Visual Studio 2010 – Patch the growing find and replace dialog

I was pleased when I came across this patch - for a couple of reasons. One is that it’s very annoying behaviour, and looks pretty ridiculous when you have a find dialog spanning an entire 30” monitor. However the second and main reason was that I was starting to feel I was going mad in thinking that the find dialog was messing with me.

Link: The Visual Studio Blog - Patch Available for the Growing Find and Replace Dialog

Tags: Visual Studio

posted @ Tuesday, August 24, 2010 11:30 PM | Feedback (0)

Happy Customer x 2

I’ve had a couple of positive buying/services experiences recently, and wanted to write about them briefly.

I recently replaced my main computer. I wanted something which would work well for day to day development but also for the occasional gaming I manage to do. I spend a lot of time in my office as I work from home, so it’s important to have something powerful but quiet as well. Also as an added complication I’d recently purchased a SSD which I wanted to drop into the build.

I did a bit of shopping around PC retailers in Auckland and had a bit of a hard time finding anyone who seemed interested or willing to put in a bit of extra effort and to customise something for me. While I realised that I wasn’t exactly spending a fortune, when you drop $4-5k on a new rig you kind of want to feel like your business is at least somewhat valued. Anyway at this point I happened to wander into Compulink where I saw the machine Aaron (owner) was building for himself. Getting a look at the build quality and the neatness of the cabling I was pretty much sold on the spot, and Aaron was happy to put up with all my customisations and a few stupid questions to boot. All in all the system hauls ass and I’m very happy with it.

Oh, you’d like specs? If you insist: i930 watercooled and overclocked to 4.1ghz, 12gb of triple channel RAM, Nvidia GTX480, Intel X2 SSD for the main drive, 1TB SATA3 drive for data, Silverstone full tower case with three huge but quiet fans with variable speeds – Windows experience index reports mostly 7.9s, but a couple of 7.6 ratings brings the final figure down slightly.

I’ve also just had some cabling work done in the house/office. We’re moving some rooms around (to try and improve the work/life balance which gets threatened when you work from home – but that’s another story altogether), and I took this as an opportunity to get some proper CAT6 throughout the place. There’s a couple of spots in the house which were serviced only by wireless, and some networking gear which I wanted to consolidate down into the server room (well, cupboard). A friend put me onto Ben @ Cable Systems and I can’t recommend him highly enough if you’re in need of some cabling on any scale. His work is incredibly tidy and carries a great level of attention to detail.

I realise that not everyone gets excited by things such as having multiple CAT6 outlets in every room, and having properly mounted patch panels with neatly run cabling, however I am one of those people – and if you are too and you like in the Auckland area then give Ben a call.

Disclaimer: neither Compulink nor Cable Systems have given me anything for writing about their businesses – in both instances I’m just a happy customer wanting to spread the word – thanks!

Link: Compulink
Link: Cable Systems – The Total Electrical Company

Tags: NZ, Gadgets

posted @ Monday, August 23, 2010 11:33 PM | Feedback (0)

Merchants under pressure to comply with PCI DSS

While I'm pretty sure PCI DSS compliance is slightly more complex than this, it’s interesting to note that the 12 steps required for compliance as cited in this article are all pretty obvious and basic things:

1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
5. Use and regularly update anti-virus software or programs
6. Develop and maintain secure systems and applications
7. Restrict access to cardholder data by business need to know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security for employees and contractors.

Link: Merchants under pressure to comply with PCI DSS

posted @ Wednesday, August 18, 2010 11:51 PM | Feedback (1)

It ain’t a crime if you don’t get caught

If a doctor saw one of his colleagues hacking open the chest of a patient with a chainsaw, you’d like to think that he’d report this fact to relevant authorities and something would come of it. I’m no brain surgeon, or any type of surgeon at all, but yet I know that chainsaws aren’t a suitable means for performing surgery of any type. I like to think that there’s a certain level of checks and balances existing in the medical profession, and as a rule those who lack the ability to perform the basics with any level of competence (or who decide to perform micro surgery using chainsaws) will eventually get found out, and have their license to practice revoked. Or at least get a slap on the wrist. NO! NO CHAINSAW FOR YOU! BAD!

I’m an optimist aren’t I?

So what about when it comes to IT providers? Where are those checks and balances? While large enterprises often have skilled professionals on staff who can smell bullshit a mile off, the same can’t always be said for small to medium sized businesses – who often end up placing a large amount of trust in the companies they engage to help them run their business. When you’ve picked skilled and competent providers then as a rule this relationship works out well, but how do you know whether your provider is competent or not?

Today a colleague of mine made an observation with regard to the quality of work of another company, and it’s an observation which I think is worth quoting verbatim. The comment was quite simply “this shit is fucking criminal”, and while it was made using emotive language (boo hoo, cry more tbh) and in the heat of fixing a series of monumental fuckups, it was completely correct, accurate, and justified.

With the importance of IT to most of today’s businesses there can be no excuses for lacking a basic level of competence. Sure, there are an increasing number of complex and ever changing attack vectors to be on the lookout for in terms of security, but there’s still no excuse for being an IT provider without doing at least some of the basics right – hell, even if you’re doing them wrong, at least know you’re doing them wrong, and inform your client of this.

This is 2010, and while the goal posts are always moving in this game we’ve still got a pretty good idea around some of the basic strategies and tactics. Some of the finer points and rules of the game change and evolve over time, but the basic aspects of game play remain constant – simple things,  like the fact that storing your passwords in your database as clear text is bad, and that’s not going to change anytime soon.

The problem is that I’m unsure of how to finish this post with a clear call to action. Right now, I honestly feel like this industry is lacking in terms of standards and checks and balances (which is no doubt an opinion which is clouded partly by the events of the day), but also that simple best practices audits are something which may feel out of reach of smaller businesses. No one is perfect, but I’m terrified by the thought of the level of trust which some companies are placing in providers who are giving them terrible negligent advice.

This is wrong. In fact, it’s fucking criminal.

posted @ Wednesday, August 18, 2010 11:34 PM | Feedback (0)

Microsoft.Data.dll - “Someone on the Internet is wrong!”

I’ve had a few posts on the topic of Microsoft.Data.dll sitting open in my browser for a few days, and I keep coming back to them trying to work out what I think of it. In some ways it doesn’t matter, because I’m never going to use it – which is fine, because I’m not the intended demographic.

If you’ve not seen it already and want to get enraged/interested (pick one!), then basically the syntax is a simplification of ADO.NET and LINQ allowing queries such as the following:

 
  using (var db = Database.OpenFile("Northwind")) {
        foreach (var product in db.Query("select * from products where UnitsInStock < @0", 20)) {

            Response.Write(product.ProductName + " " + product.UnitsInStock);

        }

    }

A lot of the rage against it seems to be that we shouldn’t make it easier for people to shoot themselves in the foot by writing bad code, but is that really the responsibility of the framework? I’m sure you’ll find people doing stupid things with Entity Framework, NHibernate, LightSpeed, LLBLGenPro, not to mention more obvious candidates such as old school ADO.NET, PHP and hundreds of other technologies.

The post Microsoft.Data, because the 90s were so good, we want to do them again made me realise that a lot of people want to think that everyone out there knows about SQL injection, isn’t coding SQL directly in their web applications, and is thinking carefully about their data access strategy simply because it’s 2010 – but that’s just not true. People have and will continue to create bad code no matter what tools are available to them for a variety of reasons, and nothing that anyone can ever do will eliminate that completely as long as humans are walking, sitting and coding.

It leads me to thinking about some of the official ASP.NET examples floating around, a lot of which can simply be misleading to a new developer. Showing someone how to drag, drop and configure a DataSource control and then throw it against a GridView is all good and well, but it’s not the only way to do things – it’d give a better view of the overall picture to have a few different levels of example available so the new reader has a chance to peruse a few examples – even if they pick the simple example to start with, maybe at least they’ll be aware that there are other options out there and make a mental note to go and read more one day.

So many of the ASP.NET examples which Microsoft provides work”, but are hardly used in professional development. How is someone new to the technology stack supposed to know that other than finding out the hard way?

I guess I just don’t see people trying to act all puritan simply because a framework they’re passionate about contains something they don’t like or won’t use as being overly constructive. I can see where the passion comes from (especially given some of those developers will inherit something done wrong one day and scream WHY OH WHY), but I’m really having a hard time getting outraged at providing developers with other options. Without thinking about this too much, I’d probably prefer to come across someone using the code snippet above than some of the other horrible half assed approaches to data access I’ve seen in my time – simply because of the fact that the LINQ query above would be a great candidate for some quick wins via some easy refactoring.

To me it’s the naming of the DLL that’s the worst part – Microsoft.Data really does sound quite official – Microsoft.Data.Lite or something which signifies that it is by no means the end all and be all choice when it comes to data access might have been a much better choice, as well as being a simple way to give new developers a clue that there’s a bigger world out there – the world of ranting in blog comments about the “right” way to do things.

Link: Microsoft.Data.dll - A re-introduction

Link: Introduction to Microsoft.Data.dll

Link: Microsoft.Data: Why It's Not All Bad

Tags: Microsoft, Web Development, LINQ to SQL, Entity Framework

posted @ Wednesday, August 11, 2010 8:58 PM | Feedback (0)

Issues with iPhone mail and Exchange since applying iOS4?

They seem to be fixed with iOS 4.0.1. My mail was syncing, and then not syncing, and coming up with “Unable to verify account information” – until I applied 4.0.1 and low and behold my mail returned.

It seems I really need to get into the habit of plugging my phone into iTunes more for updates.

Tags: Apple, iPhone

posted @ Sunday, August 08, 2010 6:29 PM | Feedback (0)

TortoiseSVN “The file or directory is corrupted and unreadable” on Windows 7

I’ve hit this a couple of times recently, but it wasn’t until last night that I had cause (and time) to do a bit of research into it.

It occurs when you’re adding a large amount of files to Subversion, and appears to be due to the disk indexing process and/or anti virus. Some people’s experiences vary, in my case it seemed to be excluding my repository locations from indexing which solved it, but others seem to have fixed it by excluding their code locations from being scanned by their AV software.

The other side affect is that it triggers a chkdsk when you restart – I’d not linked the chkdsk scans to the Tortoise error, partly because I usually sleep my machine, and only reboot once every couple of weeks. I’d still noticed the chkdsk scans and thought “Hmmm", so it’s nice to know/hope they’ll be going away now.

Here’s a couple of links with more info:

Link: 64-bit TortoiseSVN on Windows 7 says “file or directory is corrupted and unreadable” then runs chkdsk
Link: SVN: TortoiseSVN Can’t Move .. The file or directory is corrupted and unreadable (Windows 7)

I mentioned a repository corruption issue in a previous post, and it’s interesting to note that I recognised the revno which was corrupted – it was from a session where I tried to check in a large amount of files, and received this error message. It may just be a co-incidence, but I found it slightly eerie.

Tags: SubVersion, Windows

posted @ Thursday, August 05, 2010 11:52 PM | Feedback (0)

Subversion’s “read length line” error

When I did something stupid as a kid my parents would occasionally say words to the effect of “We’re not angry with you, just disappointed”. That’s how I feel right now with Subversion after finding out about this repository corruption issue which seems to have been lurking around for a while.

Finding such a bug in any system you rely on as heavily as a source control system is always going to hurt, and more so if you find about about it first hand. I’ve been unable to repair the repository in question, and although it’s not much of an issue as it was a recently created code branch so we can quite happily drop the history and start again – the bigger issue is doubting your source control system. It’s not a nice feeling.

If you’re still reading at this point, then you might like to ask…

What is the “read length line” error?

This particular error manifests itself because of a particular kind of corruption that has occurred in the repository. Malcolm Rowe provided a great analysis and description of the problem here: http://svn.haxx.se/dev/archive-2006-02/0473.shtml. To put it in a nutshell, the crux of the issue is that two handles are eventually opened to the transaction by mod_dav_svn, and one of them is freed later which ends up writing the remaining portion of it’s cache. The end result is that the representation is now malformed, and this extra data has invalidated a number of the offset specified later in the file. The “read length line” error is a result of the the backend trying to read from the wrong offset.

And then, your next questions might be…

What can you do about it?

At the moment, not much. The root cause of the problem is very elusive, making it extremely difficult to track, and more difficult to produce. If for some reason, you’ve come up with a reproduction recipe though, please emaildev@subversion.tigris.org, as we’d very interested in having such a recipe. However, I feel it’s mostly an issue with configuration, load, and some decision process that Apache2 makes when deciding to fork a new process to handle a request, coupled with some other error, making this a very difficult bug to reproduce.

 

What is the Subversion team doing about it?

The team is aware the problem exists, and is eager to get it resolved. There are on-going discussions of how to fix this issue, but without knowing where the problem actually resides it’s difficult to fix this issue properly. We may just end up masking the problem if we aren’t careful. That said, there are discussions right now about limiting the write handle to a transaction to just one process. That comes with some tradeoffs, mainly in terms of commit speed, as we may not have the option to pipeline the commit operation.

So it’s a nasty issue, and if you got here by googling because you’ve got a corrupt repository then you’ll probably want to try these links and hope they see you right:

Link: fsfsverify - jszakmeister’s techblog
Link: Repairing A Corrupt FSFS Repository

I’d really love to see this one fixed. For now I’m going to be splitting a few groups of code into their own repositories in order to minimise the loss if this ever happens again, as well as making a few minor revisions to the repository dumping/exporting/backup nightly processes

Oh, and crossing my fingers.

Tags: SubVersion

posted @ Thursday, August 05, 2010 11:39 PM | Feedback (2)

Pixma MP980 on Windows 7 driver issues

I’ve had a few issues reinstalling the drivers for my Canon Pixma 980, and this morning I found a post which worked for me: Installing Scanner Drivers for my Networked Canon MP980. I actually didn’t experience the exact error mentioned in the blog, but the fix worked none the less.

The Pixma was one of those things which sounded good on paper (no pun intended) – I needed a multi function printer, and the MP980 looked like it’d do everything I need for work, plus let me mess about with printing photos. I print about once or twice a month and so didn’t think that ink consumption would be an issue.. but I was wrong. This thing drinks ink, and while ink consumption for ME isn’t a big deal there’s another user of the printer who seems to hate trees. What’s also a big deal is having a custom “Gray” cartridge which you can’t buy off the shelf, and needs to be ordered in.

The paperless office, you can’t arrive here soon enough.

posted @ Thursday, August 05, 2010 1:30 PM | Feedback (0)

TinyMCE and “A potentially dangerous Request.Form value was detected”

If you’re currently using TinyMCE and are disabling page validation to get around the above error then you’ll probably want to read this post: TinyMCE and “A potentially dangerous Request.Form value was detected”

This becomes more useful if you’ve upgraded your projects to .NET 4.0, as it means you can get rid of the config tag to force your application to use the 2.0 validation model. Legacy support, eeeugh.

However be aware that if you’re using ScriptManagers anywhere that they don’t seem to like the new validation model too much, so if you’ve got any of them lurking in your project then you’ll still need to use the 2.0 mode.

Tags: ASP.NET

posted @ Tuesday, August 03, 2010 5:32 PM | Feedback (0)