well-respected manufacturer and the product attracted positive reviews on Amazon.co.uk, and FoneM8store were offering the item for just shy of £22 delivered which seemed like a good deal.

I have used Amazon regularly since 2000, but having never bought from a Marketplace seller in the past, I was slightly dubious. Unfortunately, I decided to go ahead anyway.

To cut a long story short, I placed my order on 15th February, and it was supposedly dispatched on the 17th, with a delivery estimate of 19th-23rd. I emailed the seller on the 24th as I hadn’t received the item. The seller requested that I confirm my name and address so they could send a refund. I had already provided this information, which was the same as quoted on the dispatch confirmation, but was happy to provide it again.

I then received an email the following day stating that the replacement was “on its way”, and that I should contact them again in case of further problems. No delivery estimate was provided so I waited until 3rd March before sending another email to the seller to advise them that the item still hadn’t arrived.

I received a curt reply of “You definately have a problem with your local sorting office then , these things weigh a tonne, can you check with your local sorting office to see if they are holding any items for you at this time please.”

I had in fact already checked with the sorting office who had confirmed that they were not holding any items for me. I responded to this effect, and requested a full refund as I didn’t want to wait for yet another replacement that had no guarantee of arriving.

By now it was 5 March, but the seller told me that “we cannot refund on this item as yet as the replacement item was only sent out 6 working days ago, if this has not arrived by wednesday [10 March] of next week please feel free to email us back and we will sort this out for you.”

Fast-forward to today: still no air compressor – by now I’m frustrated but not surprised – so went back to the seller to ask for my refund. Despite having been in correspondence with apparently the same person – “Maria” – since February, she ignored my request and – déjà vu time – asked me to “please confirm your home name and address and we will send a replacement out by recorded delivery straight away”

I replied to remind Maria that the refund had already been agreed in the event of the first replacement item not receiving, but thought I was probably wasting my breath so have now filed a claim under Amazon’s A-Z Guarantee. Hopefully I’ll get my money back but Amazon’s website doesn’t give any indication of how long this is likely take.

I’ve always had a fantastic experience with Amazon.co.uk themselves in the ten years in which I have been a customer, and will probably continue to buy directly from them, but will definitely steer clear of Marketplace sellers. Amazon have taken a gamble by integrating the Marketplace feature so closely into their site and they need to be very careful not to allow dishonest sellers to tarnish their hard-earned (and, in my opinion, well-deserved) good reputation.

Right, off to Halfords, I think….

Update (16th March): I actually ordered the same item from eBay yesterday (for marginally less) and it arrived today. Lesson learned I think! Meanwhile Amazon say they should have a decision on my claim by 25th March.

Update (22nd March): I have finally received my Amazon refund! Glad to have my money back, after being without it for over a month.

How to disable proxy server via web.config file

I’m developing a simple ASP.NET page to consume an RSS feed, format and output the content. My default proxy requires authentication, so unless I supply proxy credentials or bypass the proxy altogether, I get a “407 Proxy Authentication Required” error.

Fortunately I can access the RSS feed URL directly without going through the proxy, so the solution is simple – I just need to instruct my application to ignore the default proxy settings by adding the following lines in my web.config file, within the <configuration> element:

  <system.net>
    <defaultProxy>
      <proxy usesystemdefault="False"/>
    </defaultProxy>
  </system.net>

Troubleshooting IDENT_CURRENT() returning null in SQL Server

Recently I was mystified by an issue with one of my Web applications in which the IDENT_CURRENT() function was returning null. I was under the impression that this function (which returns the last identity value generated for a specific table or view) would always return a value. In fact, as pointed out in this post, SQL Server 2005 (and presumably also later versions) requires the database user to have ALTER, CONTROL, DELETE, INSERT, REFERENCES, SELECT, TAKE OWNERSHOP, UPDATE or VIEW DEFINITION permissions on the underlying table, otherwise IDENT_CURRENT() will return null.

I can’t recall exactly how the permissions were set up in my case, but I know that the database user had SELECT permission on the entire database, and therefore was able to SELECT from the table in question – let’s call it ‘articles’. However, IDENT_CURRENT(articles) only started returning values other than null when I explicitly granted SELECT permission to the user for the specific ‘articles’ table.

Using ISAPI Rewrite to redirect domain.com to www.domain.com

My employer’s SharePoint-powered external website – which I look after – uses ISAPI Rewrite to provide “friendly” URLs for certain pages, and also to redirect old URLs to their new locations. Coming from a LAMP background, this is great for me as it basically works the same as Apache’s mod_rewrite.

Previously the website responded to requests for both domain.com and www.domain.com, which is not ideal. SEO best practice is to either redirect the non-WWW version to the WWW version, or vice-versa. In my case, www.domain.com is the preferred format, so I’m using the following rule:

### Redirect domain.com to www.domain.com
RewriteCond Host: ^domain\.com
RewriteRule (.*) http\://www\.domain\.com$1 [I,RP]

If you want to do the opposite, you’ll need this one:

### Redirect www.domain.com to domain.com
RewriteCond Host: ^www\.domain\.com
RewriteRule (.*) http\://domain\.com$1 [I,RP]

In detail: Argos credit card security breach

When I saw today’s The Register article, “Argos buries unencrypted credit card data in email receipts“, I immediately logged into my Gmail account to see if I had been affected.

It didn’t take me long to find an email receipt from an order placed in April 2009, and was able to see the problem first-hand.

Near the bottom of the email is the wording “We take security of your details seriously. We may send you emails from time to time, but we would never send an email asking for your log on or card details. See online security for further information.” The underlined words point to a page on argos.co.uk via an URL of some 1600 characters – ironically, this is where the problem lies:

http://www.argos.co.uk/webapp/wcs/stores/servlet/ArgosStatic
PageSecondLevel?includeName=Security.htm&langId=-1&storeId=1
0001&catalogId=1500001501&returnToURL=PlaceOrderProgressView
?storeId=10001&cardnumber=****************&houseNumber=*&val
idationno=***&readtsandcs=on&availableDeliveryOrder=********
**&LockDelAddressAsBillAddress=false&startmonth=&paymentAddr
essId=*********&javascriptEnabled=true&contactAddressId=****
*****&orderId=**********&creditPlanId=&unavailableDeliveryOr
der=**********&delcity=RUGBY&SCSNum=03&com.ibm.commerce.cont
ext.experiment.ExperimentContext=com.ibm.commerce.context.ex
perimentimpl.ExperimentContextImpl@63656e2a&switchno=&emailT
ype=HTML&vatReq=N&voucherCode=&catalogId=1500001501&creditPl
anShortText=&address2=&address1=**********&delpostcode=*****
**&cardtype=VISAD&FFM2011461168=5&POnumber=&deliveryAddressI
d=*********&langId=-1&startyear=&eccvValidated=Y&paymentName
=MR C BARNES&delHouseNo=&addressId=*********&delcounty=Warwi
ckshire&fromView=DeliveryOnlyPaymentInfo&SECURE_ACTION_RESUL
T=7&postcode=*******&SECURE_ACCEPT_CARD=Y&country=United Kin
gdom&town=RUGBY&endyear=****&isInstantCredit=false&endmonth=
**&issueNo=&nor=0&foundValidBinCardType=valid&address=******
********************&instantCreditOtherCard=true&instantCred
itOrder=N&county=Warwickshire&jspStoreDir=argos&delPostcode=
&continue.y=15&continue.x=108&cardholder=***********&argosIm
pl=1&deladdress2=****************

Obviously I’ve redacted my personal details, but the actual text contains my full unencrypted card number, CVV code, expiry date, name as printed on the card and address – basically all the information needed for an identity theft attack. Not only was the information transmitted in clear-text when the email was sent, but the link provided is a standard insecure HTTP link which, if I were to click it, would once again transmit the information in the clear.

A PC Pro story on the same subject credits the find to reader Tony Graham, whose credit card details had been used fraudulently. While there’s no evidence to link this incident to the Argos breach, my card details were also misused by fraudsters around the time of my Argos order, so this could be more than a coincidence.

My email receipt from a subsequent order made in July last year didn’t seem to expose these details, so presumably the problem had been resolved by then. Nevertheless, I would hope Argos have the decency to contact all customers that may have been affected, making them aware of what has happened and urging them to check their statements carefully.

Stop Ctrl+Enter from sending emails in Outlook 2003

I use Microsoft Outlook at work and have never purposely used the Ctrl+Enter keyboard to send an email. However, I am a fairly fast typist, and sometimes don’t let go of the Ctrl key quick enough after pasting something into an email before pressing Enter for a new line, the result being a half-finished email getting sent prematurely.

Fortunately there’s a registry hack to disable this annoyance once and for all:

[HKEY_CURRENT_USER\Software\Policies\Microsoft\
Office\11.0\Outlook\DisabledShortcutKeysCheckBoxes]
"CtrlEnter"="13,8"

If you’re using Word as your email editor, add this too:

[HKEY_CURRENT_USER\Software\Policies\Microsoft\
Office\11.0\Word\DisabledShortcutKeysCheckBoxes]
"CtrlEnter"="13,8"

Presumably, if you’re using a different version of Office, you will need to replace 11.0 with the correct version (10.0 for Office XP, 12.0 for Office 2003, etc.)