Isn't it an amazing time we're living in? A just a few hundred years ago explorers were still discovering new parts of the planet. They travelled around in big ships and brought home spices and treasures from the new lands.
Now, I can go to google maps, and look at a satellite picture of my building here in Cape Town. I can literally look at any part of the planet! And it's all online, free and fast. Amazing if you ask me.
Yeah! It took me a while to figure this one out.
I've mentioned before that to force the CLR to look for assembly in a different folder(not 'bin'), you can add the 'probingPath' element to your web.config file. This article by Scott Hanselman describes the process.
However, I could not get this to work at all. That was only because of my stupidity of course. I overlooked Scott's instruction to add the <% Assembly %> tag to the top of your .aspx page.
This is very very important. Otherwise the probingPath element won't work when you try to load your page. All you'll get are “Could not load type...” errors.
Thank-you Scott!
Enough! I can't get to my work because I'm contstantly deleting comment spam. As a result I've turned off comments for now. Donny is busy setting up CSBlogs. So hopefully comments will be back on by next week.
Spammers should be shot!
I'm 17 today!
In Hex of course. Or 10111(in binary) or 23(in decimal :)
This year I asked for cash instead of gifts. I want to buy a new toy...
I was surprised to find out that .NET has a built-in licensing model. That means the .NET framework can be used to check if users are using a valid, non-pirated version of your application or control. For the purposes of this post I'll only talk about Control licensing, not application licensing.
You apply licensing to a control by adding the LicenceProvider attribute to your class. This tells the .NET framework which license provider to use to manage your licensing. For example...
[LicenceProvider(typeof(LicFileLicenseProvider))]
public class MyFancyControl { …
The .NET framework comes with one license provider - LicFileLicenseProvider.
I still can't figure out if this provider is really worth anything. It checks that you have a .lic file with(or within) your assembly. If anybody copies your assembly and your license file, the control will work. Not much piracy protection there.
But… you can write your own license provider. And it isn't too complicated either. Check out this article on developer.com to see how to write your own provider. The author, Kenn Scribner, explains how to write a license provider that checks your registry for a specific key and value. So a simple copy of your assembly won't work anymore.
So what's happening with GMail? I've been using it for months now. It looks great and works perfectly. Why is it still in Beta?
Just a thought.
I've spent the last couple of weeks working on an ASP.NET plugin architecture. Our application(web-based) allows the user to use “plugins”. A plugin can be a simple class that executes some code when a button is clicked, or the plugin can actually be a small website with its own custom pages.
If you want to write ASP.NET plugins that are simple classes, the process is straight-forward. I suggest deploying the plugin assemblies into a custom folder. Add the <probingPath> section to your web.config file to tell the CLR where to look for your assemblies. Scott Hanselman has written a good article on how to do this.
If you want to write ASP.NET plugins that use custom pages - Beware! There's a couple of pitfalls you might come accross.
Disclaimer: The advice I give here is not necessarily the correct advice. It's only what I've learn throught a couple of weeks through trail and error. Hope it helps out someone with the same problems. Below are some of the important things I've learnt...
1. The BIN folder
When you load a custom aspx page, the custom page needs to find it's assembly. The CLR looks for the assembly in the current web application's 'bin' folder, then it checks the GAC. Naturally you'd want to put the plugin assembly in the application's 'bin' folder.
There is one catch: when your session state mode is InProc, you cannot deploy plugin assemblies to your 'bin' folder at run-time! When IIS sees that the bin folder has been altered, it silently restarts your web application. You'll lose all your session variables without warning.
One way to get around this is to set your session state mode to SQLServer or StateServer (check out this article for more information). When you do this, make sure that the objects you store in session state are Serializable. Note that these two modes are also extremely slow compared to InProc session state management.
2. The plugin folder
You can deploy your 'plugin' application to a sub-folder in your root application. For example: http://localhost/MyApplication/plugins/MyPlugin.
This folder should contain your custom aspx, js, asax... files (remember, the assemblies are sitting in the root application's 'bin' folder). When you do this, the sub folder should not be configured as an IIS application. If the sub folder is turned into an IIS application, you won't be able to share session variables between your plugin and your root application.
3. The web.config file
Your 'plugin' application will inherit your root application's web.config settings. For this reason, your plugin application's web.config file should only contain the bare minimum settings. I only keep the <authorization> section to configure authorization in my plugin files.
I love technology! One of the things I've seen a lot lately is Abstract Computing (I can't think of a better way to describe it?)
You can run one or more simulated computers inside your current computer. That's called VirtualPC.
You can connect to a computer in another room and work on it like it's your current machine. That's called Remote Desktops (or Terminal Services).
You can use the same mouse, keyboard and clipboard on more than one machine(even if it's running a different operating system!). That's called Synergy.
Not to mention that you can administer IIS servers and SQL databases for any server from any workstation. I think Active Directory gives us that ability.
Throw a dual monitor into the mix, then it becomes quite a task to remember what computer you're working on! Fun stuff.
SPIT - Spam over Internet telephony.
Bruce Schneier has written an interesting article on VoIP spamming and spamming in general. Check it out.
Isn't it terrible how another technology is being exploited by spammers? Yes, there's more important things to worry about (war, famine and all that), but that doesn't make this spam “war” any less annoying.
I've written a lot of custom ASP.NET server controls. But my work has evolved enormously during the last two years. Mainly because server control documentation is very sparse. I usually start doing things the wrong way, then only later learn what the correct way is.
For example: I started out by Response.Writing any custom javascript in the OnRender method. Then later I read that this should rather be done in OnPreRender using Page.RegisterStartupScript.
So little by little my code is improving. However, I've never found a comprehensive MSDN document or website article that explains server control development properly. That leaves me with having to take tidbits from hundreds of websites to put the server control puzzle together.
If anyone can point out a good (comprehensive) server control e-book or articles, I'd be happy to publish the link on a blog post. I'm sure it'll help a lot of developers that make the same mistakes and struggle with the same problems.
Remember when you just started coding? Back when you were only doing it for fun? Those were great days!
My dad introduced me to GW BASIC. I was bored and wanted to play Leisure Suit Larry. I was only 11 at the time, so he refused and showed me BASIC. I was hooked!
What I enjoyed most was writing games. They were relatively simple games because I got bored quickly and only completed a handful of them. The most noteworthy ones that I created -
- Computer Knowledge Gameshow - Using QBasic. A text-based, 2 player “Gameshow“ with a lot of computer questions. “How many bits in a byte?“
- Othello - Written in Turbo Pascal with nice graphics.
- Dude - Written in Turbo Pascal. A Commander Keen style game. You had to collect diamonds and avoid obstacles like water and spikes.
- Tetris - My favorite! The normal version wasn't challenging enough, so I wrote my own in Pascal, then later in Delphi.
I'd like to hear from the community. What kind of games/applications did you guys start with?
I believe many people are writing web applications for the wrong reasons. The most common reason for choosing a Web application over a WinForms application is - "with a Web application, deployment and version updates aren't required on the client's computer"
Or even worse - "build a web front-end, because that's what everyone else is doing." How's that for teenage mentality? I've heard this from (non-technical) managers a number of times.
Not having to worry about deployment and updates is great, but that's not a good enough reason to choose Web over WinForms. Giving a WinForms application the ability to update itself is actually very easy. Check out this article on TheServerSide to see how No-Touch deployment, the Updater Application Block and Click-Once(.NET2) can be used. That's not one, but three, different ways to handle automatic updates!
WinForms is such a rich, powerful platform. I think it's really important to use the right technology for the job. If you're writing a Web application only because it's the cool thing to do and it'll take care of updates, think about it… maybe it could do better as a WinForms app?
If you haven't heard about the Microsoft Enterprise Library, do yourself a favour and check it out. The Enterprise Library (from now on called the EntLib) is bunch of application blocks that you can use to build your application.
Most applications require some of the same fundamental components. EntLib contains the following application blocks -
- Caching
- Configuration
- Cryptography
- Data Access
- Exception Handling
- Logging and Instrumentation
- Security
From what I've seen, these things are very (very) well written. Why re-invent the wheel? With these components it's possible to save yourself many weeks of development. Then you can spend time on the business-specific requirements.
However - I'm not 100% comfortable using these application blocks. Why?
Not because they are badly designed.
Not because they are hard to use.
Only because I did not write them. I feel like I would be a failure as a coder if I didn't write these things myself. Will I tell my manager - “Here's the application, but the data access block and that fancy configuration screen is actually a Microsoft thing.”
It's very difficult to shake this (childish?) feeling. Has anybody else experienced this?
I'm no hacker. But in order to write secure web applications I try to get into the mindset of one.
Here's my current challenge: I've got a web application that should allow connections from the internet. It should use forms authentication and run under a specific windows user account. In other words: the IIS application requires “Anonymous Access”.
But... here's the catch - in some instances the application should be able to retrieve the current connected client's username. With “Anonymous Access” enabled this isn't possible, because Internet Explorer won't post the LOGON_USER session variable!
Ok... one way around this would be to write an ActiveX component that can detect the username and put it in a hidden textbox. Then post the hidden textbox value to the server.
Now, a hacker's question - “Can I modify that hidden textbox's value before posting to the server?” That way I can spoof some other user. Unfortunately this is very simple. You can add a bookmark/favorite that will execute javascript! On [this site] you'll find a lot of interesting scripts.
Among other things you can easily do the following -
- Show hidden text fields.
- Show contents of password fields
- Re-enable disabled controls
- Remove maximum length bound on a textbox
All with some simple javascript. Any monkey can do this. Scary stuff! This is why it's very important to validate on the client AND the server. Luckily this is done automatically using the ASP.NET validator controls.
Kerberos is the name of the hard-core security protocol that's been used since Windows 2000. I'm in the process of learning exactly how it works.
So where does the Kerberos name come from?
Kerberos(aka Cerberus) is the name of the three headed dog that guards Hades (remember “Fluffy” that guarded the Socerer's Stone?).
When an IIS web application has "Integrated Windows authentication" enabled and “Enable anonymous access” is disabled, the LOGON_USER server variable will contain the name of the user accessing the website.
I wasn't sure if this method is really secure. Can't the LOGON_USER server variable be modified? These are my findings -
- IE will try to authenticate the user by hashing the username and password and sending it to the server.
- The server will then compare the hashes to the user on the domain.
- If the hashes match, the user has been authenticated successfully.
Note that no passwords are passed directly. Also, because both the username and password are hashed, it's not possible to simply spoof the username. You need the password as well.
Sounds pretty secure to me.
The new Nokia Nseries phones will use Symbian as their operating system. According to Symbian (see article), these phones will support multi-gigabyte memory.
Ya right! Now that's what I call marketing.
Update: I was being sarcastic before, but now that I think about it, cellphone memory is usually the amount of space that's available to store images, text messages, calendar items and so forth. So for a cellphone, memory can be thought of as hard disk space. Now having a cellphone with multi-gigabyte hard disk space is not so unbelievable.
That could be very cool indeed.
For those with an imagination, check out the Time Traveler Convention.
That's all I'm going to say :)
Sahil Malik writes Why MSN Messenger sucks.
I agree with his comments! The new MSN (version 7) clearly suffers from TooMuchShit syndrome. Go on... open it up and think about how many of those “features” you actually use. In the new version, MSN Messenger has a “Search” textbox and a “Search“ button, a “handwriting” tab so you can draw your message. It's got “winks”. What's that all about?
Which brings me back to my question - when is enough, enough? MSN Messenger isn't the only program that suffers from this problem. Companies feel they have an obligation to bring out a new version of their software every year or so. If the application was already working perfectly, they have to add more sh!t to it to justify a new release.
I still believe that managers and developers should learn to keep things simple. Think GMail.
Then again, maybe Messenger's target market isn't 20-something year old developers. Maybe it was meant for teens? I think I'm going to try Trillian.
I think most of us want to be better coders. After all, what's the point of doing something if you're not learning and getting better? Here are a couple of ways I think a coder can become a really good coder -
WebCasts
I download WebCasts and view them when I have time. Most of my time is spent in C# files. But I was curious about ISA Server. I've heard about it, but what is it? There's so much documentation out there, so it's hard to get started. A WebCast is like attending a personal training session. It's interesting and focuses only on the necessary details.
Patterns and Practices
Flex your coding muscles by studying some patterns and practices. Patterns are tried and tested ways of solving problems. Why not use them? It also makes architectural discussions much easier. You can say "Use the observer pattern here", instead of saying "Let this thingy monitor that thingy by exposing events in that thingy".
RSS
I'm an avid supporter of RSS. I never start a day without reading my RSS feeds first. Drop a comment if you'd like me to send you my feed list.
Books
Something I haven't done in a while - read a technical book. In a normal working day a developer only works with a limited number of technologies. I've been worknig on the same ASP.NET application for the past 6 months. By reading you expand your mind and get new ideas.
Play
And don't take things too seriously! Make some time to code for fun. It's a great way to learn new things.
In short, becoming a better coder is like becoming a better chess player. It takes a lot of practice, studying and enjoying the process. If you're not having fun, maybe you need some time off.