Visual WebGui allows core and web developers to develop data centric enterprise Ajax driven applications, in a simple way using Visual Basic and Window Forms visual drag & drop experience and skills. If somebody who uses this toolkit would like to integrate it with Image Uploader, our colleagues from Gizmox Team created sample application demonstrating how to achieve it: How to implement Visual WebGui custom control.

Almost everybody in IT world knows that Microsoft is going to release two new operation systems in this October. It will be brand new Windows 7 and major update for Windows 2008 – 2008 R2. Several months ago we decided to get prepared to these new Windows versions in advance and test our Image Uploader with them.

First of all we were interested in Windows 7 as in a client platform where both Image Uploader ActiveX and Java will be launched in browsers. We have not found any major issues with previous versions of Image Uploader 6.x here.

Secondly we checked Windows 7 and Windows Server 2008 R2 from server platforms point of view. As we all know from Microsoft buzz these upcoming versions of Windows will have new Internet Information Services 7.5. And unfortunately it was a surprise for us here. IIS 7.5 did not want to recognize POST requests sent by Image Uploader 5.x and previous 6.x as a properly formed and returned HTTP error 400. So we had to spend some time and figure out what was wrong with requests. We found the reason and new Image Uploader 6.1.4 will be free of this problem. This new Image Uploader release will be avialable on our site by September, 19. Unfortunately if somebody is going to use Image Uploader with IIS7.5 as a server-side, you will need to have a version of Image Uploader not earlier than 6.1.4.

So Aurigma is ready for new Microsoft releases and upcoming Image Uploader 6.1.4 will be compatible with Windows 7 and Windows 2008 R2.

Hi there,

As you probably noticed, we have released Image Uploader 6.1 on these weekends. The main reason we did it is to fix the security vulnerabililty reported to us by Microsoft.

Guys from Microsoft Security Response Center contacted us about a week ago and told us that they discovered vulnerability in ATL (Microsoft library which comes with Visual Studio intended to simplify ActiveX development). This vulnerability impacts all ATL-based ActiveX controls, including Image Uploader. Microsoft has included the description of this vulnerability here:

http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx

In the version 6.1 we have eliminated this vulnerability. Although Microsoft also released a security update for Internet Explorer which patches this security hole, it is highly recommended to update Image Uploader to the most recent build (6.1.1 or higher). Also, on this week we will release updates for versions 4.7 and 5.7, so if you do not use version 6 yet, you will have a chance to use the safe version anyway.

Now, here is a short FAQ:

Q: Is this vulnerability is dangerous? How malicious persons can use it?

This vulnerability allows to instantiate an arbitrary ActiveX control by passing its CLSID to Image Uploader. So to exploit this vulnerability, a number of requirements should be met:

1. A malicious ActiveX should be installed on a client computer anyhow (through trojans, spyware or anyhow else).
2. A malicious HTML page should be created and either injected via cross-site scripting attack or put to a phishing website.
3. The user with malicious ActiveX and unsafe Image Uploader should run this HTML code.

Q: Microsoft released Internet Explorer update which fixes this problem. Why to update Image Uploader?

After the user installs IE update 972260, this attack will be impossible even with Image Uploader version 6.0 indeed. But you cannot guaranty that all users will install this update. That's why updating Image Uploader decreases the probability of security attacks to your users.

Q: Did you killbit old Image Uploader?

No, this time we decided to make both yours and ours life easier and decided to release safe versions with old CLSIDs. Let me explain why.

The main killbit distribution channel is Microsoft update system. We would just pass all "unsafe" CLSIDs from guys from Microsoft and they would include it into some IE security update, as they have done one year ago. But those users who install IE updates on a regular basis will install aforementioned update 972260 which will eliminate this vulnerability. This way killbit will not increase the security level for them. 

On the other hand, those users, who ignore security updates, would not get killbit update as well. Therefore the killbit would not help them as well.

Q: I am afraid that this Image Uploader update will break something on my website. What you think?

Version 6.1.1 has very few changes comparing to the previous build 6.0.16. So if you use the latest version, you can freely update it. Anyway, if you encounter any problems, feel free to contact our support people. We will be happy to help you.

Q: Does it cost me anything to update? 

No, it is free. You get a free update for the major version you have - for version 4.x you get 4.8, for version 5.x you get 5.8, for version 6.0 you get 6.1.

But if you have, say, version 4.7 and want to get version 6.1 instead of 4.8, you should upgrade as usual. Feel free to contact our sales team for more information.

Q: Is Java version vulnerable as well? 

This problem impacts ActiveX version only. 

Hi there,

We made pretty serious changes in the licensing policy for Image Uploader 6. It is not similar to the old one and someone may be confused with it. However I strongly believe that it is much more straightforward. That’s why I decided to write this post to explain our point of view on the licensing questions.

Single Domain vs. Express/Standard/Professional

From the very first version of Image Uploader, the primary license type was a Single Domain license. It was issued for a website with one full-qualified domain name, and it was limited by a single server. For more servers, a separate license type called Web Farm license was provided (the reason why multiple servers require additional licenses is outlined below). Things were getting complicated when such websites required multiple domains, etc.

Taking into account our past experience with customers’ licensing demands, we have reviewed our licensing system. Now each website requires only one license. This license allows using it with a single server and one domain (other limitations are omitted for brevity, so refer licensing pages for more details on this). If this is not enough, you should extend the license with so-called connectors. There are two kinds of connectors – server connectors and domain connectors.

This license plan is called Standard. It has a sibling – a license plan called Professional. The only difference is that the Professional version includes some additional features primarily interesting to the photo printing companies.

These license plans are more consistent comparing to the Domain and Web Farm licenses. However they may seem pretty expensive for a number of customers. But we wanted to keep Image Uploader affordable for startups and small websites as well. That’s why we offer an Express license plan in addition to Standard/Professional. It is very similar to the old good Domain License, but however it includes fewer technical support features.

I would like to comment this point with support. For a long time, our policy was to provide the same level of technical support to everyone. But in the course of time we got a number of customers who have special requirements for the support - guarantied response time. That’s why we made a difficult decision – we provide unlimited high-quality technical support with guarantied reply in 24 hours to Standard/Professional customers only.

But it does not mean that Express customers do not get any support at all. They still can submit up to 2 cases, and of course they can post messages on forums. According to our statistics, it should satisfy a big number of our customers.

About Server Connectors

Some people wonder why the price for the client-side software like Image Uploader depends on the number of servers, their CPUs, etc. Let me explain.

Ideal fair measure for a software price should be the intensity of its usage. When we talk about common standalone desktop applications, it is easy to estimate – the number of workstations where the software is installed is a good appraisal. That’s why this licensing model is so popular for such kind of applications.

However when we consider such application as Image Uploader, it is not so easy. On one website Image Uploader may be downloaded by 1000 people, on another one – by 1000000 people. And the worst thing is that a website owner is not always able even to calculate this number. The same situation we see if we try to use some similar metric, like amount of uploaded data or something like this.

That’s why we decided to use another metric – the power of the server side which processes the upload (i.e. the number of servers, etc). This value is clear and easily managed by the website owner. And it seems to be fair enough, because it is unlikely that someone will purchase and configure large web farms and let it be idle. So to make the licensing policy scalable, we just deem each additionalserver, CPU, or CPU core as a separate unit which requires purchasing a connector to the main license.

The arguable question here is whether to interpret multi-core CPUs in the same way as multiple single-core CPUs. On the contemporary market all new server CPUs are almost always multi-core, so it may seem not very good idea. But on the other side, it is obviously that 32-core SPARC is not the same as typical multi-core Intel or something like this. So the decision worthy of Solomon would be to set a threshold value for the number of cores which divides typical multi-core CPUs from something special like SPARC. In our case we consider CPUs with up to 8 cores as a single unit.

And the last aspect I would like to discuss regarding server connector is what to do if you use a virtual hosting rather than run it on real servers. This is especially actual because of growing popularity of such services as Amazon EC2, and similar.

Of course we do not have anyone to purchase licenses for all underlying hardware of Amazon EC2. Virtual hosting providers allocate resources in so-called Computing Units. Each such Computing Unit has the power comparable with common server with typical configuration. That’s why we just interpret such Computing Units as servers requiring connectors, not the real underlying hardware.

Single-owner Website vs. SaaS/Commercial Apps

In the previous section I explained how we make the price scalable based on the product usage intensity. But this is not the only parameter which should be considered. One more crucial parameter is whether the website is used by a single owner or itis an application used by multiple third party companies.

Imagine you build Image Uploader into a CMS engine. You host this engine on your server and let your customers an account, and create websites based on it.  From our point of view such usage of Image Uploader may be interpreted as reselling to third parties.

In such situation Express/Standard/Professional license plans do not work here. This is where we use classic license model for software component market. The idea is the following: instead of purchasing a website license with connectors, you purchase SDK licenses per each developer on the application development stage, and when you run it to the production, you purchase deployment licenses per each client.

Depending on your situation and what is preferable for you, you either purchase blocks of deployment licenses which cover all your present and future customers, or acquire a license for each separate customer.  But the general rule is simple – the price depends on the number of your customers, not on the intensity of the software usage.

We divide single-tenant and multi-tenant applications pretty long (at least from version5.0 or even earlier), but earlier it was less obvious, and it lead to misuse of some kind of old licenses. Hopefully now we managed to make it clearer.

Where is an IP license?

One of the main questions our previous customers may have is what an analogue for the IP license is.  This is quite ambiguous question.The answer depends on the nature of the website you run.

1. If you have single-owner website and need the IP license to cover all its domains (e.g. www.example.com, www.example.net, www.example-alias.com, subdomain.example.com etc.), you should switch to Standard or Professional license + appropriate number of domain connectors. If the number of domain connectors is not reasonable, we can provide special connectors for IP address or whole domain tree on aspecial request.

2. If you have a hosted application,you should switch to SDK/deployment model. If the number of clients of your application is more or less constant and do not grow extensively, most likelydeployment fee will be a block of licenses which will cover all your customers for the nearest year or other period of time.

Holders of the old IP license may have a concern about the price of deployment license block or IP connector. However I would like to ensure you that there will be no price skyrocketing. At least its order is the same as for old-fashion IP licensing.  

I hope I shed some light on new license policy and made it clearer. If you have any feedback or would like me to write one more post about some aspect of licensing questions, do not hesitate to leave a comment here.

Started planning of new Image Uploader version we decided to focus on three goals: support of images of big size, usage simplicity, and wide support of browsers.

The first goal – support of big images – is the solution for well-known problem when Image Uploader was unable to create thumbnails for big images and sent icons instead. We realized that modern cameras increase megapixels from year to year and the problem became serious. Our development team had to reimplement image processing modules of both ActiveX and Java versions and as a result we have support of large images and have increased the quality of thumbnails.

The second goal – make Image Uploader easier to embed to customers’ solutions – required to survey what platforms were used by our customers. We found out that two of them – ASP.NET and PHP – form absolute majority. We implemented special solutions for each platform (Image Uploader ASP.NET control and Image Uploader PHP library) wrapping Image Uploader and allowing to use it in a straight forward way on a platform.

The third goal is support of modern browsers. In recent times several new browsers were released – Chrome and Internet Explorer 8. We made some efforts to test Image Uploader on these new ones and adapt the control to them. As a result Image Uploader supports these two browsers and Opera 9 additionally.

Here is the overall list of new features and improvements in Image Uploader 6.

Both ActiveX and Java Version Improvements

• Three editions of Image Uploader are available: Express, Standard, and Professional.
• Memory friendly image processing.
• Image Uploader ASP.NET Control and Image Uploader PHP library solutions making Image Uploader usage easier on corresponding server platforms.
• Support of cloud storages: Amazon S3 and Nirvanix. Now Image Uploader can upload files and metadata to these online storages.
• Support of AJAX-enabled applications. Now visibility of Image Uploader can be handled via CSS.
• The ability to customize POST request sent by Image Uploader was improved.
• Image Uploader supports review of response sent by web server back in the ImageUploader.PackageComplete event.

ActiveX Version Specific Improvements

• Support of Internet Explorer 8.
• Support of new non-admin ActiveX controls feature in Internet Explorer 8.
• New installation progress of Image Uploader ActiveX control.
• Improved estimation of remaining upload time in the progress bar.
• Refactored memory management. Several problems that could be potentially led to crash were found and fixed.
• The problem when Image Uploader froze on “waiting for response from server” stage was resolved.
• Fixed several problems with drag-and-drop functionality in upload pane.
• Thumbnail in the progress dialog can be hidden now.
• Fixed the problem when some methods and properties of Image Uploader became unavailable in the case when InitComplete event handler was specified.
• Fixed several problems with saving and restoring of upload list.
• A number of minor improvements and bug fixes.

Java Version Specific Improvements

• Support of Chrome and Opera 9.
• Improved quality of resize.
• Increased speed of folders tree navigation.
• Windows 2008 network shares are supported now.
• Fixed the problem with proxies on Windows platforms.
• Now files can be deleted after upload.
• Now files can be deleted from folder pane.
• Fixed the problem with checkboxes on Mac platform.
• Fixed the problem with tree pane refreshing.
• Fixed several problems with saving and restoring of upload list.
• Fixed the problem with extracting of UserComment fields from EXIF.
• Fixed the problem with deleting of temporary files created by Image Uploader.
• A number of minor improvements and bug fixes.

• Signed SWFs or any other mechanism to use instead of UIA concept. Or some mechanism which will allow passing UIA-permission via event chains.
• Multithreading or at least something like yield() method.
• Ability to work via sockets. At least with native domain. Without any "special server on XXX port", because it is not usable in real world with hosting providers, firewalls, and proxies.

Hi!

CodeProject is a great site for developers. Also, I believe that we produce componentry that's useful for dev guys. So, I've submitted some Aurigma products into the CodeProject catalog. You can vote, telling others about your overall impression from using our stuff:

• Assess Image Uploader
• Assess Graphics Mill
• Assess File Downloader

Your opinion is really important to us.

Hello,

Today I was amazed to learn that Image Uploader is popular enough to cause open-source community to create applications which use Image Uploader. I have discovered an Image Uploader based addon for Drupal - very popular open-source CMS. It is called Aurigma Uploader for ImageField. It allows to upload files as attachments to the pages and stories posted on the website.  This addon was submitted to the Drupal website by Aaron Wolfe.

Although this addon is pretty raw (I had to modify the source code to get it working, and it still displayed some warnings), it was great to learn that such addon exists. I believe it will be improved and people will find it useful.

I had an idea about series of addons for various open-source CMSes, but unfortunately we had not enough resources to get involved into it deeply. I am glad to know that open-source community finds it interesting to do it.

By the way, if Aaron or any other person involved into this addon development need any assistance with it, we will be happy to help. Just let us know.