in

ASP.NET Weblogs

Phil Scott's WebLog

Quite exciting this computer magic

March 2003 - Posts

  • Code Bloooooat

    Sam has discovered the wonders of .NET sucking up disk space.  Although, I'd be surprised at it already eating up 6GB with just the OS.  I've got VS.NET 2002, all of Office 2003, and SQL Server and right now I'm at 5.5gb.  If I was to take a guess, it would be a paging file out of control.  Right now, w/ 512mb of ram the max size is set to 1.5gb.  I'd image that if you had 1gb of RAM, it would swell to 3gb.  I mean, it's hard to imaging that you could get 6gb of data from one CD :)

    I was hoping to be able to take my companies 2k3 Standard Server, throw it on a Virtual machine, and burn it to a CD for the other trainers here at work.  But with RC2, that OS was over a gb by itself without the paging file.  Also, if you are like me (hopefully not), you might have a three of four virtual machines based on the same OS.  I might throw together a little tutorial on taking advantage of the redo log so that you only get the 1gb hit for the OS once for however many virtual machines out there you might have.  Anyone interested? 

    Posted Mar 30 2003, 01:31 PM by Phil Scott with 1 comment(s)

  • All the Rage

    Stuck at work setting up my class, so I've decided to blow some time with this BlogShares thingy after seeing Scott and Eli joining on.  Now I just need to figure out who to invest in. 

    Listed on BlogShares

    Posted Mar 30 2003, 12:57 PM by Phil Scott with no comments

  • impersonation enable="true"

    I'm curious to how many people are simply adding ASPNET to their logins in SQL Server instead of using impersonation.  Most books I've read simply don't mention it.  My 2310 course (Developing an ASP.NET Web App) only faintly mentions it as an option in configuring your app.

    I've been preaching that you should be doing impersonation, mainly on the basis that if you have two web applications running on the same machine they both may have drastically different security requirements and you can easily give your "What's for Lunch Today?" app way more authorization than it needs because it is running on the same account as the "Patient History Application."  And I think we all know the "What's for Lunch Today?" app which we pawned off on the interns will not be written using the greatest of security guidelines.

    But now with Windows 2003 Server, apps will no longer try to use the ASPNET when using SSPI, it will be using the Network Service account.  Eeek.  And the suggestions from people (including MVPs) out there haven't looked so great either.  I've seen two suggestions so far:

    1. Run SQL Server in mixed mode.  Specify username and password hardcoded.
    2. Add the IIS_WPG group to your SQL Server login.

    Neither of these are good answers.  Running SQL Server in mixed mode definitely lowers the security of your applications.  Not only will you have to specifiy your username/password someplace in your application, probably in plain text, but many attacks on SQL Server focus on slamming into your database using username/password combos.  Now hopefully your server is behind a firewall, but as we saw the slammer worm that might not be the case.  Heck, firewalls may even be illegal in your state soon.  Just kidding, maybe. 

    As for the second option, that's just as nasty as adding ASPNET to your logins I think.  Opening up the same can of worms that we saw in the lunch application situation.  Plus it is just plain icky.

    Create a windows username/password for each of your applications.  Give them the bare minimum of security needed to work.  Use the impersonate option, and use Windows authentication for SQL Server.  This will make your current apps more secure, and easier to move to Windows 2003 Server when the time comes.

    Oh, and if you are the person out there hard coding SA w/ a blank password into your applications, I can get you a heck of a deal on some SQL Server training.  I ran into a trainer last year who was hired as a consultant to secure a companies database servers, and the first thing he noticed was the sa account had a blank password.  Better fix that.  Within 15 seconds the tech support lights lit up.  Every app this company had was written with the sa account hard coded.  Not only that, but they had hardcoded the connection string each and everytime they connected to the database, and some apps the source code wasn't even available.  His eye actually exploded.

    Edit: Now with a headline!
    Edit Two!: KB article INFO: Implementing Impersonation in an ASP.NET Application

    Posted Mar 29 2003, 02:33 PM by Phil Scott with 5 comment(s)

  • C# vs VB.NET books and the such

    Don mentioned the fact that the C# version of the books have been doing much better sales wise than their VB.NET brother (or little sister depending on who you ask).  I happen to have been collecting some data on the training worldwide in a side project from our corporate headquarters, www.newhorizons.com.  Now based solely on the dates on the website as of two weeks ago, here's the breakdown in scheduling of the classes.  I should mention that I don't speak for New Horizons or even my individual center.  I just went to their website and grabbed data.  Break it down:

    2609 Introduction to C# Programming with Microsoft .NET: 5 courses schedule
    2559 Introduction to Microsoft Visual Basic .NET Programming with Microsoft.NET: 47

    Both of these classes are designed for someone who's been programming windows or web for about 3 months.  Beginning type stuff.  Well, I've had 20yr vets of COBOL or other mainframers who've loved the classes as they escape COBOL.  It seems to me that for beginners, VB.NET seems to be the way most are going. 

    A little more advanced.  These next two classes are high paced classes.  They do not follow the same outline at all, in fact the C# course is 5 days on the language alone.  The VB.NET one covers the changes since VB6.  In fact, while the VB.NET course has Web Services, ASP.NET, COM+, WinForms, and components all covered, the C# course never leaves the console.  Still a little comparision because I ran the query:

    2124C Programming with C#: 15
    2373B Programming with Microsoft Visual Basic .NET: 79

    Perhaps the most interesting one would be course 2565 vs 2555.  Same exact class (on Windows apps), but one has the examples in VB .NET and the other in C#:

    2565 Developing Microsoft .NET Applications for Windows (Visual Basic.NET): 35
    2555 Developing Microsoft .NET Applications for Windows (Visual C# .NET): 10

    Perhaps this tells more of a story about language preference for developers whose company sends them to training vs the developers who get excited about an ASP.NET book and run out and buy it. 

    Posted Mar 27 2003, 08:32 PM by Phil Scott with 3 comment(s)

  • Essential ASP.NET

    With Sam raving about Fritz Onion's Essential ASP.NET book, I decided to pick a copy up myself.  Heck, it meets Phil's Theory of Book Buying #3: "Buy anything with Ted Pattison's name on it."  Plus, I'm teaching an ASP.NET class next week and maybe a bit of Fritz's brilliance will rub off on me :) 

    I even drove down to the Barnes & Noble and bought the book 1997 style over the counter for the list price.  I was tempted to pick up Keith's ".NET Web Services: Architecture and Implementation with .NET" but I think I'll just pick that book up with my next big book purchase because $50 bucks seems a bit steep, and I can hold off a week or two. 

    Of course I had to choose between the VB .NET or the C# edition.  Normally, in cases like Ingo's book or Applied .NET, I naturally just pick up the C# version because they're the first one out.  But I think I can read VB.NET with a lot less effort than I can C#, so I went with that.  Plus, 99% of my students are working with VB.NET so if they're going to be flipping through a book, C# sometimes scares them off.

    Now my question: "Essential ADO.NET" or "Pragmatic ADO.NET: Data Access for the Internet World."  I think I can hear my credit card company drooling...Of course, as Scott said, if DevelopMentor has any books laying around that they'd like pimped in a classroom, I'm willing to "review" them for students.

    Posted Mar 27 2003, 04:30 PM by Phil Scott with no comments

  • Google & .NET

    That's true as long as you don't actually use MSDN to do your searching.  Compare the hits from:
    Searching MSDN for ADO.NET
    Searching Google for ADO.NET (limited to Microsoft.com)

    [Sean & Scott]

    What I think is funny about this example is that search for ADO.NET on the sneaky Microsoft Google search (http://www.google.com/microsoft) won't work.  Give it a shot.

    I cannot fathom how a name with dot in it because standard (ever try to create a folder called .NET?).  I've also had to explain to our sales people before that even .COMs can use .NET.  Yes, I'm serious.

    At least the Google search for C# is working.  When it first was announced all you'd get where links to GCC and the such.

    Posted Mar 25 2003, 02:03 PM by Phil Scott with 4 comment(s)

  • Double Whammy

    Argh.  The dreaded double whammy.  Not only is my team out, but my bracket is more hosed than normal.  I've did much better in past years when the Cards haven't been in the Tourney.

    I'll take the loss though.  That Archey kid had the game of his life, and we were at the other end.  I think he went 8/10 from 3PT range, with hands in his face every shot.  It will be a shame to see Simeon, Reece Gaines and Erik Brown gone though.  All but Brown will probably play pro ball, and Brown's a good kid so I'm sure he'll see success in life.  Marvin Stone's last game he went out like a straight chump. 

    Well, perhaps I'll be able to concentrate on work.  What am I saying, my bracket is hosed already so let's root for the underdog!

    Posted Mar 23 2003, 04:35 PM by Phil Scott with no comments

  • Ok, But That's the Last Straw

    But they still do! Go to the VS 2003 launch in your area and you will get a VS 2003 shirt and most likely a VS 2003 mini-notepad.
    Jesse Ezell

    Argh.  If someone at Microsoft happens to read this, here in Louisville (the 16th-largest US city) we do have Computers and even people using VS.NET.  And I could use a new t-shirt :)

    Posted Mar 22 2003, 08:00 PM by Phil Scott with 1 comment(s)

  • Hey Jay Bilas, how's your Bracket?

    Greg 'Big Daddy G-Man' Robinson is in the lead in the prestigous .NET NCAA Tournament challange after a couple of serious scares from Maryland and Wake.  Not only that, he's doing better than 98.4% of the country.

    Myself and Dave Bettin have a fierce battle for the bottom standings, but how could you not like Dan Bright taking UNC Ashville into the sweat 16.  When I filled out my bracket, they still hadn't even played the play-in game. 

    Everyone's still in good shape though, at least no one has lost a final four team.  What an opening two days of basketball!  I need a nap!  Go Cards! 

    Posted Mar 22 2003, 12:46 AM by Phil Scott with 2 comment(s)

  • Mono

    Mitch Rupp pointed towards an article on Internet Weekly about the progress of Mono.  Some quotes I found interesting:

    The Mono Project is also working on ASP.Net- and Web forms-compliant features for the Mono platform but Microsoft won't have to worry about the Mono Project using Windows Forms. "We don't care about Windows Forms," de Icaza said. "We think it stinks."

    and...

    Oddly enough, de Icaza said the Mono Project is aimed more at Web applications than Web services. "Mono is an implementation of the .Net Framework, not Visual Studio, Passport or .Net services. Web services can't run on Mono today," de Icaza told an audience gathered at the Hynes Convention center in Boston. "A lot of people are excited about Web services, but I don't know why. Web services don't have as much application as everyone makes it out to be. Bill Gates says everything will be Web services-based, but they're not as useful as everyone thinks."

    Passport or .NET services? WTF is this guy talking about? Now, I KNOW de Icaza is smarter than me. But does this guy only get his news about .NET on Slashdot or something? Wouldn't implementing the .NET framework automatically give you the ability to implement web services? I would chalk this up to just poor reporting, but the "not as useful as everyone thinks" comment makes me cringe. 

    The combination of his disdain for Windows forms (the API, or just that type of app?) and also web services leads me to believe that he feels that the power of .NET is creating neat-o web applications real easy.  Now, granted, you can do that.  But some of the real power is creating applications for Windows (or maybe OS X if Mono goes that way) that have the ease deployment, scalability, and extensibility of the web applications, with the added benefits of a rich client.  Right?

    Posted Mar 21 2003, 01:48 PM by Phil Scott with 1 comment(s)
More Posts Next page »
Terms of Use