Jonathan Cogley has a post about bad password requirements that covers most, if not all, of the salient points around the topic of what defines a good or bad password. The comments also make for interesting reading. What's most disturbing though is the comment by the author himself:
...most times when we do a security audit of an application, the first thing we find is cleartext passwords in the user table in the database. :)
Loch Fyne Restaurants have recently been called out by the BBC (amongst others!), for not paying their staff the national minimum wage. Rather than doing so, they use tips that staff receive to make their salary up to at least, or above, the NMW. Having worked in Hospitality previously, I know how much this sucks. Disgusting behaviour on the part of the management of Loch Fyne.
I've already commented on my "non techy blog", but decided to post here as well to raise awareness. I for one, won't be eating at Loch Fyne again (which is a shame as Ieatate there fairly frequently) until they've made a public statement confirming that their staff receive the national minimum wage before tips are paid.
I've already commented on my "non techy blog", but decided to post here as well to raise awareness. I for one, won't be eating at Loch Fyne again (which is a shame as I
Gabhan Berry has some really interesting (and potentially useful!) stuff that mainly centres around programming with Excel. One of the most interesting entries is one regarding dealing with Optional parameters in the Excel object model when using C# (Optional Parameters are supported by the CLR and VB.net, but not by C#). Whilst reflection is pretty cool and using it to achieve a solution to the Excel object models fetish for optional parameters is quite clever, personally I'd go for a wrapper class that I'd written which gives a set of different method signatures to accommodate my needs. Compile time checking is well worth having and eliminating the subtle bugs that can have me banging my head against the wall for hours that using reflection in this way introduces is a winner any day.
The common consensus, although I have no statistics or timings to prove or disprove this, is that using reflection is slower as well. If, for example, you were automating Excel to produce output / read input (yes, there are better ways to do this!) that contained a large amount of data, I imagine this could begin to make a significant difference to performance. On the other hand, choosing against reflection purely because of this could be considered a premature optimisation.
Of course, the other answer is to just use VB.net rather than C# ;)
The common consensus, although I have no statistics or timings to prove or disprove this, is that using reflection is slower as well. If, for example, you were automating Excel to produce output / read input (yes, there are better ways to do this!) that contained a large amount of data, I imagine this could begin to make a significant difference to performance. On the other hand, choosing against reflection purely because of this could be considered a premature optimisation.
Of course, the other answer is to just use VB.net rather than C# ;)
It would appear that in a couple of comments I posted on the IE blog, I've come across as a Microsoft fanboy! To summarise, the point I was responding to was one that basically said:
My main thrust was that the statement I paraphrased above is simply untrue. Many people have (and rightly so) accused Microsoft of using a FUD strategy, and false statements like that one are of a very similar ilk. Oh - and a re-reading of my comment would highlight the fact that I didn't state that I disagreed with the need for a public bug tracking system for IE, but that's a whole different kettle of fish.
Now, onto the "fanboy" accusation. Baseless. Utterly baseless. Yes, I use Microsoft technologies, but I'd be equally happy (well, not so much because the toolset simply isn't as grokkable as Visual Studio, even with all its foibles) to use JSP rather than ASP.net, after all, it's really all just syntax. A semicolon here, a curly bracket there, or, god forbid, a With/EndWith ;)
B. Cortez said:
Also, "If you bothered to look, or be involved in cross-browser web development in any form", how does anyone know that I'm not? document.getElementById makes me squee, document.all makes me want to retch. The inconsistencies in the box model and having to use big dirty ClearFix-esque hacks make me angry.
Remember, don't assume, it'll make an "ASS out of U and", well that's where I break from the traditional version of the saying, because assuming only makes an ass out of one person. The person making the assumption.
That point is simply not true. Opera has a bug reporting page, Safari has a bug reporting page and Firefox does have a public bug tracking system. Thusly, all other browsers do not have public bug tracking systems. Yes, Webkit (the rendering engine that underlies Safari) does have a public bug tracking system (which I may have to acronym as PBTS before my fingers drop off!) but the rendering engine isn't the only part of a browser by any stretch of the imagination.
All other browsers have a public bug tracking system, so why doesn't IE?
My main thrust was that the statement I paraphrased above is simply untrue. Many people have (and rightly so) accused Microsoft of using a FUD strategy, and false statements like that one are of a very similar ilk. Oh - and a re-reading of my comment would highlight the fact that I didn't state that I disagreed with the need for a public bug tracking system for IE, but that's a whole different kettle of fish.
Now, onto the "fanboy" accusation. Baseless. Utterly baseless. Yes, I use Microsoft technologies, but I'd be equally happy (well, not so much because the toolset simply isn't as grokkable as Visual Studio, even with all its foibles) to use JSP rather than ASP.net, after all, it's really all just syntax. A semicolon here, a curly bracket there, or, god forbid, a With/EndWith ;)
B. Cortez said:
Well, if you bothered to look into it even on a superficial level, you'd see that a Bugzilla system has the ability to search, as well as "sign-up" to be notified of changes to the bug report (via email notifications). Also, you can, amazingly, VOTE for a bug. This is the weight given to the bug by, imagine this, CONCERNED CUSTOMERS.Bugzilla. Yes, I've used it before. The company I worked for until the end of November implemented it to replace Rational ClearQuest, what a breath of fresh air that was! The company I work for now uses a custom built defect tracking system, but I'm trying to sell them on Bugzilla. Nowhere did I say that I didn't know how Bugzilla worked, or what it does. In fact, I quite like it. (I especially like the Mozilla artwork that loads whilst searching and chomps bugs ;)
Also, "If you bothered to look, or be involved in cross-browser web development in any form", how does anyone know that I'm not? document.getElementById makes me squee, document.all makes me want to retch. The inconsistencies in the box model and having to use big dirty ClearFix-esque hacks make me angry.
Remember, don't assume, it'll make an "ASS out of U and", well that's where I break from the traditional version of the saying, because assuming only makes an ass out of one person. The person making the assumption.
A while ago I posted an entry with links to a couple of blog entries from other people relating to ASP.net Viewstate. The blogger who created the first entry has a new related posting titled Truly Understanding Viewstate, the Comment Index which basically points everyone in the direction of a document someone else has prepared that aggregates and documents the 250+ (yes, 250+!!) comments that ended up being attached to the original entry. What a bloody fantastic resource. It's things like that which make me realise just how useful a resource blogs are. 10 or even 5 years ago, this level of information simply was not available other than in the "dead tree" format and that was invariably based on what a book author/publishers opinion of what needed covering was.
It's things like this which make me wish that there was a viable micro-payment model in existence as I'd happily chuck a little bit of money in the direction of both of those people by way of thanking them for providing such useful content.
The blogger who originally posted the Viewstate entry also has a series dedicated to ASP.net and Dynamic Controls which is also well worth a read for anyone who's dabbling with ASP.net and controls. Even if you're lucky enough to not have to deal with anything but controls declared in the .aspx file, it's well worth a read to deepen your overall understanding of the way ASP.net works.
It's things like this which make me wish that there was a viable micro-payment model in existence as I'd happily chuck a little bit of money in the direction of both of those people by way of thanking them for providing such useful content.
The blogger who originally posted the Viewstate entry also has a series dedicated to ASP.net and Dynamic Controls which is also well worth a read for anyone who's dabbling with ASP.net and controls. Even if you're lucky enough to not have to deal with anything but controls declared in the .aspx file, it's well worth a read to deepen your overall understanding of the way ASP.net works.
Andrew Rea has a pretty good posting on his blog describing a funky looking group box custom control for WinForms. The UI examples he's shown kind of remind me of dividers in a ring binder, which might be useful in some user interfaces where that kind of metaphor would be appropriate.
Whilst undoubtedly they look very smart, it does remind me how much more complex it is to design controls for WinForms than ASP.net, a similar construct in the latter would be a smattering of CSS and a transparent image or three. I know that the corners would be a bugger, but, code-wise it'd be a damn sight easier to read. (Not that I'm saying that the code is badly written!)
Bring on WPF I say ;)
Whilst undoubtedly they look very smart, it does remind me how much more complex it is to design controls for WinForms than ASP.net, a similar construct in the latter would be a smattering of CSS and a transparent image or three. I know that the corners would be a bugger, but, code-wise it'd be a damn sight easier to read. (Not that I'm saying that the code is badly written!)
Bring on WPF I say ;)
The power of yield (return) is probably the best explanation of how to use the C# yield keyword that I've yet seen. (Yes, I'm blatantly blogging this so I can refer back to it in future ;)
Visual Studio Debugging of Websites
One of the annoyances in Visual Studio with web based projects is that if you stop debugging or choose "view in browser", it's a couple of clicks to attach the Debugger, until Microsoft implement an option that offers the associated WebDevServer as the preferred choice to Attach to in these scenarios, this Visual Studio macro will do the job nicely!
MySQL Identity (Auto-increment) column values
Found here, the easiest way to reset the identity value on a column in a MySQL database table is:
ALTER TABLE theTableInQuestion AUTO_INCREMENT=1234
It's also interesting to note that the link claims (not checked!) that DELETE FROM theTableInQuestion will reset the identity but DELETE FROM theTableInQuestion WHERE Column=x won't, even if this covers all rows in the table.
One of the annoyances in Visual Studio with web based projects is that if you stop debugging or choose "view in browser", it's a couple of clicks to attach the Debugger, until Microsoft implement an option that offers the associated WebDevServer as the preferred choice to Attach to in these scenarios, this Visual Studio macro will do the job nicely!
MySQL Identity (Auto-increment) column values
Found here, the easiest way to reset the identity value on a column in a MySQL database table is:
ALTER TABLE theTableInQuestion AUTO_INCREMENT=1234
It's also interesting to note that the link claims (not checked!) that DELETE FROM theTableInQuestion will reset the identity but DELETE FROM theTableInQuestion WHERE Column=x won't, even if this covers all rows in the table.
I've tried out a few tools, but the CodeHTMLer seems pretty good. Give it a go!
Take a look at Mark: Ramblings from a programmer, if you dare. Whilst some of the points he makes are good, for example that Visual Studio doesn't inherently encourage programming best practice, i.e. the separation of presentation, business and data layers, a lot of his other posts are purely rants about the fact that VB6 and VFP (Visual Basic 6 and Visual FoxPro for those who tire of acronym soup!) are no longer being produced. Ironically, VB6 does little or nothing to encourage the separation of presentation, business and data layers, so any bleating about the "good old days" do fall on deaf ears somewhat.
Having taken a mooch through his blog, I came across a post surrounding designing custom controls. Or at least, his opinions regarding VS's shortcomings. I thought it'd be worthwhile to go through each point in turn and analyse/debunk them:
Property Attribute Example
Just to highlight why the attribute based default value for a property is better, consider the following code:
With the first example property, any Visual Designer (or indeed parser, decompiler, etc) can immediately determine what value to show in a property grid, but with the second (albeit contrived) example, all bets are off. For describing the attributes of something, attributes are definately the way to go.
Having taken a mooch through his blog, I came across a post surrounding designing custom controls. Or at least, his opinions regarding VS's shortcomings. I thought it'd be worthwhile to go through each point in turn and analyse/debunk them:
- Sub-classing a control doesn't cause the new control to inherit any design-time attributes, specifically Toolbox icon.
- Altering a property in the child class causes the property value to show in bold in the property page for the control when it's placed on a form. Oh, and the fact that changing the value of a property in the class thusly doesn't propogate through to any derived application.
- Why's this a bad thing? This might just be down to a matter of opinion, but surely the name, icon and other odds and ends should be down to the developer. How about if you inherit from System.Windows.Forms.Control,... what icon should be used then? Or one of the abstract base clases like S.W.F.ListControl?
As a Control developer, get off your arse and choose an icon, rather than expecting Visual Studio to do everything for you. - Altering a property in a way that causes the property value to show in bold means that you've done it the wrong way. The author even goes as far as mentioning the System.ComponentModel.DefaultValueAttribute and then whines that using this is a "work around" to a "bug" in Visual Studio.
Consider for a moment if the Visual Studio designer determined what the default property value was based on the return value for the property get routine, this routine could go off and query the Registry / contact a web service / choose the Nth font installed based on the number of elapsed seconds in this specific minute, in short - the return value could be entirely nondeterministic and even long running. By decorating the property with an Attribute, any Designer tool can determine immediately and deterministically what the default value for the property is. This also results in NO code being generated within the application using the control and thus any change to the default value being propogated upon recompilation of the Control.
Property Attribute Example
Just to highlight why the attribute based default value for a property is better, consider the following code:
public class ControlWithProperties : Control { private Font _font; [DefaultValue("Segoe UI")] public override Font Font { get { return _font; } set { _font = value; } } public Font OtherFont { get { if (_font == null) { if (DateTime.Now.Second < 30) { _font = new Font("Century Gothic", 20); } else { _font = new Font("Comic Sans MS", 20); } } return _font; } set { _font = value; } } }
With the first example property, any Visual Designer (or indeed parser, decompiler, etc) can immediately determine what value to show in a property grid, but with the second (albeit contrived) example, all bets are off. For describing the attributes of something, attributes are definately the way to go.
One of the beauties of the ASP.net system is the way you can declaratively describe controls that sit on the page, and also the contents of collections that they contain as properties, as shown as an example snippet below:
Writing the code to gain page designer support for this is very simple and doesn't actually involve writing any code! The following code demonstrates a basic (as it doesn't actually do anything!) Web Control that provides designer support for describing the contents of one of its properties declaratively:
The key is the four attributes, two decorating the class and two decorating the property to be exposed through the markup designer. An example of the markup that could then be written is below:
<asp:DataGrid ID="ADataGrid" runat="server"> <Columns> <asp:ButtonColumn ButtonType="PushButton" Text="I'm a button!"> <ItemStyle CssClass="ButtonItem" /> </asp:ButtonColumn> </Columns> </asp:DataGrid>
Writing the code to gain page designer support for this is very simple and doesn't actually involve writing any code! The following code demonstrates a basic (as it doesn't actually do anything!) Web Control that provides designer support for describing the contents of one of its properties declaratively:
[ParseChildren(true)] [PersistChildren(true)] [ToolboxData("<{0}:CustomControlUno runat=server></{0}:CustomControlUno>")] public class CustomControlUno : WebControl, INamingContainer { private Control1ChildrenCollection _children; [PersistenceMode(PersistenceMode.InnerProperty)] [DesignerSerializationVisibility(DesignerSerializationVisibility.Content)] public Control1ChildrenCollection Children { get { if (_children == null) _children = new Control1ChildrenCollection(); return _children; } } } public class Control1ChildrenCollection : List<Control1Child> { } public class Control1Child { private int integerProperty; private string stringProperty; public string StringProperty { get { return stringProperty; } set { stringProperty = value; } } public int IntegerProperty { get { return integerProperty; } set { integerProperty = value; } } }
The key is the four attributes, two decorating the class and two decorating the property to be exposed through the markup designer. An example of the markup that could then be written is below:
<Abc:CustomControlUno runat="server" ID="Control1"> <Children> <Abc:Control1Child IntegerProperty="1" StringProperty="Item1" /> <Abc:Control1Child IntegerProperty="2" StringProperty="Item2" /> </Children> </Abc:CustomControlUno>
I couldn't find any better, reusable way to get all the values from a specific column of a datatable, strongly typed than the snippet below:
internal class DataColumnConverter<T>
{
internal T[] GetValuesAsArray(DataTable data, string columnName)
{
List<T> values = new List<T>();
foreach (DataRow r in data.Rows)
{
values.Add((T)r[columnName]);
}
return values.ToArray();
}
}
Things it's missing:
- Type Cast checking on the type of items in the DataTables' column that's specified
- Checking that the column specified exists
- Handling of a column which contains nullable values (Could <T> be passed as, for example int? to cater for this? maybe! Or perhaps null's could be stripped out...)
Continue reading Getting the values from a Datatable column.
ASP.net is much maligned, but if carefully managed, it can be a very useful part of a web developers toolbox for ensuring performance and UX in a web app. A couple of *very* useful links to posts about viewstate below:
- Truly Understanding Viewstate. Quite a long posting, with a lot of comments attached which also have some value. Well, well worth a read.
- Thoughts on the ASP.NET ViewState. More interesting content with a couple of useful/insightful comments.
- Master Page and PreInit. Not exactly entirely related to Viewstate, but it mentions a "trick" for getting access to controls on a page that has a Master Page associated, in the PreInit stage of the page lifecycle, something that otherwise blows a raspberry at the developer.
- Truly Understanding Viewstate. Quite a long posting, with a lot of comments attached which also have some value. Well, well worth a read.
- Thoughts on the ASP.NET ViewState. More interesting content with a couple of useful/insightful comments.
- Master Page and PreInit. Not exactly entirely related to Viewstate, but it mentions a "trick" for getting access to controls on a page that has a Master Page associated, in the PreInit stage of the page lifecycle, something that otherwise blows a raspberry at the developer.
Web References in Visual Studio are annoying. Yes, they take the pain out of binding to a web service, providing generated code that gives you type-safety. But, and this is a big but, the classes that Visual Studio generates are marked as public rather than internal. If you're writing a library that wraps your web service, this provides any caller of the library with direct access to the web service, not so bad I hear you say as anyone who knows the Url can add it as a Web Reference and code directly against it.
The big annoyance is that it makes your libraries interface messy and exposes what's essentially an implementation detail. Imagine for a moment that you have an application where the layers are deployed to separate machines, and also geographically dispersed, using a model similar to the one below.
In this model you'd want to hide the web service as it may not ever be used (and really is an implementation detail!), the lack of an option to define the visibility of the Web Reference makes this impossible without hand editing the generated code.
Related Links
- The bug/feature request logged on MS Connect site. (Marked Closed/WontFix, grr!)
- Programatically adding Web References, I've not looked in too much detail, but maybe it's possible to use this to add an internal web reference?
In this model you'd want to hide the web service as it may not ever be used (and really is an implementation detail!), the lack of an option to define the visibility of the Web Reference makes this impossible without hand editing the generated code.
Related Links
- The bug/feature request logged on MS Connect site. (Marked Closed/WontFix, grr!)
- Programatically adding Web References, I've not looked in too much detail, but maybe it's possible to use this to add an internal web reference?
I can't find the blog entry, but somewhere over at The Old New Thing (book | bio1) I remember it being mentioned that the reason the action of clicking the "Start" button to Shutdown your PC seems so counter-intuitive is that not doing so was even less intuitive. Anyway - that's a complete aside.
A more recent entry mentions in passing someone's whining about the fact that there are a lot of ways to shutdown Windows Vista, particularly the length of the fly-out menu that gives the "advanced" options. Apparently it's too many to choose from. Given that by the time you get to that menu you already know (99% of the time2) what option you want, it's not so much a choice, is it? The same people who whinge about complexity are the ones that then whinge about things being "hidden" when simplification occurs. Grumble, grumble.
----
1 As with anything else on Wikipedia, this could be an utterly incorrect fiction that bears no actual similarity to Raymond Chen.
2 Yeah, a made-up statistic. Most of them are though? No? Just ask the British Government about their statistics ;)
A more recent entry mentions in passing someone's whining about the fact that there are a lot of ways to shutdown Windows Vista, particularly the length of the fly-out menu that gives the "advanced" options. Apparently it's too many to choose from. Given that by the time you get to that menu you already know (99% of the time2) what option you want, it's not so much a choice, is it? The same people who whinge about complexity are the ones that then whinge about things being "hidden" when simplification occurs. Grumble, grumble.
----
1 As with anything else on Wikipedia, this could be an utterly incorrect fiction that bears no actual similarity to Raymond Chen.
2 Yeah, a made-up statistic. Most of them are though? No? Just ask the British Government about their statistics ;)
