Thursday, December 28, 2006

C# Class Picturebox Improved for Aspect Ratio & Photograph Display in .Net

The key difference between Picturebox and the Photobox class implemented in this blog entry is that the Photobox class supports aspect ratio scaling and is appropriate for displaying photographs in an application.

Tuesday, December 26, 2006

SSL and TSL Essentials

By now, we are growing accustomed to the staggering success of the Internet and digital commerce performed over it. Millions of people—with billions of dollars—rely on the Web to execute critical transactions every day. All of those transactions require trust.

Users must trust the authenticity of the Web site; users must trust that their sensitive information remains confidential as it traverses the Internet and users must trust that no malicious hacker has modified their requests.

Security technology provides that trust. And on the Web, the Secure Sockets Layer (SSL) protocol is THE security technology.

Read the rest here at www.NetworkSystemDesignLine.com

Thanks for reading,

Cory Trese
cory.trese@gmail.com
http://www.corytrese.com/

Thursday, December 21, 2006

Interview with Joyce Park

Joyce Park is the co-founder and CTO of Renkoo.  I saw this blog entry, and interview with Joyce Park from Friendster and it has a series of questions about getting shitcanned for blogging.  I think a more interesting topic is blogging after you get shitcanned, something I know a little bit about.  But unlike this person, I gave in and edited my entries.

Wednesday, December 20, 2006

Google Kills SOAP?

From Google Deprecates Their SOAP Search API:

The AJAX Search API is great for web applications and users that want to bling their blog, but does not provide the flexibility of the SOAP API. I am surprised that it has not been replaced with a GData API instead. The developer community has been discussing this and do not seem happy with the change. Discussion on the forums have pointed out that Yahoo! has a REST Search API. Live Search also has a SOAP API available.

This worries me.  What is Google doing?  Trying to kill off developer mind share?

Tuesday, December 19, 2006

ASP.Net 1.1 Does Not Stop XSS or Cross-Site Scripting

The built in protection in ASP.Net 1.1 is broken.

The "ValidateInput()" method does not work.  It ignores null characters and so does IE.  So, all your 'ValidatePageInput="true"' does nothing.  You are not safe.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnaspp/html/scriptingprotection.asp

Write your own HTTPModule or buy mine.

Wednesday, October 25, 2006

Testing Web Applications Under Linux!

If you're a Linux using web-developer such as myself, you can really benefit from having IE installed under Linux using the IEs 4 Linux system (runs using WINE.)  Here is a like to the FAQ about how IEs 4 Linux works.

Want to run IE in Linux?  That's how!

Tuesday, October 10, 2006

Google Winner Developer Mindshare

http://www.google.com/codesearch

Of course, this makes so much sense.  Take all the open source code and make it so you can search it by content, comment, technique and language (and of course, license.)

So clearly a good idea.

http://www.google.com/codesearch

Great .Net Blog I Read

I thought I would share this great .Net and development in general blog I read.

Google "Bigdaddy" Updates Impact on Search Ranking, SEO and your web site

#1. Beware of Banned Sites.

Some sites like WedPlan.net have benefitted from the "Bigdaddy" update, Google's continuing effort to provide users with the best possible results to their search queries. Some sites have been penalized by the update. And some sites have been outright "banned" -- dropped from Google's index altogether.

So why do you care about how Google views other sites, you may ask? Because links from banned sites to your site or from your site to a banned site can negatively impact how Google chooses to interpret, index, and judge your site.

Google engineer Matt Cutts has discussed the increased importance that the "Bigdaddy" update places on inbound and outbound link quality. Cutts warns that "linking to spammy neighborhoods on the web" may result in a site being banned. If a banned site is linking to you, you presumably become an unwitting new resident in the banned site's "spammy neighborhood".

The bottom line? Affiliation with sites that have been banned by Google could be a risky proposition and may adversely affect your site's (and company's) own credibility.

#2. How Do I Tell If a Site Has Been Banned? Use Google's "info:" Feature.

Google has some cool search features you may not be aware of. One secret weapon you can use to find out what Google thinks about a particular site is to use its built-in "info:" search. To use this helpful tool, just do a Google search for "info:domain.com" (without quotes) where "domain.com" is the full domain name of the site you want to find out about.

If the site is not banned, you will see information about the site. If, however, Google returns: "Sorry, no information is available for the URL", there is a good possibility that the site has been banned by Google. Even if the site has not been banned, a response like this indicates that Google places little or no "trust" in the site and is unwilling to provide its users with any information about or from the site. Do this search for all the domains you currently advertise with. If any of them have been banned by Google, it may be time to end your affiliation with them.

#3. Advertiser Beware: Do Your Homework.

If a site is in good standing with Google, the search engine should provide you with a wealth of information about it. Again, do a Google "info:" search for the full domain name you are researching. If the site is not banned, you should be presented with 5 links. Perhaps the most informative of those links is the "from the site" link. Clicking that link should reveal how many pages from the given site have been indexed by Google and are currently presentable as search results in Google's index. Generally speaking, the more pages from a site that Google is displaying in its index, the more confidence Google has that the site will contain relevant information for its users. Perform these kinds of searches when deciding where you think you might want to allocate your advertising dollars. Doing a little homework ahead of time can pay dividends later.

#4. Take Action.

In researching Google's "Bigdaddy" update and the logic behind it, it becomes clear how important it is for a business owner to keep up with changes on the web. It took months for Google's "Bigdaddy" infrastructure to be built and for the new search results to go live at all of its data centers. But Google's changes have some immediate consequences for you and your business. You need to be proactive to end your affiliation with banned sites or those that Google engineer Matt Cutts describes as "spammy neighborhoods on the web". Google has done a good thing by rewarding quality, ethically-run sites and also by penalizing those sites it has determined to fall short of the mark. What's more, the Google update also may mean that association with such sites can negatively impact your own reputation. Take action now by ending your relationship with sites that Google has chosen to penalize or, worse yet, to ban completely.

Original Credit Unknown, Reposted Here for Reference.

Saturday, October 07, 2006

Error 8013141C in Visual Studio or sn.exe

I have an earlier post about Error "8013141C" in Visual Studio .NET 2003 or sn.exe from any of the .NET toolkits.

The problem is that you cannot delete a key and you cannot add the key. This is because you do not have access to the key to delete it and the .NET framework cannot add it because of constraints on the StrongName data store.

The solution is to give yourself access to C:\Documents and Settings\AllUsers\ApplicationData\Microsoft\Crypto\RSA\MachineKeys\. This allows proper functioning when you run "sn.exe -d" allow it to remove the StrongName.


  • On Windows 7 32 bit, it is located here: C:\Windows\System32\Microsoft\Crypto\RSA
  • On Windows 7 64bit, it is located here: C:\Windows\SysWOW64\Microsoft\Crypto\RSA


Here is an example sequence of commands:

C:\>sn -d someKey

Microsoft (R) .NET Framework Strong Name Utility Version 1.1.4322.573
Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.

Failed to delete container 'someKey' -- Unable to format error message
8013141C

The key container must still exist because I cannot create a new key
container, the error message is as follows:

C:\Projects\dload\Assembly>sn -i "C:\Keys.snk" someKey

Microsoft (R) .NET Framework Strong Name Utility Version 1.1.4322.573
Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.

Failed to install key pair -- Object already exists.


The hack to fix this is:
  1. Browse to %SystemDrive%\Documents and Settings\AllUsers\ApplicationData\Microsoft\Crypto\RSA\MachineKeys
  2. Grant rights to Adminstrators, or whatever group you belong to
  3. Take Ownership of this folder (click Advanced under Security, and then click the Ownership tab at the top)
  4. Apply the changes to the children ("Replicate permission...")



Saturday, September 30, 2006

Virtual People & lonelygirl15

I saw this Wikipedia page about one of the most popular virtual people, lonelygirl15 on Myspace.com

Pretty interesting concepts behind this. The creation of "virtual celebrities" that actually represent (much like "real" celebrities) the work of hundreds or possibly thousands of content creators and marketeers.

I must admit I am most intrigued by this concept. Where will this go in the future I wonder?

Tuesday, September 26, 2006

Fuzzy Logic and Other Math Help

My brother found this great site on the subject of fuzzy logic and computer programming. It has one a high quality treatment of the general concepts as well as great examples and of course some tutorial on how to apply and understand fuzzy logic solutions to everyday problems.

The actual software is call the Fuzzy Logic Toolbox and is a collection of useful functions for MATLAB, however the general information like overview and foundations provide terrific introduction material for anyone interested in Fuzzy Logic.

Monday, September 18, 2006

Guidance Automation Extensions(GAX), NDepend, CLR Analytics, Oh My!!!

I've been a busy guy today, running all over the net reading about various stuff.  One of the more interesting things I saw today was Guidance Automation Extensions
 
The "GAX" as it is called is an extension to Visual Studio 2005 (IDE) that allows architects (framework developers) to author rich, integrated user experiences for (programming) reusable (code) assets including frameworks, components and patterns. The resulting Guidance Packages are composed of templates (code snippets), wizards (automated guides) and recipes (live howtos), which help developers build (code) solutions in a way consistent with the architecture guidance (framework best practices.)
 
Another amazing piece of software, this time, more general for any CLR project, is the NDepend and Code Query Language (CQL).  The NDepend product, which was free in its initial version, leverages the amazing DOM-based CQL suite to analyze and map CLR/.Net libraries, applications, assemblies and modules. 
 
NDepend provides a rapid prototyping and visualization engine for coming to a greater understanding of the complexities, relationships and makups of your CLR applications.

Saturday, September 16, 2006

COM+ Object .Net Cleanup / Dispose

I found a blog entry on the DotNetJunkies site about Dispose the COM+ objects in managed apps that I found very helpful with a resource management issue I was facing today.  My particular problem was that the database connections created inside my unmanaged COM+ application were not being released when the .Net managed application (written in C#) invoked them.

Friday, September 08, 2006

What is P3P, W3C Privacy Policy Summary

What is P3P?

  • Participating Web sites answer a set of multiple-choice questions creating a summary of the site's privacy practices, which can then be interpreted and displayed by P3P-enabled browsers. 
  • When you use a P3P-enabled browser to visit a site participating in P3P, the browser automatically reads the site's P3P summary comparing the site's privacy practices to the privacy preferences you've set. The browser might display an alert or block transmission of certain data, such as cookies, if a Web site's practices differ from your preferences.

Here is the deployment guide for P3P from W3C.  This covers the development of the technical P3P, the human readable P3P and some technical details about how the code-level implementation of P3P is executed.

Here is the "how-to establish P3P at your site" document from the W3C.  This covers writing ( or generating) the policy, tools to assist with the generation and some details about what types of information must be defined by the "business" before they can be placed into a formalized privacy policy.

Monday, September 04, 2006

Perl Design Patterns, Examples & Explainations

I ran across this somewhat old, but very good, O'Reilly Perl Design Pattern's article that covers Iterators, Decorators, Singletons and Fly-weights.

CLR Runtime Assembly Loading in .Net

The CLR does not first look in the application's private bin directory.
 
Before the CLR can load an assembly, it must be able to find it. To do this, the CLR makes use of the Assembly Resolver to find the physical assembly and then pass it to the assembly binding mechanism.  After binding the application can use the types defined in the assembly.

The Assembly Resolver resolves for assemblies from different sources in the following order:

1. The GAC, for a native image of the assembly
2. The GAC, for a non-native image of the assembly
3. CodeBase location, if one was defined
4. AppBase directory, otherwise known as the private bin directory
5. Any sub directories as specified in the probing paths, if defined in the application config file

As you can see, the application's private bin directory is #4 , not #1 location. Assemblies in the GAC are system-wide assemblies and therefore take precedence over everything else (assuming versions and other criteria match.)

Sunday, September 03, 2006

Thursday, August 24, 2006

svnmerge - Subversion merge tracking tool

If you are tracking merges manual in Subversion (SVN) you need to automate merge tracking with svnmerge.
 
Check out this excellent tool at:
 
http://www.dellroad.org/svnmerge/index
 
- Cory

Tuesday, August 22, 2006

Windows Logon Types, Event Logs & an Explaination

If you have any questions about WindowsNT logon types, checkout this page.
 
 
These are often used in the context of the .Net CLR or the Windows Event log.  Good reference material if you find yourself wondering what type of login "8" is.
 
Send you a $1 PayPal payment if you comment on this with the answer for "What is logon type '8'?"
 
I am making this offer to prove a point -- no one reads this blog.

Monday, March 27, 2006

Make Any HTML Form Print Friendly With JavaScript

 
The following code snipet loops over all the form elements looking for "text" form inputs and converts them into wrapping DIV tags.  This browser-based transformation makes printable confirmation pages easy to generate on the server using the same HTML form generation techniques that are used to display the data in an edit-ready format.
 
 
 
var replaced = 0;    
var reDigit = /^\s*\d*\s*$/;
for (var i=0; i < this.document.forms[0].elements.length; i++) {
     if( document.forms[0].elements[i].type == "text" ) {
          var text = this.document.forms[0].elements[i].value;
          if( text == "" ) {
               var newP = document.createElement("p");
               newP.style.fontFamily = "Arial, Verdana, Helvetica, sans-serif";
               newP.style.fontSize = ".90em";
               var txtNode = document.createTextNode("--");
               newP.appendChild(txtNode);
               document.getElementById(document.forms [0].elements[i].id).parentElement.appendChild(newP);
               document.getElementById(document.forms[0].elements[i].id).style.display='none';
          } else {
               var newP = document.createElement ("div");
               newP.style.fontFamily = "Arial, Verdana, Helvetica, sans-serif";
               newP.style.fontSize = ".90em";

               if( this.document.forms[0].elements[i].value.search(reDigit) == -1 ) {
                    newP.style.border = "solid black 1px";
                    newP.style.width = "179px";
                    newP.style.padding = "2px";
                }
               var txtNode = document.createTextNode(text);
               newP.appendChild(txtNode);
               document.getElementById(document.forms[0].elements[i].id).parentElement.appendChild(newP);
               document.getElementById (document.forms[0].elements[i].id).style.display='none';
          }
    }

Saturday, March 04, 2006

The Good, the Bad and the Ugly

I've had some feedback about my growing appreciation of .Net development and Visual Studio.  I must admit, it is true -- I am growing to really enjoy .Net development.
 
The Good
  • .Net lets you catch a lot of errors at compile time
  • The FCL is an amazing collection of utilities.  Spend a lot less time considering alternatives and researching available software modules (CPAN.)
  • The .Net debugging tools and package analysis tools are great when you're in "debugging" mode
  • The Visual Studio IDE has a vast number of extremely useful third-party plug-ins that can really speed up development
  • Generic .Net features such as "region" and XML Comments greatly increase organization and documentation efficiency within large implementations
The Bad
  • .Net makes you wait for a compile before you can test most changes.  This results in much slower development vs. dynamic languages, especially if the required compile gets Ugly (see below) and you have to reboot.
  • .Net, under Windows, is tightly coupled with the OS.  This results in a lot of confusion and non-.Net (OS specific) knowledge is required for many complex implementations
  • The tools development companies that partner with Microsoft to produce VS.Net plug-ins ignore a lot of open-source/industry-standard solutions, opting instead to support Microsoft-centric technologies and approaches (SCM integration, for example)
  • The ASP.Net web development environment contains many foriegn (to the classic web developer) concepts.  This is the result of .Net's attempt to unify the programming model for Win32 and Web application development.  While this decreases the learning curve for developers already familiar with one, it increases and complicates the learning curve for non-.Net developers.  This because a problem when people unfamiliar with ASP.Net perform page and widget design (Human Factors Engineering team) from the perspective of form-post based applications without considering the various complexities of translating concepts to ASP.Net pages and user controls.
  • Visual Studio tries to be all things for all people.  It includes a database designer, an image editor, an XML editor, a CSS editor, a WYSIWYG XHTML editor and countless other edit modes and supported file formats.  While this is useful, the overall quality of each mode suffers.  For example, the XML editor does not provide a "pretty print" feature for XML files that are not human readable (indented) and the CSS editor has limited support for anything but CSS 1.1
The Ugly
  • .Net on Windows involves a lot of file lock related reboots, DLL versioning nightmares and Visual Studio Crashes
  • I am considerable more skilled with XHTML than the Visual Studio designer in 2003.  VS.Net messes up my HTML constantly and I spend an inordinate amount of time fixing it.  I have found ways to introduce "errors" into my XHTML so that the Visual Studio designer won't load them, but that results in further slow-downs because without the designer no auto-vivification of server-side controls occurs.
  • My "development environment", Visual Studio 2003, SQL Server, IE and Visual Studio 6.0sp6 consumes about 1G of RAM while under heavy (debugging) use.  This is an excessive amount of system resources!

Thursday, March 02, 2006

Formatting Date Output in C# with System.DateTime

Here is great page:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemglobalizationdatetimeformatinfoclasstopic.asp

The quick and dirty is, pass the following strings to DateTime.ToString( ); to get these outputs

d 1/3/2002
M/d/yyyy (ShortDatePattern)

D Thursday, January 03, 2002
dddd, MMMM dd, yyyy (LongDatePattern)

f Thursday, January 03, 2002 12:00 AM

F Thursday, January 03, 2002 12:00:00 AM
dddd, MMMM dd, yyyy h:mm:ss tt (FullDateTimePattern)

g 1/3/2002 12:00 AM

G 1/3/2002 12:00:00 AM

m January 03
MMMM dd (MonthDayPattern)

M January 03
MMMM dd (MonthDayPattern)

r Thu, 03 Jan 2002 00:00:00 GMT
ddd, dd MMM yyyy HH':'mm':'ss 'GMT' (RFC1123Pattern)

R Thu, 03 Jan 2002 00:00:00 GMT
ddd, dd MMM yyyy HH':'mm':'ss 'GMT' (RFC1123Pattern)

s 2002-01-03T00:00:00
yyyy'-'MM'-'dd'T'HH':'mm':'ss (SortableDateTimePattern)

t 12:00 AM
h:mm tt (ShortTimePattern)

T 12:00:00 AM
h:mm:ss tt (LongTimePattern)

u 2002-01-03 00:00:00Z
yyyy'-'MM'-'dd HH':'mm':'ss'Z' (UniversalSortableDateTimePattern)

U Thursday, January 03, 2002 8:00:00 AM

y January, 2002
MMMM, yyyy (YearMonthPattern)

Y January, 2002
MMMM, yyyy (YearMonthPattern)

Tuesday, February 21, 2006

.Net 1.1 and System.Math.Round -- Banker's Round and .5

The provided Math.Round function implements "bankers rounding", which rounds to the nearest even number when a number ends in .5
 
This means that both 1.5 and 2.5 round to 2.  This is not what most e-commmerce and real-world implementations need.  Here is a "normal" or "US round" function.
 
 
/// <summary>
/// Rounds the specified to round.
/// </summary>
/// <param name="toRound"> To round.</param>
/// <param name="digits"> The digits.</param>
/// <returns></returns>
namepsace MathUtils {
 public static decimal Round( decimal toRound, int digits ) {
   toRound *= (decimal )(Math.Pow(10d,(double)digits));
   if( toRound - Decimal.Truncate(toRound) >= .5m ) {
      toRound += 1;
   }
   toRound = Decimal.Truncate(toRound);
   toRound /= (decimal)( Math.Pow(10d,(double)digits));
   return toRound;
 }
}

Saturday, February 18, 2006

How to Pretty-Print an XML Document with C#

Used this today XML formatting with C# web page.

Thought I'd post a link. I'ts about formatting, indenting XML output in C# or VB.Net.

Check it out!

Tuesday, February 14, 2006

Tuesday, January 24, 2006

Another Web Project Annoyance

YAWPA (Yet Another Web Project Annoyance)

- Visual Studio 2003
- IIS 6

When I have a solution in debug mode attached to aspnet_wp.exe and try to open another solution that uses a web project, the second instance of Visual Studio just freezes ... no warning, no error, nothing.

Really annoying!  I was just trying to open the other solution so I could check something in a non-web project for reference and got sucked into trying to figure out why it wouldn't load.  Took me a few minutes to figure it out but I've been coding for many hours now and my problem solving skills are starting to suffer I think.

Monday, January 23, 2006

PInvoke How-Tos!

Matt Tiemeyer found this site today while we were digging up some obscure PInvoke API documentation called PInvoke.net ... it's like a Wiki with everything you wanted to know about PInvoke and lots of sample code.  Very great resource ... added it to my bookmarks and you should too.

From the Site:

It's time to stop writing PInvoke signatures from scratch! Instead, copy and paste your way to productivity!

And this site has more than just signatures & type definitions. For example:

  • Folks like you are sharing gotchas, tips, and samples specific to managed code. For example, check out why you shouldn't call CoInitializeSecurity from managed code.
  • Alternative managed APIs are suggested as a replacement for using PInvoke in the first place.
  • This site contains miscellaneous community resources that are helpful for being successful at unmanaged code interoperability. Feel free to add to these pages, too!

Wednesday, January 18, 2006

Monday, January 09, 2006