Monday, December 31, 2012

n+1 problems in stored procedures

It is probably best to NOT call a function making a select statement for each record returned from a select statement in a sproc. Try to instead query the other data in one select to a temp table and join the table onto the select that otherwise needed to reach out to the function.

This will delete a stored procedure...

DROP PROC [dbo].[Whatever]

Friday, December 28, 2012

reach out to the master page in a web forms ASP.NET project

This is one way to go fishing for a method in the master page from the page using it:

char foo = (Page.Master as Bar).ContentSeparator

 
 

The master page itself would start out like so:

public partial class Bar : System.Web.UI.MasterPage
{
   protected void Page_Init(object sender, EventArgs e)
   {

Thursday, December 27, 2012

using IIS with VS2010

You will need to run Visual Studio as administrator to open web sites right out of IIS in Visual Studio 2010.

If a desktop has two DVI ports on it, it may randomize which of the two ports it decides to broadcast the signal out of.

This sort of pain point fits with the challenging day I've been having. I have a sore throat, there was a fire at the hotel, and it snowed heavily...

Update: The fire turned out to be a prank. Someone sprayed a fire extinguisher all over the fourth floor and then pulled the fire alarm. I was fooled!

System.Web is the namespace for HttpContext.Current

Dim context As HttpContext = HttpContext.Current

...didn't "want to take" just now so I replaced it with...

Dim context As HttpContext = Web.HttpContext.Current

...and referenced the System.Web namespace at the top of the file like so...

Imports System.Web

...and yes, this is VB script :(

There will be a setting somewhere on a monitor for toggling between DVI cable input and VGA cable input.

This informed me and I verified.

Wednesday, December 26, 2012

sniff the name of your computer in C#

In C# System.Net.Dns.GetHostName() returns the "DNS host name of the local computer" which may be thought of less verbosely as "the computer name" and should be the same thing you get by typing hostname at a command prompt. A use of System.Net.Dns.GetHostName() will be flagged by HP Fortify as a "Often Misused: Authentication" error.

Monday, December 24, 2012

Server.Transfer has a preserveForm parameter that is not trivial methinks.

preserveForm is the second parameter in a Server.Transfer call and it is pretty important. I think the code I gave here is pretty bad and should really look like this (note the true value in black for passing the HttpContext variables):

HttpContext CurrContext = HttpContext.Current;
CurrContext.Items.Add("q", q.Value);
Server.Transfer("/search/default.aspx",
true);

 
 

...cannot be like so which won't fly...

Server.Transfer("/search/default.aspx?q=" + q.Value, true);

 
 

Fish variables back out on the other side of the leap like so:

HttpContext CurrContext = HttpContext.Current;
var whatever = CurrContext.Items["q"].ToString()

 
 

While we are at it, here is the same thing in VB (per this):

Dim context As HttpContext = HttpContext.Current
context.Items.Add("q", q.Value)
Server.Transfer("/search/default.aspx",
True)

 
 

Go fishing for the variables in VB:

Dim context As HttpContext = HttpContext.Current
If Not context.Items("q") Is Nothing Then
   Dim q As String = CType(context.Items("q"), String)
End If

 
 

This also shows off VB script object-to-string casting and some if logic. (I've been doing some VB script lately in plumbing in old code.) preserveForm should be true to "preserve the QueryString and Form collections" according to this Visual Studio intellisense helper, so I am betting I need it to preserve the HttpContext I just created.

Share photos on twitter with Twitpic

Set cookie paths and domains.

This restricts a cookie to a subdomain, I think:

HttpContext.Current.Request.Cookies["foo"].Domain = "support.example.com";

 
 

This restricts a cookie to a folder:

HttpContext.Current.Request.Cookies["foo"].Path = "/support";

 
 

Note: A single forward slash for the path setting will encompass the whole of the site. This is will cause an "Overly Broad Path" in a HP Fortify scan.

HttpUtility.HtmlEncode

The way to parrot @Html.Encode on the C# side is with HttpUtility.HtmlEncode(foo) according to this. I think Server.HtmlEncode(foo) in the VB equivalent.

 
 

An update: I think HttpUtility.HtmlEncode may also be the way to go in VB as Server.HtmlEncode seems to force a conversion to a string. I think I might be able to get away with wrapping a DataSet in HttpUtility.HtmlEncode in both C# and VB. More soon.

beat XSS attacks with Razor

This suggests that one may sanitize stuff that bubbles up to a view against being XSS vulnerable like so in Razor markup:

@Html.Encode(Model.MyMultilineTextField).Replace(@"\n", "<br />")

Sunday, December 23, 2012

OWASP

https://www.owasp.org/index.php/Main_Page and https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project were given to me as other links to look into in the name of beating Fortify bugs. OWASP seems to stand for "The Open Web Application Security Project."

Saturday, December 22, 2012

The Hobbit

I have just returned from seeing the movie The Hobbit. Overall, it was so-so, but most rewarding was some initial study on why one should go on a reckless and dangerous adventure. The adventure might yield rewards, but is the risk really worth stepping outside of what you know and where you feel safe? If you think about it pragmatically you might conclude that such an adventure is unwise. The stronger counterarguments to contrary were articulated pretty well however:
  1. Think of what you wanted to do when you were young and how badly you wanted it then.
  2. Think of the regret you will carry from passing on the opportunity.
The second point is illustrated subtly and cleverly in the film. It was what I was most impressed with. Later in the movie, the selfish do-it-for-yourself thing seems to give way for the hero into a sense of obligation and a want for wanting to help others. I've experienced this. I'll start something for one reason and then, hip deep into the thing, the reason to continue is... different. I think most of us can read parallels of our professional choices and dreams onto some of The Hobbit's content. I saw the rationale for many of my own recent post-Headspring adventures.

Friday, December 21, 2012

an XSLT example

This suggests that one apply an XSLT (another thing I learned about from C# 4.0 in a Nutshell) transformation like so:

XPathDocument myXPathDoc = new XPathDocument(myXmlPath);
XslTransform myXslTrans = new XslTransform();
myXslTrans.Load(myXsltPath);
XmlTextWriter myWriter = new XmlTextWriter("result.html",null);
myXslTrans.Transform(myXPathDoc,null,myWriter);

 
 

This is something else I found which has this XML...

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<?xml-stylesheet type="text/xsl" href="tutorials.xsl"?>
<tutorials>
   <tutorial>
      <name>XML Tutorial</name>
      <url>http://www.quackit.com/xml/tutorial</url>
   </tutorial>
   <tutorial>
      <name>HTML Tutorial</name>
      <url>http://www.quackit.com/html/tutorial</url>
   </tutorial>
</tutorials>

 
 

...and suggests that it may be used with this:

<xsl:template match="tutorial">
   <span class="tutorial-name"><xsl:value-of select="name"/></span>
   <span class="tutorial-url"><xsl:value-of select="url"/></span>
</xsl:template>

get rid of adware at Internet Explorer in Windows 7

You are going to have to get rid of some of your plugins and this is a good cheatsheet on how to do so.

  1. Go to: Start > All Programs > Accessories > System Tools > Internet Explorer (No Add-ons)
  2. Click on: "Manage Add-ons"
  3. Start disabling the bad stuff.

VB script style try/catch/finally

isAsset = False
Try
   If content_data.AssetData.Id = "" Then
      isAsset = False
   Else
      isAsset = True
   End If
Catch
   Throw New System.Exception("Whatever")
Finally
   somethingElse = "Whatever"
End Try

where T : Whatever

More fun from "C# 4.0 in a Nutshell": In the second line below, the ourSound string will end up set to "PuRRRRRRRRRRRRR" and the way in which it happens is pretty interesting...

Purrer<Tiger> purrer = new Purrer<Tiger>();
string ourSound = purrer.Purr();

 
 

OK, this is our Purrer class...

using System;
using System.Reflection;
public class Purrer<T> where T : Cat
{
   public Purrer()
   {
   }
   
   public string Purr()
   {
      Type type = typeof (T);
      var infos = type.GetMethods();
      MethodInfo info = infos[0];
      Cat cat = (Cat)type.GetConstructor(new Type[] { }).Invoke(new object[] { });
      return "Pu" + info.Invoke((object)cat, new object[] { }).ToString();
   }
}


 
 

Above, please note:

  1. T cannot just be anything as is the norm. A contract restrains T to Cat.
  2. On the second to last line the constructor of T is invoked to make a T-shaped Cat.
  3. On the last line the first method in the new T-shaped Cat is invoked with no parameters and an assumed return value is cast to a string.
  4. That is all of the magic there is!

 
 

The Cat object looks like so...

public class Cat
{
   public Cat()
   {
   }
   
   public virtual string Growl()
   {
      return "rrrrrr";
   }
}

 
 

The Tiger child of Cat overrides the Growl method to make the growl "louder" for a Tiger. The magic of this pattern happens in overriding. You may guarantee that FooProcessor will understand the methods of Foo while also being able to accomodate the variations of Foo's children.

public class Tiger : Cat
{
   public Tiger()
   {
   }
   
   public override string Growl()
   {
      return "RRRRRRRRRRRRR";
   }
}

 
 

 
 

Man, this posting is so nice and fluffy and cat-related. What's wrong with me?

don't swallow exceptions

catch (InvalidCastException e)
{
   throw (e);
}

Thursday, December 20, 2012

cast a wider net when fishing for server variables when switching from Response.Redirect to Server.Transfer

long asset_id = 0;
HttpContext CurrContext = HttpContext.Current;
if (CurrContext.Items["id"] != null)
{
   asset_id = Convert.ToInt64(Request.QueryString["id"]);
}
if (! (Request.QueryString["id"] == null))
{
   asset_id = Convert.ToInt64(Request.QueryString["id"]);
}

When trying to replace Response.Redirect with Server.Transfer you will need to handle get variables a different way.

http://shawpnendu.blogspot.com/2010/12/using-servertransfer-how-to-pass-values.html seems to have a pretty good article on it. The write up suggests that this...

Response.Redirect("/search/default.aspx?q=" + q.Value);

 
 

...is most appropriately replaced like so...

HttpContext CurrContext = HttpContext.Current;
CurrContext.Items.Add("q", q.Value);
Server.Transfer("/search/default.aspx");

 
 

...and NOT like so which won't fly...

Server.Transfer("/search/default.aspx?q=" + q.Value);

 
 

Fish variables back out on the other side of the leap like so:

HttpContext CurrContext = HttpContext.Current;
var whatever = CurrContext.Items["q"].ToString()

 
 

This way isn't going to cut it in this implementation.

HP Fortify Challenges

Oh boy, if it takes three hours to run a Fortify scan it is really hard to validate that your fixes are really fixes. (see: this) :( All you can do is guess how to fix a problem and then let a scan run overnight. I am just this morning realizing that I've solved no problems yesterday whatsoever. Today, I guess I will try to fix one bug in each category of bugs and then see if I have any successes. I found http://stackoverflow.com/tags/fortify-software/hot online which seems to be a pretty good cheatsheet for how to fix up some things. Server.Transfer("/whatever.aspx") is perhaps superior to the approach of using Response.Redirect("/whatever.aspx") but I won't really know for sure until tomorrow after a scan runs overnight.

I was really wrong...

These two blog postings from yesterday are dead wrong:

  1. http://tom-jaeschke.blogspot.com/2012/12/the-magic-of-stringformat-in-fixing.html
  2. http://tom-jaeschke.blogspot.com/2012/12/for-avoiding-xss-attacks-fortify-may.html

Wednesday, December 19, 2012

an underscore lets you wrap to a new line in VB Script

I learned something new about Visual Basic today. Sigh.

The magic of String.Format in fixing Fortify bugs.

lblFileBlurb.Text = String.Format("{0}",fileBlurb);

...is likely better than this...

lblFileBlurb.Text = fileBlurb;

(chuckle)

For avoiding XSS attacks Fortify may prefer that you associate a sproc directly with a database connection.

cmd = New SqlCommand("sp_Whatever", conn)
cmd.CommandType = CommandType.StoredProcedure

...may be superior to...

cmd = New SqlCommand
cmd.Connection = conn
cmd.CommandType = CommandType.StoredProcedure
cmd.CommandText = ("sp_Whatever")

 
 

Note:

  1. XSS is an acryonym for Cross-Site Scripting.
  2. Please forgive the VB Script. :(

filtering HP Fortify

Share photos on twitter with Twitpic

Tabs in Fortify, both in the Audit Workbench and the Visual Studio 2010 plugin, will denote the issues which are:

  1. Critical
  2. High
  3. Medium
  4. Low
  5. and a collection of the four above
Share photos on twitter with Twitpic

Right-click on any one issue and pick "Generate Filter..." to generate a filter across all of the Fortify issues. For an Ektron project, it is going to be best to exclude errors of the "Workarea" and "widgets" folders as fixing such errors would be tinkering with Ektron itself. There is a separate filters pane one may bring up too.

Share photos on twitter with Twitpic

Monday, December 17, 2012

empower Remote Desktop connections at a PC running Windows 7

Control Panel > User Accounts > Give other users access to this computer ...is where one empowers the ability for another to remote desktop in. When connecting, just connect to the name of the PC on the LAN at hand.

crawl XML from with MSSQL

This touches on XMLCOL which is some awful way to crawl XML from with MSSQL. As example:

SELECT XMLCOL.query('user/name').value('.','NVARCHAR(20)') as name

 
 

This is going to look in the "user" node for the "name" node.

backup and restore a MSSQL database

Per this:

  1. Back-up a database in MSSQL:

    Right-click on a database in MSSQL Management Studio Express 2008 and pick "Back Up..." under "Tasks." You will need to specify something like this...

    C:\Program Files\Microsoft SQL Server\WHATEVER\MSSQL\Backup\

    ...for the where-to-back-up-to setting.
     

  2. Tasks > Restore > Database... is where one should restore from

of WinForms state and Fortify

The web forms concepts of Session and ViewState do not apply to WinForms. Here, just keep stuff in a private or even public field. Do not try to store state in a control as say the text of a Label however or HP Fortify will slap your hand.

Sunday, December 16, 2012

NVARCHAR(max) in MSSQL is flagged as Insecure Randomness in HP Fortify.

I found this in Googling which suggests that such a type can contain up to 1,073,741,822 characters. Many other threads suggest that the maximum length is 4000. This is one of them. Hmmm...

I suppose I'm going to use NVARCHAR(4000) everywhere NVARCHAR(max) is used to best the HP Fortify error.

Saturday, December 15, 2012

Insecure Randomness

Yes, this is an HP Fortify bug!

Random foo = new Random();
int bar = foo.Next(42);

 
 

http://www.hpenterprisesecurity.com/vulncat/en/vulncat/javascript/insecure_randomness.html is a write up on why it rotten for random password generation stuff. I found http://msdn.microsoft.com/en-us/library/system.web.security.membership.generatepassword.aspx online which suggests using Membership.GeneratePassword to beat the problem. The example in the link is:

string password = Membership.GeneratePassword(12, 1);

 
 

12 is the length and 1 is the MINIMUM number of characters that are not alphanumeric.

Guids for passwords?

This suggests that repurposing a Guid is a great way to craft a random password of strictly alphanumeric characters. Well, I tested the theory today and am pleased with what came to be. The code in black below could have just been left out, but I kept it for readability.

using System;
using System.Collections.Generic;
using System.Linq;
namespace EQL.Members
{
   public static class PasswordGenerator
   {
      public static string Generate(int lengthOfPassword)
      {
         Guid guid = Guid.NewGuid();
         string secret = guid.ToString().Replace("-", "");
         if (lengthOfPassword > 1 && lengthOfPassword < 32) secret = secret.Substring(0,
               lengthOfPassword);
         return RandomizeTheCaseOnLetters(secret);
      }
      
      private static string RandomizeTheCaseOnLetters(string secret)
      {
         char[] characterArray = secret.ToCharArray();
         char[] arrayForRandomizing = Guid.NewGuid().ToString().Replace("-",
               "").ToCharArray();
         List<bool> listForRandomizing = arrayForRandomizing.Select(c => ((int) c%2 == 0)
               
? true : false).ToList();
         int counter = 0;
         bool containsNumber = false;
         bool containsLetter = false;
         while (counter < characterArray.Length)
         {
            char character = characterArray[counter];
            int characterEncoding =
(int)character;
            if (characterEncoding > 49)
            {
               containsLetter = true;
               string stringifiedCharacter = character.ToString();
               if (listForRandomizing[counter])
               {
                  stringifiedCharacter = stringifiedCharacter.ToUpper();
               } else {
                  stringifiedCharacter = stringifiedCharacter.ToLower();
               }
               characterArray[counter] = stringifiedCharacter.ToCharArray()[0];
            } else {
               containsNumber = true;
            }
            counter++;
         }
         characterArray = EnsurePresenceOfBothOneDigitAndOneLetter(characterArray,
               containsNumber, containsLetter);
         return characterArray.Aggregate("", (current, c) => current + c.ToString());
      }
      
      private static char[] EnsurePresenceOfBothOneDigitAndOneLetter(char[]
            characterArray, bool containsNumber, bool containsLetter)
      {
         if (!containsNumber)
         {
            characterArray[0] = '0';
         }
         if (!containsLetter)
         {
            characterArray[0] = 'a';
         }
         return characterArray;
      }
   }
}

 
 

My tests:

using System.Text.RegularExpressions;
using EQL.Members;
using Microsoft.VisualStudio.TestTools.UnitTesting;
namespace EQL.Tests
{
   [TestClass]
   public class PasswordGeneratorTests
   {
      [TestMethod]
      public void GuidToAlphanumericPasswordConversionBehavesAsExpected()
      {
         string password = PasswordGenerator.Generate(31);
         Assert.AreEqual(password.Length, 31);
         Assert.IsTrue(Regex.IsMatch(password, @"^[A-Za-z0-9]+$"));
      }
      
      [TestMethod]
      public void PasswordsAlwaysHaveAtLeastOneNumberAndAtLeastOneLetter()
      {
         string password = PasswordGenerator.Generate(2);
         char[] characterArray = password.ToCharArray();
         int counter = 0;
         bool containsNumber = false;
         bool containsLetter = false;
         while (counter < characterArray.Length)
         {
            char character = characterArray[counter];
            int characterEncoding =
(int)character;
            if (characterEncoding > 49)
            {
               containsLetter = true;
            } else {
               containsNumber = true;
            }
            counter++;
         }
         Assert.IsTrue(containsNumber);
         Assert.IsTrue(containsLetter);
      }
   }
}

cast char type variables to their numeric encodings and back again

This test passes.

[TestMethod]
public void Whatever()
{
   char x = (char)77;
   int y = (int) x;
   Assert.AreEqual("M", x.ToString());
   Assert.AreEqual(77, y);
}

Alphanumeric characters are in the three ASCII ranges of 48-57, 65-90, and 97-122.

characters 0-1 equal integers 48-57
characters A-Z equal integers 65-90
characters a-z equal integers 97-122

Should I use using in tandem with try/catch instead of nesting a try/catch inside of a try/catch?

This suggests that the try/catch should probably sit within the using. I felt the temptation today to nest a try/catch in a try/catch and then I did some Googling and talked myself out of it.

In the name of using SqlParameter in an HP Fortify-friendly manner...

SqlParameter foo = bar.Parameters.AddWithValue("@Baz", qux);

...is copacetic while this isn't...

SqlParameter foo = bar.Parameters.Add("@Baz", SqlDbType.NVarChar, 42);
foo.Value = qux;

Friday, December 14, 2012

Make someone else God in SharePoint just like you.

Assuming you're an administrator...
  1. pick Site Permissions from Site Actions
  2. click Grant Permissions
  3. find a new God at the Select Users box by email address

maxOccurs

When fixing a "Unbounded Occurrences" bug for HP Fortify, there may be a place in a .xsd for a dataset (let's say the database is Foo.xsd) which looks likes so...

<xs:choice minOccurs="0" maxOccurs="unbounded">

 
 

...and must become like so:

<xs:choice minOccurs="0" maxOccurs="79228162514264337593543950335">

 
 

Where did 79228162514264337593543950335 come from? It came from a line in the Designer file which gives away the type used for maxOccurs:

any1.MaxOccurs = decimal.MaxValue;

 
 

Get a number from an appropriate type.

The "File Separator" HP Fortify bug is REALLY easy to hack around.

This posting is bad. It was pointed out to me that the following is a better way to address this:

string unfinishedPath = "C:\\\\fun";
string attachmentPath = unfinishedPath + "\\";
if (Directory.Exists(attachmentPath))
{
   Directory.Delete(attachmentPath, true);
}

 
 

...and you can get around it like so:

string unfinishedPath = "C:\\\\fun";
string attachmentPath = unfinishedPath;
if (Directory.Exists(String.Format("{0}{1}",attachmentPath,
      Path.DirectorySeparatorChar.ToString())))
{
   Directory.Delete(String.Format("{0}{1}",attachmentPath,
         Path.DirectorySeparatorChar.ToString()));
}

Thursday, December 13, 2012

hosts file

C:\Windows\System32\drivers\etc\ is where your host file lives. Run notepad as administrator and then open this file to force DNS to resolve for a particular A record to a particular IP (like, for example, the local IP of your laptop) like so:

10.152.6.108   support.tom.com

 
 

This is often vital for prepping web sites to run locally in IIS.

Delete the just-in-time junk files to get around those ASP.NET errors that are tied to your profile without being tied to a file.

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files is where the Just-In-Time compiler for ASP.NET caches temporary files. Delete these files to get around goofy Ektron errors like this:

Share photos on twitter with Twitpic

Change the framework version of ASP.NET for an IIS web site at the Application Pools.

Duh.

Share photos on twitter with Twitpic

The "File Separator" HP Fortify bug is easy to hack around.

Something like this will give you the error:

string unfinishedPath = "C:\\\\fun";
string attachmentPath = unfinishedPath + "\\";
if (Directory.Exists(attachmentPath))
{
   Directory.Delete(attachmentPath, true);
}

 
 

...and you can get around it like so:

string unfinishedPath = "C:\\\\fun";
char seperator = (char)92;
List<char> characters = unfinishedPath.ToList();
characters.Add(seperator);
string attachmentPath = characters.Aggregate("", (current, c) => current + c.ToString());
if (Directory.Exists(attachmentPath))
{
   Directory.Delete(attachmentPath, true);
}

inner/nested partial classes

Another way inner/nested classes may be used is as partials. This would allow for the extension of a second partial elsewhere by the class wrapping the partial class. Maybe the Poop class does not normally hold a getsetter for IsCarryingParasites and it is extended for the Cat class like so:

namespace Whatever
{
   public class Cat {
      public Poop Poo { get; set; }
      public partial class Poop
      {
         public bool IsCarryingParasites { get; set; }
      }
   }
}

Wednesday, December 12, 2012

inner/nested

http://stackoverflow.com/questions/804453/using-inner-classes-in-c-sharp and http://stackoverflow.com/questions/454218/private-inner-classes-in-c-sharp-why-arent-they-used-more-often discuss how to approach inner/nested classes. These are a way to ensure a one-off helper class, for example an enum, is only used by the only class that needs it. This is pretty ghetto and breaks with a good convention of having one file for every one class (save for perhaps having editable partials separate from not-to-be-fucked-with code-generated classes) where the file has the save name as the class it holds.

Install configuration-specific config files

http://msdn.microsoft.com/en-us/library/dd465318(v=vs.100).aspx offers that you may right-click on a Web.config file and select "Add Config Transforms" to make configuration-specific Web.config files for each variation in the Configuration Manager. If you add the "Configuration Transform" extension out of the Online Gallery at the Extension Manager under the Tools menu. (This is also where one finds jQuery grid.)

Ektron needs IIS to run locally.

Set up a site in IIS and then open the Fortify project as a web site in Visual Studio to run it.

SSIS cannot do SFTP by itself.

http://winscp.net/eng/docs/guide_ssis (WinSCP) might be a workaround.

SSIS has a file watcher.

The watcher should let you know if new files are introduced to a directory it is crawling.

xpcommandshell is one way to do File IO manhandling from within a sproc

Enough said.

MakeLogic's Tail

...is a window that reports lines added to a log to you as they are added.

HP Fortify for VS2012

...will be released in February of 2013

how files are nested below other files in a .csproj

Open a .csproj file in notepad to example the underlying XML...

   <ItemGroup>
      <Content Include="Web.Debug.config">
         <DependentUpon>Web.config</DependentUpon>
      </Content>
   </ItemGroup>
   <ItemGroup>
      <Content Include="Web.PROD.config">
         <DependentUpon>Web.config</DependentUpon>
      </Content>
   </ItemGroup>
   <ItemGroup>
      <Content Include="Web.DIT.config">
         <DependentUpon>Web.config</DependentUpon>
      </Content>
   </ItemGroup>
   <ItemGroup>
      <Content Include="Web.SIT.config">
         <DependentUpon>Web.config</DependentUpon>
      </Content>
   </ItemGroup>

Ctrl-K followed by Ctrl-C and Ctrl-E followed by Ctrl-U are the standard Visual Studio shortcuts for commenting and uncommenting code respectively.

I kinda prefer the Resharper way: Ctrl with forward slash for both

Tuesday, December 11, 2012

DBAmp sprocs

DBAmp does much of what it does via stored procedures and any MSSQL database that is going to have SalesForce data translated into it is going to need to have the DBAmp sprocs spliced into it.

fixing an HP Fortify bug to do with XmlReader

This was causing a "High" error in an HP Fortify scan.

XmlReader reader = XmlReader.Create(serializationStream);

 
 

I fixed it might this.

XmlReaderSettings xmlReaderSettings = new XmlReaderSettings();
XmlReader reader = XmlReader.Create(serializationStream, xmlReaderSettings);

 
 

I didn't even have to do something of substance like this.

XmlReaderSettings xmlReaderSettings = new XmlReaderSettings();
xmlReaderSettings.DtdProcessing = DtdProcessing.Prohibit;
XmlReader reader = XmlReader.Create(serializationStream, xmlReaderSettings);

HP Fortify Details pane in Visual Studio 2010

View > Other Windows > Fortify SCA Windows ...is where one may go to get the Fortify Details pane in Visual Studio 2010.

some SSIS notes

SQL Server Data Tools (SSDT) is the new BIDS. http://www.develop.com/sqlservertwelvedatatools is an article I found on it online suggesting that it may be downloaded at http://msdn.microsoft.com/en-us/data/hh297027. We were curious to see if WinSCP will "jive" with the new SSIS of Visual Studio 2012's SSDT. The first step in making a 2012 SSIS package is to create an Integration Services project per http://msdn.microsoft.com/en-us/library/ms141178.aspx and http://msdn.microsoft.com/en-us/library/ms137823.aspx touches on how to do so a little bit. http://msdn.microsoft.com/en-us/library/ms138028.aspx suggests that the Integration Services solution is only available via Microsoft SQL Server 2012 which may be downloaded at http://www.microsoft.com/en-us/download/details.aspx?id=29062.

to upgrade a project's Framework in Visual Studio

right-click on a project, pick "Properties," and then change the "Target Framework" at the "Application" tab

Does anyone know...

  1. Is there a way to grab a version number out of the compiler via C#?
  2. Does one have to have a copy of MSSQL Server 2012 installed to make an Integration Services solution in SSDT?

Monday, December 10, 2012

change the name of a navigation link in SharePoint (not the HDRI way)

Site Actions > Site Settings > Site libraries and lists > Customize "Whatever" > Title, description and navigation is not where I went at HDRI for making a change to the name of a link at the sidenav, but things were not the norm there. Julia Reynolds had SharePoint navigation administerable in a different manner.

Boost memory allocation for HP Fortify.

We have found the need to boost memory allocation for HP Fortify on our 32-bit systems. We can push it up to 1300 MB. The place where one finds this setting is pretty strange. From the "HP Fortify" menu in Visual Studio, one should go to "Options ..." which will spawn the "Fortify Options ..." dialog box. There should be three menu items of sorts at the left:

  1. Server Settings
  2. Rulepack Configuration
  3. Project Settings
Share photos on twitter with Twitpic

The last option will not appear if you do not have an solution open, and it is the last option that you will need. (You'll have to change the setting for every solution if every solution needs more memory allocation.) At the "Analysis Configuration" tab there will be a drop down for "SQL Type:" which should be changed to "TSQL." The 1300 value should be entered to the right of the drop down. It's a confusing locale for the setting.

get appSettings variable from app.config in a Console application

string whatever = (string)System.Configuration.ConfigurationManager.AppSettings["whatever"];

...is newer than...

string whatever = (string)System.Configuration.ConfigurationSettings.AppSettings["whatever"];

helpful links for creating Debug and Release config files

  1. http://blogs.msdn.com/b/webdev/archive/2009/05/04/web-deployment-web-config-transformation.aspx
  2. http://stackoverflow.com/questions/5811305/web-config-debug-release

There is danger in renaming an ASP.NET app.config file.

If you rename the app.config in a console app, you may really confuse your application. I had to run "Clean Solution" (right-click on the ASP.NET Solution and pick "Clean Solution") to get DataSet which should have been functioning properly to function properly on the other side of a the other side of swapping of app.config with another file called app.Debug.config with a renaming. Comedically, I was trying in vain to manually doctor up a DataSet today to fix an inability for the code to run. It was an interesting refresher on DataSets...

  1. make a dataset
  2. drag tables from the Server Explorer into the DataSet
  3. right-click on one of the tables drug into the DataSet and pick "View Code" to make a partial class

Friday, December 7, 2012

grab a ConnectionString out of the Web.config like so

using System.Collections.Generic;
using System.Data;
using System.Data.SqlClient;
using System.Web.Mvc;
namespace MyApplication.Controllers
{
   public class HomeController : Controller
   {
      public ActionResult Index()
      {
         string connectionString = System.Configuration.ConfigurationManager.
               ConnectionStrings["DefaultConnection"].ConnectionString;
         SqlConnection connection = new SqlConnection(@connectionString);
         SqlCommand command = new SqlCommand();
         SqlDataAdapter adapter = new SqlDataAdapter();
         DataSet dataSet = new DataSet();
         string query = "SELECT * FROM UserRole";
         command.CommandText = query;
         command.CommandType = CommandType.Text;
         command.Connection = connection;
         adapter.SelectCommand = command;
         adapter.Fill(dataSet);
         List<string> roleNames = new List<string>();
         foreach (DataRow dataRow in dataSet.Tables[0].Rows)
               roleNames.Add(dataRow[7].ToString());
         return View(roleNames);
      }
   }
}

 
 

...Bonus: I use my model like so in a view...

@model List<string>
<h2>roles out of UserRole</h2>
<ol>
   @foreach (var role in Model)
   {
      <li>@role</li>
   }
</ol>

how to encrypt the passwords in a Web.config file

So far, the best resource I've found online for a how to-guide for how to encrypt the passwords in a Web.config file has suggested, like every other blog posting, that one has to put some stuff in the top of the Web.config to make it work. However, most of the other postings I fought my way through suggested additions that just wouldn't compile!. The golden posting I saw here which now seems offline. Maybe it will return. At any rate, it suggests/suggested you start off a Web.config file like this:

<configuration>
   <configSections>
      <section name="dataConfiguration" type="Microsoft.Practices.EnterpriseLibrary.
                  Data.Configuration.DatabaseSettings,
                  Microsoft.Practices.EnterpriseLibrary.Data,
                  Version=3.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
   </configSections>
   <dataConfiguration defaultDatabase="MyDatabase">
      <providerMappings>
         <add databaseType="Microsoft.Practices.EnterpriseLibrary.Data.Sql.SqlDatabase,
                  Microsoft.Practices.EnterpriseLibrary.Data, Version=3.0.0.0, Culture=neutral,
                  PublicKeyToken=b03f5f7f11d50a3a" name="System.Data.SqlClient" />
      </providerMappings>
   </dataConfiguration>

 
 

Next, navigate to the folder holding a Web.config to encrypt with "Developer Command Prompt for VS2012" and then type something like this:

aspnet_regiis -pef connectionStrings . -prov DataProtectionConfigurationProvider

 
 

Sometimes the Web.config file will be redacted and sometimes a better copy of the Web.config file will be made one folder up. I'm sure there is a sane explanation for this, but I don't really care. Use appSettings here in lieu of connectionStrings to encrypt the appSettings section of the Web.config instead of the connectionStrings section. Also rename app.config to Web.config to make this trick work for app.config. You will then need to rename Web.config back to app.config. In the end, something like this:

<connectionStrings>
   <add name="DefaultConnection" providerName="System.Data.SqlClient"
         connectionString="Data Source=MyServer;Initial Catalog=MyDatabase;
         Persist Security Info=True;User ID=foo;Password=bar" />
</connectionStrings>

 
 

...will become something like this:

<connectionStrings configProtectionProvider="DataProtectionConfigurationProvider">
   <EncryptedData>
      <CipherData>
         <CipherValue>AQAAANCMnd8BFdERjHoAwE/Cl+
               sBAAAAD9WbcMcef0Onv4S9BkyQ5wQAAAACAAAAAAADZgAAwAAAABAA
               AAAKHRL+
               D1aOMuO5KNEwR9WcAAAAAASAAACgAAAAEAAAAHQKZ9aFFT7H
               SVTrvXdIzVgQAgAA9fg86jjjqufpllVijvAQvsbCIAYevcnasJ4LWh6YApj+
               nzlVQEMo4yAxgeIr4UzPxTH2LgPE89C/I+ZY6jG73q5y6Eb4T1g+STPPA+
               ezZW2e3hdFx9aT15RjPfzuS5yQjuhlg/ehuVrqqMkBLWGI4AmFDORgzWTb47Q
               O4xfmGV6HWh48Wd7GTaV1rrZ1sFCOfJ5I5l8jIRv4BESGzMTDVAr6clmblYET2
               6kXhTvcosw5G71caQO4s1Mp89RatzwxAmWeYbwAYgPp1y/
               Y/0/dN2AsBRyVr1m+
               wX+2K0Y1YIczcGaHJ/DSJnNAMCkjHL+QOpaf5i6n72zlsylPI7hF5qmBTVxpZP
               KgCsBsCNdvFVsTeAFBEJLJKaZq2K/tmJjMbxIBTy1hD+
               D0KsMT2P55zbBAKkYBMsqYl6ux+U3rczgdZM8bL8HglxZOcAC/
               GOqm04NmT36ctM/5qF48VPh3Jk2RYPJqXe+z/
               xH7OO1vya4BHPvKKunkvMqh9fsMhxI3A/
               IwqVkFCsWgkksnegzqAcBwuz5m6OhRiwam8oDBmbTULIZ8St8y+
               vDgbdQU2jCFhUULGe0tQf0tehA+lDOL1htSJ0GI0ypdfpZhEDej7YxxEDUnwJI
               66MFJIJmNAk7VjJzwFMDPf3DeTqwSXxKFfjKRLZctuWmBsfs9b2B7QS62K5TJ
               vVRnQfQriPHDGacKFAAAAAEv8R/zsGee0gAm1oPQy3v8rwrw</CipherValue>
      </CipherData>
   </EncryptedData>
</connectionStrings>

Thursday, December 6, 2012

install IIS at Windows 7

Control Panel > Programs > Turn Windows features on and off ...is where one may turn on IIS in Windows 7.

shared folders in Windows 7

To share a folder in Windows 7, right-click on the folder and pick "Share with" before finally giving a name for the share.

Wednesday, December 5, 2012

make a .bat file

Following this I made a .bat file by putting the following in a .txt file:

@echo off
echo Comparing two files: %1 with %2
   
if not exist %1 goto File1NotFound
if not exist %2 goto File2NotFound
   
fc %1 %2
if %ERRORLEVEL%==0 GOTO NoCopy
   
echo Files are not the same. Copying %1 over %2
copy %1 %2 /y & goto END
   
:NoCopy
echo Files are the same. Did nothing
goto END
   
:File1NotFound
echo %1 not found.
goto END
   
:File2NotFound
copy %1 %2 /y
goto END
   
:END
echo Done.

 
 

I then just renamed the .txt to .bat.

C:\Windows\Microsoft.NET\Framework64\v4.0.30319 is where msbuild seemed to end up installed from after I downloaded msbuild from here.

msbuild FooFoo.sln /p:Configuration=Deploy is the command for making a Deploy-specific Web.config.

to get Ektron to compile...

Be sure the UI is set as the startup project (duh) and build the dependent projects first.

Crowdfunding

See: http://www.kickstarter.com/ and http://www.indiegogo.com/ may be worth a look.

make a database project

  1. make a "SQL Server 2008 Server Project" in Visual Studio
  2. right-click on the project that is made in the Solution Explorer and pick "Import Objects and Settings..."
  3. on the other side of a simple wizard, you will "import" a selected database, so to speak, as SQL scripts
  4. use HP Fortify Audit Workbench to run Fortify scans of these... I can't get the projects to compile

Tuesday, December 4, 2012

Scott Hanselman on multiple configuration files

http://www.hanselman.com/blog/ManagingMultipleConfigurationFileEnvironmentsWithPreBuildEvents.aspx is a Scott Hanselman blog posting on having multiple configuration files for different environment. I am partway into playing around with this now. Did you know that you may hold CTRL and then click/drag a file in the Solution Explorer in Visual Studio to make a copy of a file? Hanselman's blog postings seem a lot like his talks. We are swept away on a bunch of wild tangents and we always somehow end up feeling better off for it instead of distracted.

EVERYTHING!

Everything is a freeware app that allows you to search directories for matches against partial file names in a manner much quicker than the clunky crawling of Windows Explorer. You have to be logged in to have it running as a service at a laptop or server. It will not show creation dates which is annoying. Perhaps there is a not-free version that is more feature-rich.

-2,147,483,648 to 2,147,483,647 is the range for Int32 types

Imagine raising two to the power of 32 and then making the 4294967296 you get "evenly" straddle the number zero.

decimal.MaxValue

decimal.MinValue and decimal.MaxValue are gonna giveya
-79228162514264337593543950335 and 79228162514264337593543950335 respectively.

unbounded maxOccurs

A Fortify bug for ASP.NET: An .xsd (dataset) file has maxOccurs="unbounded" in it. If this pops up, try giving the maximum decimal type value in lieu of "unbounded" which is: 79228162514264337593543950335

signing certificate error

This says the "Unable to find manifest signing certificate in the certificate store." error may be solved by going to the "Signing" tab in the project's properties and then clicking on any of these buttons:

  1. Select from Store...
  2. Select from File...
  3. Create Test Certificate...

create a new build configuration

At "Configuration Manager" you may create a build configuration beyond the canned "Build" and "Release" configurations that come with a project.

Share photos on twitter with Twitpic
  1. Select the option for a new configuration.
    Share photos on twitter with Twitpic
  2. Give the new configuration a name
    Share photos on twitter with Twitpic
Share photos on twitter with Twitpic

Monday, December 3, 2012

I seemed to lose the controls for forwarding an email from within Outlook.

It turned out that I had minimized the ribbon.

Tealeaf and Cast Iron

Cast Iron is a form of web analytics. Tealeaf is also a form of analytics, but it will moreover allows one to retrace the steps through a site that a user took to navigate to a particular outcome. If a 404 error is reported by Tealeaf, one will be able to tell how the user who got the error navigated the given site to be able to "find" the error.

Sunday, December 2, 2012

cubes

This suggests a data cube will collect star schema data by three dimensions. Example: product, years the product was sold in, markets the product was sold in

one of your solution's "projects" could be a compiled .dll

Of ASP.NET: When opening a new solution and ramping up on its ways, check to see if some of the references seem to be custom in-house libraries. I've seen a few solutions now wherein something I would have kept as a project within the solution has in fact been tucked away into a referenced .dll. I'm not in love with this sort of thing personally as it just makes the whole of the "solution" harder to understand, search, and navigate, but it is something I've run into twice now.

Friday, November 30, 2012

doctor an .sln to add a project

It is pretty easy to splice a reference to another project into a solution by opening the .sln file in notepad and adding something like these two lines before the word "Global."

Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ProjectName",
   "ProjectName\ProjectName.csproj", "{2A55F118-6989-431B-B9DE-02C11001B1B4}"
EndProject

Fortify Repository

HP Fortify has its own online repository for its reports that interfaces with Visual Studio while remaining independent of Team Foundation Server. There will be an "HP Fortify Remediation" menu within Visual Studio 2010 is you have the HP Fortify plugin installed which will allow you to connect to the Fortify-specific staging grounds for reports. In the "HP Fortify" menu there will be options for both running reports and pushing them up to the repository. The "pushed up" reports then become options in the "HP Fortify" menu itself. I'm assuming that they are there for everyone who accesses the repository. I'm not positive yet as I am working alone today.

Thursday, November 29, 2012

Ektron Searching

A search in Ektron is intially against everything, and EVERYTHING is then filtered down based on business logic. For example, if you are not permissioned to see X in everything then X will be filtered away.

the HP Fortify plugin for Visual Studio 2010 is really easy to use

You will end up with an "HP Fortify" menu in Visual Studio and...

  1. Analyze Source Code of Solution in the menu will crawl your source code and display results in an "Analysis Results" pane.
  2. Generate Report ... will let you make a PDF of what is in the "Analysis Results" pane.

This has proved much easier to use than the standalone tools which we found did not want to crawl C#, and indeed perhaps they could not measure C# gremlins without access to the compiler.

if you really need to mess with some source code short-term and locally when TFS won't let you

...then copy the folder holding the source code to another locale on your laptop and then reopen the newly copied solution. This will sidestep Team Foundation Server telling you that you cannot edit anything.

cannot alter a file in Team Foundataion Server

This suggests you must explicitly check out in TFS to get around this error that occurs upon attempting an edit:

The command you are attempting cannot be completed because the file 'WHATEVER' that must be modified cannot be changed. If the file is under source control, you may want to check it out; if the file is read-only on disk, you may want to change its attributes.

Wednesday, November 28, 2012

keep your Windows 7 PC from falling asleep while you copy stuff from a file share after leaving for the day

  1. go to the Control Panel
  2. change "View by: Category" to "View by: Small icons"
  3. go to "Power Options"
  4. Change the plan settings for the radio button that is checked
  5. the radio button checked is likely "Balanced (recommended)

One may create a new .fpr directly within HP Fortify's Audit Workbench.

Click on "Advanced Scan..." and then select a folder to scan. Finally step through the wizard you are given.

Ektron may now run in C# 4.0

Cool.

make an HP Fortify PDF Report that gives a comprehensive breakdown of flagged problems

At the "Generate Report..." dialog in Audit Workbench, change "Report:" from "Fortify Security Report" to "Fortify Developer Workbook"

I may have found the right place to get rules for HP Fortify

It is in the Options... submenu under the Options menu in Audit Workbench. That said, I could not get it to work when I tried.

make a PDF in Audit Workbench

At: Tools > Generate Report...

I was able to make a PDF from an .fpr in HP Fortify's Audit Workbench.

HP Fortify Scan Wizard must have rules files

C:\Program Files (x86)\Fortify Software\HP Fortify v3.50\Core\config\rules ...is where they live. The Scan Wizard will not run without this, but with this, it should make a .fpr file that you may open in HP Fortify Audit Workbench. I copied the rules files from someone else's PC. I don't know how to get them otherwise.

How to select C# as a language in HP Fortify's Scan Wizard

At the "Show Languages in Source Tree" piece of the wizard, check the checkbox for "Visual Studio" and then just uncheck it. The wizard will ultimately make a .bak file you may run to generate a PDF report of your code's health issues.

HP Fortify decided to uninstall itself somehow overnight

...so I went to:

Control Panel > Uninstall a program > right-click on HP Fortify v3.50 > Change ...which fired off a process that repaired Fortify. I then had to newly add the license file back at:

C:\Program Files (x86)\Fortify Software\HP Fortify v3.50\fortify.license

Ektron handles markup in a case-sensitive manner.

<p>Hello world.</P> will cause an explosion. Do not expect the awful gunk exported from Microsoft Word or Eloqua to not need your cleanup before incoporation.

Team Foundation Server "cannot be migrated because the solution cannot be checked out" error

I solved this TFS problem:

Solution file 'whatever' cannot be migrated because the solution cannot be checked out from source code control. To migrate the solution, make sure the solution file can be checked out and re-open it.

By just unchecking the checkbox for read-only inspite of what these two links told me:

  1. http://stackoverflow.com/questions/2762930/vs2010-always-thinks-project-is-out-of-date-but-nothing-has-changed
  2. http://social.msdn.microsoft.com/Forums/en-US/tfsversioncontrol/thread/88d652fa-1fef-4e3c-8dcb-a2079a96f031 (suggested I uncheck "Allow editing of read-only files; warn when attempt to save" at Tools > Options... > Enviroment > Documents)

upsert and merge

I heard the term upsert today and it is synonymous with merge per Wikipedia which is never wrong.

MERGE INTO TABLE_NAME USING table_reference ON (condition)
   WHEN MATCHED THEN
   UPDATE SET column1 = value1 [, column2 = value2 ...]
   WHEN NOT MATCHED THEN
   INSERT (column1 [, column2 ...]) VALUES (value1 [, value2 ...

Addendum 1/16/2015: This is really stupid. Please see this instead.

folder options and unhiding extensions and show hidden files

Type "folder options" at the start menu at Windows 7 and then go to the "View" tab of the "Folder Options" dialog box which appears to do things like unhide file extensions and show hidden folders. Yawn. (I do this everytime in a new environment.)

How to select C# as a language in HP Fortify's Scan Wizard

At the "Show Languages in Source Tree" piece of the wizard, check the checkbox for "Visual Studio" and then just uncheck it. The wizard will ultimately make a .bak file you may run to generate a PDF report of your code's health issues.

Share photos on twitter with Twitpic

Tuesday, November 27, 2012

SCSI expansion

SCSI (Small Computer System Interface) allows one to bolt on more "space" to a server. You can't do this with NAS.

 
 

Addendum 6/21/2016: NAS is Network Attached Storage. It's any ability to share storage at a server beyond the bounds of the server.

 
 

Addendum 9/11/2017: SCSI is pronouced... "skuzzy"

Beyond Compare

One of my coworkers mentioned Beyond Compare as a code comparison tool today. It should be more comprehensive than WinMerge which is just for finding the inconsistencies in two dissimilar files.

extend your desktop in Windows 7

at: Control Panel > Appearance and Personalization > Adjust screen resolution

Duh.

Telerik JustCode

...is a rival to JetBrains ReSharper per a coworker. See: http://www.telerik.com/products/justcode.aspx

SSDT is the new BIDS

This has links to get SSDT (SQL Server Data Tools) for VS2010 and VS2012 and SSDT is the "new BIDS" (so I hear).

Set local IPs for DNS Servers in Windows 7

  1. right click on the "bars" icon on the start bar by the clocks and pick "Open Network and Sharing Center"
  2. click the "Local Area connection" link
  3. in the "Local Area Connection Status" dialog box click the "Properties" button
  4. uncheck "Internet Protocol Version 6 (TCP/IPv6)"
  5. select "Internet Protocol Version 4 (TCP/IPv4)"
  6. click the "Properties" button
  7. click the radio button for "Use the following DNS server addresses:"
  8. type in the addresses
  9. at a command prompt type: ipconfig /flushdns

One may run HP Fortify from the inside or from the outside looking in.

It will support both external and internal scans.

Boomi, CastIron, and Jaspersoft are alternatives to SSIS

So I hear.

SonicWALL

...is a company now owned by Dell. They offer a VPN solution.

DBAmp

DBAmp offers translation between SalesForce and MSSQL. It allows you to run SQL commands such a SELECT * against SalesForce! You may also, as you might imagine, push records in.

Gomez

Gomez is some manner of performance testing for web sites. It will tell you how speed a roundtrip to the server and back takes for a POST, GET, etc.

Monday, November 26, 2012

someone found my blog Googling "draw on canvas using WatiN"

I think you'll want to draw on a canvas with PhantomJS instead. I have heard PhantomJS lets you run JavaScript/jQuery at the browser you "test." I write this having never used PhantomJS. :)

one has to have the Enterprise level of Ektron to use eSync which allows for local development copies of the MSSQL database

I arrived in Nashua, New Hampshire today for a few weeks of business travel. I will be working with Ektron while I am here, and as fate would have it, Ektron itself is located in Nashua. I could not resist stopping by to see what I might gleam. Thanks to Derek Barka for taking the time to meet with me!

Share photos on twitter with Twitpic

I'll start work tomorrow. It is rather hard to know what to expect from the outside looking in and without having had the opportunity to work with Ektron before. We flirted with using Ektron at FramesDirect for a shopping cart package, but ultimately FramesDirect went with Magento. Derek said that http://developer.ektron.com/ is a good place to go with questions. Ektron is also very good about responding to Twitter-based queries. They have been very proactive about engaging with me once I started blogging of Ektron. The receptionist at Ektron gave me some canned marketing materials and together with the Wrox book I bought, this comprises all of the print reading materials I could find.

Share photos on twitter with Twitpic

Alright, I know this blog posting has been mostly fluff. The thing I want to say is: Ektron has three engagement levels:

  • Enterprise
  • Professional
  • Standard
Share photos on twitter with Twitpic

...and one has to have the Enterprise level to use eSync which allows for local development copies of the MSSQL database. I don't think that will exist where I am going. This is my hunch, based on what I've heard. I'll know more tomorrow on the other side of the ocean of the unknown.

Share photos on twitter with Twitpic

Friday, November 23, 2012

Ektron ABCs

The Workarea for a default CMS400Min install of Ektron will allow users to administer the folder structure, menu system, content, metadata, and users themselves. There are three types of users:

  1. Membership users who can only use the proper portion of the site
  2. Content Authors who may use the Workarea (a backend system for editing the frontend system)
  3. four canned accounts that fall outside of the other two definitions
    1. Admin, a global administrator
    2. Builtin, which may change the license key if everyone else is locked out
    3. InternalAdmin, which holds global great permissions for programmatic tinkering (forgive me for not putting it more eloquently)
    4. Vs, which is used for talking to Ektron Framework Server Controls via Visual Studio across web services

The passwords for Admin, Builtin, and Vs need to be changed from their defaults before a push to production. There is a group called Everyone that all users start out as a part of and a group called Administrators that users may be added to. Becoming a member of Administrators does what you might expect. The Settings section of the Workarea will allow one to create users:

Share photos on twitter with Twitpic

Thursday, November 22, 2012

I am beginning a book on Ektron.

I am beginning to read a Wrox book called "Ektron Developers Guide" in advance of diving into an existing Ektron project on Tuesday. I wish there was a way to download a trial copy of the software, but unfortunately, all I can do in advance of Tuesday is flip through the one book (from 2011) that seems to have been written on the proprietary CMS. The software is not trivial. It has a significant footprint, expanding into many things. Beyond being a CMS, it offers a canned shopping cart too.

Share photos on twitter with Twitpic

Ektron started in 1998 as what the book calls a WCMS (web content management system) and at the time must have been something other than web forms ASP.NET. It is today of framework 3.5 web forms ASP.NET, with an heavy emphasis on breaking chunks of screen real estate up into .ascx (User Control) widgets. The widgets may be "Ektron Widgets" which one builds using something called PageBuilder. These developers may build out themselves and get creative with. There are also over eighty canned ".NET Server Controls" which are for things that Ektron's own realize arise as common wants. Both varieties of widget take into account whether or not a user has permissions to see the widget, edit the widget right there in the page, etc., so there is likely a robust way to administer privileges for various varieties of users within Ektron. (I assume that is coming later in the book.) Ektron's stuff is a hodgepodge of home-rolled and not home-rolled. They defer to a bigger player in a given space when it makes sense. For analytics for example, one may use Google or Omniture. An API uses the following namespaces:

  1. Ektron.CMS is the oldest namespace and the book seems to admit that it could be better.
  2. Ektron.CMS.API is newer and allows one to do bulk data processing in code that is not easy elsewhere.
  3. Ektron.CMS.Framework is the newest and is apparently slowly being expanded in scope to offer a better alternative to what one may find in Ektron.CMS which is piecemeal and not intuitive. The book suggests that once you're used to this namespace that things will be easy to find using IntelliSense and some guessing. One thing leads to another.
  • System.Web.UI.UserControl will be used by a widget (an .ascx).

 
 

A surprising upfront chunk of the book is on Agile versus Waterfall and what the roles should be on an Ektron team. The book asserts that the better part of your team can just be persons who manage content and not actual developers. This is, after all, the whole reason to have a CMS. The book suggests that one should build a "CMS implementation guide" and that there is a sample project called "OnTrek" to be had that shows off how Ektron may be done with many widgets in use.

 
 

When you set up Ektron, a wizard will walk you through the process and put folders in the right places. Some content is kept in an MSSQL database while other content exists as "assets" which I am guessing to be images and text/XML files. Even if all developers use a common database like a communal bowl, there is the problem of keeping copies of assets synchronized across all independent development environments.

Share photos on twitter with Twitpic

Ektron has a feature called "Load Balancing" for this sort of synchronization concern and it also has a feature called "eSync" which allows each development environment to keep its own independent and standalone copy of the database without being so isolated that one cannot get the database updates another developer makes.

Share photos on twitter with Twitpic

eSync doles out the database updates to the otherwise isolated environments. Think of The Tarantino Project, as it is going to be something like that. It looks like there are attempts to address speed issues with complication too. The book suggests that pages will not "recompile relevant files" unless there is a change, although what I have read thus far of this is vague. There is a "Workarea" folder that takes forever to compile and cannot be set to be excluded from its project given Ektron's nature. One can hack around this pain point by making the folder hidden in Windows itself. There is a way to debug libraries without launching the debugger or running unit tests, but what I have read so far is also vague on how to do this.

Tuesday, November 20, 2012

ISNULL in MSSQL

This suggests this:

ISNULL ( check_expression , replacement_value )

 
 

...is how to handle a value being null. You could use it to replace something like this:

SELECT Foo, Bar, Baz FROM Qux

 
 

...with something like this:

SELECT Foo, ISNULL ( BAR , 42 ), Baz FROM Qux

Monday, November 19, 2012

REPLACE in MSSQL

REPLACE(P.PhoneNumber,'-','') as PhoneNumber

remove Price PEEP malware from Chrome

This offered the following steps (which worked) to help me get rind of the Price PEEP malware which also shows off how to manage plugins in Chrome:

  1. Click the link on the right that looks like a little gray box with 3 lines, "maybe looks like a little tablet".
  2. Click on Settings.
  3. At the bottom of the page click "Show Advanced Settings".
  4. On the far left - top of the page, click on "Extensions".
  5. You will see Peep extension....On the far right of the extension you will see a small, gray trashcan.
  6. Click on the trashcan.
  7. Click "yes remove peep".
Share photos on twitter with Twitpic

Sunday, November 18, 2012

Ektron and Fortify, from the outside looking in

Ektron

 
 

Fortify

  • HP Fortify Software Security Center suggests I may get a free trial of HP WebInspect Free Trial Request. The URL is http://www.hpenterprisesecurity.com/products/hp-fortify-software-security-center
  • I was told "Our corporate policy does not allow us to issue trials to generic email addresses such as Yahoo! or Gmail." when I completed the form using tomjaeschke@tomjaeschke.com.
  • This offers: "It uses HP Fortify’s award winning static analysis to provide the most far-reaching vulnerability detection in source code available today." ...making me wonder if it will crawl C# for issues.

Wednesday, November 14, 2012

Agile process documentation

I went to AgileAustin last night and watched a panel discussion on architecture. The discussion largely took a how-do-we-deal-with-the-fact-that-management-will-not-approve-a-rewrite theme, but more interesting (to me) was an early tangent on how an Agile process could produce documentation.

One of the participants in the audience asserted that there is a false perspective that an Agile process is a panacea and that in fact, yes, you still have to know what you are doing or you will just build a big ball of mud with Agility. The incremental process will let you realize that you're doing something wrong quickly, but nothing more. One of the panelists suggested that a sprint zero to set up some architecture could be a wise move.

In building a product, Geoff Meyer of Dell, suggested that one could go to the product owners for some example, initial use cases by asking about whom the competition is and what some things to potentially test could be. Get the owners involved in the details and get marketing claims out of process. The marketers should be able to see how they'll write promotional materials based upon what you are to bake in the first few sprints, so the marketers will be doing some work paralleling the developers. Herein some documentation may be driven by want for money instead of being sidestepped as a waste of time as might be the norm. I thought it was a good first step to deal with this problem.

As I sit here typing this up it seems like the marketers would also want to detail what differentiates their product from rivals, and that initial sprints would be of differentiation as much as of a generic foray into the space at hand.

Geoff Meyer is shown in the center of this photo and the panelist at his left (looking towards the camera) is Ryan Vanderwerf of ReachForce. The panelist at the left of the photo is David Sheth of Calavista.

Share photos on twitter with Twitpic

The event was moderated by Lee Fox.

Share photos on twitter with Twitpic

Tuesday, November 13, 2012

jobs

In looking at the Object Explorer in Microsoft SQL Server Management Studio, I see that below a server are six "folders" for:

  1. Databases
  2. Security
  3. Server Objects
  4. Replication
  5. Management
  6. SQL Server Agent

I spend all of my time in "Databases" but this suggests that SQL Server Agent is where the jobs are kept. ...And, in taking a look, it seems to be so. Right-clicking on a job and picking "Properties" reveals...

  1. General
  2. Steps
  3. Schedules
  4. Alerts
  5. Notifications
  6. Targets

General will have a checkbox for if the job is enabled while Steps will denote which sprocs are called and Notifications will tell you who is flagged by email when the job runs. Jobs are how one runs stored procedures on a timer (what might have been called a cron job in FreeBSD once upon a time). Windows Task Scheduler in contrast is used for running console apps written in ASP.NET on a timer.

add days to a date in MSSQL

DATEADD(D, 2, @DateToAddTwoDaysTwo) is an example of adding two days to a date in MSSQL. Negative values take you "back in time." http://msdn.microsoft.com/en-us/library/ms186819.aspx seems like a pretty good cheat sheet. It says:

  • y is of year
  • m is of month
  • d is of day
  • h is of hour
  • n is of minute
  • s is of second

SSIS is kinda ghetto.

Share photos on twitter with Twitpic

At Santanna we seem to have some very simply SSIS packages for ETLing flat files consumed from utilities. We:

  1. have an Execute SQL Task reach out to a stored procedure which ultimately calls a complicated select statement against a database table with columns holding a one-to-one dump of the flat file's data points
    • in the Properties pane in BIDS, the SqlStatementSource donotes something like EXEC sp_Whatever pointing out which stored procedure to call
  2. have a Script Task put the data from the select to MSSQL via VB with inline SQL statements
    • right-clicking on the task and selecting "Edit..." brings up a dialog box
    • from here click "Edit Script..." to see the actual script

Today Paul Herrera taunted me over Twitter with: "What's wrong with putting code in a place that you CANNOT write unit tests for? :P" when he saw me tweet of SSIS. Indeed SSIS is kinda ghetto.

recursion

Wikipedia says: "Recursion in computer science is a method where the solution to a problem depends on solutions to smaller instances of the same problem. The approach can be applied to many types of problems, and is one of the central ideas of computer science." and this means you need to write an algorithm for your fix!

Ctrl-Alt-Delete will let you change your password in Windows 7!

Duh.

Paul Tidwell on Azure

Share photos on twitter with Twitpic

I saw Paul Tidwell (right) of Falafel speak on Azure at ADNUG last night. His code:

Share photos on twitter with Twitpic Share photos on twitter with Twitpic
Share photos on twitter with Twitpic Share photos on twitter with Twitpic

Stuff said:

  1. What was referred to as Metro applications are now "Windows 8 Store" applications.
  2. Azure media services offers encoding built with IIS Smooth Streaming, MP4, and conversion to Apple HTTP Live Streaming (HLS).
  3. One may get a 90-day free trial of the Azure services.
  4. Download and install the SDK. Version 1.6 of the SDK seemed a lot more stable to Paul than version 1.7 from which he had connectivity issues in Visual Studio.
  5. See http://msdn.microsoft.com/en-us/library/windowsazure/hh973618.aspx for how to use the API. The code given above is of this.
  6. One may injest video directly at Azure and store it there or, via Azure, provide a front end to a pipeline. Create a new media service in Azure like so:
    Share photos on twitter with Twitpic

Monday, November 12, 2012

Lync

I just participated in video conferencing for the first time in my life using Microsoft Lync. Fun stuff.

PhoneGap

http://phonegap.com/ seems to be some manner of tool for writing HTML5 apps friendly to numerous mobile platforms.

Sunday, November 11, 2012

Cold Fusion to die?

At Sharon's Polyglot event last week I spoke to a developer who has made a career in Cold Fusion and who is now attempting to crawl out of it into another language. He felt that Adobe was about to let Cold Fusion die as he said Adobe is to offshore its Cold Fusion development efforts.

sessionStorage core concepts

I just played with sessionStorage for the first time and it is easy:

  • set it: sessionStorage.setItem("session_id", value);
  • get it: var sid = sessionStorage.getItem("session_id");

 
 

sid above will be null if the code in the second bullet is run first before something like that of the first bullet. I confirmed that if you are able to populate "sid" and then you turn around and close and reopen the browser that sid will be null unless you repopulate it. Yay!

Saturday, November 10, 2012

singleton pattern

The singleton pattern ensures that an instance of a class is always a unique instance.

Addendum 5/6/2015: This old note is pretty confusing. Singleton conceptually means that no two instances of the thing will exist independently and therefore a singleton may act like a global variable.

openquery

This suggests that openquery queries reach out to linked servers. I don't really understand them as of this writing.

SELECT * FROM OPENQUERY (MyLinkedServer, 'SELECT * FROM MyDatabaseTable')

Thursday, November 8, 2012

how to name a project

I am at Sharon Cichelli's Polyglot Programmers of Austin and the most interesting thing to come up tonight is a suggestion for how to pick a name for a new project:

  1. Go to: http://en.wikipedia.org/wiki/Special:Random
  2. If you do not get a one word name, just return until you do.

old school JsonResult stuff

This suggests doing it like this:

public JsonResult GetCityList()
{
   var list = from city in repository.Cities.GetAll()
      select new { Text = city.Name, Value = city.ID };
   return Json(list.ToList());
}

 
 

I've done it like this before:

public ActionResult Whatever()
{
   return Json(new { greeting = "hello" }, JsonRequestBehavior.AllowGet);
}

 
 

JsonRequestBehavior is of the System.Web.Mvc namespace.

today's geek lunch

At today's geek lunch I learned:

  1. Node.js keeps dependencies as copies of the project holding the directory. This can mean multiple identical directories copied about.
  2. Compiler-as-a-service will let you keep C# in a database field that may be run when when summoned/queried into a project.
  3. EMR stands for Electronic Medical Record
  4. NLog was recommended to do logging. In order to log you still need to catch and exception in a try/catch. Try to be smart about how you write these instead of sprinkling them everywhere. (think CQRS)

still struggling with ResGen

I am still struggling with reading a .resources file to address this. I was able to make a welcome.resx and a welcome.de.resx into welcome.resources and welcome.de.resources (moving the English version to the "root" as my reading suggests a root is mandatory) with ResGen like so:

Share photos on twitter with Twitpic