# Scott Hanselman

## Hanselman's Newsletter of Wonderful Things: September 5th, 2014

I have a "whenever I get around to doing it" Newsletter of Wonderful Things. Why a newsletter? I dunno. It seems more personal somehow. Fight me.

You can view all the previous newsletters here. You can sign up here to the Newsletter of Wonderful Things or just wait and get them some weeks later on the blog, which hopefully you have subscribed to. If you're signed up via email, you'll get all the goodness FIRST. I also encourage you to subscribe to my blog. You can also have all my blog posts delivered via email if you like.

Scott Hanselman

(BTW, since you *love* email you can subscribe to my blog via email here: http://feeds.hanselman.com/ScottHanselman DO IT!)

P.P.S. You know you can forward this to your friends, right?

Sponsor: Big thanks to Octopus Deploy for sponsoring the feed this week. They are FANTASTIC. Truly, check it out, the NuGet team uses them. Using NuGet and powerful conventions, Octopus Deploy makes it easy to automate releases of ASP.NET applications and Windows Services. Say goodbye to remote desktop and start automating today!

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

Hosting By

## Automating the tedious parts of open source on Azure

October 6, '14 Comments [12] Posted in Azure | Open Source

Contributing to Open Source is a great way to get involved in community. Usually it's as simple as making your contribution, but when you start getting involved with larger projects at larger companies, legal gets involved. Projects need to have a "CLA" or Contributor License Agreement. For example, AngularJS has a form to fill out before sending a pull request. For individuals, it's a small form, but for companies, it's scanning, emailing, and/or faxing time.

As more and more of Azure goes open source with Azure SDK for .NET, PowerShell CmdLets, Mobile Services all on GitHub, as well as all the documentation available on GitHub as Markdown it needs to be easier to accept pull requests (PRs).

In fact, at the bottom of all the Azure Documentation is now a "Contribute to this article" where you can send PRs to help improve the docs or fix technical errors.

In order to make Contributing easier, the Azure folks made an Azure Pull Request Bot. It will automatically look at a PR, figure out if a contributor needs a CLA, setup the online form, even accept digital signatures and more! Even better, the way you start the bot's process is that you send a PR.

I'm going to submit a PR for Azure Documentation, specifically the article on Creating a Virtual Machine.

First, I'll fork the Azure Docs Repo from the GitHub site.

Next, I'll work on the article from my fork. I could do this locally, or on the GitHub site directly depending on the size of what I'm doing. The CLA only needs to be signed if you're changing more than about 15 lines.

The article on GitHub is here but I'll work on my fork here. It's Markdown, so I can either use an editor like MarkdownPad or edit online. I made a number of changes, some corrections, some additions to this article. Next I create a Pull Request.

After making the pull request - instantly - the GitHub PR gets a comment from the Azure Pull Request Bot!

And the PR gets a label showing the status of my PR as requiring a CLA.

I fill out a quick form...

In a couple of minutes a verified email shows up from Docusign.

I sign it, and I'm all set! The PR and CLA will get evaluated and merged. I'm hoping this process might be used by other teams at Microsoft as we continue to Open Source All The Things.

Sponsor: Big thanks to Octopus Deploy for sponsoring the feed this week. They are FANTASTIC. Truly, check it out, the NuGet team uses them. Using NuGet and powerful conventions, Octopus Deploy makes it easy to automate releases of ASP.NET applications and Windows Services. Say goodbye to remote desktop and start automating today!

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

Hosting By

## Can you trust your browser extensions? Exploring an ad-injecting chrome extension

October 3, '14 Comments [41] Posted in Musings

My perspective on JavaScript-based browser extensions has been far too naïve until this point. We were all burned by bad toolbars or evil ActiveX add-ons in the past, so when I run IE I run it with no add-ons enabled, or very few. However, with Google Chrome and it's sync feature, as well as its rich extension store, it's easy to add a bunch of add-ons and get them synced to other machines.

I wanted to download a YouTube video recently so I installed a "U-Tube Downloader" extension. It is highly rated, seemed legit, so I added it. It puts a nice Download button next to any YouTube video. Like greasemonkey script it was there when I needed and it, and out of sight otherwise.

I installed it and forgot about it. So, put a pin in that and read on...

Today I was on my own site and this happened. A video slid onto my page from the right side and started playing. I was gobsmacked. I know this site, I know its code. I know my advertisers. WTH. Where is this coming from?

It's the surfing video there in the lower right corner.

First I knee-jerk emailed my advertiser asking if they were injecting this, then I pulled back and started to Inspect Element.

Looks like there's a supporting iframe, along with an injected div. That div includes JS from "vidible.tv" and the ads are picked from "panoramatech." But that's not all.

There's references to literally a half-dozen other ad-networks and then this, something called RevJet.

Search around and here's the first description of what RevJet is.

Whoa, ok, it's an extension. But which one? Grep for "Rev" in this folder C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions and I my U-Tube one.

I particularly like the comment "nicest ad ever."

This extension also injects ads from "Yllix" when I'm on YouTube, and RevJet when elsewhere. Apparently if I set revjetoptout in my local storage, I can get around this. Very NOT intuitive. I saw no options for this extension exposing this.

Worse yet, every once in a while, Kim Kardashian shows up in my New Tab page. Again, there's no way for non-technical relative to figure this out. And it's pretty hard for technical me to figure it out. This is deceptive at best.

Ugh.

Yes, I realize someone put work into this extension, and yes, I realize it was free. However, it wasn't clear that it was going to randomly inject ads into any website without asking. It wasn't clear that the ads were injected by this extension. There was/is no clear way for anyone without the ability to debug this to make it stop. Charge me a \$1, but don't reach into webpages I visit and mess with my content without telling me.

I recommend you check out chrome://extensions/ and give each enabled one a good hard look. Consider disabling or uninstalling extensions you may have forgotten about or ones you don't explicitly trust. If you're a dev, consider reading the code within the extensions and make sure you're getting what you expect.

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

Hosting By

## Windows 10 gets a fresh command prompt and lots of hotkeys

October 1, '14 Comments [45] Posted in Tools | Win10

Much has been written and much will be written about the Windows 10 announcement.

I'm pretty stoked, and am playing with the Windows 10 Technical Preview now. I can see that there's lots of new enhancements to the shell, the Start Menu/ Screen, how Universal apps work, and so much more. But, let's focus on the "other shell." The console!

The console (conhost) that cmd.exe (often incorrectly but colloquially called the DOS Prompt) and PowerShell live within hasn't had much love in the last several years, IMHO. But then, suddenly, on stage at the Windows 10 announce we've got a VP showing folks that Ctrl-V (paste) works in the command prompt. Why would he do such a crazy thing?

Well, from what I can tell looking at the Preview, there's a LOT of cool Console goodness coming in Windows 10.

Here's a list of hotkeys in the Windows 10 Technical Preview console. This is just hotkeys! Be sure to explore the Properties dialog as well, resize, word wrapping, and more.

### Text selection keys

These combinations interoperate with the mouse so you can start selecting with the mouse and continue with one of these commands, or vice versa.

 Selection Key Combination Description SHIFT + LEFT ARROW Moves the cursor to the left one character, extending the selection. SHIFT + RIGHT ARROW Moves the cursor to the right one character, extending the selection. SHIFT + UP ARROW Selects text up line by line starting from the location of the insertion point. SHIFT + DOWN ARROW Extends text selection down one line, starting at the location of the insertion point. SHIFT + END If cursor is in current line being edited * First time extends selection to the last character in the input line. * Second consecutive press extends selection to the right margin. Else Selects text from the insertion point to the right margin. SHIFT + HOME If cursor is in current line being edited * First time extends selection to the character immediately after the command prompt. * Second consecutive press extends selection to the left margin. Else Extends selection to the left margin. SHIFT + PAGE DOWN Extends selection down one screen. SHIFT + PAGE UP Extends selection up one screen. CTRL + SHIFT + RIGHT ARROW Extends the selection one word to the right. CTRL + SHIFT + LEFT ARROW Extends the selection one word to the left. CTRL + SHIFT + HOME Extend selection to the beginning of the screen buffer. CTRL + SHIFT + END Extend selection to the end of the screen buffer. CTRL + A If cursor is in current line being edited (from first typed char to last type char) and line is not empty and any selection cursor is also within the line being edited Selects all text after the prompt.  (phase 1) Else Selects the entire buffer.  (phase 2)

### Extra Fun with CTRL + A

CTRL + A behavior is interesting. Regardless of the state of mark mode and quick edit mode, one of two things should happen. Either the entire buffer is selected, or (only in a single case) '2-Phase select' starts.  2-Phase select is the process where the first CTRL-A selects the characters to the right of the edit line prompt, and the second press selects the entire buffer.

### Editing keys

As I mentioned above you can copy and paste text with the keyboard. When copying text, you might worry that CTRL + C has always been the BREAK command. This is a nice touch, it will still send the break signal to the running application when no text is selected. The first CTRL-C copies the text and clears the selection, and the second one signals the break. Nice attention to detail, IMHO.

 Editing Key Combination Description CTRL + V Paste text into the command line. SHIFT + INS Paste text into the command line. CTRL + C Copy selected text to the clipboard. CTRL + INS Copy selected text to the clipboard.

### Mark mode keys

These keys function in mark mode. You can enter this mode by right-clicking anywhere in the console title bar and choosing Edit->Mark from the context menu as before, or via the new shortcut combination, CTRL-M. In the original console, mark mode resulted in block mode text selection. While in mark mode, you can hold down the ALT key at the start of a text selection command to use block mode in the new console. The selection key combinations above are all available in mark mode. CTRL + SHIFT + ARROW operations select by character and not by word while in mark mode.

 Mark Mode Key Combination Description CTRL + M Enter "Mark Mode" to move cursor within window. ALT In conjunction with one of the selection key combinations, begins selection in block mode. ARROW KEYS Move cursor in the direction specified. PAGE KEYS Move cursor by one page in the direction specified. CTRL + HOME Move cursor to beginning of buffer. CTRL + END Move cursor to end of buffer.

 Navigation  Key Combination Description CTRL + UP ARROW Moves up one line in the output history. CTRL + DOWN ARROW Moves down one line in the output history. CTRL + PAGE UP Moves up one page in the output history. CTRL + PAGE DOWN Moves down one page in the output history.

### Other keys

 Other Key Combination Description CTRL + F Opens "Find" in console dialog. ALT + F4 Close the console window, of course!

If you are like me and also love the console and want it to get even better, head over to the Windows Command Prompt Uservoice and be heard!

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

Hosting By

## Inception-Style Nested Data Formats

September 30, '14 Comments [43] Posted in Musings

Dan Harper had a great tweet this week where he discovered and then called out a new format from IBM called "JSONx."

"JSONx is an IBM standard format to represent JSON as XML"

Oh my. JSONx is a real thing. Why would one inflict this upon the world?

Well, if you have an existing hardware product that is totally optimized (like wire-speed) for processing XML, and JSON as a data format snuck up on you, the last thing your customers want to hear is that, um, JSON what? So rather than updating your appliance with native wire-speed JSON, I suppose you could just serialize your JSON as XML. Send some JSON to an endpoint, switch to XML really quick, then back to JSON. And there we are.

But still, yuck. Is THIS today's enterprise?

In 2003 I wrote a small Operating System/Virtual Machine in C#. This was for a class on operating systems and virtual CPUs. As a joke when I swapped out my memory to virtual memory pages on disk, I serialized the bytes with XML like this:

8

Hilarious, I thought. However, when I showed it to some folks they had no problem with it.

### DTDD: Data Transformation Driven Development?

That's too close to Enterprise reality for my comfort. It's a good idea to hone your sense of Code Smell.

Mal Sharmon tweeted in response to the original IBM JSONx tweet and pointed out how bad this kind of Inception-like nested data shuttling can get, when one takes the semantics of a transport and envelope, ignores them, then creates their own meaning. He offers this nightmarish Gist.

--Http Response Code: 200 OK--  {"errorCode":"ItemExists","errorMessage":"EJPVJ9161E: Unable to add, edit or delete additional files for the media with the ID fc276024-918b-489d-9b51-33455ffb5ca3."}

Here we see an HTML document returned presumably is the result of an HTTP GET or POST. The response, as seen in headers, is an HTTP 200 OK.

Within this HTML document, is a META tag that says, no, in fact, nay nay, this is not a 200, it's really a 409. HTTP 409 means "conflict," and it usually means that in the context of a request. "Hey, I can't do this, it'll cause a conflict, try again, user."

Then, within the BODY OF THE HTML with a Body tag that includes a CSS class that itself includes some explicit semantic meaning, is some...wait for it....JSON. And, just for fun, the quotes are HTML entities. "e;

What's in the JSON, you say?

{    "errorCode": "ItemExists",    "errorMessage": "EJPVJ9161E: Unable to add, edit or delete additional files for the media with the ID fc276024-918b-489d-9b51-ffff5ca3."}

Error codes and error messages that include an unique error code that came from another XML document downstream. Oh yes.

### But why?

Is there a reason to switch between two data formats? Sure, when you are fully aware of the reason, it's a good technical reason, and you do it with intention.

But if your system changes data formats a half-dozen times from the moment leaves its authoritative source on its way to the user, you really have to ask yourself (a half-dozen times!) WHY ARE WE DOING THIS?

Are you converting between data formats because "but this is our preferred format?" Or, we had nowhere else to stick it!

Just because I can take a JSON document, HTML encode it, tunnel it with a SOAP envelope, BASE64 that into a Hidden HTML input, and and store it in a binary database column DOES NOT MEAN I SHOULD.

Sometimes there's whole teams who exist only as a data format transformation as they move data to the next team.

### Sound Off

What kinds of crazy "Data Format Inception" have you all seen at work? Share in the comments!

UPDATE: Here's an insane game online that converts from JSON to JSONx to JsonML until your browser crashes!

P.S. I can't find the owner of the BMW picture above, let me know so I can credit him or her and link back!