Wednesday, December 10, 2008
#
If you are using SubSonic, don't name your column "CreatedBy." It appears to be a bad name… Now if I could figure out how to do a left outer join with multiple join criteria.
Not complaining, just making a note for myself (and others).
Thursday, July 10, 2008
#
I was listening to Natalie Del Conte on the Buzz Out Loud podcast (#762) today and I have to say, I am surprised at her attitude that people shouldn't backup their own DVDs: She obviously doesn't have children. After replacing 2 discs because of my kids ignoring me when I said to leave the DVD in the player; I totally see that backing up legally owned copies of DVDs for your own use is totally legitimate.
I've been listening to the StackOverflow podcasts recently—not as polished as some. Still, I enjoy the content. During episode #12, Jeff complained about the lack of specific criticism. My main point of disagreement is with his need to re-invent the wheel. Specifically, when he said he wanted to rewrite the login functionality for the stackoverflow site. I'm a pretty selective developer and I like to find places where I can refactor code to the point of removing as many lines as possible. But, I just don't see the point of taking tried and true login functionality and saying, no thanks: Especially since it is security code that involves passwords and login information.
Having said all that, I admire Jeff and I avidly read his blog. I just think he should look to reuse and then refactor. Too much is already written that shouldn't be rewritten.
Monday, February 25, 2008
#
Friday we deployed a major milestone, albeit 3 years late. We finally deployed our main application in .Net 2.0. Years and years of requests to allow us to do so and another project requesting it did the trick.
So, after 427 builds, we sent the deployment package to the group that manages the servers. The deployment is split into 3 archives: 1) the web site, 2) the sql patches, and 3) the stored procedures. The dba ran the patches and was running the stored procedures when he called me at 8:30 to tell me he was getting an error. I thought this odd and asked him to run them again. He did so and as it turned out the tool that runs the stored procedures reported an error on the procs it was running. Somehow the DirectoryInfo.getfiles call returned the list of files ordered by last modified date. I'd never seen that. I also didn't see any documentation that explained the order or how to change it. I did make an Array.Sort() call and that fixed it.
It's just a good idea to never assume an order obviously.
Wednesday, February 20, 2008
#
My team recently upgraded our web application to Asp.Net 2.0 from Asp.Net 1.1. Yesterday was the first deployment since the upgrade. Overall, the conversion went well. But an odd thing happened during the mandated Vulnerability Assessment that is required before the application go live. I received an email that said "A high risk 'Blind SQL Injection' is showing up on the http://<domain> /<virtdir>/common/error.aspx URL on the aspxerrorpath object." I looked at the page, but it literally did nothing in the database (read or write). Not a thing. I thought maybe a Cross Site Scripting vulnerability, but certainly not a SQL injection problem. But, anybody who has worked in a large organization knows, the path of least resistance is the best.
I decided to address the perceived issue by overriding the OnError event in a common base class for all the pages in the site. I made sure I didn't pass the aspxerrorpath param and voila: We passed today.
I use Subversion (1.4.5.25188) via Apache (2.2.6.0). I use CruiseControl.Net (1.0.1.1277) as our build server. I setup Subversion in a non-standard manner. And, it could account for the problem. All the users who access Subversion, do so via a domain login. That is except for the build user. I setup the build user as a local account on both the Subversion server and the Build server with the same password. I then setup a second location alias in Apache to also use SSPI authentication, but I set the "SSPIDomain" to Off. This allowed the user base to only have to put in their username without a domain and the allowed the local accounts to work via the second location.
All was fine until I started getting a build Exception that said "authorization failed." I was able to reproduce this and I tried all I could think of to fix it. Yesterday, I had an epiphany (understand I am paranoid): I setup the account to use SSL, and then to use basic authentication. I had avoided this in the past because I didn't want any passwords embedded in any scripts.
…The problem occurred only occasionally, but seemed to be occurring more often...
I also added another directive:
Order Deny, Allow
Deny from all
Allow from 192.168.xxx.xxx
I believe with this added, I have now effectively locked access down to only the build server.
Thursday, November 01, 2007
#
I was just reading Jeff Atwood's "The F5 Key Is Not a Build Process." I find it interesting that the build process seems to be the end of it. The reality is that you also have to have a document telling people how to access all the code and what they need to have installed on their computer. It could be a page or 20 pages, but if you don't document all the software needed and the steps to configure it, you are just as lost as only having the build process. Mainly because you most likely have one or two people on the project still in charge with that information locked in their heads.
Don't get me wrong, I love the automated build process. I just advocate more and not just as a mechanism to have it. We have added 3 new people to the team, and I literally have handed them this document and said, "Look through this before you ask me any questions." And, its worked—except for our Project Manager…
Friday, October 05, 2007
#
I received an error that said, "Line 1: Syntax Error." I kept debugging the error, but I didn't think the document definition was causing the error. In the end, I found another developer on the project, had an onmouseover event getting set into a div on via the innerhtml property that included something like onmouseover='somefunction(someobject,'',someotherobject);'. It wasn't quite that simple, but essentially it was too long to find. Unfortunately, the debugging isn't what it should be and the developer didn't test his work.
Outlook needs a filter by alias sent to. If someone sends you an email and I guess BCC's you, outlooks filters won't see a "to" in the filter and it won't allow the mail to be sent to a folder. But, if you look at the headers, you can see the destination address.
Tuesday, September 11, 2007
#
Is anybody else experiencing problems with the Security Update for VS2005SP1? I have installed it twice to no avail. It says it completed successfully, and then promptly requests I install it again. I've checked the obvious stuff like the Event Log for any errors and there aren't any.
Can't decide if I want company…
Friday, August 31, 2007
#
I forgot to post this from a while ago…but I still want to rant…
I read this post and couldn't help think about my flight experience last week. My family, which includes three kids between 4 and 8, were flying to Newark via AirTran. We arrived at the airport slightly late (but not that late); we didn't think to ask the TSA to let us skip to the head of the line and consequently after an hour in line, we finally made it through. It was 9:05 for a 9:20 flight. We went to get on the train to get to Concourse C. And, the train was broken… So, with all our stuff for three kids—and the three kids, we ran all the way. My wife and I taking turns to carry the kids at one point or another. We got to the gate at exactly 9:20 with 3 other people. The gate agent couldn't care less that the train was broken or that I just looked like I'd taken a shower. The plane was at the gate, they just wouldn't let any of us on the plane.
I recently upgraded Internet Explorer from IE6 to IE7. I added the "debugger" command to my javascript and I tried to debug, but I kept receiving an error message that said "There is no source code available for the current location." I found a few articles talking about this and I found information that VS2005 was going to be patched with VS2005SP1. The short of it is: there is a Microsoft knowledgebase article 930873. I downloaded the hotfix and all is working. Alternatively, you can move the javascript into an external file and it will work that way as well.
Friday, August 10, 2007
#
I recently started using MS Excel Pivot tables. Having updated to Office 2007, I was enjoying the greater freedom with conditional formatting. Unfortunately, my client who needed to work with this file is still working in Office 2003. I thought that would not be a big deal as long as I keep all the same rules like only using three conditional formatting colors. Alas, I was wrong. I went into the file that I had saved into xls format and viewed it on a machine running Excel 2003. Not only was the conditional formatting not working, I couldn't get it to work at all. I went in and modified the values in 2003 and it didn't work. I then went in and tried to edit the Pivot Table. The error message is priceless:
This PivotTable was created in a late version of Excel and can't be updated in this version.
To update it, click OK, and then open the workbook in the version of Excel it was originally created in.
Oh well… back to using rocks and sticks.
Friday, June 29, 2007
#
We are stuck in .Net 1.1 still. I did a little bit of profiling of the application with the Redgate Ants profiler. I concluded that the Master Pages implementation we are using is really slow: Actually, really, really, really slow. We use the LoadControl call to load the masterpage dynamically on every page. In case you are wondering, loadcontrol is very slow and a bad idea in general. I'll post again when I've got the new framework done. In the meantime, I'll be keeping away from LoadControl when I can.
I received some spam—which has become rare. But, I didn't know which of my addresses had been used. Outlook 2007 has "streamlined" the UI so much that is was really hard to figure this out. But if you click on the small arrow in the bottom right corner of the Options in the Ribbon, it displays them.
Now, I'd just like to know how my email address got out there as I have been careful not to distribute it. Hmmm…