Restless C#ding

While recreating some boilerplate code that winds up getting created for every set of apps -- including a membership provider, roles provider, etc, I initially went right for setting hashAlgorithmType based right on the enum.

More info about membership properties here.

This enum only gives three values -- MD5, SHA1, and None. The problem here is that both of those algorithms have been proven broken for some time (hopefully ASP.NET 4.0 will resolve this!). The answer of course is to use something with a little more difficulty to it... say by using SHA512Managed() and a salt. This is just another one of those times when setting values to canned possibles can be a dangerous move. This is especially true with authentication / encryption.

 

Wow... it's been a while since I've updated this blog.

Today's topic is one that took me a while to get to... not to writing, but to actually implementing. More to the point, it took me an eternity to

be convinced that a) vms for doing work (even for yourself) at home is a Good Thing (tm), b) is not just good, but essential, and c) vmware is a

better product and easier to use than MS Virtual Server and Virtual PC.

Some things it takes me a while to get drilled into my head on -- these are the lessons that are hard learned. I say this as I just exit my own webform post editor in favor of writing my posts in notepad... this is something I constantly harp on my wife for as something you just should not do. Who wants to rewrite a 3 page textbox entry after they've already typed it!

That was actually a poor segue, but it at least serves to illustrate my point... avoid getting burned.

I'm a developer. I like cutting edge stuff.

Those two statements together? Beta Testing for the win.

Over the years (well, since I tricked my way into the win '98 beta back in high school), I've tried countless software that was close-to-but-not-quite ready for prime-time. I've lived without a functional dvd player, lived without sound. Lived without being able to display anything on screen (well... except for BIOS), and headed into it face-first. (Till Windows Home Server!)

With my development environment, I've learned that VMWare is the best way to allow me to try out whatever betas I want on my host OS (currently running Win7 with nary an issue, now that I've told it to ignore the fact that the 64bit drivers are unsigned, and got my hands on some beta drivers for other cards). All I have to do is use some snapshots in VMWare Workstation, and I can revert back in the dev environment to stable points! Now I can have my nightly builds of resharper 4.5, and roll back if I hosed my working environment! Add to this the fact that I can share my USB devices, and now I can synch my iPod when I'm out of the state. (I can also have the VMs net connection go through my cell phone... really cool if I'm on the road)

The other cool things are being able to use Unity to have virtual applications running side-by-side with host windows, and being able to have my native 2560x1600 resolution OS on a virtual machine. For $189 this is invaluable, even though it's a steep price to begin with.

 

 

Working with unit tests and CI in a team environment poses some interesting process challenges. It's good to enforce the stigma of the Broken Build, but process should help prevent that scenario from ever occurring in the first place (disclaimer: I've been party to responsibility for broken builds twice in two days, ashamedly).

I'm thinking the following process should be enforced:

1. Write Tests (TDD & all)
2. Write Code to pass Tests
3. Refactor
4. Make sure Code passes Tests
5. [placeholder -- ready for checkin] Prepare for checkin by:
6. Update code (get latest)
7. Build
8. Run All Tests
9. Refactor as needed
10. Checkin Code

If this process is not used, there's a more serious concern of regression tests only getting caught at the automated CI build, rather than through the everyday making sure that tests are going to pass proactively prior to actually submitting code to the source engine.

I don't know how everyone feels about pagers, and specifically about the GridView, but it's sometimes the quickest way to solve a problem. I had worked on an isolated area of an application where GridView seemed like a good fit, although the built-in paging mechanism never quite seems to fit the bill.

So I did some research, and came across this blog post by Francisco Santos, Jr., giving a very clean-looking paging system. The best parts about it are the instant notification of just how many pages are being returned, coupled with a dropdown to choose which page to actually go to. The blog post is flawed in that it never mentioned that the ImageButtons in the PagerTemplate needed to be bound to the Paginate method he declares (sometimes the best part about a blog post is the comments!), but other than thatt, the approach is good.

Also cool on his blog is a post about a script outline add-in that allows you to use Document Outline with Javascript. It's written for VS2005, so I can't guarantee it'll work for 2008.

While looking around the net today for a specific control, it's amazing the number of javascript do-everything libraries that are out there. From mochikit and scriptaculous, to Yahoo.UI and Google's offering, to various ajax libraries like Microsoft's AJAX.NET, AJAX.NET Pro (the non-MS offering), and many many others, the number of choices is amazing. It seems they all have thier shortcomings, but that doesn't stop the devs on these projects to continue their broad scope.

What I came across that was a bit unusual was a framework that relies on a compiler that runs at serve time. Called Jitsu, it's yet another UI, animation, data binder, and AJAX library. The site looks pretty stale (circa 2006), but the approach was interesting because it was different.

Ahh the variant. It provides so much ease in writing code, and yet can cause so many headaches. In Javascript, I learned today what joys and pains of assumption of datatypes through boolean expressions can provide. Take the following simple statement:

var x=true;
var y=false;
if (x || y)
  alert('true');

In this case, x is ORed with y, resulting in an obvious true. But we're assuming boolean values. What happens when one has the possibility of not being boolean?

So the creators of javascript saw in their wisdom to add strong-ish typed declarations. You can declare a boolean explicitly, like so:

var isInAGoodState = new Boolean(true);

So all is happy and we can use good booleans. However, there's also an implicit declaration that's much better in terms of performance:

var isInAGoodState = !!(sourceValue);

Essentially saying not-not-sourceValue, using a double negative, results in a true statement. The amazing thing here is just the scale of the performance gain. From a source example, "Overall, the performance gain for using implicit conversion averaged out to 53% across browsers after 10 tests"

My latest most-used resharper tip these days has been: Go to Inheritor. This is fantastic when tracing through code for debugging, and winding up at an interface. Go to Inheritor (Alt+End if you use the VS shortcuts) will jump to a list of classes that implement that interface.

Alternatively, Alt+Home will take you back up from the implementation back up to the Interface.

I found something rather interesting by chance today. Conchango Scrum Template for TFS. It looks to be pretty immature, but it's nice to see that even a product as large in scale as TFS can support scrum.

Personally, I find that Rally is sufficient for most tasks, lacking only a properly functional visual studio plugin (there's one available, but seems to disappear quite often; perhaps that's just my machine).

Don't know how I missed this, but Silverlight 2.0 has been released!

Get it here: Link

After working with SourceSafe for a few years, working with SourceGear's Vault for a couple, and TFS briefly, VisualSVN was recommended to me.

This engine was extremely easy to set up,  and even easier to update for patches. This was the main contention I had with Vault. The visual studio plugin is $49, but "It Just Works", and in my opinion is worth the expense. This is especially true considering the server itself is free.