All posts by admin

How to Determine all Ports Opened by a Program in Windows

Motivation:

You want to ensure that your server is not compromised by a program.

Solution:

1. Open cmd.exe and execute commands below. Note the program file name and one of its ports that you want to investigate further.

netstat -a -b

2. Execute the command below. Note the PID associated with the port that you are interested in.

netstat -ano -p tcp

3. Execute commands below. “1544” is the PID that you are interested in.

netstat -ano -p tcp |find "1544"

4. Open https://mxtoolbox.com/TCPLookup.aspx, and enter [your external IP:port], and click TCP Lookup button to check if a port is open from your server.

5. Go to your Firewall and block the port if it should not be open to the Internet.

How to Change SQL Server sa User’s Password

Problem:

You are a Windows Administrator and you can log in SQL server instance. However you cannot access databases.
You want to log in the SQL server instance under sa user but you forget the sa user’s password.
You cannot the sa user’s password using SQL Server Management Studio.

Solution:

1. Open cmd.exe and execute commands below. Replace MSSQL$SQLEXPRESS with your SQL service name and localhost\SQLEXPRESS with your SQL instance.

net stop MSSQL$SQLEXPRESS
net start MSSQL$SQLEXPRESS /m"SQLCMD"
sqlcmd -S localhost\SQLEXPRESS

2. Type and press Enter for each line below.

ALTER LOGIN [sa] WITH DEFAULT_DATABASE=[master]
GO
USE [master]
GO
ALTER LOGIN [sa] WITH PASSWORD=N'Password@1234'
GO
exit

3. Open cmd.exe and execute commands below.

net stop MSSQL$SQLEXPRESS
net start MSSQL$SQLEXPRESS

4. Open SQL Server Management Studio and log in the SQL server using the sa account.

How to Fix Windows Updates Error Code 80070570

Problem:

You were applying Windows updates to a Windows server and got an error with code 80070570. You tried restarting your server several times but it seemed that the problem still persisted.

Solution:

1. Restart your server.

2. Open Command Prompt (Admin).

3. Execute the commands below.

net stop wuauserv
net stop bits
:: Removes all files from the directory
del /q C:\Windows\SoftwareDistribution\*
:: Recursively removes all nested directories
for /d %x in (C:\Windows\SoftwareDistribution\*) do @rd /s /q "%x"
net start bits
net start wuauserv
control update

4. Close the Command Prompt (Admin).

5. Click Check for updates link on the left.

6. Install updates.

7. Click Retry button if you encounter an error.

 

How to Select a .NET Framework

Motivation:

You need to select a .NET framework for your new project or for upgrading a legacy system.

However there are too many .NET framework branches so you are not sure which one is suitable with your need.

Guidelines:

You need to review the history of .NET framework and the differences among the various branches that include .NET Framework, ASP.NET Web Forms, ASP.NET MVC, .NET Core and .NET 6.

1. .NET Framework

The main purpose of .NET Framework is for building Windows Forms Applications.

  • .NET Framework 1.0 was released in 2002.
  • .NET Framework 2.0 was released in 2005.
  • .NET Framework 3.0 was released in 2006.
  • .NET Framework 3.5 was released in 2007.
  • .NET Framework 4.0 was released in 2010.
  • .NET Framework 4.5.2 was released in 2014.
  • .NET Framework 4.8 (the latest version) was released in 2019.
2. ASP.NET Web Forms

ASP.NET Web Forms was built on top of .NET Framework.

The main purpose of ASP.NET Web Forms is for building ASP.NET Web Forms Applications (multiple page web applications).

3. ASP.NET MVC

ASP.NET Web Forms does not follow MVC architecture pattern. Therefore MS built ASP.NET MVC.

ASP.NET MVC was built on top of .NET.

ASP.NET MVC is open-source software, apart from the ASP.NET Web Forms, which is proprietary.

The main purpose of ASP.NET MVC is for building ASP.NET MVC Applications (multiple page web applications based on MVC architecture pattern).

  • ASP.NET MVC 1.0 was released in 2009 (It was built on top of .NET Framework 3.5).
  • ASP.NET MVC 2.0 was released in 2010 (It was built on top of .NET Framework 4.0).
  • ASP.NET MVC 5.2.8 (the latest version) was released in 2022 (It was built on top of .NET Framework 4.8).
4. .NET Core

.NET Framework does not run on Linux or Unix and is proprietary. Therefore MS built .NET Core.

.NET Core runs on Windows, Linux and Unix, and is open-source software.

  • .NET Core 1.0 was released in 2016.
  • .NET Core 3.1 was released in 2019.
  • .NET Core then was renamed to just .NET in 2020 and .NET 5 was released in 2020. The .NET 4 name was not used to avoid name collision with .NET Framework.
  • .NET 6 (the latest version) was released in 2021.

The main purpose of .NET Core or .NET is for building Windows Forms Applications, ASP.NET MVC Applications and Single Page Applications that run on Windows, Linux and Unix.

The ASP.NET Web Forms Application type was removed from .NET Core or .NET.

5. .NET 6

Currently (in 2022) MS supports 2 branches of .NET:

  • .NET Framework 4.8 (containing Windows Forms Applications, Web Forms Applications, and ASP.NET MVC Applications) and
  • .NET 6 (containing Windows Forms Applications, ASP.NET MVC Applications and Single Page Applications).

Both .NET Framework 4.8 and .NET 6 support building microservices.

6. Final thoughts

For a new system, you probably should use .NET 6.

For a legacy system, if you are using ASP.NET Web Forms then you may stick with .NET Framework 4.8. Otherwise you may upgrade your system to .NET 6.

 

 

 

 

Should We Rebuild or Renovate an Outdated System?

Motivation

You have an outdated system and want to rebuild or renovate it. You do not know which path is best for you.

Guidelines

Typically you have 2 main options for an outdated system.

Option 1 – Replacement: You can rebuild the whole system and migrate the existing data to the new system.

If you follow this approach then you may consider WordPress if your system is just a brochure website. WordPress is very suitable for building a brochure website.

If you system is a simple software supporting few business processes then you may consider EspoCRM. EspoCRM is very suitable for building simple business processes.

If your system is a sophisticated software supporting specific business then there may be several things you may need to consider when deciding to rebuild your system.

1. The effort to migrate the existing data to the new platform. A deep analysis of the existing data is required to create a reasonable estimate for this task.

2. The effort to integrate the new system with other systems that are integrated with the existing system. An analysis of the existing source code is required to create a reasonable estimate for this task.

3. The effort to implement all the existing business processes in the new system. A list of all business processes with their concrete steps is required to create a reasonable estimate for this task.

4. The possible mismatches of the new platform and the existing code base and data. These may require changes of business processes or removal of some existing features or considerable effort for migration.

5. Are the source code, database and files of the existing website fully available? Some websites might suffer vendor lock-in issue. It may be true that any exported data is unusable without the source code. Therefore no migration tool can help data migration due to specific data structures and constrains.

For example no one-way encrypted user passwords can be migrated to a new system. The best data that might be available for you is just Excel or CSV files. The contents of these files may be imported to the new system manually or automatically but no business logic can be transferred. In this case, rebuilding the whole system (preferably using WordPress) will require manually copying the contents to the new system and partially importing few tables (e.g. emails, first names, last names, page titles) to the new system.

Option 2 – Renovation: You may choose to renovate your system if the existing technology stack is not too outdated.

When choosing this option you may need to consider several things below.

1. The life cycle of the existing technology stack. The existing technology stack should not be deprecated and is still in active support.

2. The ecosystem of the existing technology stack. Most of 3rd party components for the existing technology stack should still be in development and support.

3. The capabilities of the existing technology stack. The existing technology stack should still support your new requirements although the solutions may not be perfect for performance or user experience.

4. The cost of the existing technology stack. You should still be able to afford the cost of the existing technology stack.

 

Should We Use SOAP or REST or gRPC or GraphQL for API Implementation?

Motivation

You want to implement an API for your client to integrate with your system.

You wonder if you should implement the API using SOAP or REST or GraphQL or gRPC.

Guidelines

Technically speaking SOAP is a protocol (developers must respect the protocol specification when working with it) while REST is an architecture style (Developers may not follow it strictly).

Most of software service providers (e.g. Salesforce, Sharepoint) provide both of them (SOAP and REST) for API clients.

The reason why a software service provider may implement both SOAP and REST is that legacy systems or frameworks (e.g. .NET, Java) often have many mature tools or libraries for consuming SOAP API easily while modern systems or frameworks (e.g. Node.js) often have many available tools/libraries for quickly consuming REST API.

If only one approach has to be chosen in order to reduce development cost then selecting SOAP or REST or GraphQL or gRPC for API implementation should depend on the API clients.

So the strategy below may help us select the most appropirate technology.

  1. Introducing your system capabilities to your client first.
  2. Then find out the main programming language that the client is using for their back-end services (e.g. Java, C#, PHP, JavaScript, Python, Ruby, Go)
  3. Find out the main API technology that the client is using for their back-end services or the API technology that they are most familiar with (e.g. SOAP, REST, GraphQL, gRPC).
  4. Then implement your API using the client’s API technology. The API can be implemented using a programing language that you are most familiar with.
  5. Then create the corresponding API developer guide and sample code for the client using their programming language.

 

How to Automate Code Signing using EV Code Signing Certificate

Motivation

Your software installer (e.g. an EXE or MSI file) is warned by Microsoft Defender. You want to remove the warning so that your users can trust your software.

Solution

You need to sign your software installer using an EV code signing certificate.

Terminologies

SSL certificate is a cryptographic certificate (technically named X.509) issued by a Certificate Authority as a file for encrypting and decrypting data between a client and server.
SSL certificate is usually valid for one domain in 1 year.

Code singing certificate is a cryptographic certificate (technically named X.509) issued by a Certificate Authority as a file for placing a digital signature on a file, program, or software.
Code signing certificate is usually valid for signing file, program or software from 1 year to 3 years.
Code signing certificate does not relate to domain.

EV code signing certificate is a code singing certificate (technically named X.509) that is issued on USB or HSM or Cloud Signing Service (not a file) by a Certificate Authority for placing a digital signature on a file, program, or software to bypass MS Defender warning.
EV code signing certificate is usually valid for signing file, program or software from 1 year to 3 years.
EV code signing certificate does not relate to domain.
When signing file, program or software using an EV code signing beside presence of USB or HSM or Cloud Signing Service an additional one-time password (OTP) is usually required for security.

EV Code Signing Certificate, USB, HSM, and Cloud Code Signing Service

The core part of a certificate is a secret string called private key.
All the certificates have this same core part. The difference is just where this string will be stored.

– This secret string can be stored in a machine/server (standard certificate) and can be exported and imported to other machines/servers, e.g. via PFX files with private keys.

– This secret string can be stored in a USB (this is a requirement for EV certificate). In this case, it can be imported to the USB but then could NOT be exported from the USB and imported to other locations.

– This secret string can be stored in a HSM (hardware security module, usually a physical card with cryptoprocessor chip or a certified virtual machine, USB can be considered a HSM too) (this is a requirement for EV certificate). In this case, it can be imported to the HSM but then could NOT be exported from the HSM and imported to other locations.

– This secret string can be stored in a Cloud Code Signing Service (this is actually a specific certified HSM virtual machine) (this is a requirement for EV certificate). In this case, it can be imported to the Cloud Code Signing Service but then could NOT be exported from the Cloud Code Signing Service and imported to other locations.

If we have 3 physical servers and we use the USB storage approach for EV Code Signing certificate then we need 3 USB sticks (duplicates) that contain the same certificate.

If we use HSM or Cloud Code Signing Service then we just need one HSM or one Cloud Code Signing Service account.

Typical steps to sign code using EV code signing certificate

– Purchase an EV code signing certificate.

– Retrieve the USB containing private key and temporary token password.

– Install software to connect to the USB, e.g. SafeNet Authentication Client, and change the temporary token password.

– Find and copy the SignTool.exe utility from Visual Studio Tools to a location.

– Enable Single Logon feature of SafeNet Authentication Client on Client Settings > Advanced so that we can pass the EV certificate password to SignTool.

– On SafeNet Authentication Client, right click the EV certificate and export the public certificate (.CER file).

– On SafeNet Authentication Client, click the EV certificate and retrieve the key container name of the EV certificate.

– Sign the software installer using the command below.

SignTool sign /f myCert.cer /csp "eToken Base Cryptographic Provider" /k "[{{TokenPasswordHere}}]=KeyContainerNameHere" myFile.msi /tr http://timestamp.digicert.com /td sha256 /fd sha256

– Verify the signing using the command below.

SignTool verify /pa myFile.msi

 

 

How to Fix IIS Express HTTPS Error

Problem:

You have created an ASP.NET web application with HTTPS.

You ran the application on https://localhost:5001 and got the “ERR_CONNECTION_RESET” error.

Solution:

1. Open Command Prompt with admin rights.

2. Type and press Enter

cd "C:\Program Files (x86)\IIS Express"

3. Type and press Enter

IISExpressAdminCmd.exe setupsslUrl -url:https://localhost:5001/ -UseSelfSigned

Change 5001 in the command above to the port you’re trying to use.

 

How to Pronounce Specific Technology Terminologies

 

 

 

     

    Microservice-Based System

    Motivation:

    You want to use microservice architecture for your system but you are not sure whether your design does follow microservice style.

    You need to explain your microservice-based design to your client or manager.

    You need to evaluate a system against microservice architecture style.

    Information:

    A microservice-based system contains 2 main parts: a user interface and a collection of APIs (or web services or just services).

    [A diagram shall be added here.]

    The user interface can be multiple web pages or single web page or mobile native application or Windows native application.

    The user interface can be implemented using ASP.NET MVC or React or Angular or Android SDK or iOS SDK or even ASP.NET Web Forms or WordPress.

    Each API must have its own database , must be deployed independently of other APIs, can be implemented using preferred technology stack, and should focus on a single business domain.

    Each API database can be a relational database (MS SQL, Oracle, mySQL) or noSQL database (MongoDB, Cassandra).

    These APIs can be implemented using .NET Framework 4.8 or .NET 6 or Spring Boot (Java) or Node.js or Golang or even WordPress.

    These APIs often share an identity provider that in turn is often a specific API too.

    These APIs often share several utilities (e.g. notification service, file service, payment service) that in turn are often specific APIs too.

    These APIs can be grouped into API Gateways for easier authentication and authorization control. The API Gateways can be implemented using using .NET Framework 4.8 or .NET 6 or Spring Boot (Java) or Node.js or Golang or even WordPress.

    These APIs can also share data with one another using a message broker (i.e. message queues). These message queues can be implemented using a relational database (MS SQL, Oracle, mySQL) or noSQL database (MongoDB) or a distributed event streaming platform (Kafka, RabbitMQ).