All posts by ajohnson

.NET

.NET HttpRequest.ValidateInput()

2 Comments

I mentioned that v1.1 of ASP.NET by default validates input received from QueryString, Form and Cookie scope. You can turn off this validation site wide by tweaking the web.config:

<configuration>
  <system.web>
    <pages validateRequest=”false” />
  </system.web>
</configuration>

But then you’re left with no validation right? Wrong. You can use the ValidateInput() method of the HttpRequest object programmatically in any code that has access to the HttpRequest instance. Very useful stuff.

One question though: What is potentially dangerous data according to Microsoft? And can you modify that definition? I’m guessing the answers are: a) we’ll never know and b) no. Given their track record, does it make sense to trust Microsoft to validate the input you receive from client browsers when the browser they created can’t be trusted?

.NET

More on the out method parameter

1 Comment

I’m sure this is boring for about 99% of you, but I’m writing for my own benefit anyway. I mentioned the ‘out method parameter’ yesterday because I saw it used in a custom library I’m using and then today I found out that the Double class uses it as well. I think it’s a great example of how it should be used. It’s used in the TryParse method:

public static bool TryParse(
   string s,
   NumberStyles style,
   IFormatProvider provider,
   out double result
);

The TryParse method is like the Parse method, except this method does not throw an exception if the conversion fails. If the conversion succeeds, the return value is true and the result parameter is set to the outcome of the conversion. If the conversion fails, the return value is false and the result parameter is set to zero.

I like it because throwing an exception (ie: what the Parse() method does) violates rule #39 of Effective Java Programming which says to “… Use exceptions only for exceptional conditions.” Using an out parameter feels cleaner and simpler. Anyone else think so?

.NET

out method parameter in C#

3 Comments

Just discovered this C# tidbit called the out method parameter. Let’s say you have a method:

public String ReplaceAll(String toReplace, String replaceWith)

and you want to know how many replacements were actually made. With a regular method you can only return the modified string. The out method parameter gives you the ability to return another variable. The modified method would look like this:

public String ReplaceAll(String toReplace, String replaceWith, out int numReplaced)

and then concretely:

String myString = “aaron”;
int replaced;
myString.ReplaceAll(“a”, “k”, out replaced);
Console.WriteLine(“The method ReplaceAll() replaced ” + replaced + ” characters.”);

Similar idea in the ref method parameter, but you have to initialize the variable before sending it to the method.

Software Development

The Philosophy of Ruby: An interview with Yukihiro Matsumoto

2 Comments

Bill Venners just posted the first of an installment of articles with Yukihiro Matsumoto, the creator of the programming language Ruby. Specifically, they talk about the how Ruby wasn’t designed to the the ‘perfect’ language (but rather a language that feels good when used), and “… the danger of orthogonality, granting freedom with guidance, the principle of least surprise and the importance of the human in computer endeavors.

I thought the quote “Language designers want to design the perfect language.” could also be re-phrased as “Programmers want to feel like their language is the perfect lanaguage.” I know this blog is being syndicated through fullasagoog.com (as a ColdFusion blog) and also through markme.com (as a Java blog) and I read alot of the blogs on both sites, as well as some of the blogs on weblogs.asp.net and javablogs.com. It’s interesting that all of the above mentioned sites (not to mention slashdot) are generally short sighted when it comes to the subject of what language is better (reference discussions re: Java as the SUV of programming languages, PHP vs. ASP.NET, MX vs. .NET) and hammer away at how x is better than y. I think Yukihiro is right, there isn’t a ‘perfect programming’ language and there never will be. Macromedia employees probably aren’t encouraged to say this, but I’d encourage anyone writing a ColdFusion application to try and write a similar application in ASP.NET or in Java using Struts or in ASP.. or even Ruby. You’ll be amazed at how things you’ll learn.

J2ME

Ericsson Mobile Positioning SDK

Leave a comment

Ericsson released beta 2 of their MPS SDK, which is a software development kit for developing location based services on wireless phones. According to the site:

“It supports both the Ericsson proprietary Mobile Positioning Protocol (MPP) and the Mobile Location Protocol (MLP). MLP is the standardized interface between a Location Based Service application and the Mobile Positioning System.”

You can download the SDK here (requires login).

Uncategorized

Fall weekend in New England

1 Comment

It’s fall in New England (in contrast to somewhere like California, where it’s fallsummerspringwinter all year ’round), so yesterday we went apple picking up in York County, Maine at McDougal Orchards with Kristen (who I didn’t get a picture of! doh!), Molly and Jack. You can see our pictures here. Afterwards, Karen and Kristen made the World’s Best Apple Pie and this morning Karen made Apple Nut Coffee Cake.

Software Development

re: Features Talk, but Behaviors Close

Leave a comment

From the cooper.com newsletter, an article that was able to clearly and poignantly articulate a discussion I’ve struggled with many times at work. As part of our proposal process we’re constantly putting together “feature lists” (which admittedly we do combine with more in-depth lists and descriptions) that describes each and every entity included in the project.

Discussions of a software product in terms of its features were intended to serve as a bridge between constituents who otherwise had few terms in common: users and software developers. Users want a product to satisfy their goals (why else use a productivity application?), while software developers need to know what to build (otherwise they will just make it up themselves). Meanwhile, marketers and sales folks want to discuss the characteristics of a forthcoming product. So everybody has been instructed to talk in terms of “features.” Customer needs are translated into a marketing requirements document, which serves as a vague template for software construction. But what started out as a bridge—features—has broken apart. Users stand at one anchorage and product developers stand at the other, both scratching their heads at the expanse of shark-infested waters still separating them.

In short, the solution:

While part of the discussion can take place using the language of features (for instance, the IT guy is going to want to know whether the product has “128-bit encryption”), the best opportunities and longest-lasting relationships are going to come when the language of goals and behaviors is introduced, because then you’re in the business of solving personal goals and organizational objectives, rather than feature checklists.

Please send this to every software sales, marketing and project manager that you know. No more “features”!

.NET

Extending web.config in ASP.NET

2 Comments

Last March I wrote about how handy it is that ASP.NET enables you to add your own custom settings to the web.config file using syntax like this:

<appSettings>
<add key=”connString” value=”user id=sa;password=mypassword;” />
</appSettings>

This is nice, but can quickly get unwieldy if you have alot application settings to maintain. Back in March I failed to mentioned (because I didn’t know about it) that you can extend your web.config even further by creating your own custom configuration sections. You can read more about the ConfigurationSettingsSchema on msdn, but here’s a quick example. First you define the custom application settings:

<configSections>
   <sectionGroup name=”myapplication”>
      <section name=”types” type=”System.Configuration.NameValueSectionHandler”/>
      <section name=”security” type=”System.Configuration.NameValueSectionHandler”/>
    </sectionGroup>
</configSections>

and then you add the actual settings:

<myapplication>
   <types>
      <add key=”section” value=”com.ignitionlabs.Section” />
      <add key=”template” value=”com.ignitionlabs.Template” />
   </types>
   <security>
      <add key=”/controlpanel/” value=”Systems Administrators,Project Managers” />
      <add key=”/members/” value=”members” />   
   </security>
</myapplication>

Finally, you can use the exact same XPATH syntax that you use when retrieving other application settings. In the above example, there are multiple ‘type’ elements, so I’d first get a NameValueCollection object:

NameValueCollection config = (NameValueCollection)System.Configuration.ConfigurationSettings.GetConfig(“myapplication/types”);

and then retrieve the value of the “section” key using the name:

string section = config[“section”];

Enjoy!