Archive for October, 2007

Recent activities and inactivities

October 31st 2007 • Personal (, , , , , ) • 1,072 views • 2 responses

It has been a crazy couple of months between moving home, spending a week in Seattle and a couple of days in Holland for my real day job (the source of income!)

It was a little too close to my USA trip which has meant I’ve missed my niece trick-or-treating for the first time since I returned to Guernsey 3 years ago which leaves me a little sad. I guess I should be grateful for not being hit with jet-lag and the fact I’m surviving just fine on 5.5 hours of sleep a day which tonight is in a cubicle hotel…

As you can imagine the fun projects I get involved with in my own time have suffered somewhat although I’ve really tried to at least keep the blog posts flowing. Here’s a quick update on things:

SubSonic

I’ve committed the final piece of my refactoring to make the coding languages abstracted. To add additional programming language support you can now just implement the ICodeLanguage interface and add knowledge of it to the CodeLanguageFactory class. The command line and web interface tools will all just magically work with a recompilation.

Rob Conery is now under the employ of Microsoft and will be aligning SubSonic with their MVC efforts. I hope this support of open-source projects is a trend Microsoft are keen to continue.

AnkhSVN

This great add-in for Visual Studio provides Subversion integration continues to face competition from the commercial VisualSVN front and I had an interesting discussion with Aaron Jensen about performance with large projects and some relating to moving.

I have some UI work checked-in to trunk and we are likely to move to a better model for integrating with the Solution Explorer to address these issues that would require we drop Visual Studio 2003 support which is looking quite likely. Various things are moving forward on this project so keep an eye on it!

Envy Code R

I’ve not touched Envy Code R since the PR6.1 release but to be honest this tends to be the way I work with it. Nothing for weeks then 15 hours over a weekend gets it to the next release. Unlike code I find it difficult to jump in and out whilst being productive and consistent. Perhaps when I’ve worked on a bunch I’ll be able to but this is still my first scalable font.

The plan is to add all the essential box-drawing characters for code page 850, extend the # sign (should we slant this in the non-italic version?), increase the curves on { and } and adjust the comma to make it less like a slightly deformed dot. I’m open to suggestions as to whether the .,;: characters should in fact revert back to be square dots rather than round ones… again, leave comments if you have an opinion. I’m not sure whether I would extend this squaring back to the dots on ij! etc.

I’m hoping to get preview 7 out within the next couple of weeks and if that goes well then consider a more liberal licence to allow bundling etc. as I’ve had a couple of enquiries.

Silk Companion icons #1

Preview of some icons in Silk Companion #1My pack of addition Silk style icons has suffered as I find it impossible to draw on the move requiring instead a comfortable desk and a proper mouse to draw. As I no longer have a desk at home this means staying late in the office or throwing my lunchtimes at them.

The temptation is to just release the 352 icons as they currently are and produce another set at a later date. The alternative would mean a release some times over the next 1-3 weeks when the number finally reaches the proposed 500 mark.

If you have any thoughts or suggestions, leave a comment!

[)amien

Freeing up disk space on Mac OS X

October 29th 2007 • Apple (, ) • 1,328 views • no response

Space was a little tight (5GB) after my upgrade to Leopard and so I went on the hunt to free up space and ended up freeing almost 20GB of my 100GB disk – enough to let me set-up a new 20GB BootCamp partition that will host Vista and take over from my XP Pro Parallels image with any luck.

Large forgotten files

Disk Inventory X helps identify large files on your system which may no longer be required. In my case 8GB of imported iMovie clips, a 4GB Parallels backup HD image and a 140MB download of Boot Camp 1.4. A few blank DVD-R’s later and I’m almost 13GB lighter.

Unnecessary languages & platforms

I had previously removed the unused foreign languages and binary support using a mix of tools that was time consuming but obviously the Leopard upgrade has replaced all that.

Monolingual can remove both languages and binaries in a single sweep although it does take a good few minutes to run. Despite electing to keep English, English (UK), French and German for now as well as keeping the Intel and Intel 64-bit binaries I managed to claw back another 1.9GB of disk space. As an example Address Book shrunk from 45MB to 9MB.

As a warning, be aware you will need to reinstall Mac OS X if you want these languages back…

Music library clean-up

Head into iTunes and create a couple of new Smart Playlists:

  • Untitled and set the criteria of Play Count is 0
  • Abandoned Songs and set the criteria of Last Played is not in the last 3 months

Go through these and decide if they are worth keeping or not, in my case this was another 2.5GB.

You may also want to try dragging your ~/Music/iTunes/iTunes Music folder to the Library in iTunes to make sure iTunes is aware of all the files. I had about 30 songs that were no longer in iTunes but still in the file-system, no doubt from previously removing them in iTunes and hitting the wrong option.

Cleaning up the logs

Okay, we’re hitting that law of diminishing returns here but head into Utilities > Console and Move to Trash many of those logs.

Empty that trash can and rejoice!

If only we had compressible file-system support like Microsoft introduced with MS-DOS 6.2… Well, thankfully it’s on the cards as it is a feature of ZFS which is only read-only in Leopard but should be read-write before 10.6. That should claw back another 5-10GB of space for developers with all those highly compressible source files on their disks.

[)amien

Mac OS X Leopard – my story so far

October 29th 2007 • Apple (, ) • 1,319 views • 3 responses

I couldn’t pick up a copy in the USA as the Seattle store was closed for remodelling and when they said October 26th, they meant at 5pm and not 9am, go figure! Thankfully IQ in Guernsey had them in-stock when I arrived back home Saturday.

The Good

  • Upgrade process went flawlessly.
  • Safari’s find function dulls the page and highlights found instances of the word(s).
  • Safari supports in-line HTML editing… with some line-break and styling issues (at least in WordPress).
  • Safari now renders Aqua-like buttons in HTML pages instead of the nondescript grey buttons.
  • Safari lets you drag textarea’s to be bigger on any web page
  • Speech’s new Alex voice is pretty impressive.
  • Terminal now gets themes and tabs.
  • Internet Connect is gone and properly integrated with a rewritten networking preference pane.
  • FrontRow is now a standard accessible application and looks like Apple TV (Mmm HiTech theme)
  • Interface Builder seems to be rewritten, with designers for toolbars, drawers, core animation, transparent windows…

The Bad

  • Safari still has no option to ‘open new windows in new tabs’.
  • Safari resizes images to fit the display and lacks the option to turn it off.
  • Stacks doesn’t show the contents of sub-folders and fires up a Finder window I must close after I launch the right app (I’ve had my apps grouped and launched from a folder in the Dock since 10.2).
  • Use Interference Robustness for Airport is gone and you still can’t see WiFi speed.
  • Some third party issues have problems and require upgrading providing the vendor has a fix out – not helped by Apple not giving them the final release until so close to launch day.
  • iChat still doesn’t support MSN or ICQ and lost the hologram effect previously demonstrated.
  • Login Window… still has no global short-cut and Universal Access fails to work with the top-right menu.
  • NTFS support is still bloody read-only!

The Ugly

  • Mail-style tool bar buttons now appear also in Preview. The ugly surround means the icons themselves are tiny and mostly monochrome making them difficult to distinguish.
  • Folder icons are now only differentiated by a subtle imprint on the folder itself making it difficult to distinguish between them having lost the elements of colour and shape.
  • Menu bar transparency just looks wrong and is quite distracting. It’s tempting to edit my wallpaper to make that part solid white…
  • Transparency ‘glass’ effect on the menu bar is also distracting and looks like a poor knock-off of Vista’s Aero.
  • Dock’s 3D new perspective effect is suitably not-quite-right to be distracting. I’ve moved it to the left for now so it’s off.
  • Help > Search is a massive ugly blue band like Spotlight.

It’s good, but I wouldn’t say twice as good as a usual OS X upgrade… which is almost how long it took.

ThinkMac has a great visual summary showing some of these problems.

[)amien

Security vulnerabilities are not acceptable in sample code

October 28th 2007 • .NET (, , , , ) • 931 views • one response

Earlier this week the ASP.NET article of the day linked to 4-Tier Architecture in ASP.NET with C# which I noticed suffered from both HTML and SQL injection. I promptly informed the author and the ASP.NET site (who pulled the link) but the author was rather unconcerned and wrote (after editing my comment):

Thanks for your feedback Damieng. Sql statement has been used here to make the tutorial simple, it is informed in the DAL description.

The problem is people borrowing this code may not notice the vulnerability or understand how to fix it. This isn’t the first time I’ve seen easily exploited sample code, responded and been buffed off with the it’s just sample code excuse.

Writing secure code isn’t difficult, time consuming or confusing to read.

Microsoft’s forthcoming LINQ toS QL and Entity Framework provide object-relational mapping that takes care of the SQL, as do other well-known ORM tools such as SubSonic and NHibernate.

If you must write your own data-access-layer (DAL) code use parameterised queries and not string concatenation.

When outputting values be 100% sure whether your technique will encode the values for you or not and be aware of what encoding tools are available to you.

ASP & ASP.NET’s Response.Write and <%= %> methods do NOT encode for you and you should be using HttpUtility.HtmlEncode to output data to a HTML stream.

Samples of vulnerable and secure code are in my presentation on Web Security I gave at the Guernsey Software Developer Forum a few months ago.

[)amien

Returned from Redmond

October 27th 2007 • Microsoft (, ) • 979 views • 2 responses

It’s been an overwhelming few days listening and interacting with bright people from the .NET community and within Microsoft itself (wish I could say more but I can’t). Here are just a few of those names, I wish I knew them all but I was so busy listening to what they had to say I often forgot to ask for a card:

And from the Microsoft side of the fence

Congratulations go out to Rob Conery who is now getting paid by Microsoft to work on SubSonic!

How cool is that!

[)amien