ASP.NET Weblogs

Phil Scott's WebLog

Quite exciting this computer magic

August 2003 - Posts

  • Friday Fun

    Three day weekend coming up, and I've stocked up on the video games :-).  Not really, but it does seem I've purchased quite a few games in the recent weeks.  I've been pretty into Madden 2004.  It has a new feature called owner mode where you have almost compelte control over a team.  Sell the naming rights, upgrade the stadium, set the cost on the beer.  All kinds of stuff.  Make enough money to bring in the big name coaches and training staffs, fill up the roster with studs and play away.  A true football geek heaven.  I know people who have bought the game and have yet to actually play an actual football game.  They are just simulating the game out.  Crazy.

    The other gmae of choice has been Soul Caliber II.  I had the orginal on Dreamcast, and this game is just as good.  I have a case of good ol' fashion Nintendo thumb from hours of button mashing.  Very fluid weapons based fighting game.

  • At my signal, unleash hell.

    In a car crash kinda way, I was really interested in seeing what the SoBig worm was going to try to do.  Hopefully now that they've identified the servers they'll be able to dissect the payload. 

    I'm surprised this was the first worm (that I know of) that harvested documents looking for e-mail address.  I'm surprised no app hasn't harvested connection strings from .exes, .dlls, DSNs and UDL files looking to connect into databases.  I'd assume that you'd be reasonably successful at connecting into many databases.  Heck, I'd be pretty concerned about the number of those connection strings that would be logging in with admin privledges...

    Edit: It appears it is downloading some pornographic materials (source  This worm really set the tone for future virii.  People will expect suspense and drama from now on.  Computer geeks rushing across the world shutting down 20 computers before computers all over the world START DOWNLOADING PORN!  Yeah, so the ending needs some work...


    It appears there is a new variant of the MSBLAST worm that patches your machine against the DCOM overflow.  Keith should expect the black helicopter's any momment now.

  • We stay up late so that you don't have to.

    I guess I'm the anti-Gunderloy.  Historically, like most geeks, I do my best work in the middle of the night.  I might be a “night person,” but I think I just feel a little guilty “playing” on a computer during the day.  If it's sunny, I could be outside running.  If it's raining, I could be cleaning my apartment.  But at night, the only thing I have is late night SportsCenter, girl gone wild infomercials and a couple .NET books I've been meaning to dig into.  And a wide awake brain.

    Anyways, I spent the night going through the material for course 2805, which is a security clenic for developers.  My center probably won't be offering it, but if you can get into the class in a CTEC near you it's a sharp little class.  It's pretty much a very slimmed down version of the Writing Secure Code book.  They go over buffer overflows, SQL injection, Cross Site Scripting attacks and some of the methods you can use to prevent them.  Sure, this is probably old hat for some of you, but I also know there are a lot of people who didn't get a classical computer science degree, or has just recently gotten into doing web development.

    If you are an MCT, try to get a hold of revision A of the course.  It comes with a bunch of videos and demonstrations that I don't believe comes with the B revision.


    I finally got around to signing up for the KY .NET user group recently and I totally forgot about it.  You see, the last update to their homepage is has news of Service Pack 1 for 1.0 of the framework; I assumed the group was dead.  Anyways, I get an e-mail announcing that they'll be having their august meeting, with a talk presented by Chris Atkins.  I fired up google and found out he has a weblog.  Kinda cool, even if it is powered by cold fusion.  Taking a look around I noticed a link to M. Keith's weblog, right here on ASP.NET Weblogs.  Using my powers of deduction, I figure that makes three .NET webloggers in the great city of Louisville (16th largest city in the US).

    Oh, and before people freak out about me really thinking that Louisville is the 16th largest city in the US, let me assure you that I certainly know better.  What is important is that we are bigger than Lexington.  And smell better than Cincinatti.

  • admin time

    One of the worst part of being a software guy is that everyone assumes you'd in turn be good at network admin / pc support tasks.  And the kicker is you probably are, but being the network admin sucks, and they are just tedious tasks.  The network admin can very well get out of doing something by pushing it off to a programmer by saying “sorry, I don't program.”  Someone asks what's wrong with their PC, I can't say “sorry, I don't know” because then I get a funny look and the question “I thought you were good with computers.” 

    We have a crappy copy machine.  Ok, not crappy, but not a consistent copy machine.  And I was having trouble with it.  Our sales people were amazed I didn't know how to fix the thing.  The reason: it has a LCD screen on it. 

  • Underrated .NET Classes

    Inspired by Bill Simmon’s list of underrated movies, here’s my list of the top eight underrated classes in the .NET framework.

    5. System.Diagnostics.Debugger

    Common question in class: How come when you press Ctrl-F5 to start an app, you receive the “press any key to continue” message, but when I hit F5 the program just exits out?”  I have no idea why when the debugger is attached you don’t receive that message.  Perhaps they are assuming that when the debugger is attached, you’ll be using it.  Therefore the program probably won’t exit without you being able to check things out.  Anyways, try adding this to the bottom of sub main:

    If System.Diagnostics.Debugger.IsAttached Then
    Console.Write("Press enter to continue...")
    End If

    Good times.

    4. System.Drawing.ColorTranslator

    How many of you have written code to convert RGB to html or vice versa?  Me too.  Check out ToHTML or the FromHTML functions in this class.

    3. System.Web.Security.FormsAuthentication

    Has to be mentioned solely for having what careful research has shown to be one of the longest names in the .NET framework: HashPasswordForStoringInConfigFile (34 characters).  Well, I’m lying.  System.Data.SqlTypes.SqlString has a method called CompareOptionsFromSqlCompareOptions weighing in at 35 characters, but I don’t think many people have ever used it (my guess on the number of people who have used it: 5). A couple of private methods also weigh in at 40 characters too: ResolveVariantTypeConverterAndTypeEditor and PossibleIncrementPeakPoolConnectionCount. 

    Special mention must also be given to System.Windows.SystemInformation for having many properties around 30 characters long. 

    2. The Microsoft.VisualBasic Namespace

    This one would also be pretty high up on the overrated namespace list too.  Nonetheless, with all the grief and debates on why using this is inherently evil or super awesome, sometimes it is just easier to call the Asc or IsNumeric function and be done with it.  Then on the other hand, if I see anyone else using InStr to search through strings I’m just going to snap.  As a side note, I had a couple of guys asking about the “enster” function.  Took me a second they were talking about InStr, which I always thought meant InString.  But I digress.

    1. System.Globalization.DateTimeFormatInfo

    One of my favorites.  Simply get a reference to a CultureInfo’s DateTimeFormat, and you have all kinds of useful functions at your finger tips.  Want to get a list of all the months for a particular culture, it’s here.  How about the weekdays?  Also here.  Special mention must be given to the NumberFormat class too, but I think most people will be content using the Format object to take care of the heavy lifting for them.

    I was going to make this a top eight list, but my print job is done, and I'm ready to get home.  If anyone needs an expert at fixing paper jams in a Sharp AR-337, I'm your man.  Took care of seven of them today.

  • sp_DontDoIt

    A lot of developers commonly prefix their stored procedures with sp_.  sp stands for stored procedure, and that's how Microsoft did their stored procedures, so that should be the naming convention, right?  Nope.  Sp stands for system procedure.  As for a naming convention, I personally like usp if I'm going to use one.  Frankly speaking though, enterprise manager, ADO.NET and query analyzer kinda make prefixing stored procedures with sp a bit pointless if you ask me, so I don't use them at all. 

    Anyways, the point of this rambling is that I thought if you used the prefix sp_ SQL Server will search the master database for the stored procedure first.  This is even the case if the stored procedure exists in the current database.  Eeek.  You can verify this by running Query Analyzer.  Notice that you'll get a cache miss followed by a cache hit whenever you run the sp_ procedure.  Not good times.  If  I recall correctly, Olymars defaults to creating sp_ prefixed stored procedures...

    My problem is that to demonstrate this fact, I created two sprocs named sp_Testing.  I created one in master, and the other in Northwind.  When I execute sp_Testing in any database, it runs just fine.  But when I run it in Northwind, it runs the sp_Testing from Northwind.  But I still see a cache miss, followed by a cache hit.  I'm mistified.

    Here's a snippet from BOL about sp_ prefix:

    It is strongly recommended that you do not create any stored procedures using sp_ as a prefix. SQL Server always looks for a stored procedure beginning with sp_ in this order:

    The stored procedure in the master database.
    The stored procedure based on any qualifiers provided (database name or owner).

    The stored procedure using dbo as the owner, if one is not specified.
    Therefore, although the user-created stored procedure prefixed with sp_ may exist in the current database, the master database is always checked first, even if the stored procedure is qualified with the database name.

    Important  If any user-created stored procedure has the same name as a system stored procedure, the user-created stored procedure will never be executed.

  • Command Prompt Drag and Drop

    Brian's post about dragging and dropping assemblies onto the toolbox was pretty cool. Didn't know that.

    Something that I've shown over and over in class is that you can drag and drop a file into the command prompt. For example type in regsvr32 and then drag into the command prompt a file. I'd say half of my class hasn't seen that before.

  • Customer Controls You Can't Live Without

    Today during class I demonstrated Janus System's GridEx control.  Big hit.  I think I actually probably sold two copies of the thing by just showing the class the Northwind demo of it.  Anyways, anyone have a custom control they can't live without?  One preferrably with a free demo version I can play with (or a free copy for me to use in class would be cool too). 

More Posts Next page »