i've always seen stories of identity theft and virtual identity theft.  and i've not been a victim thankfully.  but in those stories (the ones that make the "big" news) there always seems to be a technical hacking going on to get more information, etc.  nothing really exposes as it should the social side of hacking.

the hp scandal really started to do this and added "pretexting" became the latest favorite word of journalists.  kevin mitnick has said that this type of social hacking is the best weapon that everyone seems to forget about.

well, the other day i was looking at one of my bills that i don't pay on their web site.  they had a teaser on their bill that said "you can now pay online go to our site blahblah.blah" so i did.  it asked me for my account number and a pin.  there was no "sign up" link or anything and i had no idea what my pin was since i hadn't done it before.  so i called them.

it went something like this:

them: hello thank you for calling company blah, how can i help you
me: hi, how are you, i'm trying to use the new online billing feature but don't have a pin setup yet, and didn't see a sign up, can you send me one (thinking that is how the banks do it to ensure the pin at least gets sent to the registered address)
them: let me look that up for you, what is your account number
me: flippity-flip-flip
them: okay, your pin is skippidy-doo
me: thank you
them: your welcome, you are tim heuer right?

hmm, me thinks some verification should have happened BEFORE the essential pin was provided.  now what information was available, well nothing at this point because i hadn't used the service.  but what if i had and decided to store my cc information (which i never do by the way and wouldn't recommend anyone doing)?  when i hung up the phone i just sat there for a second and had the realization of how easy it is to be a victim.

when tivo first came out, i thought it was the bomb (and it was really).  sure windows media center was out there but they didn't really have good component boxes like they do now.

so, when i got my series 2 tivo, i figured...lifetime service...sign me up.  well, my literal box died last week and i've been staring a "Welcome, powering up" screen thinking that if i stare long enough, it will finally go back to the home screen.  well, been staring too long and nothing is happening.  sigh.  quick search on the tivo community yields a likely bad drive.  solution?  new drive.  i wish that with the lifetime service they would have tacked on a warranty to that...or at least a replacement warranty option...sigh again.

good thing is that i learned about instantcake, which enables me to hook up any drive to a secondary ide locaiton on a pc and prep that bad boy for tivo life.  for $20, it is going to be worth a try.  i'm going to try to revive the drive that is in there now (heck it boots up to a point, so maybe it is just some diag that needs to be run).

but, this also does give me some additional leverage for my master plan in my house.  i'm really buying into the whole home media world concept.  right now we use a mac for our photos/videos/music.  the profile system (my wife and i both have a login) sucks on a mac.  i load up the library in itunes for example (yes the location is in a shared directory) and import the 3700 songs.  my wife logs in and even though itunes is configured to look at the same folder, it sees no songs.  i'm learning that itunes/iphoto aren't really configured to "monitor" those directories...but just rather it is a config of where to place things on import.  double sigh.  i know media center doesn't have this problem because it *monitors* file types and adds them, giving you a constantly dynamic library.  that coupled with an xbox 360 gives me a great system.  and i think a high wife-acceptance-factor (waf).  now if i can just convince the cfo...

a little humor today.  you may remember about a year and half ago the two chinese friends/brothers who were the famous youtubers with their backstreet boy spoof.  what?! never heard about it, well take a look: 

these guys are still going strong and getting popular as ever...there are blogs and tv appearances, even a "live" show

all there other videos are at http://barryispuzzled.com/funpage.html and if you read chinese you can view their blogs/site:

• blog
• official site

wonderful.

i did a quick refresh on my windows vista sidebar gadget templates for visual studio.  it is a simple refresh that accomplishes the following:

• puts both the VB and C# web project templates in the same visual studio content installer
• moves the structure around to demonstrate how to use locale folders within gadgets (see image below)

i get questions on the first one (VB/C# templates) a lot.  really there is no difference between the templates, the only reason i created two is so that when you choose "new web site" it will show up under both language options.  that's it.  gadget development itself is mostly html/javascript (unless you are using something like script#), so the templates are there for convenience only.

new structure:

i've refreshed the old download links, but here is the link to the updated single VSI file as well:

file: VistaSidebarGadget.vsi

thanks to those who joined us for my learn2asp.net session on interoperability with php and windows.  i apologize for the rescheduling (if you even knew about it) that had occurred, but glad you could make it to the session.  in the session i stated that i'd post the information and sample code i referred to on to my blog so here it is :-).

in the session i mentioned a few things, so i'll dump them to you here:

• VS.php - the editor i was using that integrated into Visual Studio 2005 from JCX.Software
• ADO.NET provider for MySQL databases - from CoreLab software development
• Visual Web Developer Express -- free versions of visual studio and sql server 2005
• FastCGI for IIS - FastCGI extension for IIS (Internet Information Server)

in the session (which is still available on-demand for you to watch -- and if you watch 3 webcasts i think you get some swag as well) we demonstrated some simple methods of integrating with .net applications using two primary methods: com interop and web services.  below are some of the samples i demonstrated as is the sample code for them is at the bottom of this post as an attached file download.

com interop
the com interop scenario allows us to directly interact (okay, well obviously not directly, but via com) with a .net class library that someone may have created.  a few best practices should be followed (and some required) for this to occur.  this isn't php-specific, but rather com interop specific.  first when building the .net class library, you have to make sure that you mark it ready for com interop.  in visual studio, you can view the project properties to do this and look at the "build" tab in c# and the "compile" tab in visual basic.

samples: build tab in c# (the output section is near the bottom of the info on this tab):

the second thing you have to do is make the class library "com visible."  in visual basic, you'll attribute the class like this:

<ComClass()> _
<Runtime.InteropServices.ComVisible(True)> _
Public Class RegClass

in c# you can again use the project properties window under the application tab, there is a setting for "assembly information":

which basically adds this to the AssemblyInfo.cs file in the project:

[assembly: ComVisible(true)]

the next thing you have to ensure is that the assembly is signed with a strong name.  the reason for this is that when the assembly (dll file) is going to be registered, it will need to have a reference to the codebase or alternatively will be placed in the global assembly cache (GAC) both of which require assemblies to be signed.  once you have those steps complete, you can register the .net assembly with com, using the regasm.exe tool that comes with the .net sdk.  to sign the assembly, visual studio makes this easy through the project properties options in the "signing" tab, allowing you to create a new strong name key file at that time as well:

once you have this you are ready to use the regasm.exe tool using the command seen here (note the highlighted portion):

i prefer to use the /codebase option as it allows me to not require it be in the GAC and gives me flexibility of where the assembly may physically reside.

after you have done this you can start calling the com object.  using the sample code (available at the end of this download) you would do something like this in php:

$com_app = new COM("PHPInteropCSharpClass.SimpleClass");
$result_var = $com_app->SayHello("Woodingo");
echo $result_var;

and when requesting the page it will call your com object.  i hope this helps.  for further explanation, you can view the webcast on-demand to see it all in action before you try it out for yourself.

soap interop
the second thing we demonstrated was using web services and soap.  i've included a sample file (phpSoap.php) in the zip file that uses the native PHP5 SOAP extension.  i won't go in detail here as that is well documented.  other options are to use the NuSOAP extension as well that provides similar functionality, but know that in PHP5 there is a native extension for creating a SoapClient object using a WSDL file.

i hope this helps, let me know if you have any questions.

file: PHPInterop