life in a smart mob

DotNetOS domain name available

I have the domains names dotnetOS.net and dotnetOS.org - they are due to expire in a month or and it is unlikely I will keep them. I had intentions for a Dot Net Open Source software listing, but my other projects leave me no time to do it properly.

If anyone else would like them (for free of course), perhaps for a dot net Open Source site, please let me know.

steven

vtgo.net

SqlXml and Yet Another Blog Engine

In Don Box's post Yet Another Blog Engine (Don, if you read this, the ?key=XXXXT takes me to a blank page every time :) ) he asks about the "a-ha" moment when he may get SQLXML or see it as a preferred technique over others.

Here's one scenario for a blog engine. You develop a backend database and the basically acts as a backend to your RSS data (indexing and whatever...). You deploy a client that updates that database based on the Xml from the RSS file(s). You then want to extend, say with a new namespace set of elements (say DC). Easy, add the columns to a new table in the database and ??? There are no doubt a million number of ways this could be done, but what could possibly be easier than annotating the centralized Xml Schema for the RSS documents you have to map the new nodes to columns in the database (and vice versa when getting them back)?? Sure you could update your code that uses the IDataReader, but then there is re-compilation and re-deployment. In SqlXml you have no real overhead - and update to the database (which happens in either scenario) and an update to the schema, which may or may not be centralized, but certainly doesn't require a build/install.

I have done this (not for blogs) and after we got the Schema sorted it was easy. Imagine you wanted to import your Blog Archive to some other database (analysis/reporting) - BulkUpload and SqlXml make this a very easy thing to do. Anyway I can interact with Xml I love it, and SqlXml is not perfect, but there are some situations where it is hard to beat!

XML Query will make it even better in the future and i'm looking forward to it.

vtgo.net

Session in Classic ASP to ASP.Net

I was asked about how to transfer Session state between these Classic ASP and ASP.Net. The first solution that popped into my head was serialization to Xml.

Both can read and write Xml pretty quickly, but has anyone looked into this as an extensible means of transfering state and even remoting state? Any thoughts/answers on this?

I first heard about SQL Reporting tonight as a means to replace Crystal. Any good?

vtgo.net

Foaf with hex encoded SHA1 mailbox

public static string CreateHexSHA1Sum(string email)
{
     SHA1Managed hash = new SHA1Managed();
    
     byte[] digest = hash.ComputeHash(Encoding.Default.GetBytes(email));

     System.Text.StringBuilder sb = new System.Text.StringBuilder();

     foreach (byte b in digest) 
          sb.Append(b.ToString("x2"));

     return(sb.ToString());
}

In goes someemail@venturetogetherspam.com and out comes 23f728c05bcf6e68eae7f51243ebc805d0d819c5 so we have :

vtgo.net

VT : File copying security puzzler?

So here's a security potential puzzler - some of you will get it right away and others will not. Really depends on whether you have run into it in the past and it is branded into your brain, or maybe security is just first nature to you. Don't read the end and tell me at what point you figured it out. I have numbered various activities througout the blog, so tell me by number where you figured out there would be a problem (note some may be bogus!).

Scenario : At VentureTogether we want you to be able to associate an image with your profile - but of course if you choose not to, you can ignore this step. So a long time ago I created an "Images" directory under Inetpub a long time ago and it currently allows you to upload an image and saves it it the directory. This works fine for ALL users and always has done. To the present... In the case where a user did not upload a photo, a temporary "photo not uploaded" image is to be shown. Next I got a basic photo saying "person unknown" from a freebie site on the web and downloaded it and saved it on my desktop so i could quickly edit it ever so slightly [1]. Once this was done i "Cut and Pasted" the file (called "nophoto.jpg") into the "Images" folder under the Inetpub folder [2].

Next to the coding. A method called SetNoPhoto() was created in my code behind and was designed as follows:

private void SetNoPhoto(int accountID)
{
 string filename = "nophoto.jpg";

 //get a reference to the "no photo" image
 string root = "/Glasgow/UserData/Images/Users/";
 string webroot = Server.MapPath(root + filename);

try
 {
  //first we need to provide access to write to the folder
  FileIOPermission perm
   = new FileIOPermission(FileIOPermissionAccess.AllAccess,
    Server.MapPath(root));

  //make sure we have permission
  perm.Demand();

  File.Copy(webroot, Server.MapPath(root) +  accountID.ToString() + ".jpg");     [xxx]
 }

 catch (Exception ex)
 {
  throw ex;
 }

}

I ran the ASPX page and go an access denied for the file being created during the copy in the line maked [xxx] above [3]. So back I went and checked the parent folder permissions and even made EVERYONE have full acess, ensured the "write" checkbox was checked in IIS and clicked OK. I re-ran the page and still I got the same access denied exception [4].

Next I tried to create a text file in this method - if nothing else than to just validate i could even write to it within this method (paranoia setting in you see!). So I added the code below:

System.IO.StreamWriter sw = System.IO.File.CreateText(Server.MapPath(root) +   accountID.ToString() + ".txt");
sw.WriteLine("I am a new file");
sw.Close();

Again I ran my ASPX file and guess what. The ".txt" file was successfully created and was sitting there in the folder (and i'm sure it had a wicked smile). [5] Got it yet? Bug in File.Copy?? Don't feel too stupid if you haven't got it yet - I felt pretty stupid as I should have known better having read every page of Writing Secure Code, and yep, something was certainly securing its ass off. Now the simple answer...

It was way back when you cut and pasted the file into the inetpub subfolder [6]. Had I copied the thing it would have worked fine. But i cut it. When you copy the file it will inherit the permissions of its containing folder, which would have made everything work fine. But, when you cut, it holds its permissions and hence only my computer account and one or two others could access the file. So when the ASPNET account (or anyone else for that matter) tried to access it, the were denied, So the actual error in the File.Copy() wasn't in fact access denied on the out file, it was access denied on the input file.

So should I feel stupid, or my brain just missed something? I'll guage that by the response I get, but just remember - it happens to us all at least once!

vtgo.net

Avalon lon way to get it - XAML, Xml and (not) Xslt

First, apologies for the title. They made me do it!

So I am finally managing to find some spare time to have a look into Avalon, Indigo and Winfx. However, my first look at Avalon and how it uses Xml is both exciting and confusing all at the same time. Aplogies for any mix up in the various names - still getting used to them.

The way the code separation is done is very cool - i like being able to separate logic from layout from styling. Heck been doing it for years with Xslt, but Avalon makes it even better :)
Maybe this last sentence makes it obvious where the confusion lies. Now, can i re-iteterate I am just looking into this stuff (spent most of my time on Whidbey) so please, please, please don't call my mum (mom) and tell her her son sucks (at least not for this blog) - this is first impressions.

So, Xslt. I like it. It's easy, it works and it is part of the Xml family that I was introduced to way back pre-1998. However, what i seem to see in Avalon is some new technique being adopted to basically do the same thing and I can't quite understand why.

So an example in Avalon using Xaml may be:

<FlowPanel ID="fp">
 <FlowPanel.DataContext>
  <Bind DataSource="{Contacts}" />
 </FlowPanel.DataContext>
 <Button Click="PickIt">Get Them</Button>
 <ListBox ItemStyle="{Person}" ID="_result">
  <ListBox.Items>
   <CollectionContainer Collection="*Bind(Path=/Contacts/*)" />
  <ListBox.Items>
 </ListBox>
</FlowPanel>

In Xslt you could simply do :

<FlowPanel ID="fp" xmlns:dsExt="urn:microsft-com-avalon">
 <FlowPanel.DataContext DataSource="dsExt:Bind(Contacts)" />
 <Button Click="PickIt">Get Them</Button>
 <ListBox ItemStyle="{Person}" ID="_result" Collection="dsExt:Bind(/Contacts/)" />
</FlowPanel>

Again, in Avalon you may have :

<Style def:Name="Person">
 <ListItem />
 <Style.VisualTree>
  <FlowPanel>
   <Border Margin="3" BorderBrush="Blue" BorderThickness="1pt">
    <SimpleText Text="Bind(Path=DisplayName)" />
   </Border>
   <Border Margin="3" BorderBrush="Orange" BorderThickness="5pt">
    <SimpleText FontStyle="Italic" Text="Bind(Path=Email)" />
   </Border>
 </Style.VisualTree>
</Style>

In Xslt you may have (but would never explicity put style in like this - i got CSS) :

Things like <Style.VisualTree> concern me, but i may be missing the point. For me it's Xml is data, Xslt is layout and Css is style (sure you can put style in Xslt, but why?). On top of that you already have Xml schema that works well with Xml and Xslt. Beyond this you could even write an Xml Schema that could derive the components on the page, leaving thing like text to the Xml and style and positioning to the Xslt. I already do all this on a current project to derive ASP.Net pages. However, in here i see all of this in together. We see Path, when XPath is an implicit part of Xslt. Even extension functions can make the more complex stuff easy too.

Any if you say this is easier than Xslt then i'd love to know how? For me they are very similar and in fact Xslt may even be easier. Show me something hard to write in Xslt that is easy in Avalon.

One disclaimer I will add is that Microsoft always bring out the coolest technology that suddenly makes sense - certainly everything else I have seen if definitely what i was wanting and there is even some stuff in there i didn't know i wanted. So i aint being old miserable me, just fishing for answers!

vtgo.net

RSS, ReadXml() and Namespaces

A recent post in a mailing group I am on said they were having problems with their RSS feed and binding it to a datagrid. the problem was that there was two elements, under different namespaces, but which had the same name. Apparently there is a problem (let me know if i'm missing something!) with ReadXml() in that it will only recognize a single namespace.

When trying to bind he was getting the message :

An unhandled exception of type 'System.Data.DuplicateNameException' occurred in system.data.dll

Additional information: A column named 'comments' already belongs to this DataTable.

Partying with Spam

It's Saturday night, Rob is "out and about" in downtown New York. He's off to the IPO party of his best pal, Pauls tech venture. He gets to the door...

Doorman : "Name please"
Rob : "Rob"
Doorman : "Nope, we don't have a Rob"
Rob : "But Paul's my best pal. My name must be in there somewhere!"
Doorman : "Look, we have a Rod, but no Rob. Stand to the side please"
Rob : "Can you go find Paul and tell him i'm here?"
Doorman : "Sorry, we don't know where to find him and we can't really talk to him anyway"
Rob : "Right, I'll wait here until ...."
Doorman : "Yes you will, little man" (growls)

Now, as much as my books with Wrox brought me into the world of book writing (almost 7 years ago to the day), i'm not really interested in writing fictional stories, however, this story highlights something i ran into this morning.
As was blogged yesterday, I now operate a whitelist. My "Invitation" component for VentureTogether was working fine until then, but then I realized something and i'm interested in your opinons on it.

You can't really build a successful invitations engine when the email you send from will not be on the whitelist and so it will be blocked. Even if the person sending the invitation is the BEST friend you have ever had (you even buy each other cute little stuff on Saint's days and their kids call you "dad"). Whatmore, many mail servers (or at least their configuration) prevent you from setting the "sent from" field in the email to anything other than the domain you are sending from (to prevent spam i guess!). So you can't even impersonate the person (which is probably a good thing all round).

So what now? Well, I'd like to see "Spam Engines" get smarter - unless someone knows if something like the following exists. I'd like to have the ability to provide some evidence with an email (or maybe it would have to be via some web interface) that can be passed to Outlook Spam Blocker (for want of a better name) and that can be read and if is passes a certain level of trust, your email can get through. Ideally everyone would sign their emails, so why not just push your dig sig in there? Maybe. But even simpler would allow you at the email end to specify what you regard as a trusted level. This might be your full name, your postcode or some ID number. Heck a set of rules like the Rules engine. Maybe at the most obvious level, their email must be in the CC list or something.

So the conversation may end...

Rob : "...hang on, I have this invitation with his signature and I have my passport with my name on it to."
Doorman : "Ah, cool. This looks good my friend. My mistake, on you go." (best friend ever tone)
Doorman : "Rob - what's with those shoes?"

Otherwise right now the person doing the inviting will have to email his friend to tell him to expect the invitation which is just stupid (especially if you imagined the snail mail equivalent)!

vtgo.net

getElementsByName and Div tags

I just discovered that you cannot find div tags (ed. more specifically DIV tags by name) using the getElementsByName() method of the DOM.

This is a pity as it makes it trickier to do simple styling without iterating through the entire collection of DIV elements on the page and checking the name attribute.

You can use ID of course, but in ASP.NET when you set the DIV element to runat="server", and especially when they are in controls, the ID value varies.

Anyone know of a method that does this for ALL elements?

More info here.

vtgo.net

Whitelists

After months and months of over 100 junk emails a night i decided to start using a whitelist - or deny anyone who i don't know. Is taking me a while to build up the "safe list" but Outlook 2003 does a pretty good job of helping me with that.

But shouldn't ISP's be doing a better job of stopping stuff that obviously is spam? (despite my ongoing desire to purchase Avogadros Number of Chinese Viagra pills).

Anyone else operate on a "whitelist only" basis?? Hmm, just as well i didn't send this by email or you would never have seen it. My only issue :)

vtgo.net