a brief about me

My avatar
Fabio Zendhi Nagao

is an applied mathematician from IME - USP - Brazil currently working as CTO at Lojcomm Internet, a company specialized in e-commerce. + info

fields of interest: E-commerce, Collective Intelligence, Interoperability, Web 2.0, Web Design, Mathematical Programming, Pattern Recognition.

contacts: Twitter and nagaozen @hotmail.com, @gmail.com and @yahoo.com

out of date goodies

In order to help the large amount of people looking for my old widgets everyday, I'm putting below a list of the most wanted. Note that the others are still accessible at http://zendold.lojcomm.com.br/.

support my projects

If you like my free products and want to support their advancement, please consider making a small (or large!) donation or buying me a book from my Amazon wishlish.

Category : Optimization

Mar 10th

HOWTO: Compact vdi

Filed Under: Optimization, Server, Windows

$ vboxmanage modifyhd --compact <disk file>.vdi

Read More. No comments made.

Mar 31st

HOWTO: Remove a parsers from ctags

Filed Under: GEdit, Optimization

Sometimes it's useful to remove a language parser from the ctags binary. Specially if you are extending it via ctags.conf file. You will need to remove the language bindings at parsers.h (one line here) and source.mak (two lines here), then just recompile the code to get the parsers away.

Read More. No comments made.

Aug 18th

Fixing Classic ASP Request.QueryString Unicode (UTF-16) bypass

Filed Under: ASP, AXE, Javascript, Optimization

Thanks for the great power of Twitter and TweetDeck, yesterday I was pointed to a terrifying bug in Request.QueryString method in the standard Classic ASP installation. THIS BUG DOES NOT EXISTS IN MY AXE FRAMEWORK (see the tests in the end).

Only God knows why for some mystical reason and under certain conditions Request.QueryString method do some automatic homoglyph (like α→a, τ→t) and homophone (like π→p) transformations in the incoming Unicode (UTF-16) QueryString helping unoccupied folks to XSS and SQLI your beloved application. Basically this stupid transformation implies that there are a lot of potential Unicode characters that can be used as '<' and ''' making the life of exploiters easier. For more information about this bug, read NoScript New Bypass Method by Unicode in ASP and Lost in Translation (ASP’s HomoXSSuality).

Since Microsoft isn't very active in supporting ASP nowadays, I've no clue if they will move a finger to fix this (usually they still release security patches). So I'm giving you Classic ASP developers the chance and the knowledge to fix this issue. Create a file named base.asp in your project and put the following code inside:

function AXE_GET(k) {
    var v = "",
        q = Request.ServerVariables("QUERY_STRING");
    try {
        v = decodeURIComponent(q);
        v = Request.QueryString(k);
    } catch(Ex) {
        var c = String(q).split('&'),
            j = k + '=';
        for(var i = 0, len = c.length; i < len; i++) {
            if( c[i].indexOf(j) === 0 ) {
                v = c[i].substring(j.length);
            }
        }
    }
    return v;
}

Add this file to your application library (hope you made a request mapper):

<script runat="server" language="javascript" src="/lib/axe/base.asp"></script>

And replace all your Request.QueryString calls to AXE_GET:

dim name : name = Request.QueryString("name")' from this
dim name : name = AXE_GET("name")' to this

That's it, you are safer than before :D

Demo

Read More. 3 comments.

Aug 11th

Enable IIS6 gzip compression to maximum AXE performance

Filed Under: ASP, AXE, IIS, Optimization, Windows

I've recently configured a lot of Windows 2003 servers to run our e-commerce system and remembered that both the built-in configuration of IIS6 and the IIS6 GUI aren't friendly for a proper gzip/deflate compression of our modern file extensions. That's why I'm writing this tutorial which will make your box compress css, js, json, xml and aspx files the way you probably want it. This will also helpeful if a new type of file happen to appear in the future.

Changing the W2K3 interface for best performance

This guide gives a very straight forward step-by-step approach for W2K3 servers running with Classic Start Menu interface. Because I consider that "My Computer" icon incredible useful in a lot of single machine managing scenarios. To enable it, just right-click the Taskbar, click Properties, click Start Menu tab, select Classic Start menu radio button and click OK.

Set up the IIS Compress Service

  • Starting from a clean Desktop (WIN+D), right-click My Computer, click Manage
  • Expand Services and Applications, expand Internet Information Services (IIS) Manager, right-click Web Sites, click Properties
  • Click Service tab, select both Compress application files and Compress static files, select Limited to (in megabytes), set it's input text to 1024 and click OK.

Set up the metabase.xml

  • Open an console (WIN+R, type cmd and click OK)
  • Execute in the console the commands below:
iisreset /stop
notepad c:\windows\system32\inetsrv\metabase.xml
  • Search for "IIsCompression"
  • Set both deflate and gzip sections with the following properties:
HcDoDynamicCompression="TRUE"
HcDoOnDemandCompression="TRUE"
HcDoStaticCompression="TRUE"
HcDynamicCompressionLevel="9"
HcFileExtensions="htm
html
xml
xslt
js
json
css
txt"

HcScriptFileExtensions="asp
aspx
dll
exe"
  • Execute in the console the commands below:
iisreset /start

That's it, your server should be compressing the files now! Enjoy the performance!

Read More. No comments made.

May 29nd

Projects are now on GitHub

Filed Under: Application, AXE, Framework, GEdit, Miscellaneous, Optimization, Plugins

github/nagaozen screenshot

Better late than never! From now on, all my recent open-source contributions will be available at my github.com account. The current projects are:

  • ASP Xtreme Evolution (my ASP framework)
  • Exuberant-ctags (updates to make it's ASP parsing better)
  • Gedit-* (a lot of good things for gedit)
  • GTKSourceView-2.0 (updates to add/enhance language.specs)
  • jquery-vs-mootools (this one is an interesting article I translated)

Although this blog isn't being informative and updated as I think it should be, I'm currently very active and developing a lot of things but not writing much about it. Watching my git account will help you to keep the track of the latest updates in my software development. Enjoy!

Read More. 1 comment.

May 11th

Tidy and GeSHi WebServices for the mankind

Filed Under: Application, ASP, Javascript, Optimization, PHP, Services

"Tidy and GeSHi webservices"

Introduction

Sometime ago I spent a good amount of time playing with Wez Furlong PHPScript to merge PHP functionalities directly into ASP pages. Although it really can be done, I couldn't feel comfortable enough with the stability of the final application. In fact, the merge between PHP and other ASP languages (VBScript, Javascript, Ruby, Perl and Python) in the same script caused the application to work only in odd requests and not in even ones. Plus it was triggering processing errors in the server. This is incredibly strange and clearly shows that the Active Script port of PHP is flawed. It works fine for .wsc and other command lines things but not plays well with ASP.

Since PHP has a huge community which create really good things, it's interesting to get the benefits of their work in other environments that doesn't run the language. Two notable examples of the good things available in PHP are GeSHi, an incredible code highlighting extension that currently work with over than 130 languages, and Tidy, a nice extension to wrap and indent your XML and HTML. As we can't live without them, I've built the webservices for them both.

Read More. No comments made.

Jul 15th

Textmate theme to Notepad++ styler

Filed Under: Application, ASP, Framework, Notepad++, Optimization, Server, Services

Everybody knows that when I’m at Windows my favorite editor is Notepad++. It’s an opensource source code ( opensource source code – I liked it! ) editor which supports serveral programming languages and has a bunch of interesting features like:

  • Auto-completion
  • Snippets
  • Multi-Document
  • Multi-View
  • Regular Expression Search/Replace
  • Plugins interface

Although it also support customized Syntax Highlighting there aren’t too many options available… But this ends today…

Read More. 10 comments.

Jun 10th

ASP Xtreme Evolution has been updated!

Filed Under: Application, ASP, AXE, Framework, Optimization, Server, VBScript

After some months working, finding and fixing bugs in the earlier version of ASP Xtreme Evolution, I’m proud to release the version 1.0.1.0. This is a very stable version. It comes with snippets to increase the productiveness and has some minor changes to help you to organize the code. I suggest those using the v.1.0.0.0 to upgrade as soon as possible. If you can’t upgrade, check the CHANGES in the Read More to fix your old version against the critical issues.

Read More. 8 comments.

May 14th

A subversion system for ASP Xtreme Evolution

Filed Under: AXE, Framework, Optimization, Server

I’ve created a SVN for ASP Xtreme Evolution at DevjaVu so, everyone interested in this project can now use a subversion client like Tortoise to checkout the lastest version of the project. Users can also post new tickets and give suggestions through the trac. I hope that this initiative make a more Open Source face to ASP Xtreme Evolution Framework and make it ready for other developers to join the work.

Read More. 2 comments.

May 9th

Goodbye old school javascript

Filed Under: Client, Framework, Javascript, Mootools, Optimization

There are times in the life when you realise that the world has really changed and the things that was once so important to you doesn’t matter anymore. This is the case of my old dithered-extended quirksmode javascript library. It cost me years to enhance and extend but nothing more makes sense in a better standardized world.

Read More. 2 comments.

Feb 18th

Improving String Performance in ASP Applications

Filed Under: ASP, Optimization, Server, VBScript

After reading http://msdn2.microsoft.com/en-us/library/ms972323.aspx and Why String Operations are so Slow, possessed by a deep feeling of duty, I’ve wrote a class that would help developers to handle their string concatenation processes in a smart way.

Read More. 3 comments.

Jan 31st

Clear Sale Web Service ASP 3.0 Integration

Filed Under: ASP, Optimization, Server, VBScript

Our business partner Clear Sale is a company specialized in behavior scoring. They withhold the major brazilian e-commerce shops as their customers. With their system, you can share a risk database with players like Submarino, Americanas and others. This database only goal is to be a source for an assertive score about the risk of a received order from your shop be or not a fraud.

The class.clearsale.asp is a Classic ASP class which provides a complete integration with their current web service. It’s licensed under the MIT License and anyone interested in using it is welcome.

Read More. No comments made.

Jan 26nd

Meet ASP Xtreme Evolution

Filed Under: Application, ASP, AXE, Framework, IIS, Optimization, Standards, Server

ASP Xtreme Evolution

ASP Xtreme Evolution

This is a Classic ASP MVC URL-Friendly Framework based in some of the current best pratices like:

It also provides support for missing features that is commonly required:

  • Image manipulation
  • JSON support
  • Upload management
  • Zip management

Read More. 1 comment.

Jan 20nd

Standards section is up!

Filed Under: Design, Optimization, Standards

Very often you need a consistent and coherent pattern to take the best of a technology can provide with the maximum productivity, yet you must respect the history involved around this technology to make it compliant with the legacy environment turning your application accessible and easy of adaptation.

This is when things like color palettes, code snippets and good pratices like name conventions becomes handy. I’ll be adding some useful, at least for me, things here to share to anyone interested. Currently you can find there just two color palettes and some snippets. But i’ll be adding more things as soon as I can.

Click here to visit the section.

Read More. No comments made.