Jon Galloway

Setting up SyntaxHighlighter using the hosted scripts

I’ve tried several source code syntax highlighter systems over the years. Most inserted a bunch of ugly markup and CSS into the page. It kind of worked, but made the “love the web” burst out in tears at inappropriate times. I was really happy to see when Scott Hanselman posted on SyntaxHighlighter, since it seemed to allow for clean markup and unobtrusive Javascript.

Here’s the general idea: you set specific classes on an HTML <PRE> tag that contins your code, and the SyntaxHighlighter Javascript and CSS turn on all the magic. So you get pretty code, but it’s still text that can be cut and pasted (as all great code aspires to be).

Here’s what it ends up looking like:

[TestMethod]
public void AttributesProperty() {
    // Setup
    DummyMvcControl c = new DummyMvcControl();

    // Execute
    IDictionary<string, string> attrs = c.Attributes;

    // Verify
    Assert.IsNotNull(attrs);
    Assert.AreEqual<int>(0, attrs.Count);
}

Even better, folks have written utilities to make it easy to insert your code in the correct format for SyntaxHighlighter. My favorite is the PreCode Snippet Manager, which can integrate directly with Windows Live Writer.

Scott summarizes how SyntaxHighlighter works and how you can add the scripts to your site, so I won’t rehash it here.

But what if you can’t (or don’t want to) host the SyntaxHighligher files?

So SyntaxHighlighter is great, but what if your blog hosting setup doesn’t let you upload Javascript and / or CSS? No problem, the SyntaxHighlighter site is now offering a hosted version, so all you need to do is link to their hosted files.

For example, here’s how I set that up on my weblogs.asp.net blog (running Community Server 2007). The first trick is knowing where to put custom HTML: the Title, Description, and News area of the management dashboard:

Then you drop in the script references at the end of the News area:

You can use a specific version of the SyntaxHighlighter scripts, or you can use whatever’s the most current. That’ll make sure you get the latest updates, and I think the risk of a breaking change is pretty low. Refer to the documentation on the SyntaxHighliter site for more info, but here’s an example courtesy of Carter Cole:

<link href='http://alexgorbatchev.com/pub/sh/current/styles/shCore.css' rel='stylesheet' type='text/css'/> 
<link href='http://alexgorbatchev.com/pub/sh/current/styles/shThemeDefault.css' rel='stylesheet' type='text/css'/> 
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shCore.js' type='text/javascript'></script> 
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushCpp.js' type='text/javascript'></script> 
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushCSharp.js' type='text/javascript'></script> 
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushCss.js' type='text/javascript'></script> 
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushJava.js' type='text/javascript'></script> 
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushJScript.js' type='text/javascript'></script> 
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushPhp.js' type='text/javascript'></script> 
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushPython.js' type='text/javascript'></script> 
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushRuby.js' type='text/javascript'></script> 
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushSql.js' type='text/javascript'></script> 
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushVb.js' type='text/javascript'></script> 
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushXml.js' type='text/javascript'></script> 
<script src='http://alexgorbatchev.com/pub/sh/current/scripts/shBrushPerl.js' type='text/javascript'></script> 
<script language='javascript'> 
SyntaxHighlighter.config.bloggerMode = true;
SyntaxHighlighter.config.clipboardSwf = 'http://alexgorbatchev.com/pub/sh/current/scripts/clipboard.swf';
SyntaxHighlighter.all();
</script>

Using IIS Rewriting with MVC Routes to Keep Your Routes Simple

I saw an interesting question this past week on how to set up MVC Routes to work with some ugly legacy URL’s. There was probably several way to get it to work with MVC routes, but I recommended using IIS Rewriting to map those legacy URL’s to clean MVC routes.

Using a combination of URL Rewrites and routing rules has worked really well for me in the past. It makes it a lot easier to follow what the MVC routes were doing since it kept them nice and tight. In other words, it lets me apply the KISS principle to my ASP.NET MVC Routes.

To be clear, routing and rewriting are fundamentally different features. Routing does a lot of things some things that rewriting doesn’t, since it exists to map URL’s to controller actions. For example, routing handles the full round-trip, constructing appropriate URL’s in responses and links.

Before we go any further, I should list some of the disclaimers:

• The IIS URL Rewriting module requires IIS7 (or higher)
• IIS Rewriting requires an installation on the server – you can’t /bin deploy it
• You do add some complexity to your application by running URL’s through two layers of indirection

So, let’s balance that with some features which are unique to rewriting:

• If the IIS URL Rewriting module is installed on your server, you don’t need any special access to configure it. You can manage it completely via web.config, which brings all the associated benefits (no-recompile changes, ability to have different rules between environments, simple tracking in version control, etc.).
• IIS Rewrite rules can also create permanent (HTTP 301) redirects, and that’s turned on or off via config setting as well. There are several ways to handle that in ASP.NET without the IIS Rewrite module (I’ll talk about that later), but they’re not quite as simple as flipping a config setting.
• The IIS Rewrite module has a graphical tool to help build and test rules.
• Rewrite rules are transparent to your application. As far as ASP.NET knows, the request it gets came from the rewritten URL.

That last point is key in deciding if you want to use rewriting or routing for a specific URL: Do you want your application to know about the original URL? If it’s a URL that you’re supporting due to legacy or integration support, but it doesn’t really map cleanly to a controller action, I’d consider using URL Rewriting.

Ruslan wrote a great article on using IIS URL Rewriting with ASP.NET Routing over on the IIS.NET site, and he summarized the decision process as follows:

1. If you are developing a new ASP.NET Web application that uses either ASP.NET MVC or ASP.NET Dynamic Data technologies, use ASP.NET routing. Your application will benefit from native support for clean URLs, including generation of clean URLs for the links in your Web pages. Note that ASP.NET routing does not support standard Web Forms applications yet, although there are plans to support it in the future.
2. If you already have a legacy ASP.NET Web application and do not want to change it, use the URL-rewrite module. The URL-rewrite module allows you to translate search-engine-friendly URLs into a format that your application currently uses. Also, it allows you to create redirect rules that can be used to redirect search-engine crawlers to clean URLs.

Creating a legacy rewrite rule

You can write the rules by hand, as they’re documented configuration settings, but it’s easier to get started by using the Rewrite module’s GUI tool. Here’s how it looks:

The dropdown list of rewrite rule suggestions updates as you change the example URL in the top textbox, so the suggestions are generally pretty useful. Once you’re created a rule, you can bring it up in the editor to work with both the Match rule and the Actions.

One feature you may have missed is the Match URL pattern tester. There are lots of RegEx testers out there, but it’s nice to work with one that’s directly integrated into the product so you can test how it will actually be used.

When you’ve created your rule, it’s saved into your site’s web.config:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="RewriteUserFriendlyURL1" stopProcessing="true">
                    <match url="^([^/]+)/tags/([^/]+)/([^/]+)/?$" />
                    <conditions>
                        <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
                        <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
                    </conditions>
                    <action type="Rewrite" url="blog/default.asp?{R:1}={R:2}" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

That’s just scratching the surface of how to use the Rewrite module; you can read more on the IIS.net site.

What if you can’t use the IIS Rewrite Module?

If the IIS Rewrite module isn’t installed on your webserver, you’ve got three options:

1. Use another rewrite engine that can be /bin deployed, such as the urlrewriter.net.
2. Just handle things in Routes. This isn’t ideal, but if you’ve only got a few legacy URL’s to handle, it may be worth the tradeoff to keep you application simple.
3. Write some custom code to do permanent 301 redirects to your new routes.

There are a lot of good articles out there on the custom redirect approach. Matt Hawley wrote a Legacy Route system which uses a custom route and handler to issue 301 redirects, and Phil Haack tried to one-up him by using lambdas in his redirect handler.

If you are writing your own custom code and are using ASP.NET 4, remember that you can now use Response.RedirectPermanent to handle redirects and automatically send the 301 header.

Using CDN Hosted jQuery with a Local Fall-back Copy

There are a lot of good reasons to stop hosting your own local copies of common Javascript includes like jQuery and ASP.NET AJAX. Dave Ward summed up the top three reasons:

Decreased Latency

A CDN — short for Content Delivery Network — distributes your static content across servers in various, diverse physical locations. When a user’s browser resolves the URL for these files, their download will automatically target the closest available server in the network…

Increased parallelism

To avoid needlessly overloading servers, browsers limit the number of connections that can be made simultaneously. Depending on which browser, this limit may be as low as two connections per hostname. Using the Google AJAX Libraries CDN eliminates one request to your site, allowing more of your local content to downloaded in parallel.

Better caching

Potentially the greatest (yet least mentioned) benefit of using the Google AJAX Libraries CDN is that your users may not need to download jQuery at all. No matter how aggressive your caching, if you’re hosting jQuery locally then your users must download it at least once. […] When a browser sees multiple subsequent requests for the same Google hosted version of jQuery, it understands that these requests are for the same file. Not only will Google’s servers return a 304 “Not Modified” response if the file is requested again, but also instructs the browser to cache the file for up to one year. This means that even if someone visits hundreds of sites using the same Google hosted version of jQuery, they will only have to download it once.

Dave refers to the Google AJAX CDN because it was the only game in town at the time of his post, but since then Microsoft has begun hosting not only jQuery, but also the ASP.NET AJAX libraries.

When you consider that this is offered as a free service, why wouldn’t you be using it?

What about outages?

There’s one potential downside to outsourcing anything: potential outages. You might be tempted to brush that aside with “Hey, it’s run on a world-class CDN...” but it can and has happened. If your depends on jQuery, any CDN outages are essentially another outage for your site.

The outage scenario is mitigated by the fact that browsers should be using cached copies rather than contacting the CDN in most cases, but that doesn’t always work out in practice.

The other outage scenario – no (or unreliable) internet connection

The most common “outage” scenario for a CDN is when the browser has no internet access at all. There are two common cases developers run into this:

• Developing offline – Requiring a constant internet connection to develop your app can be really frustrating. It means you can’t develop when you’re mobile or travelling, and even when you’ve got a connection it can slow down your development feedback cycle.
• Demonstration and sample code – If you’re presenting an app or sharing demo code, depending on CDN access is an invitation to the demo gods to rain doom on your head.

The simple solution: Use a fallback when the CDN’s unreachable

Here’s a general pattern for AJAX includes with a fallback: include the CDN reference, test for a key object, and if it’s undefined you can write out a reference to a copy that you’re hosting. Here’s how that looks when using the Microsoft hosted jQuery libraries with an ASP.NET MVC application:

<script type="text/javascript" src="http://ajax.microsoft.com/ajax/jquery/jquery-1.3.2.min.js"></script>
<script type="text/javascript">
if (typeof jQuery == 'undefined')
{
    document.write(unescape("%3Cscript src='/Scripts/jquery-1.3.2.min.js' type='text/javascript'%3E%3C/script%3E"));
}
</script>

And here’s how I’d set that up with ASP.NET AJAX library references in an ASP.NET MVC app:

<script src="http://ajax.microsoft.com/ajax/3.5/MicrosoftAjax.js" type="text/javascript"></script>
<script src="http://ajax.microsoft.com/ajax/mvc/1.0/MicrosoftMvcAjax.js" type="text/javascript"></script>    
<script type="text/javascript"> 
if (typeof Sys == 'undefined') 
{
    document.write(unescape("%3Cscript src='/Scripts/MicrosoftAjax.js' type='text/javascript'%3E%3C/script%3E"));
    document.write(unescape("%3Cscript src='/Scripts/MicrosoftMvcAjax.js' type='text/javascript'%3E%3C/script%3E"));
} 
</script> 

But will it blend?

It carries the “works on my machine” guarantee. One easy way to test is to mangle the CDN references – change “ajax.microsoft.com” to “kissypoo.microsoft.com”. You’ll get a Javascript error due to the bad reference, but the fall-back reference will be loaded. You can verify that by debugging the code.

This also carries the “Lots of Upvotes On StackOverflow” guarantee, and you can see from the comments on Dave’s post that he’s looked into it, too.

Tip: File / Open / URL

As web developers, we’re constantly having to work with files that are provided via URL. The simplest case is a web page source HTML, but there’s also XML config files, images, documents (PDF, PSD, DOCX, etc.). Usually we don’t think about it, because they’re linked in a web page, so we we do the right-click/save file, then open our editor and do the file/open/browse… where did I save it again… dance. If we remember to shift-right-click/copy as path trick, we think we’ve cheated the system just a bit.

It’s even worse if we just have a URL that’s not in a webpage. How many times have you fired up notepad to type a one-line HTML file with something like this: <a href=”http://domain.com/file-i-want.xml”>click me</a>? Then you open that file in a browser, right-click, save file, dum-de-dum…

There’s a better way!  (Yes, better than wget)

Last year I was working on a video site that streamed ASX files through a pretty complex Silverlight video player. ASX is one of those funny file formats that looks a lot like XML, but isn’t, and to top it off there are some funky ASX features that Silverlight doesn’t support. So I ended up having to write an ASX parser, and doing a lot of testing against our video providers every time something strange happened with our various video feeds. I was constantly copying URL’s into one-off HTML files, and eventually I just had to go looking for a better way.

It turns out that you can open URL’s directly in Visual Studio. Try it!

Open Visual Studio (any version) and hit Ctrl-O to bring up an open file dialog, then type in a URL. Here I’m using http://microsoft.com:

When I click enter, the HTML is requested and displayed:

The Fun Don’t Stop – It Works With Other Programs And Filetypes, too!

Let’s fire up good old MSPAINT and open the .NET Logo from this URL: http://www.microsoft.com/presspass/images/gallery/logos/web/ms_net_rgb_web.jpg

Now let’s try something crazy – let’s open that same URL in Inkscape, a cross platform vector graphics editor:

What’s going on?

It turns out that the Windows Open File Dialog supports URL’s, so as long as the app isn’t using a custom dialog it just magically works. The files are actually downloaded to your Temporary Internet Files folder and opened from there. Aside from the speed of opening the files directly, there’s another benefit: rather than scattering temporary files all over your documents folder or desktop, they’re in the right place to be automatically cleaned up when you clear your temporary files.

What about saving a file, rather than opening it?

Well, it’s pushing it a bit, but for simple cases, you don’t really need an app or a dummy HTML file, either. If you’ve got a file that IE won’t natively open, you can just hit Start and type: iexplore “http://domain.com/importantfiles.zip”

At that point, though, you might as well just fire up Powershell (built into Windows 7, hit Start / type Powershell / enter) and run a one-liner:

(new-object System.Net.WebClient).DownloadFile(“http://domain.com/importantfiles.zip, "localfilename.zip")

There are some other tips about downloading from the commandline on this question on SuperUser.

Why not wget / wfetch / “Crazy Eddie’s Download Powerpack” / etc.?

It’s a fair question.

Those all work, and they’re great if you’re used to them. I’ve really been trying to simplify lately, though. One of the benefits of Windows 7 is that it doesn’t need a bunch of random shareware tweaks to work well, it just works. Could I install a file downloading app? Sure, but when Windows has so much built in, there’s no real need for most simple tasks. The big benefit is that I can hop on any Windows machine and do my thing, without having to download a bunch of extra unitaskers.

Getting started at Microsoft

So, I'm super excited to be on-boarded and efforting the realization of end-user recommends and asks! (Translation: I’ve been a Microsoft employee for three weeks now!)

A month ago, Scott Hanselman announced that I was joining his team:

We work for the group at Microsoft that runs MSDN, TechNet, ASP.NET, Silverlight.NET, WindowsClient.NET, basically all the online education stuff. The giant group is called STO (Server & Tools Online) and our little group is "stoninja." That's our internal mailing alias.

We create content for all of the sites above but we're also active members of the community. We listen and drive feedback back into the product group. We're not part of the product evangelism group (DPE - Developer Platform Evangelism), but rather we focus primarily on online content creation. I like to think that we're the team that happens you after you go File|New Project, although we're constantly influencing what happens on both sides.

I'd like to announce that Jon Galloway is joining my team, he's coming to work for us via our good friends at Vertigo (who just announced a new Vertigo Software - Portland office which is cool). It's a bit of a change for Jon and it's something he's always wanted to do. Jon's official title will be Community Program Manager but I like to think of each member of the team as a Community Liaison. We're a small group, but we're sneaky (like ninjas, just fat, middle-aged somewhat pasty ninjas) and we are continually applying pressure to what we think are the right places within Microsoft. Jon will be focusing on ASP.NET (all of it). He'll help get the http://asp.net site in shape and provide a much needed pragmatic view of all things web.

My favorite part of Scott’s post is the Venn diagram, which sums my feelings about this new job exactly:

This is exactly how I feel. My software development experiences to date have all involved helping someone solve a business problem with custom software. I started with boring stuff like environmental hazard reporting, background checks and mortgage transactions, running on older technologies. After a while, I was working on more interesting problems, like business intelligence for a major biotech, and running on fairly current technologies. Then I got the dream job as a custom software developer – working at Vertigo Software, building solutions for genuinely exciting problems (live internet sports videos used by millions of users, conference websites, a keynote demonstration for the MIX08 developer conference) using the shiniest new technologies around, very often before they were publicly released. And it was awesome – as a software developer, I can’t imagine a better setup than working for Scott Stanfield and team, building really great applications using the newest technologies.

But I had a separate “Stuff You Love To Do” circle, filled with other things that I did in my spare time – run a developer podcast, answer questions on StackOverflow, speak at code camps, work on open source projects, have conversations with developers on Twitter, get involved in as my beta programs as I could, etc. It was all about getting involved with the software development community; doing what I could to connect developers with information that would help them be just a little more awesome and happy in what they were doing. I don’t know why I like that so much, but I sure do. And while the folks I worked for were incredibly supportive of that, it wasn’t their business. Of course it wasn’t - I really didn’t expect that anyone was in that business, that there was a way to overlap the three: stuff I liked to do, stuff I’m good at, and stuff I’d get paid for (a job). It turns out there was – my good friend Rob Conery moved on after a few years at Microsoft, and told me I should apply for his old job. So I did, and was happily surprised to be offered the position.

We talked to Scott Hanselman (my new boss) on Herding Code about what our group does, if you’re into the podcast thing: Herding Code 65: Scott Hanselman on His Secret Ninja Squad and Jon’s new job. It talks about what our group does and how that fits in with the product groups, evangelism teams, etc. Give it a listen or download the MP3.

Multi-media mania

This is a public sort of position, so I guess I shouldn’t be surprised that I’m popping up in videos left and right.

Those were both cool, but the video I'm most proud of doesn't show me, or even mention my name. I got to help prepare a some of the the content for one of Scott Hanselman's appearances at PDC09, ASP.NET MVC 2: Ninjas Still on Fire Black Belt Tips:

So what’s it like so far?

Well, I’m excited and humbled by the challenge. I really believe in the work I’m doing, and sincerely hope I can do it justice.

Everyone starting at Microsoft posts about “taking the red pill” followed a few weeks later by something about “drinking from the firehose” so I’m not doing either. But, honestly, I don’t feel the effects of drinking from the firehose, at least not yet. Maybe it’s that I’ve been through firehose experiences a few times before, or maybe it’s that things are a little quiet around Christmas vacation, or maybe it’s that Scott and his team prepped me really well, but so far I haven’t felt overwhelmed by the flow of information.

That isn't to say that it hasn't been really busy. I spent the first week at Microsoft headquarters (in Redmond, WA). Here are some of the highlights:

• NEO (New Employee Orientation): It’s how every new Microsoft employee spends their first day. I was really impressed by how efficiently it was run – a few short lines to fill out forms and get a badge photo taken, followed by the rest of the day of New Employee HR sorta stuff. I was expecting torture, but they somehow made it kind of fun.
• Nerd Dinner: I finally got to experience a nerd dinner at the famous Crossroads Mall Food Court, followed by a late night trip to see Ninja Assassin (with an unruly gang including Scott, Brad Wilson, Phil Haack, Damien Guard, and Glenn Block). What can one expect at a nerd dinner? How about an impromptu overview of font hinting and ClearType by Damien, author of one of my favorite programming fonts, Envy Code R.
• Meetings with the ASP.NET team: Hanging around the Microsoft campus with Scott Hanselman felt like touring the chocolate factory with Willy Wonka. I met tons of people, but spent most of my time in building 42 meeting with the ASP.NET developers. I got one-on-one demos of some of the new things they’re working on, watched Brad debug a perf issue, and got to be a code monkey for a presentation Simon Calvert was giving. As a long-time ASP.NET developer, this was a very cool experience.
• That This Week On Channel 9 video: I got roped into that at the last minute, but it was a lot of fun.
• STO Team meetings: I met with a lot of folks on the STO (that’s Server & Tools Online, remember?) team, getting up to speed on what we’re doing. I’ll be working primarily on the ASP.NET website, so I was in on a lot of meetings about how we’re going to make that site more valuable to the community.

And after that, I headed home. I’ll be working remotely from San Diego – all of Scott’s team is remote. And it's an awesome team, too! I’ve always had a lot of respect for Scott, Joe, Jesse, Tim, and Pete, and am super happy to be working with them! Oh, look, I just said “super”. I guess it’s begun.

Open for business

So now it’s my job to make sure that developing with ASP.NET is a happy experience. I’ve already been talking to several people about helping out their community efforts, and am interested in hearing what you think I should focus on. You can reach me on Twitter at @jongalloway and via my Microsoft e-mail (first.last at microsoft.com).

My Boot-to-VHD experiment: found some tips, like it, but still haven’t found VM nirvana

Summary

• Windows 7’s Boot to VHD works as advertised – native speed, virtual machine flexibility.
• I came up with some tips and tricks which you might find useful
• Having to reboot without hibernate to switch to the VHD machine means it’s a lot less useful than I’d hoped.

Background

I’ve recently been running some early releases developer tools which came with the “install on VM’s if you don’t want your computer to catch fire” warning. That seemed like a good time to back off on my “VM’s are for sissies” stance and get my VHD on. After verifying that there wasn’t already a suitable VHD available for download, I decided to follow Scott Hanselman’s directions to set up a Boot To VHD instance.

Here’s a very high level overview:

1. Download the wim2vhd script from CodePlex
2. Install the Windows 7 Automated Installation Kit (AIK)
3. Copy ImageX.exe from the the AIK install into the same folder as the wim2vhd script
4. Run the script
5. Mount the VHD in the Windows 7 disk management screen
6. Run some funky commands to make the disk bootable

There's a little goofing around at the command line, but it's only a few minutes if you follow the directions. Then your new VHD shows up as an option on boot.

BUT WAIT! I have a few minor modifications. Rather than write a complete walkthrough of the process – since Scott and others have done such a good job there – I’m just going to list some footnotes to the process. I’ve very roughly outlined the steps above; I recommend you read through the following list of tips, then go and follow Scott’s walkthrough and use any of the below tips you think are helpful.

Mod #1: Getting ImageX.exe without installing the AIK

There are copies of ImageX.exe floating around on the internets. I normally wouldn’t recommending using them, I only mention that because the AIK is 1.5 GB. If you’re one of those irrational people that thinks downloading 1.5GB to get a 471KB program, you could search around for “download imagex.exe” If you do that, the CRC for my my 32 bit ImageX.exe – version 6.2.7600.16385 - is 54 BF FA D5. Not recommended, but it is an option.

Note: Dear Microsoft folks that make gigantic SDK’s, please stop. Those might have made sense before the internet, but… c’mon now. Here’s how utilities should be done: live.sysinternals.com. 

If you end up downloading the entire (1.5GB!!!) AIK ISO but hate installing a bunch of junk just to use one thing, you can open the ISO in 7-zip and find the find the ImageX.exe file, by looking for F1_imagex in Neutral.cab, like so:

Then you can just extract that file and rename it to ImageX.exe.

Mod #2: Changing the VHD size

The wim2vhd script defaults to a 40GB dynamic disk. Normally, I don’t really care much about the size of a dynamic disk, because the actual size of the VHD is only as big as the actual used space, and you can compact a disk to recover space as needed. However, when you mount a dynamic drive, the boot manager and host filesystem appear to reserve the maximum possible size of the of the disk – 40GB. In my case (on a laptop), that wasn’t going to work.

It’s not just a convenience thing, either – if you have a VHD whose maximum size exceeds the physical disk space available, you’ll get a blue screen of death:

(photo credit: Bart Lannoeye, see his post about the BSOD issue)

You can change the created VHD disk size using the /size parameter. For my Windows 7 + Visual Studio 2010 testing purposes, a 16GB disk seemed to work well. To do that, you’d call wim2vhd with this command:

cscript wim2vhd.wsf /wim:e:\sources\install.wim /sku:ultimate /size:16384

The size is calculated in MB, so you calculate it as 1024 * number of GB. A 20GB would use /size:20480

Mod #3: Rearming Windows to extend the evaluation time

If you’re using a virtual machine installation of Windows for temporary testing, you can use it without activation for 30 days. However, you can extend that evaluation period 3 times, giving you a total of 4 months, which is plenty of time for most evaluation purposes. It’s really simple:

Run "slmgr -rearm" from a command prompt with admin rights

This isn’t a hack – it uses a command that’s been shipped with Windows since Vista first came out. It’s not really news – Jeff Atwood wrote about it a while ago, and Ed Bott followed up with a cool tip on scripting that command to run every 30 days so you don’t forget. But it’s a really handy note, and it bears repeating.

Note: Apparently you can use the SkipRearm registry setting to extend that even further, but I don’t know if that’s covered by the EULA. I haven’t had the need to use a VM that long, so I’ve never run into that.

Mod #4 (untested): EasyBDC

You can apparently skip the rigmarole with BCDEDIT by using EasyBCD, because beta builds of EasyBCD 2.0 support the Windows 7’s VHD features.

Note: I haven’t done this. I’ve used previous releases of EasyBCD and haven’t had a problem, but I haven’t used EasyBCD 2.0 as it wasn’t out when I set up my VHD.

Mod #5 (untested): Disk2vhd

The SysInternals team recently released Disk2vhd, which can capture a disk image (while running) and create a VHD. I believe that in order to use the created VHD on the same machine it was created from, you’d first need to sysprep it, since otherwise you’re essentially trying to run two identical copies of the same operating system on the same computer, and you run into problems with drive paths. I haven’t tried this yet.

Gotcha #1: Go with Windows 7 Ultimate

Boot to VHD only works in Windows 7 Ultimate or Enterprise, not Windows 7 Professional. But you can’t use the Windows Activation re-arm trick we just talked about in Enterprise (since it uses a different licensing model). So I recommend that you go with Windows 7 Ultimate Edition.

Gotcha #2: Dual Boot means no hibernation

I use hibernation quite a bit, and only do a full reboot when I have to. So, for me, dual booting was inconvenient. It meant shutting everything down – including saving any tabs I happened to have open in IE8 (since tab saving in IE8 has been pretty unreliable for me) – in order to use the VHD partition, then shutting everything in the VHD partition down to switch back to the main one. That’s a lot of friction, and it ended up that I don’t use it as often as I thought I would.

As I write this, I’m setting up a VHD which I’ll just run under Virtual PC, because I can start it up without shutting everything else down. I still feel like it’s a great feature, just one that I’ll use less often than I thought.

Side note: Fast switching between boot instances would be a killer feature for Windows. I’d settle for multiple hibernation instances. I’ve read that it’s not enabled because of concerns over invalidating one hibernation instance while running the second machine instance, but I disagree – let me make that decision. At least give me a registry setting or something to enable it.

Did you know about protocol-relative hyperlinks?

Summary:

1. (For normal humans) IE and Firefox show perplexing messages on some pages due to a potential security vulnerability in the site you’re visiting. I’ll talk about what it means and how you can get it to go away.
2. (For web developers) Don’t perplex your users with mixed content warnings. Use protocol-specific hyperlinks to deliver your page resources (images, CSS, Javascript) using the same protocol (HTTP/HTTPS) as the page.

Do you want to only read about this puzzling webpage prompt?

If you use IE8, you’ve probably puzzled over this dialog dozens of times:

It’s kind of an odd question: “Do you want to view only the webpage content that was delivered securely?” Yes, of course! I mean, no. Well, what’s that “only” bit mean?

Fortunately, that dialog is explained in more detail in a post on Eric Law’s IE Internals blog. It’s a warning about a webpage which displays mixed content, meaning both HTTP and HTTPS. Eric explains the weird wording a bit, too: the old dialog said “This page contains both secure and non-secure items. Do you want to display the nonsecure items? That’s almost a variant of the classic dancing bunnies problem – I clicked on the page and it’s asking me if I want to see it. Of course I do. The new prompt kind of guides you towards only viewing the secure content.

In general, the warning is a good thing. Mixed content pages allow passing content between zones. That’s bad.

If added to the DOM, insecurely-delivered content can read or alter the rest of the page even if the bulk of the page was delivered over a secure connection.  These types of vulnerabilities are becoming increasingly dangerous as more users browse using untrusted networks (e.g. at coffee shops), and as attackers improve upon DNS-poisoning techniques and weaponize exploits against unsecure traffic.

Tampering with your HTTPS web page doesn’t just mean via Javascript. An insecure, tampered CSS file could do just about anything it wanted to with how the user views the page.

But this prompt is annoying!

It is annoying, yes. If it’s a site you use frequently, you’ve got some options.

1. You can disable the prompt (Tools / Internet Options / Security / Custom / Misc / Display Mixed Content / Disable). This would generally be a bad idea since the mixed content warning is trying to help you.
2. You can trust the non-secure domain (if you do trust it) and then only disable the mixed content prompt from the trusted zone. Remember that this is still a security risk, since HTTP content can be read and modified anywhere between your browser and the server.
3. If it’s a site that’s under your control, you can fix it.

Fixing the real problem with protocol-relative hyperlinks

The real way to fix the problem is for web dev's to use protocol-relative hyperlinks, such as <img src="//www.google.com/intl/en_ALL/images/logo.gif" /> - that will use HTTPS if the page is HTTPS an HTTP if the page is HTTP, preventing both the security vulnerability and the security prompt. Rather than trying to fix the links in code, we’re relying on a specified and supported HTML feature (RFC 1808, Section 2.4.3, circa 1995)

As Eric points out, you can find out which content is causing the problem with an HTTP monitoring program like Fiddler.

Adding users to a TFS project when you’re not on the domain

Visual Studio Team System was obviously designed for user groups who are all members of a Windows Active Directory domain, all working in the same local network. I’m able to work remotely (without VPN, even) as long as I’m just checking files in and out, but the Visual Studio / TFS UI won’t let me grant users permission to contribute to my projects. I messed around with TFS Power Tools, but that didn’t work either.

I ended up running TFSSecurity.exe /g+ from the command line – you can find it in (by default for Visual Studio 2008) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE. Here’s the command I ran (substituting the correct server/projectname/domain/username, of course):
TFSSecurity.exe /server:servername.domain.com /g+ "[PROJECTNAME]\Contributors" n:"DOMAIN\username"

C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE>TFSSecurity.exe /server:servername.domain.com /g+ "[PROJECTNAME]\Contributors" n:"DOMAIN\username" 
TFSSecurity - Team Foundation Server Security Tool 
Copyright (c) Microsoft Corporation.  All rights reserved.

The target Team Foundation Server is SERVERNAME.DOMAIN.COM. 
Resolving identity "[PROJECTNAME]\Contributors"... 
  [A] [PROJECTNAME]\Contributors 
Resolving identity "n:DOMAIN\username"... 
  [U] USERNAME\username (User Name) 
Adding User Name to Contributors... 
Verifying...

SID: S-1-9-1233567890-1233567890-1233567890-1233567890-1-1233567890-1233567890-1233567890-1233567890

DN:

Identity type: Team Foundation Server application group 
   Group type: Generic 
Project scope: PROJECTNAME 
Display name: Contributors 
  Description: A group for those with general read/write permissions across the project

6 member(s): 
  [U] DOMAIN\username (User Name) 
  [U] DOMAIN\username2 (User Name 2) 
  [U] DOMAIN\username3 (User Name 3) 
  [U] DOMAIN\username4 (User Name 4) 
  [U] DOMAIN\username5 (User Name 5) 
  [U] DOMAIN\jong (Jon Galloway) 
Member of 1 group(s): 
e [A] [SERVER]\Team Foundation Valid Users

Done.

Done and done.

The Designer/Developer Workflow Crisis (That Everyone’s Ignoring)

Let’s take an honest look at what passes for developer/designer workflow these days:

Why are we okay with this?

Sure, designers are fond using the programs they’ve used for years, and developers are busy debating DI vs. IOC, but we’re missing a bigger point. We’re ignoring how ridiculous the entire workflow has become.

I argued with some folks on Twitter about this a while ago, here’s the short version:

• I think it's time for designers and developers to step up on skills and care about integration.
• A designer who only knows Photoshop and Illustrator isn't going to cut it much longer (outside of print design).
• ...and some level of UI integration is going to be a minimum competency for developers.
• I think designers who deliver bitmaps are going the way of the village blacksmith. May take a few years, but inevitable.

Here’s a bit more detail on what I was thinking.

Approaching design and development separately is horribly inefficient

I’ve been privileged to work with a lot of very talented web designers over the past decade. Most of them spoke Photoshop. To quote Scott Koon, these folks see developers as compilers who turn Photoshop into websites. I’ve also had frustrating conversations with developers over the years who just didn’t see the point in this annoying standards stuff and were perfectly happy to just give up and use tables. And it all works, in the very very short term. But it only works because the people who pay the bills don’t know how ridiculously inefficient it is.

The flowchart above is funny because it’s true, the more you experience how true it is, the less funny it becomes.

Production workers need to understand - deeply understand - what they’re producing

There’s a continual flow of developer products and frameworks which all purport to sell one product: we let you write code in languages you like, so you don’t have to mess with that yucky web plumbing, cross-browser testing, and other yucky stuff – just write code all day! And many designers prefer to work at the purely visually level, preferring to live in a world of hip fonts, color schemes, and favorite Photoshop filters. At the micro level, it all makes sense.

And yet, it’s all so wrong. As members of web development teams, our jobs exist to deliver HTML. And some images, too, but really the information’s in the HTML, so that should be the focus, right? The longer I work in web development, the more appalled I come at how little professional web developers know about the core technologies of their craft: HTML and CSS. HTML and CSS should be the lingua franca of web development teams. Designers and developers should huddle around a CSS rule, both feeling at home. Instead, I hear lip service – “Of course I know HTML! And I know enough CSS to get by…”

One of the top reasons developers and designers need to be better informed about their core technologies is that they define the natural laws of the world we inhabit. For example, architects don’t ignore physical limitations when they design buildings, leaving it to engineers to make it work, and (good) engineers don’t product ugly buildings, hoping someone else can fix it with a paint job. No, beautiful and functional buildings are built by teams that have a deep understanding of what the available materials can support, and they push them to the limit. So, too, with most other professions. Why is web development is an exception to this rule?

A comp is just another word for a specification. Why are professional web developers writing specifications, when they should be designing user experiences for the web?

Server code is of no concern or value to a website user, outside of the effect that it creates in their browser. Why, then, do so few experienced web coders care about things like CSS techniques and semantic markup?

We’re doing this today

A good designer/developer workflow is standard practice where I work (Vertigo), and I’m certain it makes a huge difference in both the efficiency and quality of the end result. It requires investments (hiring, training, educating clients, etc.), but I know they pay off many times over. For instance, we’ve been able to respond to changing requirements under very short timeframes in ways that just wouldn’t have been possible if we had designers and developers working in different silos.

So when people tell me that this whole developer/designer workflow thing is just a marketing strategy, I have to disagree. I think it works in places that have tried it, and can be developed in places that haven’t.

Today, tomorrow

One great thing about developing this skill in the traditional (HTML based) world is that it’s very transferrable to RIA technologies, like Silverlight. Designers who really get HTML+CSS can pretty quickly tear into Silverlight, often finding it easier because they can substitute vectors for images.

And I really believe that the HTML story is headed that way, too. We can already approximate things by using Canvas or SVG in all leading browsers, then shimming it into IE with things like VML. Eventually I expect IE will (finally) support SVG, and we’ll see the vision of image-less pages fully realized. And then what? Well, at that point, Photoshop comps will be more obviously pointless. It’ll be clear that they’re no more than specifications, and not even very efficient in that job.

My point: an investment the whole “designer/developer workflow” is, I think, a good short term and long term bet.

And it’s an excellent career bet, too. I’m seeing a very clear trend: integrators – those who don’t limit themselves to just designing or developing – are in high demand.

Windows 7 RTM – Faster Download, Better Upgrade

Here are some quick tips now that Windows 7 is up on MSDN:

Faster download

Download via the MSDN Top Downloads link instead of the MSDN File Transfer Manager. The MSDN Top Downloads are delivered via Akamai, and my download speeds jumped from 200KB/s to 2MB/s when I switched to it. (thanks to Greg Duncan for the pointer)

UPDATE: There’s also an Akamai link for Technet Subscribers.

Upgrade from previous Windows 7 installs

Contrary to popular opinion, you can upgrade from Beta or RC to RTM. It’s not officially supported, but it’s not a hack, either. There’s a single INI file you need to edit, and it put there for just that purpose. The Windows 7 team wrote about this on the Engineering Windows 7 Blog, and Lifehacker explained the steps a little more clearly:

1. Download the RC ISO and burn to a DVD.
2. Copy that burnt image to an external drive or a spare partition. [note – I just copied to a folder on the desktop of the computer I’m upgrading]
3. Find the sources directory, and open the file cversion.ini in your favorite text editor
4. To quote directly from Microsoft: “Modify the MinClient build number to a value lower than the down-level build. For example, change 7100 to 7000.”
5. Save the file, and then run setup as normal to start installation.

This sounds more complicated than it is – download DVD, copy files to the computer you’re upgrading, edit one line of a text file, and run the setup.exe. That’s it.

I’ve upgraded a machine from Beta to RC to RTM and it worked just fine.

Note that it's not officially supported, so if you have time to do a fresh install, I'd recommend it. The Beta->RC->RTM comes only with the Jon Galloway - Works On My Machine seal. 

Pick the right version

I like the Windows 7 Edition comparison chart on Wikipedia – it’s does a good job of showing exactly what changes between versions.

Uninstall Visual Studio 2010 Beta1 (if installed) before upgrading

This would be a bit of an edge case, but since we’re talking about downloading from MSDN then it’s very possible that some folks have Visual Studio 2010 Beta 1 installed on a Vista machine and want to upgrade to Windows 7. See Scott Hanselman’s post: Vista Users - Uninstall Visual Studio 2010 Beta 1 before upgrading to Windows 7

This applies to Windows 7 RC as well, unfortunately. Scott's post points that out:

* You might be running Windows 7 RC and thinking to do an unsupported upgrade to Windows 7 RTM. If so, remember, it's not supported, but you'll have this problem upgrading too, so uninstall Dev10b1/.NET4 first.

About Upgrades

I’ve heard generally good things about the Vista –> Windows 7 upgrade. It didn’t work on my 2 year-old Vista install. Admittedly, that box is jam packed with random alpha software and I’d have been shocked if it worked. On the bright side, though, it cleanly rolled back and left me with my old Vista install.

I have upgraded two machines from Windows 7 Beta –> RC with absolutely no problems, and am getting set to upgrade them to RTM now.

Know what your license covers

The Beta test license covered pretty wide use, but the MSDN licenses are more strict. Technically, an MSDN licensed operating system can only be used for development, not “mixed-use” like games or e-mail:

Many MSDN subscribers use a computer for mixed use—both design, development, testing, and demonstration of your programs (the use allowed under the MSDN Subscription license) and some other use.  Using the software in any other way, such as for doing email, playing games, or editing a document is another use and is not covered by the MSDN Subscription license.  When this happens, the underlying operating system must also be licensed normally by purchasing a regular copy of Windows such as the one that came with a new OEM PC.

Note that the MSDN licenses does allow for “one copy of certain desktop applications on one device for any purpose”, those applications being mostly Office applications. But, as I read it, you’d need to install those Office apps on a non-MSDN licensed operating system.

I will be conducting random searches to verify that you are complying with this.

Got any more Windows 7 download/install tips to share?