"Ways to Success"

 

 

PLAN while others are playing

 

STUDY while others are sleeping

 

 

DECIDE while others are delaying

 

 

PREPARE while others are daydreaming

 

 

BEGIN while others are procrastinating

 

 

WORK while others are wishing

 

 

SAVE while others are wasting

 

 

LISTEN while others are talking

 

 

SMILE while others are frowning

 

 

COMMEND while others are criticizing

PERSIST while others are quitting

 

Configuration File Tampering

If Configuration files are not protected then you should use the file system access control list (ACL) to protect them.

System Registry Tampering

If registry entries are not protected then you should use the registry ACL to protect them.

Repudiation / Logging

Security exceptions should be logged for auditing purposes; therefore, you should define and implement logging and auditing strategies in the code. Push security exceptions–related information to the event log.

Assembly Tampering

To prevent assembly tampering, consider implementing Authenticode signatures for these assemblies.

Authentication and Authorization

You should consider various Internet, intranet, and extranet-based deployment for Web servers and database servers, and then implement appropriate authentication mechanisms.

Message Protection

You should implement transport-level security (secure socket layer [SSL]) to further strengthen the communication channel. You can also implement IPsec to secure communication channel between services and the database. To implement message-level security, use either WSE 3.0 or WCF to sign and encrypt messages. Choose appropriate certificates and encryption algorithms to enforce security without compromising business operations and performance.

HTTP Replay Attacks

You can prevent these attacks by providing a secure end-to-end communication channel between server and client (for example, SSL). You should also uniquely authenticate each request (for example, use a timestamp and digital signature), by implementing message-level security. Implement IP lockout policies if required.

Denial of Service

You can prevent denial of service attacks by implementing strong authentication, authorization, and request validation mechanisms. Also, you should uniquely authenticate each request (for example, use a timestamp and digital signature) by implementing message-level security.

Repudiation

You can prevent repudiation attacks by implementing strong authentication, authorization, and request validation mechanisms. Also, you should implement the history and auditing feature for any database operations. You should not permanently delete the records from the database.

Dictionary Attack or Password Brute Force Attack

You should try to prevent dictionary attacks or password brute force attacks. Implement strong password policies to prevent password hijacking. Implement a maximum retries policy, and disable the account if the number of attempts exceeds the maximum number. Also, implement an IP lockout policy, if required. Implement auditing and logging for service contracts / Web server / service host access.

Spoofing

You can prevent spoofing attacks by implementing strong authentication, authorization, and request validation mechanisms.

Database Security Access Controls

Use an account that has restricted permissions in the database. Ideally, you should grant execute permissions only to selected stored procedures. Consider using database role and application role database security concepts to access a different set of database objects. For example, consider using different sets of database roles and application roles for read-only operations and read-write operations.

Configuration Files Clear Text Secrets

To protect your connection strings, secret app settings, consider using DPAPI to encrypt them and store clear text secrets in a restricted registry. Use file ACLs to control access to configuration files.

Database Clear Text Secrets

The database contains secrets in clear text. For a production application, you should consider encrypting sensitive data.

Web Service Documentation Protocol

The Web.config file allows a malicious user to see the Web service documentation (wsdl file) by using documentation protocol. Using this information, the malicious user can get information about all data contracts and service contract details. The malicious user can then use the details to launch brute force attacks or false request attacks. You should configure the Web.config file to disable the documentation protocol.

Debug Attribute

The host program configuration file allows debugging. The Web.config file describes the debug = true attribute, which can allow the malicious user to debug the service implementation. This opens extra surface area, which allows a malicious user to explore injection threats. To prevent this type of attack, configure debug = false in the Web.config file.

CustomErrors Mode Attribute

The host program configuration file allows debugging. The Web.config file describes the CustomErrors Mode = off attribute, which can allow the malicious user to see the complete debug information in case of errors or exceptions. A malicious user can get the call stack information, which can launch injection or code malfunction attacks. To prevent this type of attack, configure CustomErrors Mode = on and make sure that the defaultUrl is appropriately configured in the Web.config file.

 

PersistSecurityInfo Attribute

The database connection string in the Web.config file does not contain a definition for the PersistSecurityInfo attribute. This attribute should be set to false. When set to false, sensitive information, such as the password, is not returned as part of the connection if the connection is open or has ever been in an open state. Resetting the connection string resets all connection string values, including the password. Set the PersistSecurityInfo attribute to false in the connection string.

SqlClientPermission Attribute

The database access assembly does not define the code access security attribute SqlClientPermission.

The CustomerRepository assembly should request minimum security permissions for SqlClientPermission.

Unrestricted Base Classes

When developing classes that will be deployed to a production environment, you should consider using sealed attributes for classes and methods.

 

For detail please visit following link :

http://msdn.microsoft.com/en-us/library/ms998310.aspx

Forms Authentication is one of three authentication providers. Windows Authentication and Passport Authentication make up the other two providers. In this article, we will focus on Forms Authentication

ASP.NET authentication provider	Description
Forms authentication	A system by which unauthenticated requests are redirected to an HTML form using HTTP client-side redirection. The user provides credentials and submits the form. If the application authenticates the request, the system issues a cookie that contains the credentials or a key for reacquiring the identity. Subsequent requests are issued with the cookie in the request headers; they are authenticated and authorized by an ASP.NET event handler using whatever validation method the application developer specifies.
Passport authentication	Centralized authentication service provided by Microsoft that offers a single logon and core profile services for member sites.
Windows authentication	ASP.NET uses Windows authentication in conjunction with Microsoft Internet Information Services (IIS) authentication. Authentication is performed by IIS in one of three ways: basic, digest, or Integrated Windows Authentication. When IIS authentication is complete, ASP.NET uses the authenticated identity to authorize access.

 

Forms Authentication Flow

1.    A client generates a request for a protected resource (e.g. a secured page from your site).

2.    IIS (Internet Information Server) receives the request. If the requesting client is authenticated by IIS, the user/client is passed on to the ASP.NET application. Note that if Anonymous Access is enabled, the client will be passed onto the ASP.NET application by default. Otherwise, Windows will prompt the user for credentials to access the server's resources. Also note that because the authentication mode in the ASP.NET application is set to Forms, IIS authentication cannot be used.

3.    If the client doesn't contain a valid authentication ticket/cookie, ASP.NET will redirect the user to the URL specified in the loginURL attribute of the Authentication tag in your web.config file. This URL should contain the login page for your application. At this URL, the user is prompted to enter their credentials to gain access to the secure resource.

4.    The client must provide credentials, which are then authenticated/processed by your ASP.NET application. Your ASP.NET application also determines the authorization level of the request, and, if the client is authorized to access the secure resource, an authentication ticket is finally distributed to the client. If authentication fails, the client is usually returned an Access Denied message.

5.    The client can then be redirected back to the originally-requested resource, which is now accessible, provided that the client has met the authentication and authorization prerequisites discussed above. Once the authorization ticket/cookie is set, all subsequent requests will be authenticated automatically until the client closes the browser or the session terminates. You can have the user's credentials persist over time by setting the authorization ticket/cookie expiration value to the date you desire to have the credentials persist through. After that date, the user will have to log in again.

Setting Up Forms Authentication

Let's take a look at the applicable settings to execute Forms Authentication. In general, setting up Forms Authentication involves just a few simple steps.

1.    Enable anonymous access in IIS. By default, anonymous users should be allowed to access your Web application. In rare cases, however, you may opt to layer an Integrated Windows OS security layer level with Forms authentication. We will discuss how to integrate this layer with anonymous access enabled in the article succeeding this one ("Part 2 (Integration w/ Active Directory)").

2.    Configure your Web application's web.config file to use Forms Authentication. Start by setting the authentication mode attribute to Forms, and denying access to anonymous users. The following example shows how this can be done in the web.config file for your Web application:

3.   

4.  <configuration>

5.    <system.web>

6.      <authentication mode="Forms">

7.        <forms name=".COOKIEDEMO"

8.               loginUrl="login.aspx"

9.               protection="All"

10.             timeout="30"

11.             path="/"/>

12.    </authentication>

13.    <authorization>

14.      <deny users="?" />

15.    </authorization>

16.  </system.web>

17.</configuration>

Upon setting the authentication mode to Forms, you'll notice that we appended another child element. The Forms element has five attributes that implement your forms authentication configuration. The attributes and their descriptions are as follows :

Attribute	Description
name	This is the name of the HTTP cookie from which we will store our authentication ticket and information, respectively.
loginURL	This is the URL from which your unauthenticated client will be redirected. In most scenarios, this would be your login page, where the client is required to provide their credentials for authentication.
protection	This is used to set the method from which to protect your cookie data. The following valid values can be supplied: All: Specifies to use both data validation and encryption to protect the cookie. Triple DES is used for encryption, if it is available and if the key is long enough (48 bytes). The All value is the default (and suggested) value. None: Used for sites that are only using cookies for personalization and have weaker requirements for security. Both encryption and validation can be disabled. This is the most efficient performance wise, but must be used with caution. Encryption: Specifies that the cookie is encrypted using Triple DES or DES, but data validation is not done on the cookie. It's important to note that this type of cookie is subject to chosen plaintext attacks. Validation: Specifies to avoid encrypting the contents of the cookie, but validate that the cookie data has not been altered in transit. To create the cookie, the validation key is concatenated in a buffer with the cookie data and a MAC is computed/appended to the outgoing cookie.
timeout	This is the amount of time (in integer minutes) that the cookie has until it expires. The default value for this attribute is 30 (thus expiring the cookie in 30 minutes). The value specified is a sliding value, meaning that the cookie will expire n minutes from the time the last request was received.
path	This is the path to use for the issued cookie. The default value is set to "/" to avoid issues with mismatched case in paths. This is because browsers are case-sensitive when returning cookies.

In our web.config file, it's also important to note the value we have for the deny child element of the authorization section (as highlighted below). Essentially, we set that value of the users attribute to "?" to deny all anonymous users, thus redirecting unauthenticated clients to the loginURL.

 

<configuration>

  <system.web>

    <authentication mode="Forms">

      <forms name=".COOKIEDEMO"

             loginUrl="login.aspx"

             protection="All"

             timeout="30"

             path="/"/>

    </authentication>

    <authorization>

      <deny users="?" />

    </authorization>

  </system.web>

</configuration>

1.    Create your login page (as referenced in the loginURL attribute discussed above). In this case, we should save our login page as login.aspx. This is the page to where clients without valid authentication cookie will be redirected. The client will complete the HTML form and submit the values to the server. You can use the example below as a prototype.

19. 

20.  <%@ Import Namespace="System.Web.Security " %>

21.<html>

22.  <script language="C#" runat=server>

23.  void Login_Click(Object sender, EventArgs E)

24.  {

25. 

26.    // authenticate user: this sample accepts only one user with

27.    // a name of username@domain.com and a password of 'password'

28.    if ((UserEmail.Value == "username@domain.com") &&

29.        (UserPass.Value == "password"))

30.    {

31.      FormsAuthentication.RedirectFromLoginPage(UserEmail.Value,

32.                                                PersistCookie.Checked);

33.    }

34.    else

35.    {

36.      lblResults.Text = "Invalid Credentials: Please try again";

37.    }

38.  }

39.  </script>

40.  <body>

41.    <form runat="server">

42.      <h3>Login Page</h3>

43.      <hr>

44.      Email:<input id="UserEmail" type="text" runat="server"/>

45.      <asp:RequiredFieldValidator ControlToValidate="UserEmail"

46.                                  Display="Static"

47.                                  ErrorMessage="*"

48.                                  runat="server"/>

49.      <p>Password:<input id="UserPass"

50.                         type="password"

51.                         runat="server"/>

52.      <asp:RequiredFieldValidator ControlToValidate="UserPass"

53.                                  Display="Static"

54.                                  ErrorMessage="*"

55.                                  runat="server"/>

56.      <p>Persistent Cookie:<ASP:CheckBox id="PersistCookie"

57.                                         runat="server" />

58.      <p><asp:button id="cmdLogin"

59.                     text="Login"

60.                     OnClick="Login_Click"

61.                     runat="server"/>

62.      <p><asp:Label id="lblResults"

63.                    ForeColor="red"

64.                    Font-Size="10"

65.                    runat="server" />

66.    </form>

67.  </body>

68.</html>

It's important to note that the above page authenticates the client on the click event of the cmdLogin button. Upon clicking, the logic determines if the username and password provided match those hard-coded in the logic. If so, the client is redirected to the requested resource. If not, the client is not authorized, and thus receives a message depicting this.

You can adjust the logic to fit your needs, as it is very likely that you will not have your usernames and passwords hard-coded into the logic. It is here at the Login_Click function that you can substitute the logic with that of your own. It is common practice to substitute database logic to verify the credentials against a data table with a stored procedure.

You can also provide authorized credentials in the web.config file. Inside the forms section, you would append a user element(s), as follows :

 

  <configuration>

  <system.web>

    <authentication mode="Forms">

      <forms name=".COOKIEDEMO"

             loginUrl="login.aspx"

             protection="All"

             timeout="30"

             path="/">

        <credentials passwordFormat="Clear">

          <user name="user1" password="password1"/>

          <user name="user2" password="password2"/>

          <user name="user3" password="password3"/>

        </credentials>

      </forms>

    </authentication>

    <authorization>

      <deny users="?" />

    </authorization>

  </system.web>

</configuration>

Doing so allows you to authenticate against a list of users in your web.config file, easily. You can append as many users as necessary. To authenticate against that list of users, you would append the applicable logic in the click event of the cmdLogin button discussed above. Here is the code :

 

void Login_Click(Object sender, EventArgs E)

{

  // authenticate user: this sample authenticates

  // against users in your app domain's web.config file

  if (FormsAuthentication.Authenticate(UserEmail.Value,

                                       UserPass.Value))

  {

    FormsAuthentication.RedirectFromLoginPage(UserEmail.Value,

                                              PersistCookie.Checked);

  }

  else

  {

    lblResults.Text = "Invalid Credentials: Please try again";

  }

}

Client Requirements

To enable forms authentication, cookies must be enabled on the client browser. If the client disables cookies, the cookie generated by Forms Authentication is lost and the client will not be able to authenticate.

 

 

 Windows Based Authentication

When you use ASP.NET Windows authentication, ASP.NET attaches a WindowsPrincipal object to the current request. This object is used by URL authorization. The application can also use it programatically to determine whether a requesting identity is in a given role.

        If User.IsInRole("Administrators") Then

               DisplayPrivilegedContent()

        End If                 

The WindowsPrincipal class determines roles by NT group membership. Applications that want to determine their own roles can do so by handling the WindowsAuthentication_OnAuthenticate event in their Global.asax file and attaching their own class that implements System.Security.Principal.IPrincipal to the request, as shown in the following example:

' Create a class that implements IPrincipal

Public Class MyPrincipal : Inherits IPrincipal

  ' Implement application-defined role mappings

End Class

' In a Global.asax file

Public Sub WindowsAuthentication_OnAuthenticate(

        Source As Object, e As WindowsAuthenticationEventArgs)

  ' Attach a new application-defined class that implements IPrincipal to

  ' the request.

  ' Note that since IIS has already performed authentication, the provided

  ' identity is used.

  e.User = New MyPrincipal(e.Identity)

End Sub                

 

 

Passport Authentication

This first installment of a two-part series on Microsoft Passport in ASP.NET applications discusses Passport's basic authentication mechanism and demonstrates the use of related .NET classes. It describes the design and implementation of Passport-enabled Web applications and how such applications communicate with client browsers and Passport servers.

Beginning with a general description of how Microsoft Passport acts as an authentication service, it then describes the sequence of events that occurs when a user (normally a browser client) tries to access a Passport-enabled application. The following section demonstrates the necessary setup steps, and the final section explains how to use ASP.NET classes that wrap the authentication-related functionality that the Passport server provides.

Microsoft Passport as an Authentication Service

E-commerce applications on the Internet use electronic means to identify people trying to reach their enterprise resources. For example, when you create a new Yahoo e-mail account, you enter some personal information along with a user name and a password. The name/password pair becomes your identification when you later check your e-mail messages on the site. This simple authentication mechanism is also applicable to e-commerce applications. The login and password pairs are used to identify site users.

The user-authentication mechanisms that e-commerce applications normally have to implement require the following features:

1. A graphical user interface (GUI) for sign-up and login
2. A database of user information (at least user names and passwords)
3. Authentication logic at the Web server
4. Log-out functionality, such as deleting (or destroying) server-side session objects

Microsoft .NET Passport, in its most basic form, provides all four of these features wrapped inside an easy-to-use programmatic interface. Passport provides a simple architecture, in which a single .NET Passport class named System.Web.Security.PassportIdentity wraps all authentication functionality. A Passport-enabled Web application developer need only instantiate the PassportIdentity class and use its methods to perform the complete authentication process.

This means Passport-enabled e-commerce application developers can rely on Passport to manage all the authentication features required by their e-commerce sites. In effect, Passport is a reusable authentication component, pluggable directly into an ASP.NET-based e-commerce application, which makes it very suitable for rapid application development.

Single Sign-on

Single sign-on (SSO) is another important benefit of Passport. Microsoft hosts its Passport service on its own servers and allows the use of all Passport-enabled accounts (e.g., all Hotmail and MSN.com accounts) to be authenticated on all Passport-enabled Web applications. This means users with Passport-enabled accounts need to remember only one login password pair to access all partner sites. So Passport not only allows rapid e-commerce application development, but it provides ease for users as well.

On the other hand, if you host your SSO on your own server, you can offer it only to your own user base—not all Hotmail and MSN users. You'll normally find this type of SSO in enterprise integration applications, where the application is meant only for users who belong to a particular trusted domain (e.g., employees of a company).

Microsoft currently sells Passport as a hosted service, like an application service provider (ASP). Passport is not available as a software product or a component you can host on your Web servers. The disadvantage of this strategy is if you want to authenticate your own user base on a Passport-enabled site, you have to implement your own authentication mechanism in addition to Passport.

This disadvantage makes Passport a generally unsuitable authentication solution for enterprise application integration (EAI) projects. In most EAI projects, customers don't want their users authenticated on a third-party server, because third-party authentication unnecessarily exposes their business information. For such applications, SSO solutions from other vendors like Oracle or IBM are better, as they are available as software components that customers can host on their Web servers.

However, B2C e-commerce applications can take advantage of the Hotmail and MSN user base with Passport.

 

 

 

 

 

 

Today I tried to find out which table is taking much space in DB or to find the numbers of columns and rows in all tables of DB

Following query will return the required result

=========

USE DatabaseName
GO
CREATE TABLE #temp (
                table_name sysname ,
                row_count INT,
                reserved_size VARCHAR(50),
                data_size VARCHAR(50),
                index_size VARCHAR(50),
                unused_size VARCHAR(50))
    SET NOCOUNT ON
INSERT     #temp
    EXEC       sp_msforeachtable 'sp_spaceused "?"'
SELECT     a.table_name,
            a.row_count,
            COUNT(*) AS col_count,
            a.data_size
    FROM       #temp a
            INNER JOIN information_schema.columns b
            ON a.table_name collate database_default
    = b.table_name collate database_default
    GROUP BY   a.table_name, a.row_count, a.data_size
    ORDER BY   CAST(REPLACE(a.data_size, 'KB', '') AS integer) DESC
DROP TABLE #temp

 

 

 

Wednesday, 18 June 2008.
 
ISLAMABAD, Pakistan—A Pakistani student, Mr. Samad Khurram, today has done what the Pakistani government is afraid to do so far. 

 

Snub the U.S. ambassador in the Pakistani capital for the cowardly U.S. attack against our military on the border with Afghanistan.

Samad, a student of law at Harvard University, was in Islamabad to receive a shield of achievement from Anne Patterson, the U.S. ambassador.

But instead of sucking up to the U.S. ambassador, like many Pakistani officials choose to do, Samad had on his mind the blood of over 30 Pakistanis, half of them soldiers, who were killed on the soil of their homeland on June 10 when the Americans sided with Karzai thugs, also known as the ‘Afghan national army’, and used massive air power to target a peaceful Pakistani border post.

Ms. Patterson was attending a special ceremony organized at the National Arts Gallery by a privately owned Pakistani school. The school had invited 188 of its former students who received scholarships to study at various American colleges and universities. Parents of the students were present, along with Mrs. Zahida Kiayni, the wife of the Chief of Army Staff Gen. Ashfaq Parvez Kiyani.

Ms. Patterson and other U.S. embassy officials were shocked and embarrassed when Samad walked to the stage to receive his award but then announced he was refusing the honor to protest the unprovoked American violation of Pakistani airspace and the murder of innocent Pakistanis.

A shaken Ms. Patterson smiled sheepishly and tried to make the best out of an embarrassing moment.

According to the Associated Press of Pakistan, the official news agency, this is how the U.S. ambassador responded:

“The American ambassador, responding to the protest of the student, said America has deep regrets on the incident. She said America is proud to have him (Samad Khurram) in USA for study, adding, “The only way to remove the misunderstanding is to exchange ideas and views.”

Ms. Patterson had a point there. We need to put our position out to the Americans in a clear way. Samad did just that. He did not boycott the ceremony. He attended it and made sure he rebuked the U.S. ambassador in the full glare of the media.

The unfortunate part is that no one present in the huge hall of NCA joined this nationalist young Pakistani in his gesture. At the very least, Pakistanis present in the hall should have given him a standing ovation.

The other unfortunate part is that none of the 80 or so Pakistani news channels highlighted the incident. Why did we allow private Pakistani channels in the first place? Wasn’t it to project Pakistani position to the world? If this was the Indian media, if this was the Chinese media, if this was the Iranian media, if this was the Arab media, if this was the Turkish media, this incident would have been repeated at the top of every news bulletin for the day. But this is the Pakistani media, filled with self-hating Pakistani ‘liberals’ who think taking pride in their homeland is a shameful act.

I hope some of the defeatist ‘liberal’ Pakistanis working for television news channels might be reading this. If you know someone there, please admonish them. I know plenty myself. But I work for one. I don’t own it.

It is sad that ordinary Pakistanis will always be more nationalist and patriotic than their so-called ‘liberal’ intellectuals and their non-intellectual politicians.

But Samad Khurram, no matter what, we are proud of you. If this defeatist Pakistani media is not celebrating you, we are.

I know there are a lot of people who love using the run prompt or the command prompt rather than using the mmc control ... So here are some quick tips that you can use ... Enjoy ...

Accessibility Controls  :  access.cpl  
 
Add Hardware Wizard : hdwwiz.cpl
 
Add/Remove Programs : appwiz.cpl
 
Administrative Tools : control admintools
 
Automatic Updates :  wuaucpl.cpl
 
Bluetooth Transfer Wizard : fsquirt
 
Calculator : calc
 
Certificate Manager : certmgr.msc
 
Character Map : charmap
 
Check Disk Utility : chkdsk
 
Clipboard Viewer : clipbrd
 
Command Prompt : cmd
 
Component Services : dcomcnfg
 
Computer Management : compmgmt.msc
 
Date and Time Properties : timedate.cpl
 
DDE Shares : ddeshare
 
Device Manager : devmgmt.msc
 
Direct X Control Panel (If Installed)* : directx.cpl
 
Direct X Troubleshooter : dxdiag
 
Disk Cleanup Utility : cleanmgr
 
Disk Defragment : dfrg.msc
 
Disk Management : diskmgmt.msc
 
Disk Partition Manager : diskpart
 
Display Properties : control desktop
 
Display Properties : desk.cpl
 
Display Properties (w/Appearance Tab Preselected) : control color
 
Dr. Watson System Troubleshooting Utility : drwtsn32
 
Driver Verifier Utility : verifier
 
Event Viewer : eventvwr.msc
 
File Signature Verification Tool : sigverif
 
Findfast : findfast.cpl
 
Folders Properties : control folders
 
Fonts : control fonts
 
Fonts Folder : fonts
 
Free Cell Card Game : freecell
 
Game Controllers : joy.cpl
 
Group Policy Editor (XP Prof) : gpedit.msc
 
Hearts Card Game : mshearts
 
Iexpress Wizard : iexpress
 
Indexing Service : ciadv.msc
 
Internet Properties : inetcpl.cpl
 
IP Configuration (Display Connection Configuration) : ipconfig /all
 
IP Configuration (Display DNS Cache Contents) : ipconfig /displaydns
 
IP Configuration (Delete DNS Cache Contents) : ipconfig /flushdns
 
IP Configuration (Release All Connections) : ipconfig /release
 
IP Configuration (Renew All Connections) : ipconfig /renew
 
IP Configuration (Refreshes DHCP & Re-Registers DNS) : ipconfig /registerdns
 
IP Configuration (Display DHCP Class ID) : ipconfig /showclassid
 
IP Configuration (Modifies DHCP Class ID) : ipconfig /setclassid
 
Java Control Panel (If Installed) : jpicpl32.cpl
 
Java Control Panel (If Installed) : javaws
 
Keyboard Properties : control keyboard
 
Local Security Settings : secpol.msc
 
Local Users and Groups : lusrmgr.msc
 
Logs You Out Of Windows : logoff
 
Microsoft Chat : winchat
 
Minesweeper Game : winmine
 
Mouse Properties : control mouse
 
Mouse Properties : main.cpl
 
Network Connections : control netconnections
 
Network Connections : ncpa.cpl
 
Network Setup Wizard : netsetup.cpl
 
Notepad : notepad
 
Nview Desktop Manager (If Installed) : nvtuicpl.cpl
 
Object Packager : packager
 
ODBC Data Source Administrator : odbccp32.cpl
 
On Screen Keyboard : osk
 
Opens AC3 Filter (If Installed) : ac3filter.cpl
 
Password Properties : password.cpl
 
Performance Monitor : perfmon.msc
 
Performance Monitor : perfmon
 
Phone and Modem Options : telephon.cpl
 
Power Configuration : powercfg.cpl
 
Printers and Faxes : control printers
 
Printers Folder : printers
 
Private Character Editor : eudcedit
 
Quicktime (If Installed) : QuickTime.cpl
 
Regional Settings : intl.cpl
 
Registry Editor : regedit
 
Registry Editor : regedit32
 
Remote Desktop : mstsc
 
Removable Storage : ntmsmgr.msc
 
Removable Storage Operator Requests : ntmsoprq.msc
 
Resultant Set of Policy (XP Prof) : rsop.msc
 
Scanners and Cameras : sticpl.cpl
 
Scheduled Tasks : control schedtasks
 
Security Center : wscui.cpl
 
Services : services.msc
 
Shared Folders : fsmgmt.msc
 
Shuts Down Windows : shutdown
 
Sounds and Audio : mmsys.cpl
 
Spider Solitare Card Game : spider
 
SQL Client Configuration : cliconfg
 
System Configuration Editor : sysedit
 
System Configuration Utility : msconfig
 
System File Checker Utility (Scan Immediately) : sfc /scannow
 
System File Checker Utility (Scan Once At Next Boot) : sfc /scanonce
 
System File Checker Utility (Scan On Every Boot) : sfc /scanboot
 
System File Checker Utility (Return to Default Setting) : sfc /revert
 
System File Checker Utility (Purge File Cache) : sfc /purgecache
 
System File Checker Utility (Set Cache Size to size x) : sfc /cachesize=x
 
System Properties : sysdm.cpl
 
Task Manager : taskmgr
 
Telnet Client : telnet
 
User Account Management : nusrmgr.cpl
 
Utility Manager : utilman
 
Windows Firewall : firewall.cpl
 
Windows Magnifier : magnify
 
Windows Management Infrastructure : wmimgmt.msc
 
Windows System Security Tool : syskey
 
Windows Update Launches : wupdmgr
 
Windows XP Tour Wizard : tourstart
 
Wordpad : write

Consumer fuel cells

In search of forever

Jun 12th 2008
From The Economist print edition

 

As a source of power for cars, fuel cells have been a disappointment. For laptops and mobile phones, they are just about to take off

 Illustration by Stephen Jeffrey

METHANOL is nasty stuff. Careless distillation in many a backwoods still has caused it to blind the imbibers of “alternative” alcoholic drinks. Yet it has its uses, and one of them may be to restore fuel cells to their oft-vaunted role as the power packs of the future—but with a twist. The main role that has been discussed for fuel cells over the past few decades is as replacements for the internal-combustion engine. Their actual use may turn out to be to provide power for portable electronic devices.

A fuel cell is a device that combines hydrogen with oxygen to generate electricity. The traditional approach has been to use the gas itself in the cell—and that is the approach taken by the world's carmakers in their so-far not very successful attempts to make a commercial fuel-cell-driven car. Since gaseous hydrogen is hard to store and handle, an alternative that some people have considered is to lock the hydrogen up in methanol, a liquid whose molecules are made of a carbon atom, an oxygen atom and four hydrogen atoms. Methanol will react with water in the form of steam to make hydrogen and carbon dioxide—a process known as steam reformation. Put a steam reformer in a car along with the fuel cell and you can fill the tank with methanol instead of hydrogen.

That idea has not gone very far, either. But it has provoked another thought. What if it were possible to decompose the methanol without steam, and within the fuel cell itself? And that has, indeed, turned out to be possible. The resulting cells are nowhere near powerful enough to run cars, but they are plenty powerful enough to stand in for small batteries. What is more, they last far longer than batteries and when they do need recharging, it is the work of a moment.

Proton power

In a direct-methanol fuel cell (DMFC) the methanol is oxidised at the anode in the presence of liquid water. The reaction, which requires a catalyst, turns the methanol and water into protons and electrons (in other words, dissociated hydrogen atoms) and carbon dioxide. While the electrons pass along an external circuit as an electric current, the protons diffuse through a membrane to the cathode, where they recombine with the incoming electrons to form hydrogen atoms that react instantly with oxygen to make water. With pleasing symmetry the water is then channelled back to mix with the incoming methanol. Even though DMFCs produce carbon dioxide, the amount is small enough for the cells to count as a much greener technology than batteries. Some companies also think the new cells could be safer than batteries, which can burst into flame if short-circuited.

The efficiency of a DMFC is determined by its membrane. One of the most commonly used sorts is made of Nafion, a polymer developed by DuPont from a variation of Teflon. Nafion, however, can be expensive and it allows some methanol to seep through, which wastes fuel. Researchers are therefore trying to come up with more efficient membranes—and one group, led by Paula Hammond of the Massachusetts Institute of Technology (MIT), appears to have done so.

Dr Hammond and her colleagues used a newish thin-film fabrication technique known as “layer-by-layer”. This repeatedly dips a material into a solution, to build it up one layer at a time, while the properties of the liquid are gradually changed. That enables the structure of the resulting film to be fine tuned. When Dr Hammond coated a Nafion membrane in this way it became less permeable to methanol but kept its ability to transport protons. The effect, which the group reported in a recent issue of Advanced Materials, was to boost the cell's electrical output by more than 50%. The next stage, which the team has now embarked on, is to build complete membranes rather than mere coatings. The researchers think these may be able to work as proton-exchange membranes in their own right.

Squeeze me, please me

Toshiba, a large Japanese electronics firm, reckons that DMFCs can be used to produce mobile devices that have no need for batteries at all. In its latest investment plan, it says it will begin making such cells within a year for mobile phones and laptops. Sharp, one of its rivals, recently said that it had developed new microfabrication techniques to build DMFCs with the highest power densities yet achieved. Sharp reckons this will enable it to produce cells that are the same size as the lithium-ion batteries used in mobile devices, but which can run those devices for much longer. Some in the industry talk of mobile phones capable of operating continuously for several weeks before their fuel cells need topping up.

The most likely way that topping up will be done is with a cartridge of methanol that is inserted into the device and replaced when it is running low. As portable devices become more sophisticated, with added functions and large colour screens, they are draining batteries faster. MTI Micro, an American company, has put its version of a DMFC into satellite-navigation devices, which are often used for long periods. The company says it can run even a power-hungry model for up to 60 hours before the gadget needs refuelling.

Longer life is a big appeal; some people would like to run their laptops continuously on a 12-hour flight. Hence, new rules are being drawn up for aircraft. America's Department of Transportation is planning a rule change from October 1st to allow passengers and crew to bring fuel-cell-powered electronic devices and one or two fuel cartridges on board in their carry-on baggage. To qualify, the devices will have to meet certain safety standards. It is proposed that each passenger would be limited to about 200ml of fuel.

Successful work like that at MIT will help to make DMFCs cheaper and more efficient, which will, in turn, make them even more attractive as power sources for portable devices. Already, some companies are predicting that sales of refuelling cartridges could run into the billions within a few years of them coming into the market. Forget, then, the familiar cry: “Has anyone got a charger I can borrow?” It will be replaced by: “Can you spare me a squirt of methanol?”—and that won't mean in your hooch.

Source

www.economist.com/science/displaystory.cfm?story_id=11529364

 

 

 

http://www.microsoft.com/learning/mcp/certified.mspx