ApacheTech Consultancy

For my Final Year Project at university I'm going to design my own CMS using ASP.NET 4.5, MVC4, MEF and whatever else I need. My main stumbling block is that although I know how I want the thing to end up, I'm not sure where to start. There are loads of resources online for creating your own php CMS, but not many at all for ASP.NET. There's also a huge amount of video tutorials and other tutorials explaining what the Onion Architecture is and how it works, but I can't find anything that tells you exactly how to go from an empty solution to setting it up. I see loads of project, but nothing to say what type of projects they are. When you right click -> Add new project... what then? Where do you click? Once I get a decent idea of a starting point, things will be a huge amount easier to work through. Any ideas? I'm going to be using Entity Framework 5, Code First.

I've heard of GTK in passing; from what I gather, it's .NET for Linux. In that case, you can just code in .NET and make it Mac/Linux safe with the Mono Framework; an open source version of the .NET Framework.

This is something I'm writing into the next version. I'm just waiting until after my exams to work on it fully.

Sorry I've been a bit lacking on the Dev side. I've had three huge Uni projects to work on over the last couple of months. It's all coming to an end over the next week though so Ill have a lot more time to bug fix. I haven't wanted to mix Java with C# while doing my projects because of the differing paradigms in the code. Bugs will be fixed shortly and in the next month or so I'll be starting work on DuckyEncoder.NET and possibly even an IDE called Deicide.

Can you run the encoder in debug mode? ("--debug" argument). It should give you a stack trace. Can you also post the script you're using.

I'm using Oracle VM Virtual Box with a USB addon (I'm not sure atm which one or from where). For me, the duck only works on the VM if it is in full screen mode with full capture options. if it's in Windowed mode then the host (Win7) catches the script instead. Interestingly, the VM then goes to capture the MSD as I've got TwinDuck installed.

Have you ever used Maltego? It always amazes me how little people think "the internet" knows about them. Just like the Dvervr of Moria or Erebor, you never know what you'll find if you data-mine deep enough.

When I saw it on the news, the only thing I could think of was that IT Crowd episode. :P Cause... Effect...

Yeah, I run port based virtual-hosting through Apache at the moment for different sandbox sites. The default 80 is just a landing site atm That side of it I've got down, but I think I'll have to install IIS first because it likes to hog the default ports, then virtual-host Apache on 8000 and 8080, leaving 80 and whatever other ports I use to IIS. It's just whether IIS will play ball with Apache.

I think I might talk to uni, see if I can take one of the old Cisco routers and a Switch. They have a few which are "bricked" because they don't have the proprietary stuff they need to flash them properly to unbrick them. But I'd be able to pick them apart and flash them myself. A second BT line is a definite no-go. It'd cost far too much money and it's my parents' house anyway. I've just had a look at the options on our router config here and VLANs seem amazingly difficult to set up. It is a four port EchoLife router but the interface for it is notoriously bad. From what you've said, I think I'll go with a slim-on-top VM setup. I'll have the full Win 7 Ultimate as a thick server base but stripped down to maximise performance (Classic scheme, WinTweaks, etc); then on top of that, a slim WIn7 VM with a 32GB VHD. I can strip Windows down to its basic functions, I won't even need the shell. I can rotate backups of the VHD on the NAS as the only thing that would get baulked is the VHD and I can just do a 12hour rollback on the whole image and analyse the baulked drive to patch any security holes. If I only give the VM read-access to any shared files from the NAS that it needs then any corruption should stop short of the host OS. I'm not sure I can cut it off from the rest of the network (it would mean explaining subnetting to my parents and configuring anyone's phones or laptops who ever came round), but I can severely limit its access to the LAN, only whitelisting the specific ports I need through NAT. All the WebDev can be done through SFTP/FTPS from the host to the VM as a remote project. To me, that seems like a fairly bullet-proof design from what you've said about splitting it from the rest of the network. I don't have the luxury of any spare devices or extra lines; I have to work with what I have. One PC, one crappy router and a single phone line. I have all the software I could ever need from Microsoft though. :) How does that sound?

The home PC it's running on is set up purely as a host PC. I have Office and Visual Studio on it, but no personal data is saved on the HDD and I'm not too worried if the machine gets bauked. I've had it running 24/7 for over a year and it's never been visibly damaged so far. BitVise comes up every couple of days or so with a Chinese IP address trying to gain access to my SSH server, but I suppose that is to be expected. I ran Zenmap on one of the IPs once and it routed back to the Chinese Embassy in the UK. :s It's possibly because WoW is installed on the same PC so they're scanning for those ports too to try and get access for gold farming. From the aftermaths I seen in the past, attacks usually take the most direct route ending in an NTDLR failure. I have enough system recovery tools to cover most events. Ideally, I'd like to stick firmly with Windows because I wouldn't have the first clue about how to WebDev or even store files in Linux, and I need Visual Studio as well. I have pretty much unlimited numbers of versions of Windows through Dreamspark Premium so I can put however many VMs of any version on there I want. I've tightened up XAMPP as much as possible. I've changed all the default passwords for phpmyadmin, filezilla and the admin site; moved the XAMPP admin panel to a separate folder entirely; run everything through non-standard ports; updated phpmyadmin; used HOSTS based access with password protected directories. How would the network handle having that PC set up statically using /25 and the rest of the devices on the network on DHCP using /24? Or is this the perfect opportunity to separate that device using a port based VLAN from the router?

Up until recently I've been hosting a website from home, which I've mainly been using as a sandbox site and repository. I have been using Windows 7 Ultimate, XAMPP 1.81, DirectUpdate and a dynamic DNS address. I've whitelisted XAMPP through Windows Firewall and allowed traffic through the router's NAT to my PC which is on a static IP at home. I also use BitVise WinSSHd as an SSH server, using virtual profiles rather than Windows Authentication. It's all worked really well up to now, but after speaking to a few people, they've said that you should never use XAMPP or the like for publicly accessible websites. To that end, I've been wondering what is the most secure and most recommended way to run a website from home? So, starting with a fresh and fully updated version of Windows 7 Ultimate, where do I go from here? Also one side-question; can you run Apache and IIS concurrently on the same machine and have both serve websites on virtual hosts?

It depends as well on what you mean by "overheats". It is natural for laptops to get hot to the touch, especially if they are used for long periods of time. If they are used on someone's lap or soft fabric (duvet springs to mind) then they can get even hotter; but this is natural. It is advised with any laptop to strip it down every so often, give it a blow out with a can of compressed air or a USB vacuum cleaner. If you do this, be careful when cleaning the dust off the fans that you turn the fan in the correct direction. Some laptop fans can cross-thread if spun the wrong way. If it "clicks" at all when you turn it the wrong way, don't continue and only spin it in the direction intended. Rather than any internal problems, overheating is usually caused by improper laptop use and overuse. They're not designed to be kept on 24/7 (although I'm guilty of this, the only time I turn my laptop off is to travel with it). They're also designed to be used whilst lying on a flat surface. There are air intake holes on the underside of the chassis which if covered up will cause the laptop to heat up faster. This can also degrade battery performance by overheating the battery.

The method we were taught in uni, I find a bit convoluted, but it is good as a way to get your head around why stuff happens whilst still working in decimal. So follows... IP Network Subnetting Exercises You are often faced with having to work out the distribution and setting of IP addresses in a LAN when the allocated network address and subnetting mask number are already known. Typical questions that need to be answered are: How many subnets does the given mask provide ? How many valid hosts per subnet are available? What are the valid subnet addresses? What is the broadcast address for each subnet? What is the range of valid hosts IP addresses in each subnet? Lets consider how to work these out in turn. There are different methods to find these but probably the simplest is to use the decimal notation. Identify the subnet mask number in the relevant part of the IP address. This depends on the Class of the network you are dealing with. For a Class C network this will be the last decimal number in the mask For a Class B network it would be the 3rd decimal number in the mask. Whatever this number is subtract this from 256 and you will be left with another number; call this X, then: Number of subnets is 256 / X Number of valid hosts per subnet depends on the Class (C = X-2, B = 256X – 2) Subnet address numbers start at .0 and increase by a factor X until .255 is reached. The broadcast address is the last IP number before the next subnet starts. Valid host IP numbers run consecutively between the subnet and broadcast addresses.

The borrowing of bits is a given, the biggest thing is how you logically get to that stage. If it's anyone's first time working with subnets, the biggest tip I could ever give is forget about decimal numbers. Decimals make it clumsy and inelegant to work with. Convert everything to binary and start from there. That's where the theory is best explained. As soon as 255.255.255.192 becomes 11111111.11111111.11111111.11000000 you can instantly understand why we use 192 and not any other number. You instantly see why it's called /26 and you can instantly see where your network and hosts are.