Steve Hebert's Development Blog

August 2004 - Posts

• Query Analyzer replacement

  I was working on debugging a problem with a very large stored proc and something that would auto-format MSSQL2k t-sql statements.  I came across the ApexSQL Edit application and so far I'm impressed.  The company bills the product as a replacement to Query Analyzer and I'm happy with that idea.  The tool supports Intellisense, auto-formatting, interactive highlighting of matched parenthesis, NUnit code support, etc..  I haven't had a chance to test all these features, but they offer a 14 day free trial and I'll definitely give this product a try. Posted Aug 31 2004, 05:25 PM by shebert with no comments

• And Michael Moore calls republicans fascists???

  “A cop was in serious condition with head injuries today after he was knocked off his scooter and stomped by protestors at an illegal march... Police spokesman Paul Browne, who saw what happened, said that after protesters knocked the officer off the scooter, they 'kicked and punched' him. The cop was in serious condition at St. Vincent's Hospital" -- New York Post news story this morning. Posted Aug 31 2004, 12:20 PM by shebert with no comments

• Lean Software Development

  I just ordered Lean Software Development: An Agile Toolkit for Software Development Managers by Mary and Tom Poppendieck from Amazon. I found the reference from Software Development magazine and their netseminar happening Thursday, Sept 16 on the topic.   I'm very interested in the title since (1) our manufacturing software leverages Lean Manufacturing principles and (2) I've worked with the manufacturing systems at 3M which is where the author takes credit for some of their manufacturing software.  (I wonder how fast Amazon will ship this title.) To be honest I'm leary of the title.  “Lean” implies a large number of things in the manufacturing space and a number of the principles translate to development.  I'm looking forward to this one, I'll read the book and post my thoughts shortly.   Posted Aug 30 2004, 11:43 PM by shebert with 2 comment(s)

• Unfit for Command - adventures in ordering

  Two weeks ago, I ordered 'Unfit for Command' from Amazon.  Interestingly enough, the day I ordered it they said it would ship the next day.  The next day Amazon said there would be a 5-7 week delay in shipping.  It rebounded to 2 days for a couple days and is now said to be shipping in October. Today I went to my local Barnes and Noble store. The book was nowhere to be found on the usual shelves - not in the political section, not by new releases and not in dedicated “new political books”.  I almost left before I decided to walk back to the service counter where there was a stack of the books.  I counted 12 total. I'm not sure why, but I find it hard to believe that Amazon can't get this book when my local Barnes and Noble has a stash tucked far away from the regular displays.  If the demand and ordering logistics are as difficult as Amazon claims, I would think this book would soon out-volume the Bible.  I find it interesting that noone has questioned this situation in the press. Posted Aug 30 2004, 01:27 PM by shebert with no comments

• Lack of VPN standards drive me nuts

  At my company, we're supporting our .NET/SQL2k application over VPN.  We cannot dictate which VPN due to the variety of network setups in the field.  I can't believe how many VPN packages cannot coexist with others on the same machine.  For example, Cisco's VPN and Nortel software cannot coexist on the same box. Does anyone else run into this?  Is there software to sandbox these things?  It's too bad the market doesn't move toward better interop. Posted Aug 27 2004, 01:43 PM by shebert with 2 comment(s)

• Friday Post: Deep Coding Thoughts

  Here's my latest Friday post...  Deep Coding Thoughts.  I got the idea responding to Steve Eichert's post about interview techniques. Too bad we can't buy voodoo components.  I'd buy the "end-user series", and I'd program it to shake uncontrollably unless my user clicked the button that transferred money into my paypal account. If I ever came up with a Cryptography API, I'd think I'd name it CrAPI. Part because I could and part because Microsoft chickened out when they named theirs. Maybe in order to understand polymorphism, we have to look at the word itself:  Basically, it's made up of two seperate words - "Polym" and "orphism". What do they mean?  It's a mystery, and that's why so is polymorphism. When you go in for a job interview, I think a good thing to ask is if they ever press charges. ... Ok.  Back to my day job. I'm not going to make any money doing this! Posted Aug 26 2004, 11:29 PM by shebert with no comments

• .Text on HTTPS in 4 steps or less...

  Wow, this was so easy I'm embarrassed I missed it before!  All the google'd docs I found pointed to rewriting/extending the HttpHandler in .Text to allow the app to run under https.  The solution I found uses IIS and involves no coding whatsoever. Given that you have a blog base set up at “https://www.mypublicurl.com/weblog”, take the following steps: Create a virtual directory called “weblog“ under your site running on port 80. Bring up the properties page of the weblog VD under IIS and choose “A redirection to a URL“. Fill in the Redirect to: textbox with “https://www.mypublicurl.com$V$Q“ - don't type the quotes. Check the box marked “The exact URL entered above“, make sure all others are unchecked. There you have it - a working version of .Text running on https and IIS does all the work. It's so easy a system administrator could do it! Posted Aug 25 2004, 12:04 AM by shebert with no comments

• .Text on https - completed

  I finished the implementation of the company blog site on HTTPS with user/password protection enabled.  I've blogged about this topic before, and now I can say “I'm done”! It ended up being a little simpler than I anticipated. First I thought I'd have to extend the HttpHandler in .Text, then I thought I could make due with an HttpHandler app sitting on the HTTP site and redirecting to the HTTPS site.  Instead, I created a virtual directory that redirects all content with the URL and query string passed as parameters to a single aspx page in the https site.  The aspx page redirects to the passed URL/QueryString combo with “https://” prepended.  Simple, fast and done. It might not be pretty, but it works like a charm.  Posted Aug 24 2004, 11:44 PM by shebert with no comments

• Integrating a new webgrid - backing up and taking another run at it

  I'm continuing the integration with Intersoft's WebGrid.NET product that I started blogging about here.  All of their sample code places the database connection and dataadapters on the page object, while our application uses business objects.  I started by trying to fit my model to the product and I keep running into problems.  I'm backtracking and making a page work according to their model and then 'backing in' the business object approach one piece at a time.  I think this will give me a better shot and integrating all the necessary pieces and being confident about the move. Posted Aug 24 2004, 08:59 AM by shebert with 5 comment(s) Filed under: Intersoft WebGrid.NET

• running .Text on https

  I'm trying to get .Text to run entirely on an https/SSL site.  It turns out the http prefix is hardcoded in the application for the generated pages so I need to do a find/replace in the sourcecode to deal with these.  This is according to a few posts I've been reading.  I'm hoping to google someone who has done this already and posted the code mods or runtime files.  We'll see how that goes... Posted Aug 23 2004, 09:39 AM by shebert with 2 comment(s)

• trying out newsgator

  I'm trying out newsgator this weekend.  I'm mainly testing it for our internal company blogs.  Everyone on the road wants something integrated with Outlook and this appears to be the primary product. I don't know if it will displace SauceReader as my own reader/publisher, but we'll see.  I wonder if it has an editing function built-in or available as an add-in... It's friday and I'm out-of-here, so have a good weekend. Or as a friend of mine once said "drive fast and take a lot of chances".   Posted Aug 20 2004, 03:15 PM by shebert with no comments

• off-topic Friday: dem campaign urges censoring of vietnam veterans

  I just read the headlines on Drudge that the democratic campaign is pressuring the publisher of “Unfit for Command” to drop the book.  They contradict one out of hundreds of stories told by soldiers that served with their candidate and they're trying to use that as a bullying tool to censor the book.  How could they take this approach?  The republicans haven't used this drastic a technique against the lies published against their candidate.  What would the world be saying if they tried to strong-arm the studio that sold Moore's movie? Moore's movie had more fabrications than an Enron financial statement!  I think it's time to buy copies of the book to sell on eBay if this happens.  I haven't read the book yet, but I just purchased it thanks to the actions the campaign officials are taking. Posted Aug 20 2004, 10:00 AM by shebert with no comments

• Memory Leak article

  I was out sick as a dog yesterday, so I missed Jeffery Palermo's blog entry on detecting memory leaks. This is some good stuff.  I'm bloggin this entry for my own use because I'll definitely be following these steps shortly... Posted Aug 19 2004, 04:30 PM by shebert with 1 comment(s)

• MS Newsgroup Admin now blogging

  I see that the Microsoft Newsgroup Admin, John Eddy, is now blogging at the Microsoft Community Kitchen.  I had written a post a while back about combining Wikis and Newgroups - how they are far apart now but a merging of these two technologies would be very cool.  It's nice to see blogging throughout microsoft Posted Aug 19 2004, 03:32 PM by shebert with no comments

• Business Process Security - Systems Without Control

  I've been reading a number programming/security topics lately, but the topic of security goes much farther as we alter business processes through developing and implementing new tools in the workplace. Books like "Writing Secure Code" focus on individual systems which is a great step, but there is a larger picture at stake here as well.  I remember taking "Accounting Systems" in school that focused on developing procedures that introduce multiple parties throughout a process for the sake of checks and balances.  In my experience , these types of systems are not adequate - bordering on grossly inadequate.  When you create a multi-step solution with differing parties reviewing the information, you lose the prospect of continuity/control which can be exploited. The individual steps are very secure, but in turn, the entire process becomes vulnerable( in programming, we're talking about integration points here.) People introduce their scheme at a given step in the process and go through extensive steps to make the process look like it is legitimate.  Once that process is accepted, the entry point gains familiarity with the "transaction type" and it's never questioned again. It's really very similar to hacking techniques. I've seen this on a number of levels.  I've seen program managers introduce consulting firms owned by themselves to their own company to work on their own projects (this person was physically escorted off the premises by security while kicking and screaming).  I've seen DNR wardens who start up their own "Friends of the Environment" group who's sole registered purpose is to raise money - no member lists, no minutes.  These are all products of systems that are out of control.  I've been looking for books that cover security from this angle - books that go beyond the traditional 'Accounting System Security' to look at analyzing the unintended implications of security decisions. I haven't found any yet.  I keep thinking I should blog some of these experiences, but on one hand they land outside the realm of programming, but on they other hand they ultimately apply to all the processes we engineer. Posted Aug 19 2004, 01:53 PM by shebert with no comments