var anchor = string.Format("<a href='{0}'>My Safe Link</a>",

   Request.QueryString["Url"]);

Response.Write(anchor);

The above code is not safe and is vulnerable to an XSS attack. If you are using the AntiXSS library you might assume that calling the HtmlEncode or HtmlAttributeEncode methods will protect you.  One of the reasons these methods will not protect you is a result of an attack string that most developers forget about:

javascript:alert('')

If the query string parameter Url is set to the above string then an alert dialog will appear when the anchor is clicked.  Again, the code that would allow the XSS is using the AntiXSS library and even calling the HtmlAttributeEncode method, as shown below.

var anchor = string.Format("<a href='{0}'>My Safer Link</a>",

    AntiXss.HtmlAttributeEncode(Request.QueryString["Url"]));

Response.Write(anchor);

If you are using the AntiXSS library you actually will want to call GetSafeHtmlFragment to get a safe anchor.  So your anchor declaration should look like the following.

var anchor = AntiXSS.GetSafeHtmlFragment(

   string.Format("<a href='{0}'>My Safest Link</a>",

   Request.QueryString["Url"])); 

I hope this post serves as a friendly reminder that HtmlEncode is not an end all solution, which is a reason why several different methods exist for sanitizing input.  Also keep in mind that there is going to be more overhead with GetSafeHtmlFragment than with HtmlEncode.  If that is an issue for you, then you may want to roll a custom sanitation method for your needs.  Actually, it might be a good idea for AntiXSS to offer granular sanitation solutions, such as GetSafeHref.

I created an inf file that adds a new option to the context menu for .dll files.  It allows you to right-click on an assembly and select CAT.Net Scan.  This will run the x64 version of CAT.NET against the assembly and generate a report of any security vulnerabilities discovered in the assembly.  The report is named the same name as the assembly with a suffix of _report.html.

I have attached the .inf file to this post.  You can download it to your computer, right-click on the file and select install.  In order for it to work you need to download and extract CAT.NET v1 x64 to the C:\CAT.NET folder.  You can download CAT.NET from here: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=e0052bba-2d50-4214-b65b-37e5ef44f146

Here is the .inf file I created to install the context menu option: CATNetScan.inf

CATNetScan.inf (1.69 kb)

My Kensington Ci70 wireless keyboard stopped working after a couple of years of daily use.  I really enjoyed the way the keys felt when I typed but didn’t like that it was wireless.  Therefore, I decided to purchase the Ci73 keyboard, which is now only $25, half the price I paid for the Ci70.  The Ci73 feels better than the Ci70, and tons better than a traditional keyboard.  My wife even tried it out and didn’t want to stop typing. 

I was using a dell keyboard last week and felt some tightness in my wrists, something I never experienced with the Ci70.  The ease at which this keyboard types is incredible, I don’t want to stop typing on it.

I moved platforms to BlogEngine.NET and updated my theme.  I tend to build my own themes, but in this case I modified an existing theme for use on my blog.  I plan to make a few more tweaks to it, nothing too major.

So far I am enjoying BlogEngine.NET, it is has great potential.  I would like to see more control over theming individual pages instead of just controls on a page.  In my next post I will talk about securing BlogEngine.NET.

Please provide feedback on this theme.  I originally had updated my GraffitiCMS theme to use readability fonts and sizes to make it easy on the eyes.  Do you think new fonts would be useful for this theme or are you satisfied with what you see?

The first thing you should do is check all of the common things that would make a baby cry.  You should also be familiar with dunstan baby language to help you meet the needs of your baby.  After you have checked the diaper, hunger, sleepiness, burp needs, and the general comfort of your baby then you may try some or all of my tips to quiet a crying baby.  Keep in mind, I am not an expert, I am a new dad, but in this brief time of being a dad, I have developed some decent tricks.

1. Dance and sing with baby.  Throw some music on the radio, something like stevie nicks or sarah blasko, something you can sing along to.  Then hold your baby and dance with her.  I often find this to be a good way to entertain my baby.

2. Make novel sounds that your baby has never heard before.  Helicopter or space sounds make my baby happy.

3. Wear your baby in a sling…make sure it is not a baby bjorn as this applies too much pressure to babies pelvic muscles.  I find that putting my baby in a kangaroo position in a ring sling quiets and puts my baby to sleep.

4. Watch Happiest Baby on the Block and use the techniques from this.  For example, swaddle your baby, make loud shhh sounds in their ear, and gently jiggle them. 

5. Have skin-to-skin contact with baby.  Take off your shirt and babies shirt and let them lay on your chest next to your heart.

6. If all else fails, hand baby back to mom.

A dystopia is the opposite of a utopia.  While there are more movies that fit that classification, I have chosen 75 movies that embody a dystopia.  They are not in any particular order.  I tried to include an image and summary for each, but it ended up taking longer than I cared to spend, so I stopped.  If there are any that you think I missed, be sure to append them to the comments below.  After many is a link to the Internet Movie Database (IMDb) and if there is not a link, then simply visit www.imdb.com and search for the movie.  If I had something to say I added it, otherwise I am quoting the plot summary available at IMDb.  Also, if there is a sequel I am only including one of the movies .  For example, there are 3 Mad Max movies, but I am only listing the first Mad Max (I liked Road Warrior the best out the trilogy).

Children of Men

In 2027, in a chaotic world in which humans can no longer procreate, a former activist agrees to help transport a miraculously pregnant woman to a sanctuary at sea, where her child's birth may help scientists save the future of humankind.

The Road

Based on the Cormac McCarthy book, this movie is due out early 2009 and is sure to be a classic dystopian film.  It is about a man and a boy traveling a main road in a post-apocalyptic period.  The book was amazing, so I can't wait to see this film.

IMDb - Rotten Tomatoes

A Clockwork Orange

In future Britain, charismatic delinquent Alex DeLarge is jailed and later volunteers for an experimental aversion therapy developed by the government in an effort to solve society's crime problem.

IMDb - Rotten Tomatoes

1984

George Orwell's novel of a totalitarian future society in which a man whose daily work is rewriting history tries to rebel by falling in love.

IMDb - Rotten Tomatoes

Mad Max

IMDb - Rotten Tomatoes

Stalkers

The Matrix

A computer hacker learns from mysterious rebels about the true nature of his reality and his role in the war against the controllers of it.

IMDb - Rotten Tomatoes

The Postman

Post-apocalyptic America. What begins as a con game becomes one man's quest to rebuild civilization by resuming postal service.

IMDb - Rotten Tomatoes

The Handmaid's Tale

In a dystopicly polluted rightwing religious tyranny, a young woman is put in sexual slavery on account of her now rare fertility.

IMDb - Rotten Tomatoes

Brazil

A bureaucrat in a retro-future world tries to correct an administrative error and himself becomes an enemy of the state.

IMDb

A Boy and His Dog

A post-apocalyptic tale based on a novella by Harlan Ellison. A boy communicates telepathically with his dog as they scavenge for food and sex, and they stumble into an underground society where the old society is preserved.

IMDb

28 Days Later

Animal activists invade a laboratory with the intention of releasing chimpanzees that are undergoing experimentation, infected by a virus -a virus that causes rage. The naive activists ignore the pleas of a scientist to keep the cages locked, with disastrous results.

IMDb

V for Vendetta

Remember, remember the 5th of November, the gun powder treason and plot. I know of no reason why the gun powder treason should ever be forgot.

IMDb

• Solaris
  
• Wall-E
  
• Equilibrium
  
• Rollerball
  
• Death Race 2000
  
• Soylent Green
  
• Logan's Run
  
• AI
  
• Silent Running
  
• A Scanner Darkly
  
• Escape from L.A.
  
• THX 1138
  
• They Live
  
• Punishment Park
  
• Dark City
  
• Fahrenheit 451
  
• Gattaca
  
• Planet of the Apes
  
• The City of Lost Children
  
• RoboCop
  
• Twelve Monkeys
  
• Alphaville
  
• The Trial
  
• Sleeper
  
• Delicatessen
  
• Minority Report
  
• Blade Runner
  
• Metropolis
  
• The Island
  
• Quiet Earth
  
• Sleeping Dogs
  
• Johnny Mnemonic
  
• Threads
  
• Harrison Bergeron
  
• Panic in Year Zero
  
• Last night
  
• Network
  
• Judge Dredd
  
• Until the End of the World
  
• BRAVE NEW WORLD
  
• Blood Simple
  
• Modern Times
  
• The Truman Show
  
• ZARDOZ
  
• Terminator
  
• I Robot
  
• The Day The Earth Stood Still
  
• Closetland
  
• The Blood of Heroes
  
• The Andromeda Strain
  
• Kin-Dza-Dza
  
• Alien
  
• The last man on earth
  
• Waterworld
  
• The Beach
  
• Sin City
  
• Code 46
  
• The Omega Man
  
• The Running Man
  
• Le Dernier Combat
  
• No Blade of Grass
  
• Avalon

I absolutely hate the Design/Split/Source button bar whenever I am editing markup.  It is especially annoying whenever I switch to full screen, because it still appears, even though it serves no purpose for me.  Therefore, I opt to completely remove it, as you should do as well. I think this may also count as a minor performance tweak, as there is less processing that studio will have to do when switching to the html editor.  Below is how to completely remove it:

Add a new DWORD entry in your registry at:

Name the DWORD DisableDesignView and set its value to 1.

Reload Visual Studio and the annoying bar is removed.  You should note that this may also disable your CSS intellisense. but who needs that?

I have a Sony 505 eReader that I use to read a wide range of information on.  Shortly after my eReader purchase I download calibre for managing my documents.  It seems that every couple of weeks there is a new version too.  Each version does a good job of improving on the last.  The program itself is quick, it is written in python.  The interface is intuitive and has some nifty features.  My favorite is that it can grab the contents of a site and quickly convert it to a format friendly to my Sony.  Another nice feature is that it can easily convert books between formats.

I encourage you to try it out if you have a reader or lots of books.  It also has a built in viewer.  Download here.