Intermittent Intelligence

PDC2008 - Sensory Overload!

Bryan — Mon, 03 Nov 2008 05:13:47 GMT

I got back from PDC2008 on Thursday of this past week and have been recovering ever since. It was a blast. There was so much information to take in, and so many great directions to go, in terms of playing around with all of the cool and exciting things I learned, that I hardly know where to start.

I posted a couple of journal entries briefly outlining my original thoughts at impressions at Toolbox.com (my employer, and the gracious benefactor of my PDC experience). You can check out my "Journal" posts at:

PDC2008, here we come!
PDC2008 Day One - Windows Azure, ASP.NET MVC, and ASP.NET 4.0!
It's All About the User Experience -- Day 2 at PDC2008
Day 3 at PDC2008 – I Just Can't Get Enough!
Day 4 – Goodbye PDC!

If you didn't get a chance to attend, I would highly recommend that you check out a few of the sessions online. At the top of my list would be:

The Future of C#
Microsoft .NET Framework: Overview and Applications for Babies
ASP.NET MVC: A New Framework for Building Web Applications

Woo hoo! Going to PDC2008

Bryan — Sat, 25 Oct 2008 05:35:08 GMT

I am very excited to be able to attend PDC2008 this year, thanks to my very gracious employer, Toolbox.com. I am honored that I have the opportunity to rub elbows with so many great people and represent Toolbox at such an awesome event. I find myself literally counting down the hours.

I joined Toolbox.com back in May of this year, and it has been a real eye-opener for me to see and understand how a complex site such as Toolbox.com is set up and works behind the scenes. I am surrounded by some really great developers every day, and I am having a blast. We have had the opportunity to re-write/upgrade nearly all of the old ASP code to C# and ASP.NET. It has been a lot of fun to say the least.

I am in love with C#. I've played around with a whole host of other languages, including Java, PHP, VB (who hasn't?), Pascal, as well as a little Ruby and Python. I admit to only scratching the surface of some, but it is C# and ASP.NET that feels most comfortable to me... but that's just me. I say that whatever language gets the job done best, for you, is the one you should code in. There is no perfect language, and they each have their own strengths and weaknesses. No language "Holy Wars" here!

I wouldn't call myself a fanboy, but I am definately a fan of C#, ASP.NET, the MVC Framework, and several other up and coming Microsoft technologies. It will be very exciting to attend the various PDC2008 sessions to get a feel for and better understanding of exactly where things are heading. You can hate Vista all you want and villify Microsoft to your heart's content, but nobody will ever convince me that Microsoft is not on the bleeding edge of technology in many areas. There are some REALLY exciting things going on out there! PDC will be a blast.

I will be jotting down my notes, thoughts, and impressions of the sessions I attend, which at the moment are the following:

Monday, October 27, 2008
========================
Under the Hood: Advances in the .NET Type System
Microsoft Visual C# IDE: Tips and Tricks
ASP.NET 4.0 Roadmap
ASP.NET MVC: A New Framework for Building Web Applications
Microsoft .NET Framework: Overview and Applications for Babies

Tuesday, October 28, 2008
=========================
Keynote
Visual Studio Debugger Tips & Tricks
Project "Velocity": A First Look
Project "Velocity": Under the Hood
Architecting Services for the Cloud

Wednesday, October 29, 2008
===========================
Keynote
Panel: The Future of Programming Languages
SQL Server 2008: Developing Secure Applications
Improving .NET Application Performance and Scalability
ASP.NET Dynamic Data
Mono and .NET

Thursday, October 29, 2008
==========================
Microsoft .NET Framework: Declarative Programming Using XAML
Microsoft Silverlight 2: Control Model
Designing Your Application to Scale
An Introduction to Microsoft F#

I am really looking forward to the Keynotes by Scott Guthrie and Ray Ozzie, always great speakers. I am also excited to see Scott Hanselman speak, which despite his political leanings, is one of my favorite people to follow on Twitter and his blog.

Of all the sessions I am currently planning on attending, I am most looking forward to "ASP.NET 4.0 Roadmap", "Designing Your Application to Scale", "Improving .NET Application Performance and Scalability", and "Mono and .NET".

So if you're interested in anything .NET, follow me on Twitter and connect to my profile on Toolbox.com, or subscribe to my feed -- I will be updating regularly!

Easy AJAX with the ASP.NET MVC Framework and JQuery

Bryan — Sun, 17 Aug 2008 03:25:59 GMT

I really like the MVC Framework (not to be confused with the MVC Pattern) from Microsoft. It allows me to take advantage of the C# programming language and ASP.NET Web Application Framework, while giving me back some of the control over the HTML and forms that I feel I lose with the traditional ASP.NET framework. It just feels cleaner and more natural to me.

But the MVC Framework itself is not what I want to write about. What I'm excited about is how extremely easy it is to make AJAX requests on the MVC Framework with a little help from JQuery.

Suppose I have an MVC View called "Home" with the following HTML Form:

<form method="post" action="" id="time">
    <input type="text" id="txtTime" />
    <input type="submit" value="Get Server Time" />
</form>

Simple, right? It consists of nothing other than an empty textbox and a submit button. The form should look something like this (with a little extra CSS sprinkled here and there:

Now, what we want to do is click the submit button (captioned "Get Server Time") and see the server time in the textbox without any postback (or page re-load, which is where the AJAX comes in).

In its latest release of the MVC Framework, Microsoft has included some AJAX-related scripts to help you accomplish this easily, and they're ok... but I would argue that JQuery makes it even easier.

Consider the following JQuery code:

$().ready(function() {
    $('#time').submit(function() {
        $.get('/home/gettime', null, function(data) {
            $('#txtTime').val(data);
        });
        return false;
    });

If you've never played around with JQuery before, the above code may seem a little foreign and perhaps strange. That's ok. Allow me to explain it line-by-line:

$().ready(function() {

The line of code above essentially says "when the HTML page/document is ready (or loaded), execute the following code"

$('#time').submit(function() {

This line says "find any object in on the page with an ID of "time" (in our case, the form), and run the following code when that form is submitted.

$.get('/home/gettime', null, function(data) {

When the form is submitted, make a call to the URL "/home/gettime". Send no paramaters ("null"), and perform the following function when the data from that URL is returned.

$('#txtTime').val(data);

Set the value of the object with an ID of "txtTime" to whatever was returned by the AJAX request to "/home/gettime".

Finally,

return false;

prevents the form from being submitted normally.

The actual AJAX request was made by the

$.get()

function. In JQuery, the dollar sign "$" is just shorthand for JQuery itself. The get() function is all that is needed to perform an AJAX request. Once that request is made, you can do whatever you want with the data that is returned.

Pretty easy, huh? Now this is obviously an overly-simplified example. The cool thing about JQuery is how fast and easy it is to spice up your existing code.

The Server-side code for the above example would look something like this:

public string GetTime()
{
    return DateTime.Now.ToString();
}

Nothing fancy. Just returns a string representation of the current Date. But what if we want to get a little more complex? JQuery and the MVC Framework work very well together when it comes to JSON objects. With JSON, you can essentially work with your C# objects in Javascript. Its nothing new, but it is a powerful way to pass data back and forth between your AJAX requests.

As an example, lets say we want to build a checkbox list via AJAX based on some data we have somehow obtained (for example, from a database).

To start off, we have the following C# class (using ASP.NET 3.5 code):

public class Checkbox
{
    // Properties
    public string ID { get; set; }
    public string Text { get; set; }
    public bool Checked { get; set; }

    // Constructor
    public Checkbox(string ID, string Text, bool Checked)
    {
        this.ID = ID;
        this.Text = Text;
        this.Checked = Checked;
    }
}

So we have a custom class with three properties: ID, Text, and Checked. Now let's build a list of Checkboxes using some data we have on hand:

List<Checkbox> Checkboxes = new List<Checkbox>();
Checkboxes.Add(new Checkbox("id1", "I like ASP.NET", false));
Checkboxes.Add(new Checkbox("id2", "ASP.NET MVC Rocks!", true));
Checkboxes.Add(new Checkbox("id3", "I like rabbits", false));

By using the JsonResult object in the MVC Framework, we can pass this strongly-typed object back to the Javascript that made the AJAX request with the following function:

public JsonResult GetCheckboxes()
{
    List Checkboxes = new List();
    Checkboxes.Add(new Checkbox("id1", "I like ASP.NET", false));
    Checkboxes.Add(new Checkbox("id2", "ASP.NET MVC Rocks!", true));
    Checkboxes.Add(new Checkbox("id3", "I like rabbits", false));

    JsonResult result = new JsonResult();
    result.Data = Checkboxes;
    return result;
}

With the following JQuery code, we can call the function above, and iterate through the results to build the HTML we want to insert into the HTML page:

$('#json').submit(function() {
    $.getJSON('/home/getcheckboxes', null, function(data) {
        var html = '';
        for (var i in data)
        {
            html += '<input type="checkbox" id="' + data[i].ID + '"';
            if (data[i].Checked) html += 'checked';
            html += '>';
			
            html += '<label for="' + data[i].ID + '">' + data[i].Text + '</label><br />';
        }
        $('#json-span').html(html);
    });
	
    return false;
});

So assuming we have a form that contains this HTML:

<form method="post" action="" id="json">
    <span id="json-span"></span>
    <input type="submit" value="Get JSON Result" />
</form>

and looks like this before we click anything:

We end up with this after we click the "Get JSON Result" button:

It might not be as mindless and simple as some of the other AJAX frameworks out there, but it gives me absolute control over what happens on the page, and how it is displayed. I love it!

Feel free to download the above code to play around with. I have also included some simple animation examples using JQuery to showcase just how easy it is to get started.

More Information:
JQuery Library
50+ Amazing JQuery Examples

If I were a superhero, I'd pop people's tires

Bryan — Tue, 17 Jun 2008 04:33:20 GMT

Like most little boys, I often dreamed about having super-hero powers when I was younger. Heck, I do even to this day. I remember wishing with all my might that I could fly or run really fast. One of my favorite fantasies was to imagine what it would be like to be invisible. Oh how much fun I would have pulling my worst enemies' pants down in public and watching them squirm as all the girls laughed at their Spiderman boxers...

But as I have matured, my Superhero fantasies have changed as well. Sure, I'd still love to fly (especially with gas prices the way they are), but what I'd REALLY like to do is have the ability to pop people's tires.

That's right, I'd just point my finger at some guy's car and *POP*, there goes his tire.

I was reminded of this rather practical super-hero wish the other day as we were driving home. My wife and I had treated the kids to a quick little trip to the mall so that they could ride the merry-go-round and play with the other kids in the little playland area. It was nothing special, but we had fun. We waited in line at the traffic light for our turn to merge onto the freeway entrance ramp, and even let a car or two ahead of us. It was a good day, so I was feeling polite and generous... but nothing to crazy or anything that would give the people behind me a reason to be ticked off.

Suddenly, as we accelerated down the freeway onramp in anticipation of actually getting onto the freeway, some punk in a Lexus wannabe SUV swerves around us from out of nowhere, causing me to have to slam on my brakes to avoid hitting him. This was no accident. It was very apparent from the way this punk was driving that he meant to do nothing other than jump ahead of me in order to get where he was going just a little sooner.

I was not as angry about getting cut off as I was about that loser putting my family's life at risk. I laid on the horn to let him know of my displeasure as he sped off.

If I were a superhero, at that very moment, I'd point my finger at his car and BLAM, his tire would blow out. He wouldn't get hurt of course, because I'd be careful to do it at just the right time, but it would still be awesome.

If you've ever had to change a tire in Arizona in June, you know that there is anything you'd rather be doing than changing that tire. Plucking your armhairs one-by-one with tweezers would be a no-brainer alternative. So a popped tire for being a punk would be instant payback. It would be awesome. They'd be none-the-wiser as I speed by laughing maniacally.

Most people carry one spare in their car in case of a flat. A spare tire sucks, but imagine how bad your day would be with TWO blown tires. If you managed to really tick me off, I might just blow out all four!

Yeah... that would be awesome. Beats flying any day.

An Easy Way to Have Your Identity Stolen

Bryan — Sat, 12 Apr 2008 04:25:53 GMT

If you're a programmer, you might be thinking something along the lines of "well, duh!" while reading this article. Its common sense to those of us who live in that world. For everyone else, however, I suspect that this may come as something of a surprise.

If you're like me, you've signed up for accounts on multiple sites. Sometimes I'll sign up for an account just to take a quick peek at how a website works. I have Gmail, Yahoo, LinkedIn, Facebook, Orkut, and Twitter accounts, to name just a few. Not to mention my various bank, credit card, and loan accounts.

A lot of these members only sections require you to sign up and either verify your e-mail address, or use your e-mail address as your username. Of course you are always asked to provide a password as well to protect your account, right? Right. There's nothing wrong with that -- privacy is very important! No one wants someone else snooping through their personal information or messing with their good reputation.

If you're like me, you begin to find it hard to remember what username you used on this site, and what password you used on that. After awhile, you may begin to use the same (or very similar) usernames on every site you sign up for in order to make them easier to remember. Chances are, you probably also use the same password for every site, or at least something very similar.

When you sign up for a new account somewhere, your information (such as your username and password) are saved, typically to a database. Now take a look at the following excerpt from a typical "users" database table (think of a database table as nothing more than a fancy Excel spreadsheet):

Notice anything alarming? If I asked you for my password, how long would it take you to figure it out?

I'd say about 2 seconds.

Now, even at the worst sites, databases are usually protected. They're not visible or available to the general public. But let me present you with two very possible scenarios:

The site gets hacked, and the hacker(s) gain access to the database.
An unscrupluous programmer or employee gains access to the database.

Hackers? Unscrupulous employees? That stuff doesn't really happen, right? Wrong. It happens more often than you might think. The FTC Estimates that 9 million Americans have their identities stolen each year. That's just Americans, and that's just those who the FTC knows about. That's as many as 1 in every 20 Americans each year between the ages of 20 and 64.

Sometimes your e-mail doubles as your username/login for a site you sign up for:

See any potential problem with that?

If I have gotten into the habit of using the same password everywhere, how long do you think it would take someone who found this database get into my e-mail account?

I'd say about 5 seconds. Definately before you could ever find out about it, and with more than enough time to destroy your identity.

If you're like me, you've probably got the last several years of your life archived away (perhaps even inadvertantly) in your e-mail account. Every credit card statement, every credit card payment, even sensitive work or family information is probably saved somewhere in your e-mail account. I use GMail, which offers virtually unlimited storage (similar to Yahoo and Hotmail), so I almost never permanantly delete anything. Its all there. If someone were to get inside my e-mail account, forget it. My identity is officially stolen.

And how about those handy little "Forgot Your Password" links on virtually every website you visit? A majority of them e-mail your password to you when you forget it.

Is that bad of them to do? Not necessarily. But if someone has gained access to your e-mail account, they may very well have gained access to your entire identity.

Does this mean that you risk having your identity stolen every time you sign up for a new account? No. A good programmer will actually encrypt your password in a way to make it impossible to ever figure out what it was. Others may simply encrypt it so that even if your information were ever made public, even the NSA would have a hard time figuring it out.

For example, the following image shows the same information as the original database tables above, except the password has been encrypted (or "hashed") by the MD5 algorythym. This means that the website can compare what you login with to make sure it matches what you originally signed up with, but it (or anyone who accesses it) will never know what the actual password is. Any programmer with the least amount of sense would, at a bare minimum, encrypt their users' password. Of course, websites like Facebook, Myspace, and Paypal go above and beyond to protect your information, but what about all the others? I would be willing to bet my right arm that an alarming number of websites out there don't do nearly as much as they should to protect your passwords to the naked eye in the event your information is stolen.

Not all programmers are good programmers. I don't mean to imply that some programmers are evil. I just mean that some are just plain lazy. They will opt for the simple way of storing your information, simply ignoring the possibility that your password may someday become exposed.

What is the lesson to be learned here? Never ever ever use your e-mail password as the password you use to sign up for other accounts and websites. The risk is simply too great.

If you insist on using the same password for several accounts, at the very least, use a different password for your e-mail account (not to mention your bank account and any other sensitive accounts you might have).

More Information:

Creating Secure Passwords
Password Strength & Password Security
Ultra High Security Password Generator
Firefox Plugin: SecurePassword Generator

More on Cryptography

An interesting and entertaining read, even if you're not a tech-head:

Now Tweeting!

Bryan — Fri, 07 Mar 2008 21:56:57 GMT

Scott Cate of MyKB and AZGroups shot out an e-mail asking if anyone on the AZGroups mailing list was using Twitter. I figured I had procrastinated long enough, so I signed up. Its fun!

If you're a Twittererer too, look me up at http://twitter.com/bryanhales

RescueTime is cool (and scary)!

Bryan — Sat, 01 Mar 2008 23:41:51 GMT

RescueTime is cool!

I've been reading Paul Graham's articles for several years now. Although he is an ardent Microsoft hater (not that I'm a super-huge fan myself, but I do develop soley with Microsoft tools), he has written several excellent articles about being an entrepreneur in the world of Software Development.

A couple of years back, he founded Y-Combinator, a venture capital firm focused on helping small software startups get on their feet. The compition is tough, so you can pretty much count on anything he invests in to be pretty sweet.

Enter RescueTime.

I regularly check out the FAQ page to see what the companies he has invested in have come up with, and most of the time, my thoughts are somewhere along the lines of "Why didn't I think of that?". I must admit, I didn't think that about RescueTime (although I wish I had thought of it). RescueTime is a small little program that you install on your computer and it sits in your System Tray, quielty logging all of your activities (you hardly even notice it). Every couple of hours, or days, or months, you can log into your account at RescueTime.com to see just what you've been up to. It tracks applications you have been using (and for how long), websites you have visited (and for how long), and time you have wasted (that's the scary part). It doesn't really know when you have been wasting time, but let me tell you, it becomes painfully obvious when you look.

Even better, you can tag certain applications and websites with categories (e.g. "Website Development" or "Bored, so I did this"), and it will create a seperate set of graphs with historical data. I highly suggest you try it for at least a week. It will amaze you and scare you at the same time. I can't believe how much time I spend on Instant Messenger, even if it IS for legitimate work purposes!