Developping for the translation industry RSS 2.0

 Wednesday, September 15, 2010

Seen on Visual Studio Magazine

Two security researchers, Thai Duong and Juliano Rizzo, have discovered a bug in the default encryption mechanism used to protect the cookies normally used to implement Forms Authentication in ASP.NET. Using their tool (the Padding Oracle Exploit Tool or POET), they can repeatedly modify an ASP.NET Forms Authentication cookie encrypted using AES and, by examining the errors returned, determine the Machine Key used to encrypt the cookie. The process is claimed to be 100 percent reliable and takes between 30 and 50 minutes for any site.

Once the Machine Key is determined, attackers can create bogus forms authentication cookies. If site designers have chosen the option to embed role information in the security cookie, then attackers could arbitrarily assign themselves to administrator roles. This exposure also affects other membership provider features, spoofing protection on the ViewState, and encrypted information that might be stored in cookies or otherwise be made available at the client.

While the exposure is both wide and immediate, the fix is simple. The hack exploits a bug in .NET's implementation of AES encryption. The solution is to switch to one of the other encryption mechanisms -- to 3DES, for instance. Since encryption for the membership and roles providers is handled by ASP.NET, no modification of existing code should be required for Forms Authentication.

The encryption method can be set in the web.config file for a site, in IIS 7 for a Web server, or in the config file for .NET on a server in %SYSTEMROOT%\Microsoft.NET\Framework\version\CONFIG\. On 64-bit systems, it must also be set in %SYSTEMROOT%\Microsoft.NET\Framework64\version\CONFIG\. A typical entry would look like this:

    <machineKey validationKey="AutoGenerate,IsolateApps"         
                           decryption="3DES" />  

On a Web farm, this setting will have to be made on all the servers in the farm.

These settings are also used to prevent spoofing (ViewState data is encoded but not encrypted), so making this change will also switch the ViewState to using 3DES. Developers who are using AES in their code to encrypt information made available at the client should consider modifying their code to use a different encryption mechanism.


Other Posts:

Google instant makes searching for God harder

Tabnabbing: A New Kind Of Phishing Attack

Big news in security: 1024-bit RSA encryption cracked!

Tips to enhance your SQL Server security

What is LDAP injection?

Wednesday, September 15, 2010 8:35:36 AM (Eastern Standard Time, UTC-05:00)  #    Comments [0] -
.NET | News | Security
 Monday, September 13, 2010

As seen on techcrunch:


If you think about all the things people search for on Google, “God” has to be pretty high up there, right? I mean, since the dawn of man, people have been searching for the meaning of life and its creator, so what better way to do that than with a search engine? But divinity apparently has nothing on cheap domain names.

When you try to do a search for “God” with the new Google Instant feature, it predicts that you’re going to type in “Godaddy” instead. If you hit a space after the “d”, it thinks you’re looking for “God of War”, the popular videogame. So the only way to actually search for “God” with this new Google Instant feature is to hit the search button.

To make Google Instant work, the search giant looks across all queries to find the most popular ones and then predicts what it thinks you’re going to type and auto-populates the results based on that. Clearly, both “Godaddy” and “God of War” are more popular queries on Google — something that is either humorous or sad depending on your level of religiousness.

Also kind of humorous is that “Godaddy” isn’t really the name of the company, it’s “Go Daddy” with a space (though the domain is of course Also interesting is that a Go Daddy is a heavy Google AdWords user, and so the first result for the “God” query is a sponsored link for Go Daddy.


Other posts:

Some funny cross cultural marketing and translation mistakes

Make Your Site Faster with Google Page Speed

Big news in security: 1024-bit RSA encryption cracked

Google Translator Hacked

Georges Perec's palindrome

Monday, September 13, 2010 10:18:44 AM (Eastern Standard Time, UTC-05:00)  #    Comments [0] -
 Friday, July 30, 2010

Although cruel, cross cultural marketing mistakes are a humorous means of understanding the impact poor cultural awareness or translations can have on a product or company when selling abroad.


1. Locum is a Swedish company. As most companies do at Christmas they sent out Christmas cards to customers. In 1991 they decided to give their logo a little holiday spirit by replacing the "o" in Locum with a heart. You can see the result...


2. The Japanese company Matsushita Electric was promoting a new Japanese PC for internet users. Panasonic created the new web browser and had received license to use the cartoon character Woody Woodpecker as an interactive internet guide.

The day before the huge marketing campaign, Panasonic realised its error and pulled the plug. Why? The ads for the new product featured the following slogan: "Touch Woody - The Internet Pecker." The company only realised its cross cultural blunder when an embarrassed American explain what "touch Woody's pecker" could be interpreted as!

3. The Swedish furniture giant IKEA somehow agreed upon the name "FARTFULL" for one of its new desks. Enough said..

4. In the late 1970s, Wang, the American computer company could not understand why its British branches were refusing to use its latest motto "Wang Cares". Of course, to British ears this sounds too close to "Wankers" which would not really give a very positive image to any company.

5. There are several examples of companies getting tangled up with bad translations of products due to the word "mist". We had "Irish Mist" (an alcoholic drink), "Mist Stick" (a curling iron from Clairol) and "Silver Mist" (Rolls Royce car) all flopping as "mist" in German means dung/manure. Fancy a glass of Irish dung?

6. "Traficante" and Italian mineral water found a great reception in Spain's underworld. In Spanish it translates as "drug dealer".

7. In 2002, Umbro the UK sports manufacturer had to withdraw its new trainers (sneakers) called the Zyklon. The firm received complaints from many organisations and individuals as it was the name of the gas used by the Nazi regime to murder millions of Jews in concentration camps.

8. Sharwoods, a UK food manufacturer, spent £6 million on a campaign to launch its new 'Bundh' sauces. It received calls from numerous Punjabi speakers telling them that "bundh" sounded just like the Punjabi word for "arse".

9. Honda introduced their new car "Fitta" into Nordic countries in 2001. If they had taken the time to undertake some cross cultural marketing research they may have discovered that "fitta" was an old word used in vulgar language to refer to a woman's genitals in Swedish, Norwegian and Danish. In the end they renamed it "Honda Jazz".

10. A nice cross cultural example of the fact that all pictures or symbols are not interpreted the same across the world: staff at the African port of Stevadores saw the "internationally recognised" symbol for "fragile" (i.e. broken wine glass) and presumed it was a box of broken glass. Rather than waste space they threw all the boxes into the sea!


Other Posts:

What if stop signs were invented by a major corporation

Huge List of Dumb and Crazy Laws in the United States

SQL Injection humor

How to know if your software project is doomed

Chuck Norris Programming facts

Friday, July 30, 2010 12:43:17 PM (Eastern Standard Time, UTC-05:00)  #    Comments [0] -

Genetic algorithms are a form of evolutionary computation, a branch of artificial intelligence that focuses on evolving effective or optimal solutions to difficult problems, based on the biological theory of evolution.

Genetic algorithms are, at their core, a search/optimisation technique. They are a way of finding maximum/minimum solutions to problems and, can be effective when there is no algorithmic solution to the problem. An example here would be the ‘Traveling Salesman’ problem.

Genetic algorithms work by taking an initial population of potential solutions (referred to as individuals), selecting a subset of the population that has the highest fitness then using that subset to generate a second generation. From the second generation again a subset with the highest fitness is selected and used to generate a third generation. This repeats until either the ‘fittest’ individual is considered a good enough solution, or until a certain number of generations have passed.

There are advantage to using genetic algorithms to solve problems over more traditional methods like hill climbing.

  • Genetic algorithms can quickly produce good solutions though they may take a lot of time to find the best solution. This is a benefit when the problem is such that the absolute best solution is not necessary, just one that is ‘good enough’
  • They are not susceptible to getting trapped by local maxima.
  • They do not work on the entire search space one potential solution at a time, but rather work on populations of potential solutions, focusing towards more optimal areas of the search space.

A genetic algorithm will almost always find an optimal solution, given enough time. The main downside is that they may take a lot of time to find that optimal solution.

Components of a Genetic Algorithm

There are two main critical parts in setting up a genetic algorithm for a problem.

  • The encoding of the potential solutions into a form where they can be operated on.
  • The fitness function which defines which individuals are better than others, which are closer to the maximum that is being searched for.

Most of the design work when using genetic algorithms goes into those two problems.


Encoding is the process of taking all the values that make up a potential solution and turning them into a form that the genetic algorithm can operate on.

The selection of an encoding is of utmost importance to the effectiveness of the entire process and a poor representation can make the entire problem much harder than it should. Unfortunately there has been little academic work done on the process of designing representations.

Often for genetic algorithms, the end result of the encoding will be a binary string. There are other variations of evolutionary computation that use other representations, from the arrays of real numbers used by evolutionary strategies to the code trees used by genetic programming.

Fitness function

Depending on the problem, the fitness function can be trivial to write or near-impossible. The design of the fitness function is completely based on the problem that is being solved.

There are two important considerations for a fitness function.

  • It must be deterministic.
  • It must be fast

If the fitness of an individual is assessed twice, it must come to the same value1. If the fitness function could return different values for the same individual, then it is of no use in determining the fittest individuals in the population and hence the genetic algorithm will not be able to identify the best solution to the problem.

The fitness of each individual is assessed at least once in each generation. The calculation of the fitness function is usually the most time consuming part of the entire process and the longer the fitness function takes to run, the longer the entire process is run

(1) There are cases where the fitness of an individual may depend on external factors which change over time. Hence a fitness function may give different values for one individual if calculated at different times. Genetic algorithms in a changing environment are a little beyond the scope of this entry.

Evolution Process

In order to create a new generation, the fittest individuals from the previous generation are taken and used to generate the next generation. There are two main operators that are used to generate a generation from the previous one. Crossover and mutation.


Crossover involved taking two individuals, splitting each one’s encoded string and swapping parts to generate two new individuals.

Say we had two individuals with the following encoded strings (spaces added for clarity)
0000 0001 1111 1110
0101 1010 1100 0011
and we chose the splitting point for the crossover after the 4th bit, the resulting strings after the crossover will be
0000 1010 1100 0011
0101 0001 1111 1110

In genetic algorithms crossover is the primary operator used. What I described here was a single crossover. There are a number of other variations that can be used.


Mutation is an operator applied to a single individual. It’s usually applied after crossover has generated new individuals. Mutation involves flipping a single bit somewhere in the encoded string.

Let’s take the two individuals that were generates by the crossover earlier and apply a random mutation to each
0000 1010 1100 0011
0101 0001 1111 1110
0000 1010 1101 0011
0101 0001 1011 1110

In genetic algorithms mutation is very seldom applied and only a small percentage of individuals in a generation will be affected by the mutation operator.


As a quick example let’s manually evolve a simple function to see how the whole thing works.

Let’s say I have an array of 4 numbers (call it num) between 0 and 15. I want to know what values give me the best value for the following.


I know, that’s simple enough that we could work out the optimal solution just by eye. Not the point. This is enough to do a quick and effective demo with.

I’m going to encode that by simply converting the numbers in the array to binary and concatenating the binary representations of the 4 numbers (spaces just added for clarity). The fitness function is already defined. I’m going to start with an initial population of eight individuals.

1111 1111 1100 1110 – fitness = (15-15-12+14) = 2
0101 1010 1100 0011 – fitness = (9-10-12+3) = –10
1011 0111 0011 1111 – fitness = (11-7-3+15) = 16
1111 1001 1010 0011 – fitness = (15-9-10+3) = -1
1010 1010 1010 1010 – fitness = (10-10-10+10) = 0
1000 0010 0111 0110 – fitness = (8-2-7+6) = 5
0000 0001 1111 1110 – fitness = (0-1-15+14) = -2
1010 0101 0010 0101 – fitness = (10-5-2+5) = 8

From this I’m going to take the 4 individuals with the highest fitness, use crossover operations (with the crossover point exactly in the middle) between them until I have 8 individuals for the 2nd generation and then apply a single bit mutation to one of the individuals (detailed steps left as an exercise for the reader)

1111 1111 0011 1111 – fitness = (15-15-3+15) = 12
1011 0111 1100 1110 – fitness = (11-7-12+14) = 6
1111 1011 0010 0101 – fitness = (15-11-2+5) = 7
1010 0101 1100 1110 – fitness = (10-5-7+6) = 4
1011 0111 0111 0110 – fitness = (11-7-7+6) = 3
1000 0010 0011 1111 – fitness = (8-2-3+15) = 18
1010 0101 0111 0110 – fitness = (10-5-7+6) = 4
1000 0010 0010 0101 – fitness = (8-2-2+5) = 9

We can already see an improvement. The average and maximum fitness is much higher than for the first generation. I’ll do one more generation in this example, again taking the 4 fittest individuals, crossing over to generate 8 new individuals and then applying a single bit mutation to two individuals. This time however, the crossover point will between the 4th and 5th bit.

1000 1111 0011 1111 – fitness = (8-15-3+15) = 5
1111 0010 0011 1111 – fitness = (15-2-3+15) = 25
1000 1011 0010 0101 – fitness = (8-11-2+5) = 0
1111 0010 0011 1111 – fitness = (15-2-3+15) = 25
1111 0010 1010 0101 – fitness = (15-2-10+5) = 8
1000 0111 0011 1111 – fitness = (8-7-3+15) = 13
1111 0010 0010 0101 – fitness = (15-2-2+5) = 16
1000 1011 0010 0101 – fitness = (8-11-2+5) = 0

I think that’s enough for this example. We’re getting fairly close to the best possible solution (15,0,0,15), close enough to see how this works. The population size was very low, that’s why there are duplicates appearing in the results of the crossover. With a larger search space there would be a lot more diversity.

I hope that anyone still reading found this brief diversion into the realms of AI interesting.


Friday, July 30, 2010 10:27:32 AM (Eastern Standard Time, UTC-05:00)  #    Comments [0] -
General | Artificial Intelligence
 Thursday, July 29, 2010

Here is a simple way to get a specific character count (for example, count the number of occurences of the character ‘0’) and the word count of a varchar string using T-SQL.

-- Count the number of specific characters, in this case, ‘0’

Declare @value varchar(100)

Set @value = 'SQL Server 2000, SQL Server 2005, SQL Server 2008'

Select Len(@value) - Len(Replace(@value, '0', ''))


-- Count the number of words


SELECT @String = 'SQL Server 2005 Stan test code'

SELECT LEN(@String) - LEN(REPLACE(@String, ' ', '')) + 1


As you see this is quite straightforward, the script simply substract the length of the string minus the character searched from the full length of the string, giving as a result the character count. The script counting words is simply counting the space characters.


Other posts:

How to remove multiple whitespaces from a string with SQL Server 2005

How to generate random numbers with a SQL query

How to remove leading zeros from the results of an SQL Query

How to Find The List Of Unused Tables Since The Last SQL Server Restart

Which performs better: ISNULL or COALESCE

Thursday, July 29, 2010 8:58:32 AM (Eastern Standard Time, UTC-05:00)  #    Comments [0] -
Code Snippet | SQL
 Thursday, July 08, 2010

The Association de l’industrie de la langue/Language Industry Association (AILIA) is Canada’s industry representative in all matters pertaining to the language industry, including sectors such as translation, interpretation, terminology, training and technology. In 2008, AILIA launched the first ever national standard for translation services, CAN/CGSB‑131.10‑2008, Translation Services.

The CAN/CGSB-131.10-2008 includes all applicable definitions, in addition to sections on Human Resources, Technical Competencies, Quality Management Systems (QMS), Client‑TSP Relationship, Project Management Procedures and the Translation Process.

The benefits of this new certification are:

Assuring clients
The CAN/CGSB‑131.10‑2008, Translation Services Standard will give clients assurance that the TSP meets criteria deemed important in the delivery of translation services. AILIA’s position is that by having access to independently audited suppliers, purchasers of translation services in Canada are better protected.

Creating a level playing field
An important business objective of the CAN/CGSB‑131.10‑2008, Translation Services Standard is to create a level playing field for translation service providers. The certification will give clients the added assurance that the TSP applies certain quality control measures. Certified TSPs will therefore be required to make certain investments, making competition fairer. AILIA’s position is that all TSPs offering services in Canada should be able to provide independent proof of their competency in translation service delivery.      

Supporting contracting
The CAN/CGSB‑131.10‑2008, Translation Services Standard can act as a baseline for contracting procedures. By focusing on auditing translation services processes, the certification becomes a natural tool for contracting authorities to use when purchasing translation services. AILIA’s position is that conformity to an independent certification should be the basis for procurement policy and practices among purchasers of translation services.      

Supporting professional certification
Although leading Canadian TSPs promote professional certification for their employees and subcontractors, the CAN/CGSB‑131.10‑2008, Translation Services Standard takes an extra step by supporting professional certification and listing it as a criterion for CGSB certification. AILIA’s position is that a strong Canadian professional body is an essential pillar for a quality Canadian translation sector.


My company, Versacom, recently obtained the CAN/CGSB-131.10–2008 certification.


Other Posts:

Non-Latin internet addresses

Facts and Figures about the Language Industry

Big news in the translation industry

Domain registration and one full year of Web hosting for Free!

Thursday, July 08, 2010 9:12:54 AM (Eastern Standard Time, UTC-05:00)  #    Comments [0] -
Language Industry
 Tuesday, July 06, 2010

This is an interesting new attack, I just saw a live demo of it here: Tabnabbing: A New Type of Phishing Attack. All you need to do is let the page load, then browse to another tab for more than 5 seconds and you’ll see the favicon change to Gmail and the page will load a Gmail image.

And apparently the use of this attack is on the rise in the wild according to Panda Labs. It’s a pretty interesting phishing attack and although it’s unable to change the URL in the address bar I believe a lot of people rely on visual cues and may not notice the URL doesn’t match the page content.

The use of Tabnapping, the recently-identified phishing technique, is on the rise, says Panda Labs.

Tabnabbing exploits tabbed browser system in modern web browsers such as Firefox and Internet Explorer, making users believe they are viewing a familiar web page such as Gmail, Hotmail or Facebook. Cybercriminals can then steal the logins and passwords when users enter them on the these hoax pages.

According to Panda’s latest Quarterly Report on IT Threats, the technique is likely to be employed by more and more cybercriminals and users should close all tabs they are not actively using.

I think this could be quite effective, especially for the less technical crowd on Facebook and using services like Hotmail and Gmail. It could even extend into targeted localized attacks on online banking systems.

Apparently all browsers are susceptible to this including Chrome, Firefox, Internet Explorer and Opera (on Windows XP anyway). More details in a PC Advisor article here.

Perhaps this is something that can be addressed in Firefox as the person who developed this technique is the Creative Lead for Firefox – Aza Raskin.


Other Posts:

Big news in security: 1024-bit RSA encryption cracked!

Google Translator Hacked

Tips to enhance your SQL Server security

How to: Use Active Directory to authenticate users in C#

Tuesday, July 06, 2010 8:40:27 AM (Eastern Standard Time, UTC-05:00)  #    Comments [0] -
 Tuesday, June 15, 2010

How can you can make your site run faster? Google has launched a firefox extension called Page Speed which webmasters can use to evaluate the performance of their web pages and to get suggestions on how to improve them.

Page Speed is available as an open-source Firefox Add-on. However it requires another addon to work called Firebug, which integrates with Firefox and lets you edit, debug, and monitor CSS, HTML, and JavaScript live in any web page.

Page Speed will perform several tests on your web server configuration and front-end code based on a set of best practices for improved web page performance, and will then provide helpful suggestions on how to improve its performance. It will not only make your site faster, but also reduce your bandwidth and hosting costs.

Here is how a sample site speed test error report looks like

Page Speed Test


While you give your site a try with Google Page Speed, you can also check out Yahoo! Yslow, another Firefox extension that works with Firebug to identify website speed performance issues.

Other Posts:

Tools for Web developers

8 easy tips to drive traffic from search engines to your site

What are your customers saying about you online?

Tuesday, June 15, 2010 10:05:09 AM (Eastern Standard Time, UTC-05:00)  #    Comments [0] -
General | SEO | Tools
 Thursday, May 06, 2010

Microsoft has released the Internet Explorer 9 Platform Preview 2, keeping to its promise of delivering new IE9 functionality every eight weeks.

Microsoft originally introduced the IE9 Platform Preview in mid-March at the MIX 2010 show in Las Vegas, and just seven weeks later the software giant has released version 2 of the IE9 Platform Preview, which features advances in compliance to industry-standard tests, improvements in performance and a lot more. Internet Explorer 9 Platform Preview 2 is available for developer download at the IE Test Drive site:

Moreover, according to a source close to the company, there have been more than 1 million downloads of the IE9 Platform Preview to date.

Among the goals of IE9 is to deliver HTML5 capability into the browser as well as the "same markup" experience to developers -- which basically means developers will be able to write code once and have it run on multiple sites without modification. Essentially this means enabling the same markup – the same HTML, the same CSS and the same script – to work the same across different browsers is as crucial as performance for HTML5’s success.  Developers should expect the same markup to produce the same results across browsers consistently. 

Microsoft has created a rhythm of disclosure around IE9. At the company's Professional Developers Conference in November 2009, Microsoft discussed performance, hardware acceleration and same markup. At MIX  2010 the company discussed performance, hardware acceleration and same markup. And on May 5 Microsoft is back with improvements to its IE9 preview for developers.

Among the improvements is that Microsoft's IE9 preview has passed more of the Acid3 test. Microsoft has taken heat for its Acid3 results, but it is still early in the IE9 development process and the company is showing improvement. Acid3 comes from the Web Standards Project and checks how well a browser adheres to certain selected elements from web standards, especially the Document Object Model (DOM) and JavaScript. With IE9 Platform Preview 2, Microsoft increased its Acid3 test score results from 55 in the initial platform preview to 68 -- out of 100 -- in the new release.

To be sure, the new release builds on the initial platform preview . And in addition to more improvements to IE9’s performance and support for standards , with this release Microsoft has submitted additional tests to the working groups at the  World Wide Web Consortium (W3C). Indeed, Microsoft submitted 79 new tests to the W3C, bring the number of tests the company has submitted to 183, a company spokesperson said. Microsoft has been busy creating, submitting, and revising comprehensive test cases for developers and browser manufactures to responsibly test and design for same markup.

Meanwhile, according to’s SunSpider benchmark test, Internet Explorer 9 Platform Preview 2 is now even faster. The overall performance results have improved by 117 milliseconds.

In addition, more than 10 new developer samples on the IE9 Test Drive site highlight performance, graphics and HTML5 . Developers can take a look at these samples in a video at, or view demonstrations of the concept of same markup in action at,, and Should a password be required, use "samemarkup," however the videos will be live on Microsoft's Channel 9 by mid-day May 5.

Microsoft also changed the platform preview console window to be a full tab that includes diagnostic information from IE.  The company also added a “Change User Agent String” tool that enables you to change the UA string sent with every request, selecting from preset strings or creating your own custom string.  This complements another feature Microsoft added – the IE9 UA string.

Said a company spokesperson: "We know that when developers spend less time re-writing their sites to work across browsers they have more time to create amazing experiences on the web.  At its essence, that is what we are trying to achieve when we say 'same markup.'  It’s allowing for an interoperable web so developers can create the next class of rich web apps that will take advantage of the capabilities that will be made available with HTML5." 

Source: eWeek


Other posts:

In the news: Google will allow users to opt-out of Analytics tracking

How to spot innovators

Survey of .NET Framework features most used

Big news in security: 1024-bit RSA encryption cracked

Silverlight Game Creation Tutorials

Thursday, May 06, 2010 9:02:03 AM (Eastern Standard Time, UTC-05:00)  #    Comments [0] -

About the author/Disclaimer

The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

© Copyright 2019
Stanislas Biron
Sign In
Total Posts: 135
This Year: 0
This Month: 0
This Week: 0
Comments: 1
All Content © 2019, Stanislas Biron