May 2004 - Posts - Jon Galloway

May 2004 - Posts

[Bookmarklet] Copy text with links

Someone contacted me through my blog and asked if I knew of an IE Addin that would copy page text with expanded url's, so Google becomes [Google](

No, I didn't. So I wrote a quick bookmarklet that does it: Copy Page Text
It reads the page text (not the HTML, the text), expands out the URL's, and copies it to the clipboard. Just add it to your links toolbar or favorites in IE - much more info on installing Bookmarklets on this page - lots of good Bookmarklets there, too. Basically, they're Javascript functions (usually operating on the current document) that you bookmark, so you're effectively adding new features to the browser by adding a link.

Two other cool Bookmarklets I ran across:
Printable Link Footnotes
Grabs all URL's from a page and adds them as footnotes at the end of the page.

Sort Table
Makes all HTML table on a page sortable by all columns (doesn't seem to work on this page, but it works well on other pages I tried)

Posted by Jon Galloway | with no comments
Filed under:

[Tech-Ed] One of the best values at Tech-Ed (even if you're not an attendee)...

The hidden gem at Tech-Ed is the Microsoft booths in the Exhibit Hall .

They have a separate booth for each technology - SQL Server, ASP.NET, all the different server products, etc., and the people at these booths are developers / dev leads / program managers / etc. folks that really know their stuff. I pestered the hell out of the ASP.NET group and they answered tons of questions for me. I was wishing I hadn't had those two free beers and had a written list of questions - they were answering my questions a lot faster than I could ask them.

Non-attendees can still go to the Exhibit Hall - tickets available onsite for Wednesday and Thursday. I've heard it's $75.

Posted by Jon Galloway | with no comments
Filed under:

[Tech-Ed] DEV320 Visual C# Best Practices: What's Wrong With this Code?

Good presentation - disguised a best practices talk as a quiz to keep it interesting. Much tougher to spot the problems then to nod along with a bullet points about writing good code.

Not gonna try to summarize this - just point you the the slides. They're pretty self explanatory, you can get through them in a few minutes, but you'll get more out of them if you try to spot the problems before going to the next slide to see the answer.

Good stuff on exception handling, resource management, performance issues, and some sources of nasty bugs.

Okay, just one thing - did you know you can cast an arbitrary int (or whatever the underlying datatype is) to an enum without generating any kind of error?

enum EmployeeType {Grunt, Manager, Executive }
EmployeeType text = (EmployeeType) 50000;

Posted by Jon Galloway | with no comments
Filed under:

[Tech-Ed] WIN321 Running IIS Web Farms: Tips and Tricks

I attended WIN321  Running IIS Web Farms: Tips and Tricks Monday. The slides are online here [updated], but here are some high points:

Datacenter Overview
$4 million anual datacenter budget - pretty cheap for what they do.
Doing less with more - consolidation, etc. - same pressures most IT shops face.

They use NLB heavily.
Content Management Server for TechNet content
Sharepoint for search

AMD 64
Moving to AMD 64 for more real and virtual memory
4GB RAM vs 2GB RAM - Immediate (ASP.NET 1.1 is 32 bit)
TB's of virtual memory in ASP.NET 2.0 (full 64 bit support)
Running 32 bit code on 64 bit (WOW64) only 1% CPU overhead
Trial and Beta versions available
WOW64 in W2K3 SP1

Data management
Significant amount of data - 100GB content, 2-5 GB changes daily
No fileshare - files are local on box, boxes in farm are clones
Content distributed by glorified RoboCopy

Server Build Process
VBS Batches (included in slides)
Baseline - Initial OS / Webserver install
Site Specific - Reg settings, etc., for site
Not using Ghost / imaging
Not using Web Gardens (per CPU instances)

IIS 6.0 App Pooling
Protect good apps by putting in separate pool
Logical groupings of "bad apps" in app pools

Resource Management
WSRM (Windows Server Resource Management) for CPU management
App Pools for memory management

Tips / Tricks (Many in IIS Resource Kit)
IISCNFG /EXPORT (Metabase Replication / Backup)
IISCERTDEPLOY.VBS (push certs to servers without getting on each machine)
Metabase Explorer - Migrate metabase from IIS 5 to IIS 6 by drag / drop config from one instance to another
Logparser, Logparser, Logparser!
PSEXEC (SysInternals)
Logparser / Netmon to detect SYN attacks
Replay Weblogs with Logparser and Webcat

Hotfixes without reboots
Analyze Hotfix (INF files, Tlist, Filemon) - determine processes that need to be shut down
Run Hotfix inside a wrapper (Kill processes, install hotfix, restart processes)
Tricky process, tested thoroughly and roll out cautious and distributed

Hack defense
Crazy stats about number of hack attempts per day
Using Logparser scripts that run every 15 minutes - near realtime log analysis
Hardware packet filtering to drop bad packets before they hit webservers

Server Performance Advisor (W2K3)
Should be released within a few weeks
HTML reports with all kinds of goodies, uses ETW

Posted by Jon Galloway | with no comments
Filed under:

[Tech-Ed] BOF RSS Without the Blog

(don't worry, I'm not going to be able to attend that much of Tech-Ed so I'm not going to be blogging every single session)

Ray Schraff lead a BOF session on uses of RSS beyond blogging. It was interesting, and he's a very bright guy. There were only about 10 people there, which was good and bad - limited input, but pretty relaxed so everyone could speak up.

He talked about RSS Annotations in the Longhorn SDK (something I'd missed). He used it as a springboard - if an SDK page can use RSS, what else can we do? He talked about using RSS to push business information - transactions, account information, workflow events, etc. One benefit is the smooth integration with "sometimes connected" (offline / disconnected / remote) client applicaitons. RSS aggregators handle this smoothly, so why not leverage it in business applications?

The question of bandwidth was raised - people have been concerned that RSS is pretty chatty and will bring the internet to its knees. Ray pointed out that since it's text only, most RSS responses are far smaller than an internet page response, since it doesn't include all those 50+ KB gifs.

Someone else asked why not just use e-mail for statusing. Ray said one big reason is that we can't really trust our e-mail anymore; it's so flooded with spam. With RSS, you request from a server you've subscribed to, so you can't be spammed (and if you do, you unsubscribe).

Another question concerned security. If there's a feed that has my transaction information, I want to be sure no one else can subscribe to it. We discussed extensions, wrapping the RSS communications in a secure SOAP message, and querystring / HTTPS approaches.

Then there's the issue of RSS spec fragmentation. Ray said if he's targeting aggregators, he'd probably use a RSS .9x, otherwise he'd use RSS 1.0 since it's got RDF support and is therefore extremely extensible.

One other thing Ray brought up was the difficulty of keeping OPML and cached content (read / unread) status in sync between work and home machines. He uses a memory stick to cart his SharpReader info back and forth. I know BlogLines is supposed to answer this quesiton, but didn't work all that well for me. The guy that writes an aggregator with a bundled OPML hosting system's gonna make at least $5 (mine).

All in all, this was a good discussion - interesting to see where this goes.

Posted by Jon Galloway | with no comments
Filed under:

[Tech-Ed] BOF - Code Generation

Scott Hanselman lead a BOF on Code Generation. I agree with Andres - there was a lot of discussion on business rules definition, which was interesting but I think took away from more common uses of codegen.

Peter Provost was talking about using the Code DOM to crank out one off's. Peter's a lot smarter than me, and can probably burn the extra brain cycles on the Code DOM complexities. Seems like a lot of work to me.

Others talked about using XML and XSLT to write their code for them. I agree with the sentiment others expressed - XSLT is not an easy language to program in. Programming logic into XLST is like writing procedural cursor based T-SQL - you can do it, but it'll make you cranky and you won't understand how it works in three months. I like the declarative model in concept, but the XSLT work I've done has been tedious at best. 

John Lam talked about the "angle bracket tax" of XML, but he was advocating what basically amounted to writing your own language. I don't know about that - codegen's supposed to create less work, right? Once again, I guess if you've got some cycles to burn then go for it, but I'm looking for solutions that simplify my work. I'd rather not have to debug my custom code generation language while I'm trying to complete a project.

So, to sum it up... people were talking madness and I felt like I was taking crazy pills.

Then in the last 10 minutes, Scott presented what he's doing. He's using CodeSmith. I use CodeSmith. I love CodeSmith. CodeSmith is easy - it's ASPX code, which I know. It's powerful. It's easy. It seemed they were pumping sanity back into the room through the ventilation system.

Scott pointed out the difference between generating code based on nouns (domain information) vs. verbs (business rules). He said you should start with what's easy to describe - the nouns. Agree. Describing nouns is easy, so it's easy to automate. Describing business rules (e.g. tax code) is not easy. As Scott said, starting with CodeSmith's Strongly Typed Collection Classes is a good way to get a quick win with codegen.

Scott's company uses XML Schema to define entities. The elements have domain specific attributes. They've extended things quite a bit - for instance, the properties have custom attributes which describe formats. The data is isomorphic. That's good, I think.

They's then gone on to describing the business rules using WSDL. Purty slick. They map multiple inputs (database, mainframe, etc.) to multiple outputs (web, wap, client) through a generated framework. Cool.

We've been using CodeSmith quite a bit at my work - I've been meaning to blog about some of the things we've come up with (extending codegen code with support for regen, custom filtering, etc.). I'm sure it's all been done before, but might save someone some time.

So, I enjoyed the session. I wish Andres had spoken up (I'll try to catch up with him at the DeKlarit booth this week), and I wish Scott had spent a little more time describing what he's doing. But, Scott ended the session by giving out copies of CodeSmith Pro so there's no way I can complain.

Posted by Jon Galloway | with no comments
Filed under:

TITLE tags for hyperlinks - little datagrid usability thing

[updated based on feedback from Rick and Fabrice]

Master / Detail pages are a snap to create with ASP.NET, but they can be frustrating on the end user. If the information you're looking for isn't on the master page, you end up clicking back and forth to find the record you want. From a selfish point of view, those unneeded round trips to the server are also a waste of server CPU and bandwidth.

So here's a simple little feature that can save some clicks - a "title" attribute for the edit links. Mouse over them to see what I'm talking about:

Edit * Requestor Phone Extension Department
200454378 Nathaniel Pemberton 7012 Marketing
200454379 Bart McKinley 2000 CEO
200454380 Nathaniel Pemberton 7012 Marketing
200454383 Walter Jennings 4302 HR

*mouse over Order ID for details

The idea is the same as an alt tag for images.

<a href= title="Monkey pictures!">Click Here</a> = Click Here

Works in IE and Firebird. Haven't tested in Lynx.

+ Code to generate the datagrid above
Posted by Jon Galloway | 1 comment(s)
Filed under:

It's a Tech-Ed miracle (for me, anyhow)!

It's like a scene out of a Christmas special. Looks like I've got a last minute opportunity to attend at least bits and pieces of Tech-Ed.

The head programmer in my group at work had a baby show up two weeks ahead of schedule, so he's not able to attend. Tech-Ed registration said they can transfer his registration to my name. It's sounding like I'm not allowed to take time off work, even unpaid, but I can hopefully catch some evening sessions at a minimum.

Woo hoo!

I have no idea what the schedules look like - gonna have to check out some recommended lists and see what's available. I'm especially interested in the ASP.NET master pages stuff, as we have a rewrite of a huge site coming up this year.

Posted by Jon Galloway | with no comments
Filed under:

Online Book - A .net developer's guide to Windows security

I "google stumbled" onto an amazing online book by Keith Brown - "a .net developer's guide to Windows security". The whole (in progress) book, including some sample code, is available online. There's even an rss feed with updates.

This book is a great compliment to "Writing Secure Code". Writing Secure Code tells you how to avoid security mistakes of all types; Keith's book tells you how to work with the Windows security model from .NET. As Keith points out on the book's splash page, the .NET framework doesn't do a good job of abstracting the gory details of the Windows security model, and it can be pretty difficult to find .NET code that calls into the Windows security API's (hello,!).

So get down and dirty with the SIDs, tokens, profiles, impersonation, priveleges, ACL's, etc. Good stuff.

And while you're at it, check out Password Minder 1.5 and his other cool security related utilities and samples here.

Posted by Jon Galloway | with no comments

[SQL] Cannot perform an aggregate function on an expression containing an aggregate or a subquery.


select avg(count(ip)) from pagehits where [month] = 2 group by ip

will give the following error: “Cannot perform an aggregate function on an expression containing an aggregate or a subquery.” MS SQL Server doesn't support it.

Solution - use a derived table:

select avg(ipcount) from (select count(ip) ipcount from pagehits where [month] = 2 group by ip) as sub

I'm posting this because searches on the error message didn't return good results, so if someone else has this problem (read: when I forget this again) this may save some frustration.

Posted by Jon Galloway | 19 comment(s)
Filed under:
More Posts Next page »