Scott Hanselman

Download Wrappers and Unwanted Software are pure evil

February 12, '14 Comments [169] Posted in Musings
Sponsored By

Call it Adware, Malware, Spyware, Crapware, it's simply unwanted. Every non-technical relative I've ever talked to has toolbars they apparently can't see, apps running in the background, browser home pages set to Russian Google clones, and they have no idea how it got that way.

Here's how they get that way.

You go to download something reasonable. I wanted to download a Skype Recorder, so I went here. (Yes, I linked here to the URL because they don't need Google Juice from me.)

CLICK THE GREEN BUTTON YOU WANT TO

OK at this point I'm screwed. The green button CLEARLY desperately wants me to click on it. I totally ignore the tiny "Direct Download Link" below the friendly button. I have no idea what that glyph icon means, but it's pointing down, so that must mean download.

Welcome to the Download.com installer! How helpful!

image

More green buttons, awesome. Let's go!

CLICK IT!!!

Pre-selected Express installation? Super helpful, I love that. Ah, and next to it there's text in the same font size and color that I totally won't read that says:

Install Search Protect to set [CHANGE] my home page and [TOTALLY MESS UP] default search to Conduit Search [THAT I HAVE NEVER HEARD OF AND NEITHER DO YOU] and [NOW THIS IS AUDACIOUS...] prevent attempts to change my browser settings.

In other words, we, Download.com, are going to totally change the way you use you computer and browser the way and prevent you from easily changing it back. We're going to do it now, when you press Next, and oh, by the way, we have Admin on your computer because just a moment ago you pressed YES on the Windows Warning that we could mess things up, because everyone ignores that.

Or, you can click Custom, because non-technical relative ALWAYS clicks Custom. NO. They don't. Technical people ALWAYS press Custom. ALWAYS. Always. Other people? Never.

MOAR GREEN BUTTONS

Ah, nice, when I press Custom it's set to...wait for it...the same stuff that was gonna happen if you pressed Express.

AND WE ARE ONLY ON STEP 2. What ever happened to clicking just once and getting what I needed?

YOU WILL NEVER READ THE EULA!

OMG "It communicates several times a day with servers to check for new offers and change ads on my computer?" I totally want that. Thanks Green Button!

I'm sure that if I press Decline here that it will mess up my installation of the original thing I wanted to install...I have forgotten what that was, but I'll just keep going.

PAY NO ATTENTION TO THE MAN BEHIND THE EULA

Weird. I thought I was already here. I'm sure I want this also.

ZOMG THERE ARE THREE EULAS

Huh. Does my Mouse not work? I'll click it again. Backing up my files without asking seems legit.

NOT DONE YET

Install Now? What have we been doing all this time?

I am disappointed in us, Internet, that this is a business. Someone wrote this, for their job, directed by their middle manager, who was directed by their rich boss. There was a meeting (there's always a meeting) where it was discussed on how we could most effectively fool non-technical relatives into installing crap.

These are Dark UI Patterns.

A Dark Pattern is a type of user interface that appears to have been carefully crafted to trick users into doing things, such as buying insurance with their purchase or signing up for recurring bills.

This isn't cool and it needs to stop. I won't be visiting Download.com anymore.

I'll only install software from Vendors I trust, like Oracle...

Thanks Ask Toolbar!

Gosh, maybe I need to install that "Crap Cleaner" everyone talks about so I can remove these unwanted toolbars.

Crapware Inception

Ok, forgot it. I'll just stick with the official Windows Updates because I'm sure I want all those.

Seems legit.

So, um. Yeah.

Dumbledore Welp

Sound off in the comments.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

If you had to start over, what technologies would you learn in 2014?

February 10, '14 Comments [82] Posted in Musings
Sponsored By

I got an email recently from a long-time programmer who had to step out of the game for a little while. They basically had a hiatus from programming due to situations out of their control, but now are looking at getting back in.

They asked, quoting from the email:

If you had to “start over,” what are the technologies, languages, paradigms and platforms I need to be up-to-date and mastering in my new world of 2014?

It’s daunting if not downright scary.  I can *learn* anything, and do - quickly.  I feel like I’ve been sooooo out of the loop, it’s not even funny.

Programming Books used under Wikimedia CommonsI think we can all relate to feeling like this. I've talked about this before in my post "I'm a phony" about imposter syndrome. Technology is changing so fast it's hard to be a "professional" at anything. Ultimately, we're all amateurs.

To the root question, though, what technologies would I learn?

This question comes up a lot. I tell people this. Learn one language you can build large systems with AND also learn JavaScript. For me, that's C# and JavaScript. For someone else, the "systems" language might be Erlang, or Groovy, or Ruby, or Java, or Scala. That language matters less to me. Your goal is to be able to write applications for the web, as well as write other systems.

Pick a language that feels right

Learn a language that has a community behind it and that has been a part of building successful systems. Learn a language that lets you create the kinds of systems you want to create. For me, I picked C# because I can write web apps, Windows apps, Mac apps, iPhone apps, Windows Phone apps, SmartWatch apps, and tiny embedded apps, but above all because I enjoy writing C#.

There are many other languages that have a wonderfully rich breadth of power and expressiveness. Python is one, Java is another, and JavaScript and node can even control robots. Pick a language with personality and breadth, and learn that language the hard way, by doing. Read lots of code and lots of books. Pick a language that fits your brain and helps you learn how to think, and when you do think, think about abstractions'.

Write while you learn your new language. Write about what you discover, what works, what doesn't. Write even though no one may be reading; you may find that they are reading. Join your new language's community and go to its user groups. Remember not to have ego, you are not your code.

Bet on the Web

There's lots of talk about App Stores these days. Everyone has them and they are clearly where the money is made. But today's (2014's) App Stores are still broken. Updates are a hassle, even when they are automatic. Apps (on all platforms) get stuck in broken updating states and have to be reinstalled, updates are often huge and rarely use smart patching and deltas. App Stores can become weed-filled gardens if they aren't attended to.

The web persists, though. We have issues like net neutrality to work out, and walled gardens like Facebook, our standards orgs are stuck in committee, and we get a new identity subsystem every few years, but the web is winning. The web will persist and the web will win. That's why I suggest you learn JavaScript. (Learn HTML5 and CSS3 also and learn to create and consume JSON services.) JavaScript is the virtual machine that we all have installed and JavaScript is the language of the web. (For some, JavaScript is Assembly Language.) It's not going anywhere, so that why you should learn it.

Aim to be able to create web sites, web apps, and rich connected apps and systems. Also aim to know a language that lets you write applications that you can put in the App Store for any of a billion connected devices.

That's my advice to someone starting over in 2014.


Sponsor: Big Thanks to Aspose for sponsoring the blog this week! Aspose.Total for .NET has all the APIs you need to create, manipulate and convert Microsoft Office documents and a host of other file formats in your applications. Curious? Start a free trial today.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Checklist: What NOT to do in ASP.NET

February 7, '14 Comments [23] Posted in ASP.NET
Sponsored By

Damian Edwards at NDC 2013 talking about ASP.NETAbout a year ago we thought it would be a good idea to do a talk on "What not to do in ASP.NET?" - basically an anti-patterns talks. We kept seeing folks falling into the same traps and wanted to be prescriptive as there's aspects to ASP.NET that are 10 years old and don't apply to today's internet, but there are also new aspects to ASP.NET that are only a year old, and perhaps haven't soaked into the zeitgeist quite yet.

Damian Edwards gave his version of this talk at NDC 2013 and you can watch the video here if you like, it's very entertaining.

We took the information we gathered from people like Damian, Levi Broderick and others, and Tom FitzMacken put together a whitepaper on the topic. It's not complete, but it covers some of the most common "gotchas" folks run into.

Here are the areas we call out in the whitepaper so far, with highlights below from me.

I hope this helps someone out!


Sponsor: Big Thanks to Aspose for sponsoring the blog this week! Aspose.Total for .NET has all the APIs you need to create, manipulate and convert Microsoft Office documents and a host of other file formats in your applications. Curious? Start a free trial today.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Building Modern Web Apps with ASP.NET - A new day of free ASP.NET Training for 2014

February 5, '14 Comments [30] Posted in ASP.NET | Azure
Sponsored By
Scott Hunter and Scott Hanselman talking about What's New in VS2013

Last year, about this time, a bunch of us sat down in a studio to give a full day of tutorials and discussion on "Building Web Apps with ASP.NET." All those videos are online and have lots of good content like:

We headed over to the Microsoft Virtual Academy Studios again just this last week for another full day of discussion, training, as well as a glimpse into the possible future of .NET. Between these two days of videos you'll get a real sense of what's possible and real advice on how to build your next web application.

Today we've got 7 all-new segments for you, each recorded live at the MS Studios.

These videos are featuring folks like Scott Hunter, Levi Broderick, Rowan Miller, Pranav Rastogi, Mads Kristensen, and Louis DeJardin. No marketing folks, just actual developers that work on ASP.NET every day.

ScottHu and ScottHa talking about VS20131: What's New in Visual Studio 2013 for Web Developers - Learn about the latest features in Visual Studio 2013, including dozens of tips and tricks.

image2: Upgrading Applications - Get a deep dive on how to upgrade your older applications to ASP.NET 4.5 and later.

image3: ASP.NET Identity - Explore the new ASP.NET Identity system. Learn how to migrate your existing membership data to the new Identity system and how to integrate with other membership systems.

image4: Web Essentials and the Client Side - Discover how to build modern client-side applications, more simply and quickly, with a host of new features, tips, and tricks in Web Essentials for Visual Studio.

image5: Entity Framework - Have you been using Entity Framework for data access in your web app? In this advanced demo-heavy session, learn the latest features of Entity Framework 6 and get sneak previews of what's coming in version 6.1.

image6: The "Katana" Project - Hear the latest on "Project Katana," the Microsoft implementation of Open Web Interface for .NET. It's a glimpse of the future for cloud-optimizing your ASP.NET applications.

image7: ASP.NET "Project Helios" - Discover "Project Helios," a prototype representing the re-thinking of the core of ASP.NET. Take a look at the future of web development, with a modular, lightweight OWIN host that runs on Internet Information Services (IIS).

Also be sure to explore the new series "Get Started with Windows Azure today" featuring content from ScottGu himself for a full 90 minutes!

image

I hope you have as much fun watching them as we did filming them.


Sponsor: Big Thanks to Aspose for sponsoring the blog this week! Aspose.Total for .NET has all the APIs you need to create, manipulate and convert Microsoft Office documents and a host of other file formats in your applications. Curious? Start a free trial today.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

HTTP PUT or DELETE not allowed? Use X-HTTP-Method-Override for your REST Service with ASP.NET Web API

February 5, '14 Comments [21] Posted in ASP.NET Web API
Sponsored By

I got an email today where someone had built a REST(ful/ish) API with ASP.NET Web API that had a customer who was against the idea of using GET, POST, PUT, and DELETE, and insisted that they only use GET and POST.

Sometimes this is because of a browser or client limitaton, sometimes it's a really tense corporate firewall. They wanted to know what they could do.

One thing you can do is to "tunnel" HTTP Methods inside another HTTP Header. Basically you have a header that says "No, seriously, I know I got here via a POST, but use this one instead." You would still POST, but then you'd have "X-HTTP-Method-Override:PUT" as a header.

Here is a PUT in the Postman REST client:

image

So that's:

PUT /api/Person/4 HTTP/1.1
Host: localhost:10320
Content-Type: application/json
Cache-Control: no-cache

And here's the same PUT, except as a POST plus an X-HTTP-Method-Override header.

image

Raw, that's like this:

POST /api/Person/4 HTTP/1.1
Host: localhost:10320
Content-Type: application/json
X-HTTP-Method-Override: PUT
Cache-Control: no-cache

Now, how do you get ASP.NET Web API to respect this new way to route things? You may have a Web API Controller like this:

public IEnumerable<Person> Get() { }

// GET api/person/5
public Person Get(int id) { }

// POST api/person
public void Post([FromBody]Person value) { }

// PUT api/person/5
public void Put(int id, [FromBody]Person value) { }

// DELETE api/person/5
public void Delete(int id) { }

And you likely don't want to change it. Make a MethodOverrideHandler like this one. You can add the code yourself, get it from a NuGet package, or use one from the WebAPIContrib project. It's up to you.

public class MethodOverrideHandler : DelegatingHandler
{
readonly string[] _methods = { "DELETE", "HEAD", "PUT" };
const string _header = "X-HTTP-Method-Override";

protected override Task<HttpResponseMessage> SendAsync(
HttpRequestMessage request, CancellationToken cancellationToken)
{
// Check for HTTP POST with the X-HTTP-Method-Override header.
if (request.Method == HttpMethod.Post && request.Headers.Contains(_header))
{
// Check if the header value is in our methods list.
var method = request.Headers.GetValues(_header).FirstOrDefault();
if (_methods.Contains(method, StringComparer.InvariantCultureIgnoreCase))
{
// Change the request method.
request.Method = new HttpMethod(method);
}
}
return base.SendAsync(request, cancellationToken);
}
}

You see it checks if it's a post, looks for the extra header, then changes the request's Method property after the message has been received, but before it's been sent through the pipeline. It'll show up on the right method just as if a PUT had been sent, because from its perspective, a PUT was sent.

You need to register this new MethodOverrideHandler in your WebApiConfig like this, just by adding to the MessageHandlers collection, next to the rest of the configuration and routing code.

public static void Register(HttpConfiguration config)
{
config.MessageHandlers.Add(new MethodOverrideHandler());

//OTHER REGULAR STUFF HERE

// Web API routes
config.MapHttpAttributeRoutes();

config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
}

On the client side, you can keep sending a post with your .ajax call in jQuery, for example, just make sure the override header in there.

$.ajax({
url: "http://localhost:10320/api/Person/4",
type: "POST",
data: JSON.stringify(whatever),
headers: {
"Content-Type": "application/json",
"X-HTTP-Method-Override": "PUT" },
})

That's the general idea, enjoy!


Sponsor: Big Thanks to Aspose for sponsoring the blog this week! Aspose.Total for .NET has all the APIs you need to create, manipulate and convert Microsoft Office documents and a host of other file formats in your applications. Curious? Start a free trial today.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.