Auto Generated

Love the _nomap.

2011-11-16T11:28:00.000-08:00

There really isn't much I can add to the Google _nomap. hijinks.

Parislemon has a nice summary.

However, I did create a commemorative t-shirt that you can own for a low low price.

Getting the Facebook connect registration widget signed_request in MVC

2011-03-14T20:45:00.000-07:00

I tried to use the FB connect registration tool to create a single registration form. FB connect login works (well, the async code is pretty sketchy), but the registration code requires decoding a signed_request hash and, well, the code I was using to get the login info from the JS SDK wasn't getting the signed_request registration info. Oooff. That's a lot to say.

Anyhoo. Tried various examples, tried to use various FB SDKs with no love. User error no doubt. However, this example on Pastebin, Facebook Registration C# handling worked first time with no changes. Yeah! Thanks anonymous guest poster.

Crazy Pool Trick Shots

2011-02-18T10:40:00.000-08:00

Apropos of nothing except that I like pool.

Steve Jobs and the One Ring

2011-02-15T13:04:00.000-08:00

Developers: If you ask it of us, we will give you the One Ring.

Steve Jobs: You offer it to me freely? I do not deny that my heart has greatly desired this.

[starts to grow dark]

Steve Jobs: In the place of a Dark Lord you would have a Queen! Not dark but beautiful and terrible as the Morn! Treacherous as the Seas! Stronger than the foundations of the Earth! All shall love me and despair!

[takes the ring]

Entity Code First Login Failed for IIS APPPOOL

2011-01-15T13:52:00.000-08:00

Took a few searches to find this one, but, while converting my database from the build in VS server to using IIS my connection string was failing on attempting to connect to the database, with an error message of:

Cannot open database "[databasename]" requested by the login. The login failed.
Login failed for user 'IIS APPPOOL\[the site's apppool name]'.

Long story short, in IIS 7.5 the AppPool is given serveral different identities: Local Service, Local System, Network Service and ApplicationPoolIdentity (the default). You can find this in

IIS Manager : Application Pools : Right click on the app pool for your site : Advanced Settings : Process Model : Identity : Select from the ... button

In my case, network service has permissions to hit the database but the new ApplicationPoolIdentity did not. Either change the App pool identity or give ApplicationPoolIdentity permissions.

Problem solved.

Facebook OAuth and MVC

2011-01-06T13:58:00.000-08:00

Website registration bugs me. Every time I touch it I feel like I'm reinventing something. Although there are some nice account management providers that come with default projects (I'm using MVC 3 for the examples below), there are no default providers for OpenId and now, more importantly, Facebook OAuth.

You can read all about the many <a href="http://www.codinghorror.com/blog/2010/11/your-internet-drivers-license.html">discussions</a> on the topic, but I'm convinced. Sort of. Here is the problem I have. I just don't trust anyone. I don't trust them to be always available, I don't trust them to not monkey around with their authorization schemes, or to simply stop offering them, or to change what data you can associate with a user logged in under their authorization code.

So what I have done, usually, is to allow users to log on either by creating a local account which I maintain, or login through OpenId or Facebook but then creating an associated local account. Should Facebook go down, or become untenable forwhatever reason, for example, I still have a local user account that I could verify by various means and then open back up as a purely local account.

So, when a user logs in from FB, for example, I create a local username (and autogenerate a password), save all the personalization data I'm allowed, and associate all local content with my local user. I'm just authenticating via FB.

In my case, I dont' want to rewrite much at all, don't want to mess with the database structure you get from aspnet_regsql (though this db feels crusty and in need of updating).

So I have a couple of issues:
a) username: When registering locally the user can create their own username. With OpenId it can come back with a usernam that is all over the map (email address, etc.) and FB gives you a numerical Id. So, at a minium I need a 'display name' of some kind so I don't have to use the username to know them. This requires some additional fields but not too onerous.

Also, I need to avoid username duplication, and I want some sense of where the username is being generated. So in my case, currently I'm just appending fb_ to facebook accounts, oid_ to OpenId accounts, and excluding those as options for locally created usernames.

You could do some of this using some of the Facebook C# SDKs out there. But, at least on my examination the ones I looked at didn't do the specific login scenario I'm looking for. So, I rolled my own. I might still use them for the rest of mu interaction with Facebook.

So here, is my code. I'm sure I'll update this further:

First, in my Web.config file I add three app settings:

<add key="FacebookAppId" value="[YOUR FACEBOOK APP ID]" />
<add key="ValidateOAuthAgainstLocalStore" value="[TRUE / FALSE" />
<add key="FacebookNewAccountFormatString" value="fb__{0}" />

If you want to validate the user against your local database (as I do), then make ValidateOAuthAgainstLocalStore value="true", otherwise "false" will allow you to make them an authenticated user. The FacebookNewAccountFormatString appends fb_ to the new local user account created.

Here is the _LogOnFacebookPartial.cshtml code:

@using System.Configuration;
<div id="fb-root"></div>

@* To Make FB Synchronous use this code...
        <script src="http://connect.facebook.net/en_US/all.js"></script>
        <script> 
        FB.init({appId: @ConfigurationManager.AppSettings["FacebookAppId"], cookie: true,status: true, xfbml: true});
        FB.Event.subscribe('auth.sessionChange', function (response) {if (response.session) {login();} else {logout();}});
        FB.api('/me', function (user) {if (user != null && user.id != null) {var image = document.getElementById('image');if (image != null) {image.src = 'http://graph.facebook.com/' + user.id + '/picture';var name = document.getElementById('name');name.innerHTML = user.name}}});
...*@

@* Aysnc FB code is from here..._____________________________________________________________________________________ *@ 
<script>
    window.fbAsyncInit = function() {
        FB.init({
            appId: @ConfigurationManager.AppSettings["FacebookAppId"], cookie: true,
            status: true, xfbml: true
        });
        FB.Event.subscribe('auth.sessionChange', function (response) {
            if (response.session) {
                login();
            } else {
                logout();
            }

        });
        FB.api('/me', function (user) {
            if (user != null && user.id != null) {
                var image = document.getElementById('image');
                if (image != null) {
                    image.src = 'http://graph.facebook.com/' + user.id + '/picture';
                    var name = document.getElementById('name');
                    name.innerHTML = user.name
                }
            }
        });
    };
    (function() {
        var e = document.createElement('script'); e.async = true;
        e.src = document.location.protocol +
        '//connect.facebook.net/en_US/all.js';
        document.getElementById('fb-root').appendChild(e);
    }());
   @* ...to here___________________________________________________________________________________________________ *@
    
    function login() {
        var url = "/account/facebooklogon";
        $.post(url, null, function (data) {
            window.location = window.location.href.toString();
        });
    }

    function logout() {
        var url = "/account/logoff";
        $.post(url, null, function (data) {
            window.location = window.location.href.toString();
        });
    }
        
</script>

@if (Request.IsAuthenticated) {
    <text>
    <div align="center">
        <img id="image" />
        <div id="name"></div>
    </div>
    <fb:login-button autologoutlink="true" size="small">Log Out</fb:login-button></text>
}
else {
    <text><fb:login-button size="small" autologoutlink="true">Login</fb:login-button></text>
}

I add one method to the AccountController:

// **************************************
        // URL: /account/facbooklogon
        // **************************************

        public ActionResult FacebookLogOn() {
            MembershipService = new FacebookMembershipService();
            var fbms = MembershipService as FacebookMembershipService;
            if (MembershipService.ValidateOpenAuthUser(bool.Parse(ConfigurationManager.AppSettings["ValidateOpenAuthAgainstLocalStore"]))) {
                FormsService.SignIn(fbms.UserName, true);
                return new EmptyResult();
            }
            MembershipService.CreateUser(fbms.UserName, fbms.NewPassword, fbms.Email);
            return new EmptyResult();
        }

I add some RandomPassword creation code (I'll attach something below, but you can create your own or use their username or whatever, as long as you block their ability to login locally — i.e. w/o first authenticating via Facebook — using their Facebook Id).

I add the following dataannotation to the AccountModel class (that comes with the default MVC 3 (and other) projects:

[RegularExpression(@"^(?!fb__).+", ErrorMessage = "Sorry! You cannot start the user name with 'fb__'.")]

The partial view has my Facebook login code (I use async code but you can use sync code which I've included). I reference the webconfig AppSetting with my Facebook AppId. After login or logout it gets the user data from the cookie Facebook sends down, authenticates it, and authenticates/creates a local account if ValidateOAuthAgainstLocalStore value="true".

I add one method to the AccountModel interface IMembershipService. You could get by without this change, but then you would have to do some additional monkey business in the Controller to get the method, which I wanted to avoid... and I'm not worried about breaking any legacy code.

bool ValidateOAuthUser(bool validateAgainstLocalStore);

I add a not implemented method to AccountMembershipService:

public bool ValidateOAuthUser(bool validateAgainstLocalStore) {
            throw new NotImplementedException();
        }

and I create a local FacebookUser class (don't use this much, so could actually get by without it, but I'm including it below for completeness, and I create a new FacebookMembershipService that inherits from IMembershipService. This is responsible for extracting the data from the cookie and then getting user info from Facebook and doing the local account authentication and creation. The full AccountModel code is below:

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.ComponentModel.DataAnnotations;
using System.Configuration;
using System.Globalization;
using System.IO;
using System.Linq;
using System.Net;
using System.Web;
using System.Web.Mvc;
using System.Web.Script.Serialization;
using System.Web.Security;

namespace FloatingFactory.AccountManagement.Models {

    #region Models

    public class ChangePasswordModel {
        [Required]
        [DataType(DataType.Password)]
        [Display(Name = "Current password")]
        public string OldPassword { get; set; }

        [Required]
        [ValidatePasswordLength]
        [DataType(DataType.Password)]
        [Display(Name = "New password")]
        public string NewPassword { get; set; }

        [DataType(DataType.Password)]
        [Display(Name = "Confirm new password")]
        [Compare("NewPassword", ErrorMessage = "The new password and confirmation password do not match.")]
        public string ConfirmPassword { get; set; }
    }

    public class LogOnModel {
        [Required]
        [Display(Name = "User name")]
        public string UserName { get; set; }

        [Required]
        [DataType(DataType.Password)]
        [Display(Name = "Password")]
        public string Password { get; set; }

        [Display(Name = "Remember me?")]
        public bool RememberMe { get; set; }
    }

    public class RegisterModel {
        [Required]
        [Display(Name = "User name")]
        [RegularExpression(@"^(?!fb__).+", ErrorMessage = "Sorry! You cannot start the user name with 'fb__'.")]
        public string UserName { get; set; }

        [Required]
        [DataType(DataType.EmailAddress)]
        [Display(Name = "Email address")]
        public string Email { get; set; }

        [Required]
        [ValidatePasswordLength]
        [DataType(DataType.Password)]
        [Display(Name = "Password")]
        public string Password { get; set; }

        [DataType(DataType.Password)]
        [Display(Name = "Confirm password")]
        [Compare("Password", ErrorMessage = "The password and confirmation password do not match.")]
        public string ConfirmPassword { get; set; }
    }

    public class FacebookUser {
        public string id { get; set; }
        public string name { get; set; }
        public string first_name { get; set; }
        public string last_name { get; set; }
        public string birthday { get; set; }
        public string email { get; set; }
        public string gender { get; set; }
        public string link { get; set; }
    }
    #endregion

    #region Services
    // The FormsAuthentication type is sealed and contains static members, so it is difficult to
    // unit test code that calls its members. The interface and helper class below demonstrate
    // how to create an abstract wrapper around such a type in order to make the AccountController
    // code unit testable.

    public enum LogonTypeIs {
        Facebook,
        OpenId
    }

    public interface IMembershipService {
        int MinPasswordLength { get; }

        bool ValidateOAuthUser(bool validateAgainstLocalStore);
        bool ValidateUser(string userName, string password);
        MembershipCreateStatus CreateUser(string userName, string password, string email);
        bool ChangePassword(string userName, string oldPassword, string newPassword);
    }

    public class AccountMembershipService : IMembershipService {
        private readonly MembershipProvider _provider;

        public AccountMembershipService()
            : this(null) {
        }

        public AccountMembershipService(MembershipProvider provider) {
            _provider = provider ?? Membership.Provider;
        }

        public int MinPasswordLength {
            get {
                return _provider.MinRequiredPasswordLength;
            }
        }

        public bool ValidateOAuthUser(bool validateAgainstLocalStore) {
            throw new NotImplementedException();
        }

        public bool ValidateUser(string userName, string password) {
            if (String.IsNullOrEmpty(userName)) throw new ArgumentException("Value cannot be null or empty.", "userName");
            if (String.IsNullOrEmpty(password)) throw new ArgumentException("Value cannot be null or empty.", "password");

            return _provider.ValidateUser(userName, password);
        }

        public MembershipCreateStatus CreateUser(string userName, string password, string email) {
            if (String.IsNullOrEmpty(userName)) throw new ArgumentException("Value cannot be null or empty.", "userName");
            if (String.IsNullOrEmpty(password)) throw new ArgumentException("Value cannot be null or empty.", "password");
            if (String.IsNullOrEmpty(email)) throw new ArgumentException("Value cannot be null or empty.", "email");

            MembershipCreateStatus status;
            _provider.CreateUser(userName, password, email, null, null, true, null, out status);
            return status;
        }

        public bool ChangePassword(string userName, string oldPassword, string newPassword) {
            if (String.IsNullOrEmpty(userName)) throw new ArgumentException("Value cannot be null or empty.", "userName");
            if (String.IsNullOrEmpty(oldPassword)) throw new ArgumentException("Value cannot be null or empty.", "oldPassword");
            if (String.IsNullOrEmpty(newPassword)) throw new ArgumentException("Value cannot be null or empty.", "newPassword");

            // The underlying ChangePassword() will throw an exception rather
            // than return false in certain failure scenarios.
            try {
                var currentUser = _provider.GetUser(userName, true /* userIsOnline */);
                return currentUser.ChangePassword(oldPassword, newPassword);
            }
            catch (ArgumentException) {
                return false;
            }
            catch (MembershipPasswordException) {
                return false;
            }
        }
    }

    public class FacebookMembershipService : IMembershipService {

        private readonly MembershipProvider _provider;

        private const string LogonRequestUrl = "https://graph.facebook.com/me?access_token={0}";
        private FacebookUser FbUser { get; set; }
        public string UserName { get { return FbUser.id; } }
        public string Email { get { return FbUser.email; } }
        public string NewPassword { get { return RandomPassword.Generate(MinPasswordLength, 9); } }
        public string NewAnswer { get { return RandomPassword.Generate(MinPasswordLength, 9); } }

        public FacebookMembershipService() {
            _provider = Membership.Provider;
        }

        private static FacebookUser GetFacebookUserFromCookie() {
            var context = HttpContext.Current;
            var cookieName = String.Format("fbs_{0}", ConfigurationManager.AppSettings["FacebookAppId"]);
            var cook = context.Request.Cookies[cookieName];
            if (cook == null) throw new Exception("No cookie!");

            var accessToken = cook["\"access_token"];
            context.Session.Add("facebook_access_token", accessToken);
            context.Session.Add("hasfacebooksession", true);

            var requestUrl = String.Format(LogonRequestUrl, accessToken);
            var webRequest = WebRequest.Create(requestUrl);

            FacebookUser user = null;
            using (var response = (HttpWebResponse)webRequest.GetResponse()) {
                if (response != null) {
                    using (var dataStream = response.GetResponseStream()) {
                        if (dataStream != null) {
                            using (var reader = new StreamReader(dataStream)) {
                                var jsonFromFacebook = reader.ReadToEnd();
                                var ser = new JavaScriptSerializer();
                                user = ser.Deserialize<FacebookUser>(jsonFromFacebook);
                            }
                        }
                    }
                }
            }
            return user;
        }

        public bool ValidateOpenAuthUser(bool validateAgainstLocalStore) {
            FbUser = GetFacebookUserFromCookie();
            if (validateAgainstLocalStore) {
                if (FbUser == null || String.IsNullOrWhiteSpace(FbUser.id)) throw new Exception("Value cannot be null or empty.");
                var user = _provider.GetUser(FbUser.id, true);
                return user != null;
            }
            return FbUser != null && !String.IsNullOrWhiteSpace(FbUser.id);

        }


        public MembershipCreateStatus CreateUser(string userName, string password, string email) {
            MembershipCreateStatus status;
            _provider.CreateUser(userName, password, email, null, null, true, null, out status);
            return status;
        }

        public bool ValidateUser(string userName, string password) {
            throw new NotImplementedException();
        }

        public int MinPasswordLength {
            get {
                return _provider.MinRequiredPasswordLength;
            }
        }

        public bool ChangePassword(string userName, string oldPassword, string newPassword) {
            throw new NotImplementedException();
        }
    }

    public interface IFormsAuthenticationService {
        void SignIn(string userName, bool createPersistentCookie);
        void SignOut();
    }

    public class FormsAuthenticationService : IFormsAuthenticationService {
        public void SignIn(string userName, bool createPersistentCookie) {
            if (String.IsNullOrEmpty(userName)) throw new ArgumentException("Value cannot be null or empty.", "userName");

            FormsAuthentication.SetAuthCookie(userName, createPersistentCookie);
        }

        public void SignOut() {
            FormsAuthentication.SignOut();
        }
    }
    #endregion

    #region Validation
    public static class AccountValidation {
        public static string ErrorCodeToString(MembershipCreateStatus createStatus) {
            // See http://go.microsoft.com/fwlink/?LinkID=177550 for
            // a full list of status codes.
            switch (createStatus) {
                case MembershipCreateStatus.DuplicateUserName:
                    return "Username already exists. Please enter a different user name.";

                case MembershipCreateStatus.DuplicateEmail:
                    return "A username for that e-mail address already exists. Please enter a different e-mail address.";

                case MembershipCreateStatus.InvalidPassword:
                    return "The password provided is invalid. Please enter a valid password value.";

                case MembershipCreateStatus.InvalidEmail:
                    return "The e-mail address provided is invalid. Please check the value and try again.";

                case MembershipCreateStatus.InvalidAnswer:
                    return "The password retrieval answer provided is invalid. Please check the value and try again.";

                case MembershipCreateStatus.InvalidQuestion:
                    return "The password retrieval question provided is invalid. Please check the value and try again.";

                case MembershipCreateStatus.InvalidUserName:
                    return "The user name provided is invalid. Please check the value and try again.";

                case MembershipCreateStatus.ProviderError:
                    return "The authentication provider returned an error. Please verify your entry and try again. If the problem persists, please contact your system administrator.";

                case MembershipCreateStatus.UserRejected:
                    return "The user creation request has been canceled. Please verify your entry and try again. If the problem persists, please contact your system administrator.";

                default:
                    return "An unknown error occurred. Please verify your entry and try again. If the problem persists, please contact your system administrator.";
            }
        }
    }

    [AttributeUsage(AttributeTargets.Field | AttributeTargets.Property, AllowMultiple = false, Inherited = true)]
    public sealed class ValidatePasswordLengthAttribute : ValidationAttribute, IClientValidatable {
        private const string _defaultErrorMessage = "'{0}' must be at least {1} characters long.";
        private readonly int _minCharacters = Membership.Provider.MinRequiredPasswordLength;

        public ValidatePasswordLengthAttribute()
            : base(_defaultErrorMessage) {
        }

        public override string FormatErrorMessage(string name) {
            return String.Format(CultureInfo.CurrentCulture, ErrorMessageString,
                name, _minCharacters);
        }

        public override bool IsValid(object value) {
            string valueAsString = value as string;
            return (valueAsString != null && valueAsString.Length >= _minCharacters);
        }

        public IEnumerable<ModelClientValidationRule> GetClientValidationRules(ModelMetadata metadata, ControllerContext context) {
            return new[]{
                new ModelClientValidationStringLengthRule(FormatErrorMessage(metadata.GetDisplayName()), _minCharacters, int.MaxValue)
            };
        }
    }
    #endregion

}

And here is a random password generator from Obviex:

///////////////////////////////////////////////////////////////////////////////
    // SAMPLE: Generates random password, which complies with the strong password
    //         rules and does not contain ambiguous characters.
    //
    // To run this sample, create a new Visual C# project using the Console
    // Application template and replace the contents of the Class1.cs file with
    // the code below.
    //
    // THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
    // EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED
    // WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
    // 
    // Copyright (C) 2004 Obviex(TM). All rights reserved.
    // 


    /// <summary>
    /// This class can generate random passwords, which do not include ambiguous 
    /// characters, such as I, l, and 1. The generated password will be made of
    /// 7-bit ASCII symbols. Every four characters will include one lower case
    /// character, one upper case character, one number, and one special symbol
    /// (such as '%') in a random order. The password will always start with an
    /// alpha-numeric character; it will not start with a special symbol (we do
    /// this because some back-end systems do not like certain special
    /// characters in the first position).
    /// </summary>
    public class RandomPassword {
        // Define default min and max password lengths.
        private const int DefaultMinPasswordLength = 8;
        private const int DefaultMaxPasswordLength = 10;

        // Define supported password characters divided into groups.
        // You can add (or remove) characters to (from) these groups.
        private const string PasswordCharsLcase = "abcdefgijkmnopqrstwxyz";
        private const string PasswordCharsUcase = "ABCDEFGHJKLMNPQRSTWXYZ";
        private const string PasswordCharsNumeric = "23456789";
        private const string PasswordCharsSpecial = "*$-+?_&=!%{}/";

        /// <summary>
        /// Generates a random password.
        /// </summary>
        /// <returns>
        /// Randomly generated password.
        /// </returns>
        /// <remarks>
        /// The length of the generated password will be determined at
        /// random. It will be no shorter than the minimum default and
        /// no longer than maximum default.
        /// </remarks>
        public static string Generate() {
            return Generate(DefaultMinPasswordLength,
                            DefaultMaxPasswordLength);
        }

        /// <summary>
        /// Generates a random password of the exact length.
        /// </summary>
        /// <param name="length">
        /// Exact password length.
        /// </param>
        /// <returns>
        /// Randomly generated password.
        /// </returns>
        public static string Generate(int length) {
            return Generate(length, length);
        }

        /// <summary>
        /// Generates a random password.
        /// </summary>
        /// <param name="minLength">
        /// Minimum password length.
        /// </param>
        /// <param name="maxLength">
        /// Maximum password length.
        /// </param>
        /// <returns>
        /// Randomly generated password.
        /// </returns>
        /// <remarks>
        /// The length of the generated password will be determined at
        /// random and it will fall with the range determined by the
        /// function parameters.
        /// </remarks>
        public static string Generate(int minLength,
                                      int maxLength) {
            // Make sure that input parameters are valid.
            if (minLength <= 0 || maxLength <= 0 || minLength > maxLength)
                return null;

            // Create a local array containing supported password characters
            // grouped by types. You can remove character groups from this
            // array, but doing so will weaken the password strength.
            var charGroups = new[] 
        {
            PasswordCharsLcase.ToCharArray(),
            PasswordCharsUcase.ToCharArray(),
            PasswordCharsNumeric.ToCharArray(),
            PasswordCharsSpecial.ToCharArray()
        };

            // Use this array to track the number of unused characters in each
            // character group.
            int[] charsLeftInGroup = new int[charGroups.Length];

            // Initially, all characters in each group are not used.
            for (int i = 0; i < charsLeftInGroup.Length; i++)
                charsLeftInGroup[i] = charGroups[i].Length;

            // Use this array to track (iterate through) unused character groups.
            int[] leftGroupsOrder = new int[charGroups.Length];

            // Initially, all character groups are not used.
            for (int i = 0; i < leftGroupsOrder.Length; i++)
                leftGroupsOrder[i] = i;

            // Because we cannot use the default randomizer, which is based on the
            // current time (it will produce the same "random" number within a
            // second), we will use a random number generator to seed the
            // randomizer.

            // Use a 4-byte array to fill it with random bytes and convert it then
            // to an integer value.
            var randomBytes = new byte[4];

            // Generate 4 random bytes.
            var rng = new RNGCryptoServiceProvider();
            rng.GetBytes(randomBytes);

            // Convert 4 bytes into a 32-bit integer value.
            var seed = (randomBytes[0] & 0x7f) << 24 |
                        randomBytes[1] << 16 |
                        randomBytes[2] << 8 |
                        randomBytes[3];

            // Now, this is real randomization.
            var random = new Random(seed);

            // This array will hold password characters.
            char[] password;

            // Allocate appropriate memory for the password.
            password = minLength < maxLength
                ? new char[random.Next(minLength, maxLength + 1)]
                : new char[minLength];

            // Index of the next character to be added to password.
            int nextCharIdx;

            // Index of the next character group to be processed.
            int nextGroupIdx;

            // Index which will be used to track not processed character groups.
            int nextLeftGroupsOrderIdx;

            // Index of the last non-processed character in a group.
            int lastCharIdx;

            // Index of the last non-processed group.
            var lastLeftGroupsOrderIdx = leftGroupsOrder.Length - 1;

            // Generate password characters one at a time.
            for (var i = 0; i < password.Length; i++) {
                // If only one character group remained unprocessed, process it;
                // otherwise, pick a random character group from the unprocessed
                // group list. To allow a special character to appear in the
                // first position, increment the second parameter of the Next
                // function call by one, i.e. lastLeftGroupsOrderIdx + 1.
                if (lastLeftGroupsOrderIdx == 0)
                    nextLeftGroupsOrderIdx = 0;
                else
                    nextLeftGroupsOrderIdx = random.Next(0,
                                                         lastLeftGroupsOrderIdx);

                // Get the actual index of the character group, from which we will
                // pick the next character.
                nextGroupIdx = leftGroupsOrder[nextLeftGroupsOrderIdx];

                // Get the index of the last unprocessed characters in this group.
                lastCharIdx = charsLeftInGroup[nextGroupIdx] - 1;

                // If only one unprocessed character is left, pick it; otherwise,
                // get a random character from the unused character list.
                nextCharIdx = lastCharIdx == 0
                    ? 0
                    : random.Next(0, lastCharIdx + 1);

                // Add this character to the password.
                password[i] = charGroups[nextGroupIdx][nextCharIdx];

                // If we processed the last character in this group, start over.
                if (lastCharIdx == 0)
                    charsLeftInGroup[nextGroupIdx] =
                                              charGroups[nextGroupIdx].Length;
                // There are more unprocessed characters left.
                else {
                    // Swap processed character with the last unprocessed character
                    // so that we don't pick it until we process all characters in
                    // this group.
                    if (lastCharIdx != nextCharIdx) {
                        var temp = charGroups[nextGroupIdx][lastCharIdx];
                        charGroups[nextGroupIdx][lastCharIdx] =
                                    charGroups[nextGroupIdx][nextCharIdx];
                        charGroups[nextGroupIdx][nextCharIdx] = temp;
                    }
                    // Decrement the number of unprocessed characters in
                    // this group.
                    charsLeftInGroup[nextGroupIdx]--;
                }

                // If we processed the last group, start all over.
                if (lastLeftGroupsOrderIdx == 0)
                    lastLeftGroupsOrderIdx = leftGroupsOrder.Length - 1;
                // There are more unprocessed groups left.
                else {
                    // Swap processed group with the last unprocessed group
                    // so that we don't pick it until we process all groups.
                    if (lastLeftGroupsOrderIdx != nextLeftGroupsOrderIdx) {
                        var temp = leftGroupsOrder[lastLeftGroupsOrderIdx];
                        leftGroupsOrder[lastLeftGroupsOrderIdx] =
                                    leftGroupsOrder[nextLeftGroupsOrderIdx];
                        leftGroupsOrder[nextLeftGroupsOrderIdx] = temp;
                    }
                    // Decrement the number of unprocessed groups.
                    lastLeftGroupsOrderIdx--;
                }
            }

            // Convert password characters into a string and return the result.
            return new string(password);
        }
    }
}

SlightWords, my windows phone 7 app on track to hit one million download...

2010-12-17T16:11:00.000-08:00

...sometime around the year 2260.

Oh, I'm sorry. Was that a misleading headline? Sure it seems like a long time from now — if you are a Monarch Butterfly or a human. But I'm in this for the long haul. By the time the Sun becomes a red giant and swallows the earth I will have hit something like 40 billion downloads, at the current rate. And I'll take that to the bank, thank you very much.

Windows Phone 7

2010-10-01T15:02:00.000-07:00

Windows Phone 7 is launching soon. And I've built an app. But I don't have a phone. But if I stick this ad on my site, apparently they might, if I'm lucky, give me one. So here it is.

Studying study habits

2010-09-08T17:31:00.000-07:00

The New York Times, reports on new findings on study habits. This seems to repeat and support the research of Piotr Wozniak's reported in Wired a couple years ago. Spaced repetition seems to be the key. Learn it. Learn it again a short time later. Then keep stretching out the periods between relearning the same thing.

Why parents hate parenting and other failures to understand human nature

2010-07-06T12:20:00.000-07:00

A recent article in New York magazine on parenting, All Joy and No Fun spends a lot of time on the research about how parenting is not particularly fun. The transition of children of modern from an economic asset to an accessory "Economically worthless but emotionally priceless,” says one Princeton Sociologist. “They’re a huge source of joy, but they turn every other source of joy to shit,” says some psychologist.

“There’s all this buildup—as soon as I get this done, I’m going to have a baby, and it’s going to be a great reward!” says Ada Calhoun, the author of Instinctive Parenting and founding editor-in-chief of Babble, the online parenting site. “And then you’re like, ‘Wait, this is my reward? This nineteen-year grind?

Later they discuss how happiness (pleasure) and reward are not the same, and spend time separating the two. In these scenarios parenting and having kids comes out looking better. Women with kids are less depressed. People who don't have kids often regret it.

In the quadrant of things people found both pleasurable and rewarding, people chose volunteering first, prayer second, and time with children third (though time with children barely made it into the “pleasurable” category).

Self reporting is always suspicious to me, what people say versus what they do is often far more revealing about what people actually value. More importantly, this academic drive to reduce every emotion to "happiness" — really let's just call it "utility", as the reductio ad absurdum of all human drives by economists, those other social 'scientists', prefer — is silly. The 'self' has a complex set of overlapping drives and agendas. It changes over time and by situation. Attempting to reduce all those agencies into a single overarching value of happiness misrepresents what we are.

But, have no fear. If the desire to have children fades for some, only those for whom the desire remains strong will procreate and eventually all will be right with the world. And if it fades away for all, then our species will fade as well, and once again, all will be right with the world.

Our new social gaming site, gameinsects.com, because we're so social

2010-07-02T21:46:00.000-07:00

Yes. we are a veritable socialite, everybody's friend, life of the party kind of person. And so, we have built, along with an excellent designer and our esteemed nose to the grindstone, foot to the fire boss in all but name, a new site. Still in beta, still rough around the edges, not quite right on all browsers / versions, not quite ready for prime time, spit when you say its name, but we are pretty happy with the progress.

You can find gameinsects here. It is — whatever it is, not really quite sure yet — going to be big. Or not. Probably not, But we think it looks good anyway. But not too good. Please no lightning. Or negative comments. It's just a baby.

The Gulf Oil Spill...

2010-05-29T21:30:00.000-07:00

This Wouldn't Be Happening If Obama Were President!

Pajama factchecker brigade 1, silly journalists 0

2010-05-22T21:17:00.000-07:00

This WaPo article by Michael Birnbaum about the supposed conservative white wash of history being pushed on Texas schools was pretty devastatingly taken down by Ann Althouse and others. One more point for the pajama brigade.

There may well be some disagreeable stuff in the education curriculum that was approved in Texas, but Birnbaum certainly didn't make the case. Instead he furthered a different view, something about liberal media bias, blah, blah, blah.

I wonder sometimes how many journalists have yet to discover this thing called the Internet. They should look it up on LexisNexis. They may find some citations on the subject and perhaps read articles on microfiche.

CKEditor and MVC

2010-05-13T13:14:00.000-07:00

OK. This is a little niche, but in the off-chance someone has the same problem (and the post shows up anywhere in the search results) I thought I would post this.

Using MVC and CKEditor (I had the same problem with FckEditor) I was having trouble posting the results of an editor template using the CKEditor HTML textarea box when using client side jquery validation. This post suggested someone having the same problem, but using PHP and the solution I am using is from a poster Gaby.

Specifically, I am using an editor template to replace a string property decorated with [DataType(DataType.MultilineText)] and [Required]. The CkEditor nicely replaces the text area with the html editor, as expected, but when I submit, the client side library would not recognize that any text had been entered in the html/textarea and would throw an error.

Remove the <% Html.EnableClientValidation(); %> tag and it submits as expected.

The solution was to add a little javascript tag to force the CkEditor instance to update on submit. I also needed to do this without naming the instance, as the Id is set by whatever is passed into the editor template. I also included a loop over CkEditor instance, even though I only have one here I might have an editor template that has multiple in the future, so I left it in.

The full editor template code is below.

<%@ Control Language="C#" Inherits="System.Web.Mvc.ViewUserControl<string>" %>
<script src="<%= Url.Content("~/content/ckeditor/ckeditor.js") %>" type="text/javascript" ></script>

<div class="editor-label">
<%: Html.LabelFor(model => model) %>
     </div>
<div class="editor-field">
     <%: Html.TextAreaFor(model => model, new { @class = "ckeditor" })%>
     <%: Html.ValidationMessageFor(model => model)%>
</div>
<script type="text/javascript">
     $(document).ready(function () {
          $(this).parents('form:first').submit(function () {
               for (instance in CKEDITOR.instances) {
                    CKEDITOR.instances[instance].updateElement();
               }
          });
     });
</script>

Pelicans eat baby chicks - more for the ain't life grand file

2010-04-08T22:06:00.000-07:00

We were watching an episode on Birds from the excellent BBC / Discovery channel nature series Life. We were particularly impressed as we watched great white pelicans wade into a nursery of unprotected gannett chicks and swallow them live. One after another.

We've always thought Pelicans sort of cuddly and fun. Not so much any more.

We couldn't find a video of the bird massacre, but we found it about as disturbing as this clip of hornets slaughtering a bee colony, and then eating their babies. I guess the lesson here, no surprise really, is that babies are yummy.

The Kindle is better than the iPad as a book reader

2010-04-05T20:58:00.000-07:00

I briefly toyed with the idea of getting an iPad. I may yet get one, though not until the next generation comes, out, one with working USB and a camera. But all I had to do was hold it in my hand to know it wouldn't replace the Kindle as a book reader. The iPad may be superior in every other way, but the weight alone is a deal killer. I returned the Kindle DX because it was too heavy to hold comfortably in one hand while reading. The Kindle is heavier and even more awkward than the DX.

I also, prefer the non-back lit screen as I find it easier on the eyes. And, even with the iPad's extensive battery life, the Kindle still wins that fight as well. Magazines, web reading and all other reading is, unsurprisingly, better on the iPad. But, when it comes to reading books I find the Kindle to be the superior device. Book reading is a relatively specialized activity; one in which I neither want, nor appreciate, having endless other options available and intruding (probably one reason why I don't read so many books these days).

White, college-educated, upper-income, viral incubators

2010-03-24T10:27:00.000-07:00

A recent measles outbreak in San Diego started with an intentionally unvaccinated child, who contracted the disease in Switzerland, brought it home to his school where 11% of the children were also unvaccinated.

After 839 people exposed, 11 additional children with measles, three babies hospitalized with 106 degree fevers and a few hundred thousand dollars in expenses all is contained.

According to a University of Michigan study, parents who "under-vaccinate" tend to be college-educated whites with middle to upper incomes. They tend to believe that autism is linked to vaccines, and that a healthy green lifestyle will protect them.

"There are several reasons why parents are choosing not to vaccinate," said study co-author Albert Barskey, a CDC epidemiologist. "Some are afraid of adverse events, and a lot of these fears are unfounded. Others feel that if their child does get sick, the current health-care system can take care of any unfortunate events, and some just don't see measles as a risk. They don't think it's in this country any more and don't think of traveling to Europe as a place where they might contract measles."

Even if you live your life at one with the Earth, Mother Nature still doesn't love you.

Google voice needs elocution lessons

2010-03-01T11:13:00.000-08:00

I like Google Voice well enough. I like being able to get access to my voicemail from the web. But their voice recognition is ungood. Given my experience with voice dialing from android I would be surprised if it was otherwise.

Sometime when I read their transcription of a voice message it is enough for me to get a sense of what is going on. Almost never is it good enough to allow me not to listen to the message. Most times it is comically unreadable.

"Hey, yeah this is the comp and I just leave a message here. Yeah I have. V. C. A. V. Chris You have to go 5 that does our X the daddy and you're looking for the Front Page. You, yeah so i just want to see if they have 2 different tight one get. I have sent the one doesn't have a sense it and then one that have boy who. 8. Now is the one bed without sincere right now and if you want. Please give me a call. My number is [number came in fine... ag] I can check check it out. Let's see the one that you've got business sense or not. My number is [number came in fine... ag] My name is Millie, thank you bye. "

I have no idea who this is, or what it is about.

UPDATE: As it turns out this was a guy, whose name wasn't Millie, calling about an apointment to replace a cracked windshield. Obvious, really. When you read closely. We apologize for our criticism. Thanks Goog!

Droid says what?

2010-03-01T11:02:00.000-08:00

I generally like my android phone and OS but the voice recognition is ungood. I'm just trying to use it for voice activated dialing. Recognizes the name one time out of ten, and splits the other 9 between no name and some other random name or other application. Just terrible.

Facebook Developer Toolkit, MVC and an Incorrect Signature Error

2010-02-14T18:17:00.000-08:00

Attempting to do the simplest login to Facebook (groovy) and then grabbing some user data using the Facebook Developer Toolkit in preparation for creating a new user, I spent way too much time trying to resolve an 'Incorrect Signature' error from Facebook on every call. I finally figured out... well, maybe not why the code doesn't work for me, but at least a hack to get past the signature issue.

In my default configuration (an MVC website, not a desktop application), the FDT uses the session key in the MD5 hash computing the signature.

void SendRequestAsync(IDictionary parameterList, bool useSession, AsyncResult ar) {
OR
string SendRequestSynchronous(IDictionary parameterDictionary, bool useSession) {

...in both case useSession = true;

Force this to useSession = false and, voila, no incorrect signature error, and all is, momentarily, right with the world.

So, knowing what to look for I grabbed a bit of code from brianromanko here, and stuck that under both the sync and asyc methods above:

void SendRequestAsync(IDictionary parameterList, bool useSession, AsyncResult ar) {
var useSession = uid <= 0 || Session is DesktopSession;
...etc.

Why this is creating a DesktopSession, and how to stop it, I have not yet determined.

MVC 2.0 Simple Async Index Method Example

2010-02-13T22:27:00.000-08:00

I was playing around with the Async controller functionality in MVC 2.0. It took me awhile to understand it, and even longer to realize that most of my problems came from incorrectly naming methods (IndexAsycn and IndexComplete instead of IndexAsync and IndexCompleted.

There are various examples out there already, though not as many as I would think, but DucDigital put me on the right path. This Steve Sanderson post suggests that using the async pattern to deal with concurrent visits doesn't really make sense until you have a great deal of traffic, something most sites will never see. However, I don't think it addresses the much more common, and relevant to smaller sites, issue of multiple blocking synchronous calls in constructing a page (call Steve Sanderson's rss feed, reformat and replace his name with mine, call Scott Guthrie's rss feed, reformat and replace his name with mine, etc., output page. In this scenario the async framework (presumably, I'm too lazy to test at the moment) has a lot to offer.

In any case, here is a very quick implementation calling three rss feeds (not including the scraping and impersonating). This is done in MVC 2.0, using the Home controller only. Nothing changed in the global.cs or any place else. I make no claims as to the efficiency of this code. Only that it works on my machine (thanks Hanselman):

public class HomeController : AsyncController {

public void IndexAsync() {

   AsyncManager.OutstandingOperations.Increment(3);

   Func doFeedHander1 = GetFeedAsync;
   var feed1 = "http://community.bartdesmet.net/blogs/bart/rss.aspx";
   Func doFeedHander2 = GetFeedAsync;
   var feed2 = "http://feeds.feedburner.com/ScottHanselman";
   Func doFeedHander3 = GetFeedAsync;
   var feed3 = "http://feeds.codethinked.com/codethinked";

   doFeedHander1.BeginInvoke(feed1, ar => {
   var handler = (Func)ar.AsyncState;
   AsyncManager.Parameters["feed1"] = handler.EndInvoke(ar);
   AsyncManager.OutstandingOperations.Decrement();
   }, doFeedHander1);

   doFeedHander2.BeginInvoke(feed2, ar => {
   var handler = (Func)ar.AsyncState;
   AsyncManager.Parameters["feed2"] = handler.EndInvoke(ar);
   AsyncManager.OutstandingOperations.Decrement();
   }, doFeedHander2);

   doFeedHander3.BeginInvoke(feed3, ar => {
   var handler = (Func)ar.AsyncState;
   AsyncManager.Parameters["feed3"] = handler.EndInvoke(ar);
   AsyncManager.OutstandingOperations.Decrement();
   }, doFeedHander3);

   }

   public XElement GetFeedAsync(string feedUrl) {
   try {
   return XElement.Load(feedUrl);
   } catch (Exception ex) {
   return null;
   }

   }

   public ActionResult IndexCompleted(XElement feed1, XElement feed2, XElement feed3) {
   ViewData["feed1"] = feed1;
   ViewData["feed2"] = feed2;
   ViewData["feed3"] = feed3;
   return View("index");

   }
}

Where does the water go?

2010-01-26T13:34:00.000-08:00

Some stream of conciousness thoughts about water. Part of the Green's Movement's vast set of concerns is water. The US uses "too much", an average of 100-150 gallons a day. The developing world doesn't have enough. It takes 39,000 gallons of water to make a car. There are discussions about upcoming water wars where the presumed dominant commodity is water itself. The issues of water scarcity are water sanitation, water access and resource management.

One wonders whether the 'over-use' of water in the US impacts the rest of the world. Does that glass of water you don't drink at a restaraunt cause someone in Somalia to go without.? Or is it primarily a local problem?

From our limited understanding of chemistry, for the most part water is rarely consumed: a hydrogen bomb probably knocks a kilo or two out of existence and presumably some long lasting compounds bind water and take it out of circulation more or less permanently, but for the most part it used and recycled naturally. You drink you urinate, it evaporates and you drink it again.

So then, water being not destroyed, the issue becomes about contamination and allocation. Contamination by pollutants or simply by running out into the ocean and becoming salty. In the later case, the sun will cause it to evaporate again and, unless weather patterns keep rain off the land masses it will return. But there is still the speed with which the cycle occurs. If it is running off faster than it evaporates, you have problems. Contamination can also be addressed by evaporation, but timing again is an issue. And if the contamination is in the ground water than you need some other technical solution to address the problem.

But water can also end up bound in crops, livestock, and water logged Americans, when other humans need it just to survive. It begins to look like a money velocity problem. So in theory, you could try and keep the velocity of water high and keep it from getting horded in toilets, artificial vegas lakes, green lawns or whatever. A true liquidity crisis. If only the Fed could just run the presses.

Will slow parenting lead to slow children?

2010-01-03T16:17:00.000-08:00

Since the boomers became adults there has been a perceived trend towards their raising overscheduled, stressed out children. Classes, sports, lessons every hour of the day, no downtime, no time to just be kids. Even a decade ago every article and cultural reference presented this as a bad thing.

We are now seeing the rise of more formal reactionary movements, slow parenting etc. in an attempt to bring some "sanity" back to to children's lives. It is a seductive notion. And not just for WASPs and other "privileged" classes, but also for those in the process of assimilating. One can find articles, like this one counseling the american born/raised children of Asian immigrants on how to understand and deal with their overbearing parents. Parents, who, having been raised in poverty and worse, found that good grades were a chance to escape, sometimes literally from death. Philip Guo writes:

I'll never forget the story that a middle-aged Vietnamese man close to me told about his childhood. He said that he grew up being sort of a slacker and never taking school seriously. But when the Vietnam War started, the government drafted boys to be in the army. The only way to get out of the draft was to get high enough grades and test scores to be admitted into an elite high school (the government wanted to spare the smartest boys from war so that they could instead be groomed to be the scholars and leaders of the next generation). Since going to war was pretty much a death sentence, he and his youngest brother studied their asses off in school and for their standardized tests, and did well enough to be admitted to an elite high school. They had 4 other brothers who didn't do well enough --- all of them were sent to war and died. Many of his other friends who didn't do well enough on those exams also died in the war.

But I wonder if the golden age being extolled by the slow parenting movement parents and immigrants wanting a more "normal" american childhood for their kids, isn't an age that is dead and buried for us.

Childhood, certainly the teen version thereof, seems mostly a recent invention. Today's children in the United States lead lives nothing like those in aboriginal, agricultural or even early industrial civiliations. And children who grew up post-WWII — the boomers, most especially, but continuing through today, led lives of unprecedented privilege. No requirement to work. Usually one parent at home. School and education the only requirement.

But most importantly, being white and middle class plus was sufficient for automatic access to the good life. An aristocrat's birthright spread to an entire population. Not that there wasn't a recognition of various outcomes based on talent, luck, ambition, etc. But it seemed that there was a floor for anyone (white, middle class and American) who put out the minimum of effort.

And this is what the slow parenting movement looks back to. A time when kids could just be kids because you didn't have to worry about your children's future. It was guaranteed.

But perhaps it is the immigrant parents that have it right. If the American empire is finished, or fading, no one in this country's place is assured. Your kids are competing with the best from around the world. And those children's parents are not so concerned that they are overstressed or overscheduled. Education and the access it brings they continue to view as a matter of life and death or at least a decent life and an impoverished one.

I have a friend from a well-off WASP family. While his brothers' went to Harvard he choose a more artistic, 'self-actualized' life, with the indulgence of his parents. Now, with his own family to support he says he wishes his parents had kicked his ass into gear.

Maybe the choice is really between a fun slow parenting childhood today followed with a 3rd world factory job as an adult; or a stressful overscheduled childhood today but a chance to stay in the new global middle class as an adult. Not so seductive a notion but worth considering.

Surprise, surprise, life pollutes

2009-12-23T16:31:00.000-08:00

If you take the green movement on their slippery slope you can reject material comforts, you can get rid of your SUV, then your car, then downsize your house, stop flying, even stop purchasing anything not grown locally. You can essentially lead the constricted life of a midieval peasant.

But why stop there, you can continue on restricting yourself to two, then one, then zero children. Perhaps even get to hoping, or acting on, a desire to cull the human race of a few billion polluters. This will mostly annoy people but we can handle all that.

But, when you want to take my dog, you have crossed the line. So a dog pollutes more than an SUV. Man's best friend indeed.

We wonder whether result of the relentless and radical expansion of eco sins will be to hasten the movement's collapse into self-parody, or make less extreme hair shirts seem more acceptable — Sure I'll recycle, but I'm not going to kill my cat.

Scientists confirm global warming caused by scientists

2009-11-26T13:35:00.000-08:00

While it is sad that the climate scandal, has set back efforts to determine how much humans' may be contributing to global warming, it is nice that we have independent research from New Zealand that confirms scientists' contribution.

Let there be no more doubt or debate: climate scientists and researchers cause global warming.