Scott Hanselman

The Daily Brain Fart - LastIndexOf broken? Oh, no, 'tis me.

November 20, '04 Comments [2] Posted in Learning .NET
Sponsored By

Often, in the scope of writing massively scalable enterprise systems that manage your finances, I parse strings. Mostly in my spare time.

What's happening here? I was reminded today that the start index passed to LastIndexOf() was from the ass-end of the string. I then lamented the obviousness of this and was then humbled by the silent-but-deadly odor my own brain fart.

I'm glad you're that much more confident in my abilities after reading this post.  Up with TDD! Down with ADD!

public static void Main()
{
    int newlineIndex = -1;
    string x = "bob\neric\nfred\nted";
    string z = "bob\r\neric\r\nfred\r\nted";

    newlineIndex = x.LastIndexOf('\n',0);
    Console.WriteLine(newlineIndex); //Expect 13, always get -1
    
    newlineIndex = z.LastIndexOf('\n',0);
    Console.WriteLine(newlineIndex); //Expect 16, always get -1

    newlineIndex = x.LastIndexOf('\n');
    Console.WriteLine(newlineIndex); //Expect 13, get 13
    
    newlineIndex = z.LastIndexOf('\n');
    Console.WriteLine(newlineIndex); //Expect 16, get 16

    //Fart realized...
    
    newlineIndex = x.LastIndexOf('\n',x.Length-1);
    Console.WriteLine(newlineIndex); //Expect 13, always get 13

    newlineIndex = z.LastIndexOf('\n',z.Length-1);
    Console.WriteLine(newlineIndex); //Expect 13, always get 13
}

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

CSI: ASP.NET - The one where a double HTTP GET from Internet Explorer (IE) causes problems with FormsAuthentication and my sanity

November 19, '04 Comments [8] Posted in ASP.NET | Movies | Javascript | Bugs | Tools
Sponsored By

Here's a weird one from the CSI: ASP.NET files...this is the weirdest DOUBLE HTTP GET bug, since, well, the last one.

Scenario:

  • On Brian's local machine as a user moves through an enrollment process in an ASP.NET Application, everything works fine. 
  • The user receives a valid ASP.NET SessionID, moves from page to page, logs in to Forms Authentication and receives a Forms Auth Cookie.
  • All is right with the world.

Problem Arises:

  • When the ASP.NET Application is deployed to a Dev machine (not Brian's machine) the whole process doesn't work. It seems that the user is getting a new, fresh Session each page view. The Forms Authentication Cookie never shows up, and the ASP.NET Session ID is always new.
    • Note: ASP.NET Session IS enabled on both machines, no cookie blocking or domain specific security exists.

Forensics:

  • I hear about this and Brian and I load up Jonas Blunck's ieHttpHeaders (I donated US$10 to him after this experience) to see what's really happening.
    • Opinion: I'm not a fan of Programming by Coincidence where you move code around at the highest level of abstraction, basically creating all sorts of invalid states so the system "mostly works" without ever finding out what the Root Cause is. A lot of the stuff I do at Corillian is Root Cause Analysis in the most informal sense. I can troubleshoot a problem for you and also use QEMM386 to load your device drivers into the UMB giving you up to 610k of main memory! These are the skills we pick up. :)
  • We load up the HTTP Headers on Brian's (working) local machine and see something like:
    • GET /myapp/login.aspx HTTP/1.1
    • 200 OK
    • Set-Cookie: ASPSessionID=1234...
    • GET /
    • 403 Forbidden
    • GET /myapp/nextstep.aspx
    • 200 OK
    • Set-Cookie: ASPSessionID=1234...
    • Set-Cookie: FormsAuth=mzxa...
    • GET /
    • 403 Forbidden
  • What the heck are those 403 Forbiddens? We are only requesting two pages. Why are we seeing two extra GETs?
  • So, we think:
    • Spyware - nope, we ran SpyBot. Clean.
    • GoogleToolbar - nope, it doesn't do that.
    • JavaScript - none on these pages that would change location.href
  • We then run HTTP Headers on the Dev (NON-working) machine and see this:
    • GET /login.aspx HTTP/1.1
    • 200 OK
    • Set-Cookie: ASPSessionID=1234...
    • GET /
    • 200 OK
    • Set-Cookie: ASPSessionID=4567...
    • GET /nextstep.aspx
    • 200 OK
    • Set-Cookie: ASPSessionID=1234...
    • Set-Cookie: FormsAuth=mzxa...
    • GET /
    • 200 OK
    • Set-Cookie: ASPSessionID=7890...
    • Set-Cookie: FormsAuth=""
  • Oy! The Session and Cookie are getting blown away by this mystery HTTP GET.
  • What's different on the Dev machine?
    • The ASP.NET Application is in the root directory, rather than in /myapp as on Brian's machine.
    • The ASP.NET Application allows anonymous users to access the root "/", while Brian's machine doesn't. It allows anonymous users to access /myapp.
    • The Default Document is set to /login.aspx on the Dev machine, while Brian's machine has no default document. When / is asked for on the Dev machine, /login.aspx will be retrieved.
  • What does an HTTP GET to /login.aspx do?
    • if (!IsPostBack)
      {
         Session.Abandon(); //Clean up personal info from the session
         FormsAuthentication.SignOut(); //Fresh cookies for a fresh login
      }
  • So, yes, requesting / from the Dev machine will execute /login.aspx which will blow away their session and FormsAuth cookie, but why is the HTTP GET / happening on every page?
  • What is the only thing that is shared between pages? The Footer.ascx page.
  • What's on that page? A bunch of tables, and some spacer images.
  • Spacer images you say? Oy, you mean 1-pixel gifs.
  • Ah! You WISH I meant 1-pixel gifs. I mean <img src="" width="1" height="1">

Coda:

  • IE will automatically issue one HTTP GET for "/" (the root of the domain) for every page that has an IMG tag with a empty src="".
  • Know what happens if when that request is served.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Presentation Tips for People running Virtual PC or VMWare

November 19, '04 Comments [1] Posted in ASP.NET
Sponsored By

I chatted with G. Andrew Duthie yesterday, and we both agreed it was exceptionally egregious of folks who give Microsoft presentations running Virtual PC to force us to watch their silly presentations with 6pt MS Sans Serif Fonts.

People: If, during your presentation, you say "Uh, ya, you probably can't see this" - you're not only not-prepared, but you're wasting my time. You've got 786,432 pixels up there that are NOT working for you, and you've just let me know verbally, and visually. <sarcasm>Kudos!</sarcasm>

So, a reminder for you to spread the word about how to give a Successful Microsoft Presentation and a few extra updated tips for 2004:

  • ZoomTheHeckIn: Seriously, familiarize yourself with ZoomIn. It's a movable screen magnifier, and you wouldn't believe the appreciation you'll get from the crowd when they can actually see what you're doing.  Remember those 786,432 pixels? How many do you think are working for you when you're demonstrating Calc.exe? Let's just say < 786,432, eh? Put ZoomIn in your QuickLaunch or setup WINDOWS-Z with WinKey to launch it.
  • DOS is Good Green: Set a Command Prompt (VS.NET Command Prompt) to a black background with Kermit-green lettering that is Lucida Console 18pt.  This is scientifically (sez me) THE most visible size and color combo for prompts when presenting. Feel free to use yellow on blue in the privacy of your own bedroom, but throw me and your audience a bone and have one prepared that's, *ahem*, presentable.
  • BigFonty To the Rescue: Have a user already setup (Andrew says don't present as Admin!) that has all their fonts set large. I call mine "BigFonty" - It was either that or "The Full Fonty." That way there's no prep time, you just log in as your Presentation Guy and you're good.
  • Maintain the Illusion: I'm sure it's lovely that you're using VMWare or VirtualPC or even Wine, but please know that your audience doesn't care. Unless you're demonstrating SQL Server clustering fail over by running two VMs, I don't care.  So, don't run your Host PC in 1024x768 and your VPC at 800x600!  Your VirtualPC should follow the SAME rules as your Host. That means, see the rules above! Big fonts, ZoomIn, etc. Most importantly, switch your VPC to FullScreen at the same resolution as your host. Maintain the Illusion. Your audience will thank you.
  • Know Where Stuff Is: For Pete's sake, know your own machine.  Don't go hunting for that file, you should have had that file (or a link) in your presentation folder.  I've got a lot of Shortcuts and or "Junction Points" set up so everything can be found for each talk.
    • Tangent: Down with Subst! A LOT of people don't know you can have Junction Points/Reparse Points/Hard Links on NTFS! It's always been there.  Start thinking about using them to make your builds respect relative paths. Don't make all your developers uses Subst.exe! It's 2004! Down with Subst! I don't want your freakin' S: drive!

These are just a few thoughts I've had after a years of making mistakes. I've taken a number of Presentation Skills classes, but they don't teach you how not to bore or insult your audience. Remember, if you give a crappy small font presentation with tiny dialogs - you LOSE the right to complain about other people's talks.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

ViewStateUserKey makes ViewState more tamper-resistant

November 17, '04 Comments [1] Posted in ASP.NET | ViewState
Sponsored By

Here's a little-known but very useful no-brainer to add to your ASP.NET application's base Page.

void Page_Init (Object sender, EventArgs e)
{
   if (User.Identity.IsAuthenticated)
      ViewStateUserKey = User.Identity.Name;
}

"What this does is key the view state to an individual using a unique value of your choice.  This option, which is only available in ASP.NET 1.1, is the Page.ViewStateUserKey. This needs to be applied in Page_Init because the key has to be provided to ASP.NET before view state is loaded."

For more good details on preventing tampering and best-practices with ASP.NET, visit Anil John's page on Authentication/Authorization and Defense in Depth.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

What are you reading?

November 17, '04 Comments [15] Posted in Gaming | Tools
Sponsored By

Here's what I've been reading this month. These are all books that I'm in the middle of (have a bookmark in and they are on my night stand).

  • When Will Jesus Bring the Pork Chops? - George Carlin - It's offensive to many, but since he (and I) have interests in linguistics, I'm loving it.  The euphemism rant is worth the price of admission. Get the Audible version, it's better than the book.
  • Worlds of Exile and Illusion, Three Novels in the Hainish Series - Ursula Le Guin - I love anything she writes, I got hooked by starting with The Left Hand of Darkness. I'm looking forward to the upcoming SciFi miniseries Earthsea.
  • Three Books of Known Space - Larry Niven - Another author who can do no wrong. I'm also reading:
  • Ringworld Engineers, the Ringworld Throne, then Ringworld's Children - I got the Audible of Ringworld, and it was fantastic, even better then when I first read it as a kid.
  • Rainbow Six - Tom Clancy - This thing is a big-ass tome at 912 pages. But, I got it at Goodwill for $3, and while I won't take it with me on planes, I'm about 600 pages in, and it's gripping. It also increases my enjoyment of the XBox Game. (That's why I got the book in the first place!)
  • Ilium - Dan Simmons - I'm struggling with this big one. I started it because I loved the Hyperion series so much (which is a SciFi re-telling of Chaucer's Canterbury Tales).  This is a re-telling of the Iliad from a Sci-Fi point of view. I'm in the middle of it, but the names and places aren't clicking with me, and I have to keep referring to the glossary of characters. I should have paid more attention in A.P. English. Patrick Cauldwell would eat this up with his Liberal Arts Degree. :)
  • Servant of the Bones - Anne Rice - An odd one, but fun. From a quote on Amazon.com: "'Servant of the Bones' follows the format of the Vampire Chronicles: an incredibly attractive immortal relates his life story to a listener (who, oddly enough, never seems to need the bathroom during the long oral bio)." I'm enjoying it though...the immortal is Azrial, a fallen angel born in ancient Babylon. The history is a little odd, but the concept of extremely long lived folks (Highlander anyone?) is a very attractive concept for a story.

What are you reading?

P.S. Thanks to Kim Gräsman for Urlograph, an IE Toolbar Button that automatically shrinks Amazon and Google URLs! Very RESTful.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.