I have been working on this new social networking website that is based around the collaboration and sharing of ideas. I have talked about this project in the past, in very vague details, but today I have decided to open the curtains and give everybody a look.

http://www.ideapipe.com

Currently there are a couple websites out there that are doing the same thing, but in a more focused way for their specific business. One of the examples of these focused websites for sharing of ideas is Dell Idea Storm. In the case of Dell each of the users go to their website and submit ideas on how they can improve Dell’s products. The platform has worked really well for Dell, they seem to be getting a positive response from their community of users. It has led to them introducing a couple of products that they probably wouldn’t have, such as Ubuntu as an alternate to Microsoft Windows, if there wasn’t such an overwhelming support for this install option.

Idea Pipe was born about 7 months ago, when I realized that this type of platform would be useful to businesses, projects, and people of all shapes and sizes. Especially the ones that wouldn’t be able to pay the Salesforce.com Tax. Idea Pipe has actually been released for about a month now, however I was waiting to announce it officially until we had support for groups. Groups are a way that anybody, with an Idea Pipe account, can create their own personalized Idea Pipe, that provides all the same features and functionality as Dell’s Idea Storm, but at no charge to the group owners.

To kick off this announcement I created a group so that my readers can share and collaborate on ideas for me to post about in the future, on this blog, that will interest you my readers: http://www.ideapipe.com/groups/coder-journal

This site is still new and like any new site you will probably have suggestions on how to improve the site or the architecture, so please submit them to: http://www.ideapipe.com/groups/pipeline

If you happen to find any bugs, please send them to bugs@ideapipe.com.

Tags: IdeaPipe

Posted in Personal, Portfolio, Review | | | View blog reactions | No Comments »

Slashdot has been around for over a decade now and many tech nerds first cut their teeth on Slashdot as an information source for everything tech related, because it predated the blogging revolution by almost a half decade.  I can say with an almost certainty that every person who visits my blog each day, has at one point in their life read Slashdot.  I know this because, many of you like myself, for many years Slashdot was the first place you visited in the morning to checkout the latest nerd-news, and it was such an honor if one of your stories actually made it the front page.  Everything was bliss because the editors of Slashdot really tried to get good content to the viewers of the site, the editors were a little slanted towards the LAMP stack, but at least the content that made it to the front page was accurate.

Now like most journalism, no facts are checked, and stories are pushed through in order to driven an agenda.  For example:

500 Thousand MS Web Servers Hacked

Posted by kdawson on Friday April 25, @11:48AM
from the scream-and-shout dept.

andrewd18 writes “According to F-Secure, over 500,000 webservers across the world, including some from the United Nations and UK government, have been victims of a SQL injection. The attack uses an SQL injection to reroute clients to a malicious javascript at nmidahena.com, aspder.com or nihaorr1.com, which use another set of exploits to install a Trojan on the client’s computer. As per usual, Firefox users with NoScript should be safe from the client exploit, but server admins should be alert for the server-side injection. Brian Krebs has a decent writeup on his Washington Post Security Blog, Dynamoo has a list of some of the high-profile sites that has been hacked, and for fun you can watch some of the IIS admins run around in circles at one of the many IIS forums on the ‘net.”

Every person that reads my blog should have a basic understanding of why this title is 180 degrees out of whack with the actual article that is quoted.  If not here is the short description of what in this article, on Slashdot, is totally wrong and the editor who approved it kdawson should be fired for gross negligence.  Luckily most of the comments on the Slashdot article show a more intelligence and greater understanding of the actual problem than the Slashdot poster and editor.  But you shouldn’t have to read between the lines to get the actual story from the Slashdot article.

First of all SQL injections are a result of bad programming and are platform independent.  And are usually the result of concatenating a SQL string together in code instead of using parameters in your SQL queries.  So as you can imagine scripting languages like PHP and Old ASP have a ton of problems with SQL injection, which is unfortunate because these two languages are in the top 5 languages that run the web, luckily Old ASP has been decreasing because of ASP.NET.  However just to reiterate SQL injection can happen in any language on any platform because there are bad developers that use everything language and every platform.

So basically to say that 500,000 Microsoft web servers were hacked is a gross misrepresentation of the problem that was illustrated in the article.  The original F-Secure article had to clarify that this wasn’t Microsoft’s problem, probably because of the Slashdot article listed above.

We’ve been receiving some questions on the platform and operating systems affected by this attack. So far we’ve only seen websites using Microsoft IIS webserver and Microsoft SQL Server being hit. Do note that this attack doesn’t use any vulnerabilities in any of those two applications. What makes this attack possible is poorly written ASP and ASPX (.net) code.

If you are interested in seeing all the pages effected and if one of your pages is involved you can use this Google Link, however make sure to take precautions against getting infected.  I will leave everybody with this last posting that was left in one of the IIS forums as a sign of what good programmers are combating every day.

I also have been hit by this attack on Saturday 4/12/08. It compromised our database and overwritten that script into all of your products. Luckily a database restore fixed the problem. Two days later the same thing happened, I have changed all the database and login passwords and did another db restore. Now today 4/18/08 we got hit again by the same thing but this time as the pages are loaded ActivX is activated and wants to run but of course I did not allow it. Anybody has successfully solved this situation?

Posted in Rant, SQL | | | View blog reactions | 2 Comments »

Today I came across an interesting extension pattern that I didn’t know how the runtime would react. Normally when you do something like the following:

string s = null;
Console.WriteLine(s.Trim()); // throws NullReferenceException

You get a NullReferenceException meaning that you didn’t first check to see if the object was null before trying to call one of its methods. This is pretty common and results in patterns that usually look like this:

string s = null;
string result = null;

if (s != null)
    result = s.Trim();

Console.WriteLine(result);

This results in a ton of extra code to just verify you inputs. It’s a dirty task but somebody has to do it. So today it occurred to me that maybe extension methods were my answer to this code bloat. To better understand extension method, Scott Hanselman has done a great job explaining how they function and what they look like to the CLR.

So I whipped up the following console application and tested my theory out.

public static class Extension
{
    public static string TryTrim(this string s)
    {
        if (s == null)
            return s;

        return s.Trim();
    }
}

class Program
{
    static void Main(string[] args)
    {
        string s = null;
        Console.WriteLine(s.TryTrim());  // notice that I don't have the code bloat like above
    }
}

This works without a NullReferenceException because the code actually looks like this to the compiler.

public static class Extension
{
    public static string TryTrim(string s)
    {
        if (s == null)
            return s;

        return s.Trim();
    }
}

class Program
{
    static void Main(string[] args)
    {
        string s = null;
        Console.WriteLine(TryTrim(s));  // this is how the run time sees the code
    }
}

So with this new understanding of extension methods you don’t have to worry about checking if a variable is null or not before trying to use an extension method. The more I use extension methods the more I love them.

Tags: .NET 3.5, C#, Extension Methods

Posted in C#, Programming | | | View blog reactions | 9 Comments »

Apple “Windows Developers” continue to not impress me.  Check out the latest in “I decided to release something too early”-product from Steve Jobs and Apple.  I haven’t yet decided if Steve Jobs is trying to take down the Windows Empire with crappy Apple Software, or if Apple is just inept at creating anything but software for Apple.  I prefer to think Steve Jobs just forces Mac Developers to begrudgingly work on Windows Software, instead of actually hiring developers that are passionate about Windows Development.

Tags: Apple

Posted in Rant | | | View blog reactions | No Comments »

So today I saw this Google Flash Ad, for John McCain for President, appear on a site that I am developing. I thought I would let everybody know to watch out for Google Flash Ad’s that have access to modify your browser. This isn’t a big deal, in my case, but Flash has the ability to also modify, other things such as:

• Browser’s Footer
• Browser’s URL
• Back Button
• Forward Button
• etc.

Basically Flash is allowed to have more access because it actually runs as an application on top of the browser instead of through the browser. It is just disturbing that Google doesn’t police the advertisements better. It is conceivable that Google could potentially be providing malware via their ad network.

Tags: Adsense, Adwords, Google

Posted in Rant | | | View blog reactions | No Comments »

The ASP.NET MVC Team has released an refresh of MVC. To all those that are interested the new Interim Release is posted at:

http://www.codeplex.com/aspnet/Release/ProjectReleases.aspx?ReleaseId=12640

The new release seems to rely on a non-CodePlex open source project.  Is this the first sign of Microsoft’s commitment to open source?

• http://code.google.com/p/moq/

The Release Notes have a lot of good information about new features and bug fixed included in this release:

This CodePlex refresh of the ASP.NET MVC source code includes a number of key changes and refactorings.
To see a full list of API changes, take a look at the attached zip file produced using
Framework Design Studio.

MVC Changes Since Preview 2

• Action methods on Controllers now by default return an ActionResult instance, instead of void.
  • This ActionResult object indicates the result from an action (a view to render, a URL to redirect to, another action/route to execute, etc).
  • Each “result” is a type that inherits from ActionResult. To render a view, return a RenderViewResult instance.
• The RenderView(), RedirectToAction(), and Redirect() helper methods on the Controller base class now return typed ActionResult objects (which you can further manipulate or return back from action methods).
• The RenderView() helper method can now be called without having to explicitly pass in the name of the view template you want to render.
  • When you omit the template name the RenderView() method will by default use the name of the action method to determine the view template to render.
  • So calling RenderView() with no parameters inside the About() action method is now the same as explicitly writing RenderView(’About’).
• Introduced a new IActionFilter interface for action filters. ActionFilterAttribute implements IActionFilter.
• Action Filters now have four methods they can implement representing four possible interception points.
  • OnActionExecuting which occurs just before the action method is called.
  • OnActionExecuted which occurs after the action method is called, but before the result is executed (aka before the view is rendered in common scenarios).
  • OnResultExecuting which occurs just before the result is executed (aka before the view is rendered in common scenarios).
  • OnResultExecuted which occurs after the result is executed (aka after the view is rendered in common scenarios).
  • NOTE: The OnResult* methods will not be called if an exception is not handled during the invoking of the OnAction* methods or the action method itself.
• Added a MapRoute extension method (extension on RouteCollection) for use in declaring MVC routes in a simpler fashion.

NOTE: It is pretty easy to update existing Controller classes built with Preview 2 to use this new pattern (just change void to ActionResult and add a return statement in front of any RenderView or RedirectToAction helper method calls).

Routing changes since Preview 2

• URLs may contain any literal (except for /) as a separator between URL parameters. For example, instead of {action}.{format} you can now have {action}-{format}. For more details on changes, see this post.
• Routing is ignored for files that exist on disk by default. This can be overriden by setting the RouteTable.Routes.RouteExistingFiles property to true (it is false by default).

Tags: ASP.NET, MVC

Posted in ASP.NET | | | View blog reactions | 2 Comments »

If you are using FeedBurner to manage your feed, and you love DotNetKicks as much as I do, you can now easily add a “Kick It” FeedFlare to it. This will automatically add a “Kick It” link below each post in your FeedBurner feed.

To get started you will need to do the following:

1. Login To FeedBurner
2. Go to FeedBurner > Optimize > FeedFlare
3. Go down to the Personal Flare box.
4. Copy it and paste this URL in to the box:
   http://www.coderjournal.com/uploads/2008/04/dotnetkicks-feedflare-link.xml
5. Press “Add New Flare”.
6. Then check the two checkboxes next to the new entry.
7. Click “Save” at the bottom of the page.

After all the steps above are completed you should have a FeedFlare example that looks somewhat like this:

Notice the “Kick It” flare link on the left.

Tags: DotNetKicks, FeedBurner, FeedFlare, How To

Posted in How To | | | View blog reactions | 1 Comment »

Today I decided to release a toolkit that I have been building over the past couple of months. Most of the code in the toolkit is related to MVC. Here is a list of the features:

ActionFilterAttribute’s

• HttpPostOnlyAttribute
  Only allows POST to be made against the action.
• CacheAttribute
  Sets the action’s response as cacheable.
• CompressAttribute
  Compresses the action’s response using GZip or Deflate encoding.
• ServiceAttribute
  Marks an action as able to provide the ViewData as JSON, XML, or JSONP.
• ServiceOnlyAttribute
  Marks an action as only able to provide the ViewData as JSON, XML, or JSONP, that means no HTML.
• ExceptionHandlerAttribute
  Handles any exceptions thrown from an action, and redirects it to another page, or another action.
• CaptchaAttribute
  I did a whole post on providing a CAPTCHA for your MVC action.
• AllowedHttpMethodsAttribute
  Only the HTTP methods entered in to this filter are allowed for your action. Available HTTP methods are OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, and CONNECT.

ViewEngines’s

• ServiceViewEngine
  This view engine provides the serialization of the ViewData to JSON, XML, or JSONP. It is set when one of the following is requested from the ServiceAttribute above.

Route’s

• LowercaseRoute
  I did a whole post on why I needed this in my toolkit. Mostly because of my obsessions to have all URL’s in lowercase.

Method Extensions

• Redirect extends HttpResponse
  I have had a long standing discontent with the Redirect method of the ASP.NET. I have talked about good use of HTTP Status Codes before. There are at least 3 status codes that you want to consider before choosing a response status code of 302. Just to reiterate my post on the subject use 303 to redirect from a form POST, use 307 when you want to redirect to a page that is going to change with each request, use 301 if you want to permanently redirect one URL to another.I created the, Redirect, extension method on HttpResponse so that the status code could be set for the redirect.

View Source: Coder Journal MVC Toolkit Source
Download Binary: Coder Journal MVC Toolkit Binary

Read the rest of this entry »

Tags: ASP.NET, IdeaPipe, MVC

Posted in ASP.NET, C#, Personal | | | View blog reactions | 9 Comments »

Common courtesy is very important for all application developers to follow especially when they are dealing with users settings. Especially for common file formats, where the user has probably already set up their preferences how they like. And most importantly to not piss off your install base.

As you might have gathered from the title Apple has screwed up in this area yet again. In their never ending battle to try and forcibly get an install base, from some of their crappiest application. The Apple developers must taken the same “Our shit doesn’t stink”-attitude as many of their users, and started taking over the preferences on the users machine with out asking.

Like any good .NET developer I had the XML file format being opened by Visual Studio, it has a nice viewing, and editing interface that is hard to beat. Today I saw their was a QuickTime update while watching the Facebook Conferences presentation in anticipation of my previous post today. So as I decided to do the update, what a nightmare that has turned out to be. First of all it was 70 MB download, because Apple also decided that iTunes and Safari needed to be downloaded with Quicktime, and bundled them all together. Then it decides to take over all my documents in my system, including HTML, XML, and a bunch of other web related documents. See below.

Then to boot their XML “Rendering” sucks.

Hey news flash Steve Jobs this is how a real browser renders XML, and does a damn fine job at it.

At least if you are going to take over my system, and forcibly put your software on my computer, the very least you could do is not make it suck. Is that too much to ask.

Steve Jobs has to learn that Windows users don’t put up with the same amount of shit as Apples users do, because one we don’t bow down at the alter of Steve Jobs, and two we have other options. I am not going to let Steve Jobs take a steaming pile of shit on my PC, change all the settings, install one of the worst browsers on earth, and then forgive him. He is going to have to do something grand with Safari to get it back on my PC.

I am really pissed that I now have to uninstall a program that I never wanted installed in the first place, and then go through the registry and clean up after an Apple Developer that couldn’t find his way out of a paper bag.

Maybe they should spend less time trying to achieve an ACID3 milestone that won’t be standard for another couple of years and work on the basics that IE for the better part of a decade now.

Tags: Apple, IE, iTunes, QuickTime, Safari, XML

Posted in Personal, Rant | | | View blog reactions | 5 Comments »

Facebook has been growing in popularity ever since it was released on February 4th 2004 at an almost unstoppable pace. Up until May 24th, 2007, it wasn’t much different than MySpace (or insert your favorite social network here), however on that day they rolled out a SDK that turned Facebook from a destination website to a platform that let any developer interact with their almost 71 million users. You can read more about the history of Facebook at Wikipedia.

My focus today isn’t on how to develop your first Facebook application in ASP.NET, because there are already many great articles on that, and even some starter kits. My focus is going to be on developing your first Facebook application with ASP.NET MVC, however this article will assume that you have the basic understand FBML (Facebook Meta Language) and MVC. If you do not have one or the other don’t worry, both are very easy to pick up on, and both have a very active developer community to answer questions.

• Facebook Developers
• Facebook Developers Wiki
• And Also My Getting Started With MVC Guide

So now that, that is out of the way lets start looking at what we need to make your MVC application in to a Facebook compatible application. The first thing you will need is the Facebook Developers Toolkit which is free on CodePlex. The second thing you will need is my Facebook MVC Web Controls which is a modification of the tookit’s Facebook.WebControls.dll made specifically for MVC. The third thing you need is ASP.NET MVC Preview 2 which is also available for free on CodePlex.

My tookit extension consists of the following classes, that mimic the current classes already in Facebook Developers Toolkit:

• CanvasFbmlViewPage
• CanvasFbmlViewPage<TViewData>
• CanvasFbmlViewMasterPage
• CanvasFbmlViewMasterPage<TViewData>
• CanvasIFrameViewPage
• CanvasIFrameViewPage<TViewData>
• CanvasIFrameViewMasterPage
• CanvasIFrameViewMasterPage<TViewData>

Facebook IFrame Application

I will start with the IFrame stuff since that is very easy and doesn’t require FBML knowledge. To create a Facebook IFrame application just follow the directions at Facebooks Getting Started Website for an IFrame. Then create an MVC Preview 2 application in Visual Studio. Then change the following in the CodeBehind for each of your pages.

public partial class Index : ViewPage

to

public partial class Index : CanvasIFrameViewPage

That is all you have to do to get Facebook working with your MVC application through IFrames. You don’t need to change your HTML because you site is going to render through an IFrame so there is no processing that is done in regards to UI rendering for Facebook. This has some drawbacks including not having the familiar Facebook interface, however this is the easiest way to get running on a Facebook app.

Facebook FBML Application

Creating the C# part of an FBML application for MVC is just as easy creating creating the IFrame application.

public partial class Index : ViewPage

to

public partial class Index : CanvasFbmlViewPage

Nothing spectacular there. Before we get started with the FBML application there is a tool that shows you what your FBML will look like when rendered out to HTML. However the real power of MVC is about to shine when we create a simple Facebook application using FBML and the ASP.NET MVC framework. Basically I took the default MVC application and modified the Index.aspx page to look like this.

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Index.aspx.cs" Inherits="MvcFootprints.Views.Home.Index" %>
<div style="padding: 10px">
    <h2>Hi <fb:name firstnameonly="true" uid="<%= this.FBService.UserId %>" useyou="false" />!</h2>
    <form method="post" action="http://apps.facebook.com/coderjournal/">
        Get friend:
        <fb:friend-selector idname="friend" />
        <input value="find" type="submit" />
    </form>
    <hr />
    <fb:if-can-see uid="<%= Request.Forms["friend"] %>">
    <div style="clear: both; padding: 3px;">
        <fb:profile-pic style="float: left;" uid="<%= Request.Forms["friend"] %>" size="square" />
        <fb:name uid="<%= Request.Forms["friend"] %>" capitalize="true" />
    </div>
    </fb:if-can-see>
</div>

This isn’t very spectacular, all that it does it provide a friend list drop down, and submit it back to get their picture and name. But it gives the basic idea how to inner-mix FBML markup like <fb:name /%gl; and HTML with MVC. So basically that is your first Facebook application with MVC, nothing to it right?

That is really the beautiful thing about MVC, it makes writing simple applications that much simpler than ASP.NET Web Forms because you don’t have to deal with controls and it is encouraged to do processing inline with your markup. Happy coding. As always you can find the source code to this and my other projects in Coder Journals Source Control Repository.

Tags: ASP.NET, C#, Facebook, FacebookToolkit, MVC

Posted in ASP.NET | | | View blog reactions | 11 Comments »