November 2004 Entries
My neighbor Chris is in Iraq as the #2 guy overseeing rebuilding projects as part of the Army Corp of Engineer. He'll be over there for several months helping to rebuild the facilities necessary for providing clean drinking water and electricity.
Chris and his wife Susan are among the nicest people you will ever meet. Their dog Nelson was kind enough to show Twiggy the ropes as it comes to the best spots in the neighborhood for taking care of business. Susan is always offering to take Twiggy for a walk when we're away at work.
In any case, with all the bad news coming from Iraq, it's good to read about progress made in the rebuilding efforts. Here's a snippet about his wild ride into Baghdad. Be glad your typical business trip doesn't come with this sort of landing.
I'm safe in Baghdad....errr, well....I guess I'm just "in Baghdad." The flight into Baghdad International Airport is one I will always remember, no matter how hard I drink to forget it. There's 40 of us packed into a C-130, which was never intended as a passenger plane. There's no "passenger area" in these planes, just the cargo hold with jump seats running down the sides and a row down the middle. Only two small port-style windows on either side. We've got a military dog on the plane with us, not real happy in his crate and letting the whole world know about it. It's so noisy you have to wear earplugs and shout at each other to be heard. About 10 minutes outside of Bagdad, we begin our descent from 30,000 feet. That's right, 30,000 feet in 10 minutes. Not to mention that the pilots fly a corkscrew pattern to avoid potential rockets (they haven't had one yet, but nobody wants to be the first). Let's just say, the dog wasn't the only one howling on the way down.
After a hard landing, they popped the hatches and we put our feet on Iraqi soil.
I've flown in a C-130 myself and can vouch for how uncomfortable a ride it is. However, I've never experienced a landing quite like his.
[Via Live from Baghdad]
His ATOM feed is here.
This is a fabulous post (did I just say "fabulous"?) on how to create self contained NUnit tests when you need a web server.
As you may know (assuming you've read this blog for a while, which is a BIG assumption), I'm a big fan of self contained Unit Tests. It's a key component to having a self contained location independent build process.
I have an approach similar to Scott's in unit testing some of the functionality of RSS Bandit. For example, I have tests that will create a web directory, start a Cassini web server, and then use the RssLocator class to search for RSS feeds. However, one problem I had that I hadn't resolved was the issue that Cassini.dll needed to be loaded in the GAC.
If you were to obtain a fresh build of the RSS Bandit unit tests and didn't have Cassini.dll registered, many of the tests would fail. I was planning to add code to register Cassini into the GAC, but Scott has shown the path to a better way. He demonstrates a method such that doesn't require Cassini to be placed in the GAC. Brilliant! Once I get home, I shall make this change and truly rejoice at having self contained tests.
I arrived in Toronto today and am staying at a very nice hotel. It's called the SoHo Metropolitan and it sure beats the Super 8 I stayed in at Tech Ed 2004 (next door to Adam Kinney and Eric Porter). It's too bad I'm only here one night as I was hoping to have time to check out the well equipped gym.
The reason I'm here is to get acquainted with the tech staff of our new parent company. I'll be coordinating a lot of development with these guys. They primarily work with Java and we primarily work with .NET. However, XML is the glue that will help us all get along and sing Cumbaya around the campfire with group hugs and all that.
They're in the process of exposing their platform as SOAP and I'll be reviewing the architecture with my equivalent here. I'm looking forward to this as it will be an opportunity to really get some real world cross-platform experience.
In the meanwhile, my wife tells me the house is very quiet without me. I suppose because I am quite noisy. In any case, while she was walking Twiggy some guy in a car attempted to hit on her. Their conversation went something like this.
He asks, "Are you Thai?" "What?" she replies. "What ethnicity are you?" "WHY!?" she yells.
She's quite the spunky one.
Ouch that smarts!
During my flight today a bag of ice fell off the cart the flight attendant's were pushing up the aisle. Thinking it was a simple bag of ice, I picked up the ice and put it back in the bag. As I was holding the ice, I realized that it was much colder than normal ice. Much much colder. So cold in fact, it burned a bit.
Not to worry though, those long cold winters in Alaska prepared me for such cold. I'm impervious to it. Except in L.A. for some reason, when it's cold there, I'm succeptible.
I’m posting this great tip so I can find it later and for your benefit.
[Via Julia Lerman Blog - Don’t Be Iffy...]
A while ago I wrote about AmphetaRate, a blog recommendation engine that takes user ratings of blog entries and serves an RSS feed of recommended blog entries.
Later on I wrote an article about how to build an IBlogExtension plugin which was added the the RSS Bandit documentation site.
As a warmup to writing that article I wrote an AmphetaRate plugin to work through the kinks of writing a plugin for RSS Bandit. However I never released that plug-in as I wasn't ever sure if it was working since all my recommendations were "training" recommendations.
This is a classic chicken and egg problem. If there aren't enough users using AmphetaRate, the quality of recommendations are poor.
In any case, I noticed today that Dare updated the RSS Bandit roadmap and the version (code named Nightcrawler) after the next version may include a "Thumbs Up/Thumbs Down" rating system, perhaps intergrated with AmphetaRate. This would certainly help solve the "Chicken Egg" problem.
In the meantime, I am releasing my plug-in with no warranties. Just copy the AmphetaRatePlugin.dll to the "plugins" subfolder of the RSS Bandit installation (on my computer that's at "C:\Program Files\RssBandit\plugins"). The VS.NET 2003 solution can be downloaded here.
Note that although this plug-in implements the IBlogExtension interface, the configuration form implements a feature specific to RSS Bandit. When you configure this plug-in, I wanted to provide an easy manner to subscribe to a user's recommendation feed. So I added a LinkLabel that when clicked does just that.
However, I had to cheat a bit to do that. Since the IBlogExtension interface doesn't define methods you may want to call on the calling application, I used Reflection to call a method to bring up a pre-populated "New Feeds" dialog. You can see the source for that call below.
private void lnkSubscribeURL_LinkClicked(object sender, System.Windows.Forms.LinkLabelLinkClickedEventArgs e)
{
if(IsValidID(this.txtID.Text))
{
object banditApp = this.Owner.GetType().InvokeMember("GuiOwner", BindingFlags.Public | BindingFlags.Instance | BindingFlags.GetProperty, null, this.Owner, null);
if(banditApp != null)
{
bool result = (bool)banditApp.GetType().InvokeMember("CmdNewFeed", BindingFlags.Public | BindingFlags.Instance | BindingFlags.InvokeMethod, null, banditApp, new object[] {null, this.lnkSubscribeURL.Text, "Personalized AmphetaRate Feed"});
}
}
}
At some point, it's possible this will become a fully supported feature of RSS Bandit. For now you're stuck with this hack. If anyone's interested, I'd love to discuss creating a new plug-in standard that's a little more full featured than IBlogExtension. It works great for simple plug-ins, but doesn't provide much support for a plug-in to interact with the application. I can think of several operations every aggregator pretty much supports that a plug-in might make use of such as "Subscribe To Feed", "Mark Item As Read", etc...
[Listening to: In da Club - 50 Cent - Get Rich or Die Tryin' (3:13)]
I think it's about time to found a group devoted to helping blogging addicts deal with a new and pervasive addiction. This occurred to me the other day when my wife needed help putting away the dishes and I mumbled something about "Only 86 more entries to go in Scoble's link blog."
Let's just say that she was not amused.
So to help others out there who may suffer from the same affliction, I offer some scientific indicators that you too might be a blogging addict.
- You're name is Robert Scoble
- You subscribe to Scoble's link blog
- You're reading this post and it's still Thanksgiving.
- You're blogging about your addiction...on Thanksgiving
- You try to regale your friends with interesting stories, but they've already read it on your blog.
- These same friends only email you with interesting links hoping to make your blog.
- In order to get you to take out the garbage, your wife posts a comment on your blog.
Take heed of these indicators and if you identify yourself to be a blogaholic, join in my new Blogaholics Anonymous group. We'll be meeting in the comments section of this post. Oh, and go help your wife with the dishes.
Today was my first day bringing the Tablet PC to work and I immediately put it to good use. I think that the paper pad metaphor that One Note uses may be implemented too well.
I was diagramming our existing site functionality and flow and had to erase some mistakes I made. So I took the stylus and rubbed the back of it on the screen to erase some of my scribblings.I then proceeded to take the side of my hand and brush the screen off.
Realizing what I had done, I started laughing out loud. It just occurred to me that I was instinctively going through the motion of wiping away the bits of eraser chunks that would normally be on a pad of paper after such intense erasing. The sort of chunks that aren't created when you're dealing with digital ink.
I better be careful before I start applying white-out to the screen.
Dave claims that inhaling puts him out of the running for President.
My mom admitted she was standing up for Arnie because she also is a naturalized citizen. I of course am not, and could serve as President without an amendment. Of course I did inhale, so I'm probably out of the running just on that count, if not for all the others.
Not So fast there professor! Our current president managed to get elected twice and he's a confirmed "snorter". In all likelihood our very first president smoked a bowl or two in his day. Don't let "inhaling' be a showstopper.
Perhaps your campaign slogan might be "An RSS feed in every Pot!"
From the Wintellect blog.
Today, I discovered that Microsoft was filing a patent for “an operator that returns true when two memory addresses are not equal”!
Surely, we can still come up with better ideas than this to patent, can't we?
Plus, I think there is a lot of prior art around this particular invention.
[Via Wintellog]
The geeks are abuzz about Sergey Dmitriev's article on Language oriented progamming and the Meta Programming system. It's a worthwhile read and may be a harbringer of the future of software development.
What's interesting to me is that the model he describes for viewing source code trees is very similar to this post by Wesner Moise.
Colin asks the question "How do you organize your code?" and then goes on to describe the system in use at his shop.
Basically I adhere closely to the guidelines in the Patterns & Practices guide: Team Development with Visual Studio .NET and Visual SourceSafe. Chapter 3 of this guide focuses on structuring projects and solutions.
The guide recommends a single solution model whenever possible which I generally put in use with a slight modification. Chapter 3 talks about composing your source control tree into Systems, Solutions, and projects. So typically a large system might consist of only one solution, but could consist of multiple solutions. Ideally each solution is isolated from other solutions in that there are no project references from one solution to another.
However I've added a separate system called CodeLibrarySystem which contains a CodeLibrarySolution. When I create a new solution for a new system, I'll add in the necessary projects from the CodeLibrarySolution into the current system. So this breaks the "isolation" model of a Single Solution Model, but provides the benefit of code sharing. Also, by merely getting latest on my current solution, I can get all the latest changes in the code library (which really shouldn't be changing all that often).
At home and at work, I am constantly trying to refactor code so that it can be dropped in the CodeLibrarySolution as opposed to having a bunch of non-reusable code sitting in various solutions. This has worked out pretty well for me as I'm starting to have a significant code library at home. Any time I find an interesting example online, I add it to the code library (with appropriate licensing information if any).
It was really just a side question of this post on Rory’s blog having nothing to do with the main topic (some blather about Jury duty bla bla bla). For 50 bonus points, the question was what game featured the quote “You have summoned an elemental”?
My winning answer was Archon, thus securing the 50 pts redeemable for fame, fortune, and street cred. Interestingly enough, the question summoned a swarm of geeks reminiscing about the good ol’ days of gaming on the Commodore 64 in the comments section.
For good reason, Archon was a joy to play. I loved that game back in the day. It was pure fun. Technically, I didn’t play it on a Commodore 64. I had a Commodore 128, which I know is the same thing really, but it was a larger number and it had some funky CP/M mode that did nothing for me. In any case, in the comments of that post, I found that there’s a remake effort for Archon. Awesome! It’s interesting to see that there’s a thriving C64 retro gaming community with a C64 emulator to support the cause.
As can be seen by such communities, the C64 inspired huge loyalty among its fans back in the day which is still going strong. Heck even I joined in the computer worship with my C64 formatter for Rss Bandit. Of course once I upgraded to the Amiga 500, my Commodore 128 turned into a large paperweight. At that point I was a slave to Speedball, Pirates!, and the Bard’s Tale. Not to mention the Ultima and Phantasie series.
Ah, I miss the good ol’ days of gaming. They weren’t the good ol’ days because the games were much better necessarily (though many were quite good). Rather, they were the good ol’ days because I had this thing called “time” to actually play them.
So I was poking around the source code for how ASP.NET initiates session state etc... and noticed this method of the SessionId class. You gotta love the naming of this one. Steve McConnell (via Code Complete) would probably have recommended something like "IsValid" but he has no imagination nor flair.
internal static bool IsLegit(string s)
{ bool flag1;
if ((s == null) || (s.Length != 0x18))
{ return false;
}
try
{ int num1 = 0x18;
while (--num1 >= 0)
{ char ch1 = s[num1];
if (!SessionId.s_legalchars[ch1])
{ return false;
}
}
flag1 = true;
}
catch (Exception)
{ flag1 = false;
}
return flag1;
}
MC Hammer would be proud!
My buddy Dan sent this site to me. You can generate your own church signs.
Or how about this friendly one...
Yesterday I posted a little quiz with an example of an HttpHandler implemented as an ASHX file.
Brad Wilson obviously knew the answer, but only gave a hint for others to elaborate on. BigJimSlade (no link given) expanded on the answer. BigJim, I have a GMail account for you if you want one.
Calling HttpResponse.Redirect(string url) actually calls an overload HttpResponse.Redirect(string url, bool endResponse) with endResponse set to true. If endResponse is set to true, HttpResponse.Redirect will make a call to HttpResponse.End().
That method in turn calls Thread.CurrentThread.Abort(). Oh the depravity! Once again, Thread.Abort rears its ugly head.
So as you see, the code sample will ALWAYS redirect to /default.aspx because the HandleRedirect method throws a ThreadAbortException every time. To fix this, I merely need to change the HandleRedirect method to call ctx.Response.Redirect("/special.aspx", false);.
The fact that this week seems to be “Thread.Abort Week” isn't why I posted this quiz. I ran into this problem the other day in my carelessness. It’s a result of my old ASP 3.0 habits resurfacing after years of suppressing them. It took me a few minutes to realize why my code never made it to special.aspx.
I've resisted it, but I think I may change my primary email adress from Yahoo! to Gmail. You can probably guess what my Gmail email is...
This is a simplified version of a sneaky bug I ran into today (I’m fine thank you, but the bug is dead). The only prize I can offer is a GMail account if you want one.
Imagine that the method HandleRedirect actually does something interesting and if all the conditions pass, the user is redirected to special.aspx. This is the source code for an HttpHandler implemented as a .ashx file.
<%@ WebHandler Language="C#" Class="MyHandler" %>
using System;
using System.Web;
public class MyHandler : IHttpHandler
{
/// <summary>
/// Processs an incoming request.
/// </summary>
public void ProcessRequest(HttpContext ctx)
{
try
{
HandleRedirect(ctx);
}
catch(Exception)
{
ctx.Response.Redirect("/default.aspx");
}
}
void HandleRedirect(HttpContext ctx)
{
ctx.Response.Redirect("/special.aspx");
}
public bool IsReusable
{
get { return true; }
}
}
Recently my company (which was a division of Company X) was purchased by Company Y. Company Y is based outside of the country and we are a fully owned subsidiary and make up their U.S. presence.
A couple weeks ago or so we found out that my boss (our CTO) was promoted to CTO of the parent company. He has to spend 25% of his time at the parent company's headquarters in Canada and 75% here, though it's been more like 50/50. Some of my coworkers are starting to call me "See-Toe". (Get it?).
In any case, I'm currently the lead on integration efforts to get our platform running on cell phones and set-top boxes. It's one of the more interesting projects I've worked on, though I really can't (or am not sure if I should) talk about it much here.
I'm currently updating my device driver for my ATI Radeon 9700 at work (I now have a new 17" LCD monitor that supports portrait mode) and noticed that to install the CATALYST Control Center, .NET 1.1 is required. See for yourself.
It's nice to see that .NET is starting to spread beyond internal business applications, ASP.NET sites, and web services.
Sobering news for the "short-sighted" computer geeks among us.
Reuters - Hours in front of a computer screen may
increase the risk of glaucoma in people who are myopic or
short-sighted, Japanese scientists said on Tuesday.
[Via Yahoo! News: Most Emailed]
I'll come out of the closet and admit that I used to play this game with an almost fanatic interest. My first exposure to the game was in Spain when several other military brats in my apartment complex introduced me to a twenty sided die (1d20). By the time I moved to Guam, I was hooked. I started a group there with an unlikely band of friends: a Hawaiian volleyball player, half-thai skateboarder dude, heavy metal rocker, etc... and we were destroyers of worlds.
For many of these guys, the game was new to them and they didn't realize that in many circles there was a stigma attached to those who played it. I would cringe when hanging out with my other friends and these guys would say, "Yeah, we're going to play Dungeons and Dragons tonight". This was an unecessary side effect of youthful insecurity. I haven't played in years as I've found that as people work full time and have families, it's difficult to make the time. Even more difficult is to have several people have the time at the same time. It's a feat of synchronization. Perhaps when I retire.
Mark Frauenfelder:
Peter Bebergal has a wonderful op-ed in today's Boston Globe about the imagination-boosting power of Dungeons and Dragons
To put it simply, Dungeons and Dragons reinvented the use of the imagination as a kid's best toy. The cliche of parents waxing nostalgic for their wooden toys and things "they had to make themselves" has now become my own. Looking around at my toddler's room full of trucks, trains, and Transformers, I want to cry out, "I created worlds with nothing more than a twenty-sided die!"
Dungeons and Dragons was a not a way out of the mainstream, as some parents feared and other kids suspected, but a way back into the realm of story-telling. This was what my friends and I were doing: creating narratives to make sense of feeling socially marginal. We were writing stories, grand in scope, with heroes, villains, and the entire zoology of mythical creatures.
Link
[Via Boing Boing]
I watched DC United take on Kansas City today for the MLS Cup 2004. The great thing about soccer in the U.S. is that I can get tickets for the national championshipship the day before for a decent price. Unfortunately that's also the problem with U.S. soccer. The quality of play is nowhere near a Premiership game or Bundesliga.
In other soccer news, several of the players I play pick-up with organized a game (with refs et all) with the league team I just recently joined. I played with the pick-up team and we were shelled 6 to 3. It would have been a lot worse had we not had the most phenomenal goalie on our side. For my part I had an assist and converted a penalty kick.
In response to Ian’s post on thread.abort, Richard Blewett points out a situation when the thread you are attempting to cancel can’t check the volatile book flag to determine whether it should cancel itself or not.
An example he presents is when the thread is waiting on a synchronization primitive. The solution given is to call Thread.Interrupt.
This is a handy technique when you have a reference to the thread you wish to cancel, but this is not often the case when dealing with asynchronous method calls such as spawned by calling BeginInvoke. You won’t have a reference to the thread that an asynchronous method call is operating on.
So what is the would be thread terminator to do? Rather than go back in time and stop the thread from being spawned in the first place (my apologies for the poor cinema reference), avoid having indefinite waits on synchronization primitives in the first place. With a ManualResetEvent for example, you can specify a timeout for the WaitOne method. I recommend that you do so.
Ian Griffiths (one of my favorite tech bloggers) wrote this fine piece on why Thread.Abort is a representation of all that is evil and threatens the American (and British) way of life.
The problem with Thread.Abort is that it can interrupt the progress of the target thread at any point. It does so by raising an ’asynchronous’ exception, an exception that could emerge at more or less any point in your program. (This has nothing to do with the .NET async pattern by the way - that’s about doing work without hogging the thread that started the work.)
If you’re interested in how Thread.Abort raises an exception in another thread, read Chris Sells’ (another favorite blogger) investigative report here.
I’ve taken this to heart in the design of my Socket server class (which I will release to the public some day) and in any situation where I have a service running that spawns asynchronous operations. Ian’s appoach to cancelling an asynchronous operation is the similar to mine:
The approach I always recommend is dead simple. Have a volatile bool field that is visible both to your worker thread and your UI thread. If the user clicks cancel, set this flag. Meanwhile, on your worker thread, test the flag from time to time. If you see it get set, stop what you’re doing.
One difference is that I chose not to use a volatile bool field. My reasoning was that if my asynchronous operation only reads the value (and never writes it) and just happened to be reading it while my main thread was changing it to false (in response to a user cancellation effort), I’m not so concerned that asynchronous operation might read true even though it’s being set to false. Why not? Well it’ll stay false by the time I check it again and the chance of that small synchronization flaw is very minute and has a low cost even if it does occur.
The question is, am I missing something more important by not using a volatile field in this instance?
Using NDoc I've generated an update version of the CHM code documentation for RSS Bandit. As you'll see (if you take a look) this documentation is by no means complete. Many of the public methods need better documentation. Also, there are no Namespace summaries yet. I plan to spend some time adding these summaries and some higher level API documentation.
This documentation is intended for interested developers and is meant to supplement the existing documentation at the RSS Bandit documentation website.
Included in the documentation are three main components: RSSBandit.exe, NewsComponents.dll, and RSSBandit.UnitTests.dll.
RSSBandit.exe is the main application code. The documentation here covers all the Forms in use etc.
NewsComponents.dll contains all the classes used to fetch and parse RSS feeds as well as NNTP. Much of core logic is contained in this assembly.
RssBandit.UnitTest.dll I included the documentation of this assembly so that you can read what unit tests we currently have (and thus infer the many we are missing). The great thing about unit tests is that many of them are demonstrations of how to use the API (when correctly written which I can't yet vouch for my own) ;)
So now that I have a second Windows box (and third computer in the house), I'm soliciting recommendations for good synchronization software. Ideally I'd like something where I could configure which directories and files get synchronized and it happens seamlessly any time the Tablet connects to the home network.
Wohoo! And it is a thing of beauty. Unfortunately I've been crazy busy lately so I don't have any pictures so you'll have to settle for this stock photo.
Acquiring a new computer is a laborious affair. Step one is to download and install Windows SP2 and all other critical updates etc... Second is to install RSS Bandit Then its the process of installing all the rest of the software, tools, and tweaks I've grown reliant on.
I'd like to backup all my photos and music on there, but that wouldn't leave me much room for anything else. I'll have to carefully cull a selection of music worthy to carry around.
Anybody have software recommendations for the Tablet PC? In what ways do you use it differently than you do a laptop in your day to day operations?
UPDATE: I forgot to mention, it's a Toshiba Portege M205 with 60GB hard drive, 512MB RAM, and 1.5? MHZ Intel Celeron.
This is a very nice theme intended for Windows Media Center 2005, but available for Windows XP.
[Via Service Station]
Today I've been at my current employer for one year.
When the Olympics occurred, one of my favorite DJs spun for the opening ceremonies. Unfortunately I missed it, but I had heard good buzz about his performance. Now he’s come out with a CD called "Parade of the Athletes". I have a feeling that if you liked the music he played for the Olympics, you’ll like this cd.
This is very good news. [Via ScottGu's Blog]
I picked up Twiggy from the vet after work and she's been such a trooper. Check out the sassy hot pink cast that's bigger than she is.
I'm ready to whack some fools with this thing.
We took her for a really short walk so she could do her thing outside and she looked so sad limping along like a tiny little gimp. However, when I tried to take a video of her walking, she decided to show some pride (avi 1.07 MB).
Twiggy was at a newly opened small dog park when a group of other small dogs suddenly ganged up on her. Of course they couldn't catch her because she's a speed demon, but she must have caught her foot in a grate on the ground (extremely bad idea for a small dog park to have a grate on the ground) and broke her leg just above her ankle.
She's at the vet now and is doing fine. If you have a pet that you care for, I recommend getting pet insurance. I hear it's not too expensive and could save you a pretty dime in a situation like this. We were planning to purchase it but just hadn't gotten around to it. Now we have a significant vet bill to pay.
Hopefully we can pick her up today or tomorrow.
I received an email in response to my post How To Avoid ClearText Passwords With UsernameToken that asks the following question:
...Thus if a hacker steals the hashed password from your database, he will be able to write an application that gives the hash to WSE and he will authenticate successfully - which is exactly what we are trying to avoid by storing the hashed passwords in the first place.
...
The bottom line: this approach won't really solve the real problem - if I steal the hash from the database, I will be able to uthenticate
successfully. I'd love this to work the way you describe but as a security-conscious developer I'm still losing sleep.
Although this is a true scenario, the author makes an assumption that is false. The purpose of storing a hashed password is NOT to stop a hacker who obtains the hash from being able to authenticate as that user.
Think of it this way, if I'm a hacker and I am able to compromise your user database and obtain a user's hashed password, why would I ever try to authenticate as that user? Since I already have my grubby hands in the cookie jar, I might as well grab all the data directly from your compromised database.
Rather, the purpose of hashing a password with a salt value is to provide security to the user of the system that rogue employees of the company and hackers who compromise the database cannot use my password to log into other sites I frequent.
Ideally your database isn't compromised very often, otherwise you have bigger problems than whether or not passwords are hashed.
That's why a security minded developer doesn't stop at hashing passwords. Code security is never enough and is only a small part of the equation. The IT staff have to make sure the database itself is secure and not likely to be compromised. Staff with access to the system must be trained to deal with social engineering attacks. What good is a hashed password if I can call up tech support and get any information I need by posing as an executive?
So to the author of this email, I suggest you don't lose sleep over the hashed password scenario. As a security conscious developer, you have a huge number of other attack scenarios to lose sleep over. ;-)
One of the holy grails for unit testing is to get 100% code coverage from your tests. However, you can’t sit back and smoke a cigar when you reach that point and assume your code is invulnerable. Code coverage just is not enough.
One obvious reason is that Code Coverage cannot help you find errors of omission. That is, even if you had 100% code coverage from your tests, if you forget to implement a feature (and a test for that feature), then you’re shit out of luck.
However, apart from errors of omission, there’s the case presented here. Imagine you have the following simple class (I’m sure your real world class is much more complicated and interesting, but bear with me).
using System;
using System.Collections;
public class MyClass
{
Hashtable _values = new Hashtable();
public MyClass()
{
_values.Add("keyOne", "1");
_values.Add("keyTwo", "7");
_values.Add("keyThree", "10");
//...
}
public int SumIt(string[] keys)
{
int total = 0;
foreach(string key in keys)
{
total += (int)_values[key];
_values[key] = total;
//Maybe we do some other
//interesting things here.
}
return total;
}
}
Now imagine you test this class with the following NUnit fixture.
using System;
using NUnit.Framework;
[TestFixture]
public class MyClassTest
{
[Test]
public void TestSumIt()
{
MyClass mine = new MyClass();
string[] keys = {"keyOne", "keyTwo"};
Assert.AreEqual(8, mine.SumIt(keys));
}
}
Voila! 100% code coverage. But does this satisfy the little QA tester inside? I would hope not and suggest that it shouldn’t. Code coverage is worthy goal, but often unnattainable in large systems (hence the need for prioritization) and doesn’t provide all the benefits it would seem.
To handle situations like this, unit tests need to go beyond concentrating on code coverage and also consider data coverage. Of course, that’s not always practical. In the above example, if I only have 10 keys, testing the possible permutations of SumIt becomes a huge burden. Often the best you can do is to test a small sample and the boundary cases.
Colin shows how to configure CopySourceAsHtml for any source file that VS.NET provides syntax highlighting. In my case, I've mapped the shortcut CTRL+C CTRL+S to the Copy command and CTRL+C CTRL+N to CopyNow command.
<?xml version="1.0" encoding="utf-8" ?>
<root>
<wow id="1">This is neat</wow>
</root>
<%@ Page language="c#" Codebehind="WebForm1.aspx.cs" AutoEventWireup="false" Inherits="EmailIntegrationWeb.WebForm1" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<html>
<head>
<title>WebForm1</title>
<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
<meta name="CODE_LANGUAGE" Content="C#">
<meta name=vs_defaultClientScript content="JavaScript">
<meta name=vs_targetSchema content="http://schemas.microsoft.com/intellisense/ie5">
</head>
<body MS_POSITIONING="GridLayout">
<form id="Form1" method="post" runat="server">
</form>
</body>
</html>
Probably richer than you think. Check this out to find out.
My main man Colin is on fire with his latest version of CopySourceAsHtml add-in.
As this utility catches on, I think you'll see a huge proportion of .NET bloggers using it to post source code snippets on their blogs. It now uses VS.NET's own syntax highlighting to highlight the code. Thus whatever settings you have in VS.NET are used by the add-in. It's also much more configurable with word-wrapping, ability to add extra styling options, etc... Here's a couple of snippets as a demonstration.
According to the example's on Colin's site, it even works with aspx and css files. Unfortunately, that's not working for me right now as I don't see the context menu on those pages.
Nice job Colin!
9 ///
10 /// This just rocks my world!
11 ///
12 public class HtmlSourceTest
13 {
14 public void ThisMethodKicksButt()
15 {
16 //Yep. It does.
17 Console.Write("Hello World");
18 }
19 }
///
/// This just rocks my world!
///
public class HtmlSourceTest
{
public void ThisMethodKicksButt()
{
//Yep. It does.
Console.Write("Hello World");
}
}
When building an installer for a Windows Service in VS.NET 2003, conspicuously missing is the ability to specify a description for the service that is displayed in the Services applet.
I've written a base installer class that inherits from System.Configuration.Install.Installer for this purpose, but I'll just present to you the source listings for the methods to add and remove a service description.
Check it out here. I hope you find it useful.
There is now a plug-in to use BlogJet to blog items from RSS Bandit. I haven't tested it yet, but if the plug-in doesn't do anything specific to RSS Bandit, it should be usable by any aggregator that supports the IBlogExtension interface. Want to write your own plug-in? Read my guide here.
Finally, I did it – a plugin to integrate RSS Bandit and BlogJet. If you’re using RSS Bandit to read feeds and BlogJet to post to your blog, this plugin is a must-have. It adds a new item to Bandit’s right-click menu – “BlogJet This!”. Click it and it will lanch BlogJet with the content of selected item.
Installation instructions and download.
[Via BlogJet weblog]