In my spare room there was a large plastic bag of paperwork which was heading for the incinerator, it was all neatly tied up ready to go. This is what happens when you don't close the door to the spare room properly and you have a couple of kittens with an hour or two to kill before teatime: 
Just noticed I got tagged by Spence on the '5 Things You Didn't Know About Me' meme that's been doing the rounds. So here's my bit of trumpet blowing - 1. I don't have a CS degree or any sort of higher education qualification to my name. I left high school in 1985 after finishing 6th year with 9 'O' grades (I flunked my 5 highers two years in a row - something to do with the BBC Micro my folks got me when I was 16 I think, but I did learn 6502 assembler inside out and how to program 6522 VIA's - didn't help a hell of a lot with higher chemistry though). The noticeable lack of highers put me at a bit of a disadvantage when it came to choosing computer related further education. To cut a long story short, I managed to leave college with no HND due to my distinct lack of interest in 'data processing', punched cards, management accounting, out of date organisational theory and other tired old subjects that belonged in the 70's. That said, I was lucky to to work at the local Data General/PC shop during vacations and picked up a whole bunch of real world skills that got me my first full time programming job in 1989 (Clipper, C and DBase II/III). I've never looked back or regretted my lack of formal academic qualifications. Through hook and by crook, I've managed a field service/tech services team, run a 20,000 sq ft data centre, ridden the crest and trough of the development dot com boom and bust (remember client side java applets? CORBA anyone?), and now I work as a senior dev and ASP.NET security & hosting specialist for a web hosting organisation. 2. Until I was about 16 I actually wanted to do something scientisty. I always had an interest in computers dating back to my introduction to the school Apple II in 1979 but I initially had my sights set on being a chemist or a geologist or an astronomer (even earlier when I was four or five I was gonna be an astronaut, but hell who wasn't?). I still buy New Scientist when there's stuff on the cover about black holes, dark matter and exotic particle physics. 3. Some folk do the rebel roadtrip in their teens, I waited until my 20's. Back then I had a 28" waistline, hair down my back, used to love mosh pits and looked like I shoulda been on the roadcrew for any grungy SubPop label band you might care to mention - Tad, Mudhoney, Superchunk...take your pick. And oddly/annoyingly enough I didn't start smoking until I was 23. The present circumference of my waistline shall remain a secret for the time being though :-). 4. I love music. I've got a reasonable stash of 1500 albums in my MP3 library (and heaps of vinyl that isn't) and in a flush month I can quite happily blow 150-200 notes on CD's. I'm also presenter on a radio show for a local radio station and enjoy introducing the locals and casual passers by to the aural delights of Silver Apples, Comets on Fire, God Speed, The Mars Volta and healthy wads of Krautrock, prog and psychedelia. Sadly I'm no musician but boy can I belt out a face melter on my air guitar :) 5. I'm a procrastinating workaholic. I can fart around for ages at the start of a new project avoiding getting anything definitive or concrete down, and then at some random time in the evening a switch in my brain gets thrown and you'll see me signed into MSN at weird hours whilst I keybash into the dawn. So that's me done and now I tag: Colin
William
Martin
Alistair
Mark
I've been trying quit smoking for the last 4 years. Sometimes I get to week 3 or 4, go for a drink (or 3) and magically a smoke pops into existence in my gob. I quit again on New Years day and have been just fine without them. My clothes smell nice again, the house smells good too and my wallet is still laden down with the wad of tenners I took out last week. I haven't even missed the magical fix that those stinky coffin sticks delivered 10 or 15 times a day....until today. Today is very different, today I just want to tear someone a new asshole, turn the cats into oven gloves and pop up to the 24hr garage and wash cars with a petrol hose and matches. Even the NR gum (of which I usually chew just a few pieces a day) doesn't seem to be abating the mood imbalance that I know is just a hump along the road of giving up. But as my work colleague Gary cheerfully pointed out, "Stick with it, cats can be replaced, lungs can't". Grrrr!
Every now and again I have to dip my toes into the world of Apache, PHP, Perl and MySQL. I'm mostly a windows/.NET guy these days and I find it a tad difficult remembering all the incantations and dance steps all this stuff needs to get up and running on my Windows box because of its infrequent use and my sieve like memory. This happened last night when an old mate of mine phoned up in a bit of a panic about his PHP based website not working just as it should. After farting around for ages getting PHP to work on IIS 6, getting it to load it's mysql libs (unsuccessfully) etc etc, another mate (Colin) pointed out XAMPP. XAMPP (http://www.apachefriends.org/en/xampp.html) is a handy sized distro of all of these bits that can be fired up on demand (in a manner not unlike InstantRails) with minimal frigging around. Granted there's five minutes needed to fine tune Apache and PHP but once sorted set the whole lot is nicely sandboxed away from interfering with my day to day windows dev stuff. How handy.
Way back in the mists of time I wrote my first article on this blog which was about the identity under which the Application_Start() event executed under when it fired. To recap, when this event fires, it executes under the identity of the worker process account. Even if you are running with impersonation enabled, it will always execute as the worker process identity. Recently we had a couple of support tickets where a customer was experiencing a problem where their DNN installation prompted for a login and when the login was dismissed an exception was thrown along the lines of: Access to the path '<path to site>\Portals\_default\EventQueue\Application_Start--12228d21 -d778-48e1-8209-db7ea3f16a6e.config' is denied.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. It turns out that DNN (4.3 is the oldest version I've looked at so far) spins off a background thread in the Application_Start() event which does a bunch of stuff that requires write access to a DNN website's web folder. The reason why the error only shows itself infrequently is because the ASP.NET application domain needs to shutdown (after a period of inactivity) and then restart before the Application_Start() event is fired again. If you're hosting in a properly configured and secured shared hosting platform then the ASP.NET worker process should only have read access to the site web folder (to monitor for file changes) and only the impersonated anonymous account (unique to your site) will (optionally) have write access to the web folders. Additionally, your ASP.NET 2.0 hosting environment should also be configured to run under Partial Trust (MS have fixed various security related problems related to running ASP.NET under Partial Trust in ASP.NET 2.0 and there is now no excuse for running under Full Trust). Two solutions to this problem have been suggested by the DNN dev team. One is not practical in a high volume shared hosting platform and the other is basically insecure. One of the solutions suggested by the DNN team is to ask your shared hosting company to create a separate Application Pool for each site that needs to run DNN and run these Application Pools under their own unique identities. The unique identity then gets full write access to the DNN web folder. This is not a practical solution because the overhead of one site/one application pool could mean running several hundred application pools (and worker processes). Most hosting companys are going to be running between 1 to 20 application pools depending on the level of protection/isolation they feel is necessary for the type and value of the shared hosting plan offered. Another solution proposed by the DNN team is a potential security hole. If your hosting company is unable to provide a separate application pool they suggest asking your hoster to enable write access for the worker process account. This is a recipe for disaster because another user on the server could possibly call RevertToSelf(), undo impersonation (and thus execute under the worker process identity) and then begin hunting for other websites with write permissions assigned to the worker process identity. I'm still left frustrated and gobsmacked at the number of software vendors that still don't get ASP.NET security and ASP.NET security in shared hosting platforms in particular. I'm sure the reason why the DNN guys expect the Application_Start() event to be able to fire up a thread to perform tasks that require write access is because they have their own dedicated box where they can make all sorts of tweaks to suit themselves, or the shared hosting platforms they tested against are running badly configured and secured ASP.NET 2.0 environments.
Got me one of these - 
Rather nice cross between PDA and phone.
What is it with this growing trend of using Flash to present navigation menus on websites. Here's one example that got my heckles up today:
http://www.span-kent.co.uk/
The lefthand menu is a flash nightmare -
1. In IE you have to click the menu twice to navigate. Why? The first click is related to the workaround Microsoft had to implement to get around the patent trolling activities of Eolas (http://en.wikipedia.org/wiki/Eolas). The next click then lets me choose the menu item. Sadly, unless the site designer has implemented one of the many workarounds to this, you're stuck having to activate the control each time the page refreshes so you can click a menu item.
2. I can't 'right-click and copy shortcut' the menu item for the page I've opened. Yeh sure I could roll my mouse pointer up to the address bar and copy the URL but that's yet another browsing habit speed bump I'd rather not slow down for.
And what if I don't have flash installed in the first place or it's disabled? the answer is you're pretty stuffed...in fact this website only pays token lip service to accessibility. The hyperlinks at the bottom of the page don't even provide a means to navigate second level content!
Listen guys, if you wanna show off your fancy flash noodling do it in the privacy of your own home, just stop trying to replace HTML navigation conventions that have been good enough for the rest of us for the last 15 years or so.
I nipped down the video shop to see what was new this week. With the exception of a few dreary looking chick flicks and some even more dreary looking US 'hilarious comedies' there wasn't much new. It's at times like this you fall back to films you'd probably not normally rent but make mental notes to rent if nothing else inspires you. District 13 was one of those noted but never rented movies so it got rented in the absence of anything else worthwhile looking at. Bloody hell, what a surprise. It's French (with english subtitles), has loads of bad dewds with big guns, fast cars, a witty script (by Luc Besson [Taxi]) and best of all free-running. I think they must've hired all the free-runners in Paris to make this film. Don't be put off by the cover which says it's from the producers of The Transporter, which had loads of great potential but as usual Hollywood dumbed it down for the American market, it's a thoroughly enjoyable Escape From New York'ish romp. 8/10
I've been using IE 7 on Vista Beta 2 in a remote desktop session for accessing worky stuff and general browsing and so far nothing bad has happened. So I took the plunge and installed the RTM for Windows 2003 on my dev workstation. Apart from a worrying delay when signing in after the mandatory reboot and then a sigh of relief as my desktop re-appeared, IE 7 didn't trash my box - yay. The only annoying niggle is that I can't see the 'Open in New Tab' option on the context menu (it's there in the version running on Vista) and don't see anywhere in the options to turn this on. I guess ctrl + click will have to do for now unless some else knows something I don't.
I installed VMWare Server (the free one) last night, quite nice and sadly makes MS Virtual Server 2005 look a bit clunky from a management point of view. Anyway the sole purpose of this exercise was to install OpenSUSE 10.1 (it didn't play nice with Virtual Server or Virtual PC) so I can play with Ruby on Rails in its (presently) more native environment. Gotta say, although I still prefer my MS desktop, things have come a long way since I last gave up on Linux. I feel so dirty  .
A new book arrived in the post yesterday - Professional ASP.NET Security, Membership and Role Management by Stefan Schackow (Wrox Press). I'm usually not a big fan of Wrox Press books, they tend to have too many authors attributed to individual titles and the net result is a pretty disorganised read. However this book is an exception to the rule. The first three chapters make it worth the price of the book + postage alone. You get a pretty good insight into how ASP.NET 2.0 initialises upon the first request, how security is processed during a request and a fairly decent treatment of the ASP.NET trust mechanism. I'd also recommend purchasing this book along with Dominick Baier's Developing More Secure ASP.NET 2.0 Applications. What's also nice about both these books is that the treatment of the topic of security (which can sometimes be quite dry) is dealt with in a remarkably interesting, relatable (is that a word?) and non-yawny approach. Most of the examples you can try on your dev box and because the security config is stored in XML config files, if you screw up, just roll back to the default set of files that came with the installation. Anyhoo...ASP.NET 2.0 security has improved considerably over ASP.NET 1.x and with these two books in hand you'll have no excuse not to enforce partial trust on your internet facing web apps.
In case you were all wondering  , I haven't forgotten about the second installment of this thrilling series, it'll be posted by the end of the week.
There's a handy new switch in the ASP.NET 2.0 IIS Registration Tool (located in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727 in a default installation) that makes life easier when creating custom service accounts for ASP.NET 2.0: aspnet_regiis -ga <useraccount> In a nutshell this takes the pain out of creating a service account and configuring all the required NTFS permissions, IIS_WPG group membership, security policy user rights assignments and IIS metabase access rights (see more here http://msdn2.microsoft.com/en-us/library/ms998297....). Importantly, if your server is configured to use an auto-generated machine.config <machineKey/> this switch also ensures that the following registry key is created when ASP.NET 2.0 starts up: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET\2.0.50727.0\AutoGenKeys. Below this an additional key is created for the custom service account SID and is used to store the auto-generated machine key. e.g. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET\2.0.50727.0\AutoGenKeys\S-1-5-21-3520846933-1734744541-1252751799-1013 Under this key there are three values - AutoGenKey - this is the auto-generated key
AutoGenKeyCreationTime - when the key was generated
AutoGenKeyFormat - 1 = Encrypted, 2 = ClearText If you don't use aspnet_regiis -ga to configure the custom service account and you use an auto-generated key you can run into problems when using persistent encrypted Forms Authentication cookies. The reason for this is that configuring the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET\2.0.50727.0\AutoGenKeys registry key can be overlooked or be incorrectly configured (e.g wrong permissions) if performed manually. If this key is not present or the custom service account doesn't have the correct permissions on the key, ASP.NET 2.0 will be unable to persist the machine key (the Local Security Authority is no longer used by ASP.NET 2.0 to store auto-generated keys). In this situation, if the ASP.NET 2.0 application pool is recycled or IIS is restarted then a new machine key will be generated because ASP.NET is unable to retrieve they previously generated key from the registry. This will invalidate existing persistent encrypted forms authentication cookies and you'll see entries in the Application Event log such as this: Event Type: Information
Event Source: ASP.NET 2.0.50727.0
Event Category: Web Event
Event ID: 1315
Date: 26/10/2006
Time: 02:04:34
User: N/A
Computer: FNORD
Description:
Event code: 4005
Event message: Forms authentication failed for the request. Reason: The ticket supplied was invalid.
Event time: 26/10/2006 02:04:34
Event time (UTC): 26/10/2006 01:04:34
Event ID: fac38d2aaeeb42a19e188ee838c1ca22
Event sequence: 2
Event occurrence: 1
Event detail code: 50201
Application information:
Application domain: /LM/W3SVC/1120939903/Root/tickets/77695-2-128062982739821344
Trust level: Medium
Application Virtual Path: /tickets/77695
Application Path: E:\AppsDev.Net\Handy Scripts\HandyASPScripts\tickets\77695\
Machine name: FNORD
Process information:
Process ID: 1716
Process name: w3wp.exe
Account name: FNORD\aspnet2_wp7
Request information:
Request URL: http://apptest.net/tickets/77695/Default.aspx
Request path: /tickets/77695/Default.aspx
User host address: 172.16.3.114
User:
Is authenticated: False
Authentication Type:
Thread account name: FNORD\I_icsoff
Name to authenticate:
Custom event details: If you're using a manually generated static machineKey, which is a requirement when operating in a load balanced or clustered configuration then you'll probably not encounter this problem e.g. - <machineKey validationKey="97F97E2D6939D2C ... 1CEA30726A56E3DB5E" decryptionKey="3AE64F1DC0167BB814D09162BDEF5E38B027E0E9E9AD7EA7" validation="SHA1"/> Load balanced/clustered servers require that you use the same machineKey across all the servers, otherwise subsequent HTTP requests may hit different machines in the set, and unless the machineKey's are the same, the encrypted authentication cookie cannot be decrypted and you'll almost certainly see events like above in the Application Event log. So in summary, take the pain away and let aspnet_regiis -ga perform the configuration heavy lifting for you. Related links: How To- Configure MachineKey in ASP.NET 2.0 How To- Create a Service Account for an ASP.NET 2.0 Application How To- Protect Forms Authentication in ASP.NET 2.0 MSDN Library .NET Security
Yeh...so lucky for everyone I'm feeling really quite bloggy this week.
Having played around with InstantRails for a bit I decided I needed to know how to install Ruby on Rails manually. Now I know there are Ruby MSI installers for windows but there's nothing like doing it the long way to get to know and understand what gets installed, where it belongs and if it breaks then you're familiar with the installation.
So here goes...
1. What Do I Download and Where From?
First off go grab these files -
http://rubyforge.org/frs/?group_id=426&release_id=5757 - Ruby 1.8.5
http://rubyforge.org/frs/download.php/11290/rubygems-0.9.0.zip - RubyGems 0.9.0
http://www.zlib.net/zlib123-dll.zip - zlib 1.2.3
http://prdownloads.sourceforge.net/gettext/libiconv-1.9.1.bin.woe32.zip?download - iconv 1.9.1
It's best to create a subfolder in your favourite downloads directory and download these four files to there and then unzip each one individually to it's own folder.
2. Where Do I Put It All?
Rather than deploy into the Program Files folder (spaces in folder names still seems to send the willies up some of these OS projects occasionally) I created a folder in the root of my c: drive called RubyTools. I then copied the unzipped ruby-1.8.5 folder and rubygems-0.9.0 folders to c:\RubyTools.
Just a couple of points here - the Ruby interpreter zip file and uncompressed folder is called ruby-1.8.5-i386-mswin32, I shortened it to ruby-1.8.5 after copying to make typing easier. In Winzip or WinRAR if you 'Extract to \rubygems-0.9.0' rather than 'Extract to here' you end up with an extra subfolder called rubygems-0.9.0...just so you know.
So after copying to my RubyTools folder, this is what my folder structure looks like: > 
Next copy the zlib1.dll file to your Windows system32 folder and rename it zlib.dll. On my first attempt to install RubyGems (see further on) it crapped out with an error saying it couldn't locate zlib.dll. You may already have zlib installed so try that version first.
Finally copy iconv.dll from the extracted iconv bin folder (.\libiconv-1.9.1.bin.woe32\bin) to your Windows system32 folder. This is a character set conversion library and the Rails project installer will complain if it's not there. Read more about it here http://wiki.rubyonrails.com/rails/pages/iconv.
3. Set Your PATH
Add the path to the ruby.exe executable to your environment PATH variable. If your forgot or don't know how to do this:
Right Click + My Computer
click on the Advanced Tab
click on the Environment Variables button
then either -
select the PATH variable in the 'System variables' list
click the Edit button
append the path to the ruby executable
...or...
create a new Environment variable called RUBY and set the path here
append ;%RUBY% to PATH (you need to include the semi-colon if it's not there already)
4. Install RubyGem Package Manager
Open a command prompt window and change directory the rubygems-0.9.0 e.g. cd \rubytools\rubygems-0.9.0
Type: ruby setup.rb and hit return. You should see something like this from the installer -
C:\RubyTools\rubygems-0.9.0>ruby setup.rb
---> bin
<--- bin
---> lib
[snipped for brevity]
---> lib/rbconfig
<--- lib/rbconfig
---> lib/rubygems
<--- lib/rubygems
<--- lib
rm -f InstalledFiles
---> bin
mkdir -p C:/RubyTools/ruby-1.8.5/bin/
install gem C:/RubyTools/ruby-1.8.5/bin/
install gemlock C:/RubyTools/ruby-1.8.5/bin/
[snipped for brevity]
As of RubyGems 0.8.0, library stubs are no longer needed.
Searching $LOAD_PATH for stubs to optionally delete (may take a while)...
...done.
No library stubs found.
Successfully built RubyGem
Name: sources
Version: 0.0.1
File: sources-0.0.1.gem
C:\RubyTools\rubygems-0.9.0>
And that's the RubyGems package manager installed.
5. Install Rails
Keep the command prompt window open and type: gem install rails --include-dependencies then hit return. You'll then see Gem work it's magic and grab the latest version of Rails (1.1.6 at the time of writing):
C:\RubyTools\rubygems-0.9.0>gem install rails --include-dependencies
Bulk updating Gem source index for: http://gems.rubyforge.org
Successfully installed rails-1.1.6
Successfully installed rake-0.7.1
Successfully installed activesupport-1.3.1
Successfully installed activerecord-1.14.4
Successfully installed actionpack-1.12.5
Successfully installed actionmailer-1.2.5
Successfully installed actionwebservice-1.1.6
Installing ri documentation for rake-0.7.1...
Installing ri documentation for activesupport-1.3.1...
[snipped for brevity]
Installing RDoc documentation for rake-0.7.1...
Installing RDoc documentation for activesupport-1.3.1...
Installing RDoc documentation for activerecord-1.14.4...
Installing RDoc documentation for actionpack-1.12.5...
Installing RDoc documentation for actionmailer-1.2.5...
Installing RDoc documentation for actionwebservice-1.1.6...
C:\RubyTools\rubygems-0.9.0>
You might get a couple of messages along the lines of -
While generating documentation for activesupport-1.3.1
... MESSAGE: Unhandled special: Special: type=17, text="<!-- HI -->"
... RDOC args: --ri --op C:/RubyTools/ruby-1.8.5/lib/ruby/gems/1.8/doc/activesu
port-1.3.1/ri --quiet lib
(continuing with the rest of the installation)
...and...
While generating documentation for actionpack-1.12.5
... MESSAGE: Unhandled special: Special: type=17, text="<!-- The header part
f this layout -->"
... RDOC args: --ri --op C:/RubyTools/ruby-1.8.5/lib/ruby/gems/1.8/doc/actionpa
k-1.12.5/ri --quiet lib
(continuing with the rest of the installation)
This is apparently quite common on Windows platforms and it doesn't seem to affect anything from what I could google.
So we're done with the install bit, next time we test our Rails installation to see if it hangs together.
This turned up in my dasBlog referrer logs: 
Kitten Authentication Rails?....eh?...maybe these little guys need them just to make sure that they're secure and don't get worms and viruses? 
Sorry Martin :P
Didn't see it at the cinema so bought the DVD. Whilst the cast and the locations are great, the rest of the film didn't really keep me interested, it's a bit dull (with a small 'd') and not as much fun as the book. 4/10. National Treasure was much more fun.
If there's just one more ASP.NET 2.0 book you buy before the year is out then it should be 'Developing More-Secure Microsoft ASP.NET 2.0 Applications' by Dominick Baier. I haven't read the book cover to cover yet but chapter 8 - 'Partial Trust ASP.NET' alone should have you running to the bookstore to get this title if you care about securing your ASP.NET 2.0 infrastructure.
To facilitate backwards compatibility on the hosting platform after upgrading from Windows 2000 to Windows 2003, we still install CDONTS for classic ASP users. Even though CDONTS has been deprecated in favour of CDOSYS, there's still a fair number of customers out there with code that uses CDONTS all over their scripts and expecting them to rewrite their code just because we changed the platform under them is a little unfair. There is one caveat however. Pretty much like MS, we don't provide any support should stuff not work the same way it used to under Windows 2000. Also if we find customers using CDONTS in such a way that's detrimental to the health of a server then they're given firm but friendly advice to migrate their code to CDOSYS. It's a fair compromise, the customers get a more reliable hosting platform on Windows 2003 but eventually they really ought to rewrite their scripts to take advantage of the improved reliability of CDOSYS. That said...so-far-so-good. So that's the explanation out of the way as to why the hell we have CDONTS on the Windows 2003 platform. Recently we encountered a ticket on the support system where the customer advised us that a selection of ASP scripts that use CDONTS had just suddenly stopped working. Calling the .Send method on the CDONTS.NewMail object was throwing the following exception and stopping the script in its tracks: Microsoft VBScript runtime error '800a0046'
Permission denied
/filename.asp, line xxx The usual KB articles http://support.microsoft.com/kb/324649, http://support.microsoft.com/kb/286301/ and http://support.microsoft.com/kb/197619/EN-US/ were dully read and digested, but still no joy. The SMTP Service Connection Control and Relay Restrictions were also inspected and nothing was out of order. The InetPub\MailRoot subfolder permissions were all checked as well and nothing leapt out at me as being odd or out of place. Permissions on the CDONTS DLL were also inspected but again they were all in order. Strangely enough though, other sites on the server could still use CDONTS without any problems which should've alerted me to check what Application Pool the site was running in.... Turns out that the site had been upgraded to run ASP.NET 2.0 and thus running in the ASP.NET 2.0 application pool. The ASP.NET 2.0 app pool also runs under its own worker process identity (I've written about how to do this previously). So a thought occurred after having re-read the first KB article....and it quickly sunk in after reading this paragraph more thoroughly: "On a computer that is running Windows 2000, determine whether the Application Protection setting is set to High (Isolated). If the Application Protection setting is set to High (Isolated), set the Application Protection setting to Medium (Pooled). Alternatively, on the Properties menu of the SMTP service, click the Security tab, and then add the IWAM_MachineName account to the Operators account." The start of the above paragraph reads - "On a computer that is running Windows 2000...." - and that was a total blindspot. I should've kept reading i.e. the red bits. One conclusion lead to another and of course it dawned on me that the worker process identity for the ASP.NET 2.0 application pool didn't have operator permissions on the SMTP service. Adding the relevant account got CDONTS working again - 
You could of course just add the IIS_WPG group if you're running multiple app pools each with their own process account (provided they're in the group). So this has been another lesson in the art of RTFM properly and remembering that the stuff you did on the old platform still applies (albeit in slightly different ways) to the shiney new stuff.
v1.9 of dasBlog has been sitting around my local machine for a while but I've finally got round to upgrading. Just make sure you don't overwrite any changes you made to web.config or any of the .config files in /siteconfig. Other than that the upgrade went fairly smoothly and took all of 10 minutes to do. Ok...you can move along now.
A couple of days ago I installed the IIS Diagnostics Toolkit to get up to speed on the Debug Diagnostics Tool so we can use it to aid tracking down Application Pool crashes and hangs on the hosting platform. Anyway, this morning I had to reboot my dev box and upon restarting VS05 I found that breakpoints in my web apps weren't being hit. At first I thought it was some kind of authentication problem because the tool I'm writing just now requires Windows Authentication to run. i.e. remove anonymous access and login as a windows machine account with enough rights to use System.DirectoryServices to traverse entries in the IIS metabase...blah blah blah etc. Anyway to see if the problem was related to this I knocked up a quicky app in the Default Website but still no joy. Then I tried VS03 and that just hurled an exception and shut down. There was nothing in the event logs that gave any sort of hint as to what was blowing up. Next I tried a manual attach to the w3wp.exe worker process but it was showing as greyed out in the process list. A couple of google hits suggested that another debugger was already attached to the process. Anyhoo...it turns out that after the reboot, the Debug Diagnostic Service (which is part of the IIS Diagnostics Toolkit) started up and was already attaching to the process before VS could. Shutting it down in the meantime resumed normal service. I honestly thought I'd completely hosed my dev box and that would've a complete feckin' pain given that it takes nearly two days to rebuild and setup just right. Phew.
So here's a thing or two I learned today. The SQL Server Copy Database Wizard (CDW) has a couple of limitations that can cause no end of head scratching for a good few hours. I can't say I've ever used CDW, either in SQL 2000 or in SQL 2005 but the opportunity came up a few days back when one of our dedicated server customers got their shiney new SQL 2005 box handed over to them. We got a ticket raised and the customer complained that the CDW in SQL Server Management Studio (SSMM) wasn't working and was failing at the 'Configure the Package' step with the error: While trying to find a folder on SQL an OLE DB error was encountered with error code 0x80004005 (Login timeout expired).
(Copy Database Wizard) Anyway, it turns out there are some gotchas built into the CDW. As part of my troubleshooting into this problem I discovered the following - 1. If copying databases between two standalone servers (our scenario) then specify a SQL server login that has the correct permission (sysadmin role) in the source and destination server credentials. It's tempting to use Windows Authentication if the source server is the box you're logged into...don't. 2. On the source server you need to add an entry in your source server LMHOSTS file which is the IP address and NTLM name of the destination server e.g. 192.168.4.100 PRODUCTIONSQL You won't even get past the 'Configure the Package' step without an error without this (see error above). Examination of the .dtsx CDW package definition reveals that it uses NTLM computer names and not the DNS name to specify the source and destination computers. 3. Both SQL Servers must be able to connect to each other. This is the real gotcha if your trying to copy a database from a source server that is behind a firewall. 4. The 'Detach and Attach Method' requires that the destination server has access to a file share on the source server. Whether you choose the 'Detach and Attach Method' or use the 'SQL Management Object Method' the CDW creates a package on the destination server. The package is then executed by the SQL Server Agent and during execution it establishes a connection back to the source server to pull the database into the destination server. This fails if the source server is behind a firewall or if you use the wrong authentication method. We provide hosting for a base of resellers and web dev shops and gradually we are seeing more and more of our customers developing for SQL Server 2005. Better visibility of the Copy Database Wizard in SQL Server Management Studio (in SQL 2000 EM took a bit of hunting down if it wasn't visible in EM) will encourage these guys to use CDW to quickly push a new database residing on their local dev environments up onto their production server in our environment but it isn't as straightforward as it looks. Copy Database Wizard looks so attractive but sadly it ends in tears mainly because of the requirement for connectivity in both directions between their source server and destination server. What dev shop in it's right mind really wants to open up their firewall to permit communication from our environment into theirs without being absolutely certain they've got their firewall rules correct and everything nailed down. Even if a dev shop does get their firewall opened up and the security nailed down, CDW is pretty useless for copying databases into our shared SQL platform. This is because to authenticate to the destination server you need to authenticate using an account that is a member of the sysadmin role, for obvious security reasons we would never entertain this. More on the Copy Database Wizard here, it's a shame they didn't flesh this out with how CDW works and what the connectivity requirements are: http://msdn2.microsoft.com/en-us/library/ms188664....
I was going to leave it a while before looking around for another cat but whilst surfing around looking to see what cat rescue places were in and around Perth I came across this pair: 
The black one is 'Buzz' (the lad) and the champagne one is [ahem, cough] 'Blossom' (the girl). These were the names given to them by the rescue folks and I haven't thought of a new one for Blossom yet, Buzz will probably keep his name as he certainly lives up to it. But Blossom....hmmm.... Buzz is the spitting image of my old flatmate's cat and 'Blossom' is the same colour as Kira was (blondy champagne). They were just too hard to resist. They're 7 weeks old and are tiny furry powerhouses of boundless energy and adventure. I've never had kittens before, both Kira and Sam (childhood cat) were way past the kitten stage when I got them. Kittens it appears have to be watched like a hawk otherwise everything is up for grabs to be pulled (anything not nailed down - cd cases for example), chewed (ooh cables, bouncy and chewy), sat on (ooh there's a foot), sat in (whoa...a plastic bag) and whatever else enters their tiny cat brains. They're a real joy to watch and look after and I'm really glad I didn't hang back. Anyway here's some more gratuitous pussy shots, normal service will be resumed soon: 
 
Kira had to be put down on Saturday. She developed a kidney infection and then it was all rapidly downhill from there. She was a one off and I will miss her plonking herself on my keyboard or mousemat and onto that particular bit of paperwork you were working. 
Whilst I don't always agree with Joel's point of view, he hits the nail right on the head in this article. I know of one high volume website where the present mix of ASP and ASP.NET is being dumped in favour of Ruby on Rails. Ruby may be a nicely crafted language and Rails may be very trendy to have on your CV (hell even I have a couple of big fat Ruby books), but it's early days for the Rails framework. The site itself is your common garden variety data driven app and I just can't see the justification for upping sticks to a niche framework where the present skill set is limited and the tools are in their infancy let alone jumping to another established platform (for example Linux/Apache/Java). .NET and Java are proven tools, the skill set is plentiful and if you want to jump ship from one dev shop to another then it's possible to do so. With Ruby & Rails your gonna be locked into one or two niche shops and recovering from the adventure, if it goes pear shaped, is going to be an expensive and painful lesson.
I'm always grubbing around in console windows and cutting and pasting here and there....Here's a handy little tip for copying and pasting without reaching for the mouse - - Alt-Space, e, k [Enter mark mode]
- Down, down, down, right, right, right [Move the cursor]
- Shift-right, shift-down, shift-right [Extend the selection]
- Enter [Copy the selection to the clipboard]
- Alt-Space, e, k [Paste from clipboard]
Kinda obvious now.
One week and 260 pages later and Neal Stephenson's Quicksilver is going nowhere. I can see what Stephenson is trying to do which is tell the story of the emergence of modern science (in the 17th century) through the eyes and experiences of a fictional character called Daniel Waterhouse and I guess make it an interesting history lesson. Sadly it neither works as a re-telling of history nor as a story. It's an unmitigated load of old bollocks. I'll buy a history book instead. 1/10. Next please...
dasBlog's editor does the best it can by using the Free Text Box control for article authoring. However it does have it's limitations. I generally find myself editing blog entries offline in TextPad and then saving the draft to a file. On occasions I might have two or three ideas on the boil and managing the drafts in dasBlog can be cumbersome. Enter Windows Live Writer.... Windows Live Writer is a FREE offline WYSIWYG authoring tool that can be used to author articles offline and then post them to your favourite blogging space. Live Writer supports multiple blogging API's such as Movable Type, Metablog, WordPress, Community Server and of course Live Spaces. One of the really cool things is being able to preview how your article will look (in dasBlog anyway) before publishing it..and in offline mode too. Another cool feature is the plug-in SDK so you can extend Live Writer to publish custom content. So far there's Flickr, Tag and Current Listening to writer plug-ins on the Live Writer space. I really like this and MS has kept it really simple as well.
A couple of weeks ago I got me one of these: 
It takes a bit of fiddling to get the Philips software on the PC and device to see each other but once that's done it works a treat. My only complaint is the choice of colour for the display. Light blue text on a blue background although very funky looking makes for reading text on the display from more that a few feet away kinda hard. It would have been nice if it could be inverted to improve the contrast. Nice gadget though.
I'm on annual leave just now which is sadly coming to an end :(. However I've had a damn fine time ploughing through the pile of books that have sat unread for ages -
Joseph Finder - The Moscow Club - This is the second Joseph Finder book I've read and it also happens to be his debut title. I was a bit worried that being his first book his writing style and skill may not have fully developed, kinda like Dan Brown's earlier efforts which are pretty so so. I was however pleasantly surprised to find that it's a real page turner. 8/10
Hunter S. Thompson - Fear and Loathing In Las Vegas - Hunter S. Thompsons classic 1970's novel about his chemical fueled search for the American Dream. Totally outrageous and of it's time. 7/10
Luke Rhinehart - The Diceman - another cult classic (partly based on fact) about Rhinehart's decision to live life by the roll of a dice. It kinda gets a bit lost in itself near the end and you get the feeling that the content of the last 50 or so pages was decided on the roll of a dice no doubt. 7/10
David Wolstencroft - Good News, Bad News - Wolstencroft is the creator of Spooks and Good News, Bad News is his debut novel about two modern day British Spies assigned 'wet work' on each other. Not a bad read for a first novel and it's a reasonable page turner but it kinda just didn't have that 'you gotta read this' spark about it. 5/10
David Wolstencroft - Contact Zero - Wolstencroft's second novel which is again set in the murky world of the British spy business. This is a cracking read about a handful of MI6 'probationers' who are hunted down by their own, and who in turn are on the hunt for the mythical 'Contact Zero' who they hope will provide them sanctuary. This is a way better novel that Good News, Bad News. 8/10.
Joseph Finder - Killer Instinct - This is Finder's latest novel and like Paranoia we find ourselves immersed in the cut and thrust of high technology big business. The main character, Jason Steadman, befriends ex-special forces tough guy Kurt Semko, gets him a job in his company's Corporate Security division and then things start to go sour. This book was yet another great page turner, I read it from cover to cover in a single 6hr sitting. 7.5/10
My current read is Quicksilver: The Baroque Cycle by Neal Stephenson. This is a 900 or so page tome and the first of the Baroque Cycle trilogy. I'm about a hundred pages in and beginning feel that it's a meandering read, there's a lot of unnecessary padding and I can't seem to get the point of the book. I've heard so many good things about Cryptonomicon and I realise that Quicksilver was written afterwards as a prequel and hence me reading it first. However I really hope I've got the energy to make it to the end. Even Martin gave up on it which is a bit of a worry. I too also hate investing lots of time in books with >500 pages. I feel that if you haven't started getting to the point or even within ten miles of it within 150-200 pages then I'm sorry your wasting my time. Score so far....2/10.
Pink Floyd's Pulse DVD is truly awesome but you do need a decent 5.1 surround sound to appreciate it properly. Watching it really brought back memories of seeing them at Wembly Stadium in 1987 - 9/10.
Hostel - This is a pretty gruesome little affair where three back packer blokes are enticed to a Hostel in deepest Slovakia by promises of tasty lasses who let it all hang out. On the surface the hostel looks pretty appealing to the three lads but they soon get more than they bargained for. The victims soon get worked on with a wide range of power tools and other DIY stuff you might normally find in B&Q - 7/10.
Basic Instinct 2 - Another pretty gruesome affair but for all the wrong reasons. If it hadn't been for the UK location and British acting cast - David Morrissey, David Thewlis, Charlotte Rampling an Stan Collymore (isn't he meant to play footy?) - then the DVD woulda been back in the case within 30 mins of watching. Utter cobblers - 3/10
I can't say I'm a huge fan of recent Hollywood attempts at bringing graphic novels and comics to the big screen. They usually turn into insipid heartless vehicles for whatever American eye candy they pay millions of dollars to turn up and generally act badly.
V for Vendetta on the other hand is a nice surprise. I read the graphic novel a while back and absolutely loved it. When I heard that the novel had been earmarked for the silver screen I had that horrible sinking feeling about the compromised crap that Hollywood would no doubt churn out.
However I was wrong. The film doesn't exactly stick to Alan Moore's original creation and there's plenty of artistic license taken by the director of the film but the end result is 2 hours of highly enjoyable viewing. The cast is excellent as well (not sure about Natalie Portman's made up English accent though) - John Hurt, Hugo Weaving, Stephen Fry and Stephen Rea amongst others. One of the nice things about the film, and it really surprised me because the producers are the Wachowski brothers, is that it's the script and the acting that keeps your attention instead of high-tech special effects. Also at no point in the film did you get that feeling of "get on with it" either. All in all 8/10.
I finally got round to reading the last book in Philip Pullman's 'His Dark Materials' trilogy, The Amber Spyglass. If you haven't heard of these before then I do thoroughly recommend them. I don't have the time to summarise in a paragraph what the story is about, suffice to say we've got parallel universes, armoured bears, witches, zeppelins, quantum physics, daemons, angels, hair bombs and an good old fashioned battle between good and evil. 9/10. This site does a way better job than I can do of summarising the books.
The other book I finished this week is Paranoia by Joseph Finder which I picked up on recommendation by my mate Spence. This is a really good page turner about Adam Cassidy, a hi-tech product marketing bod and professional corporate waster who is blackmailed into stealing corporate secrets from his company's competitor. I read it in a day it was so good. 8/10.
A year ago I picked up Six Days by journalist Jeremy Bowen which is an account of the 1967 Six Day War between Israel and Syria, Egypt and Jordan. I'd been dipping in and out of it for the last three months and stone me this week Israel is at it again! Anyway, it's highly topical and explains, amongst other things, the background and reasons for territorial anomalies such as the Gaza Strip, the West Bank and other Israeli landgrabs over the past 60 years.
The Legacy has been treated to a shiney new set of Oz Super Leggera 17" Alloys wrapped in Toyo Proxes T1S 215/40ZR17 rubber. The car sticks to the road in high speed corners now and there's not even a hint of understeer like my old Mondeo. The Mondeo had the worst understeer of any modern car I've ever driven, even with decent tyres...trully appauling and trouser soiling.
I also fitted four new high performance vented, grooved and drilled brake discs and carbon fibre pads which makes the car stop on a sixpence.
Any go here http://blog.zygonia.net/content/binary/DSCF0249-s.jpg and ogle at my shineys.
Last week my trusty old Mondeo Diesel stripped it's timing belt and then went on to commit engine hari-kari. Valve heads were lopped off and given a sound thrashing in the piston pots and gawd knows whatever else got mangled, dented and fractured. The cost of an engine rebuild, 600-800 quid, was too much to swallow and there was no guarantee that it would've run properly again. It was a 98 model and I paid £1200 for it two years ago and racked up 35000 miles (it failed with 153000 miles on the clock) so I guess I got value for money. I was sad and disappointed to see it go because I'd kinda hoped for another year of motoring out of it before looking for something else and it was a really comfy car to get around in.
Anyway I needed a car and so it was time to go shopping and I ended up with a 1992 Subaru Legacy 4WD 2.0 GT Turbo. That model era is my favourite shape of Legacy and really looks the business compared to the later euro-curvy-bulgy designs that sadly polluted the minds of Japanese car body designers from the mid 90's onwards.
My bro in NZ has one which I got to use loads when I was over there last year and I absolutely fell in love with it. These are no ordinary estate cars, the standard power plant puts out 236 BHP and the 0-60 time is 6-7 seconds (at a guess). It's the first car I've owned that plants you firmly back in the drivers seat when red-lining all the way through the gears from standstill, through 9 speeding points and all the way to loss of license and a year in jail. It's awesome!
My car at the moment is pretty much in stock condition but the previous owner added a new stainless steel sporty exhaust system which coupled with the boxer flat four engine makes it the most interesting and loudest sounding car I've owned. This is it here -
It doesn't look terribly flash at the moment, but for the first time in my life I've had the urge to do boy racer stuff to a motor and pimp my ride. I'm fancying new 17" alloys, low profile rubber, dropping the suspension, debadging and new paint job and of course the obligitory turbo waste gate dump valve :-) Must be a late 30's crisis thing or something. This is my brother's pimped up Legacy but I reckon I'll be getting wheels with a bit less bling -
I flattened a box the other day and installed a dual boot system with Vista Beta 2 and Longhorn Server Beta 2. Vista is quite nice and I've kinda gotten used now to the new UI but whether I'll do my usual revert-to-Windows-Classic-look-and-feel remains to be seen yet. The box I installed onto has the following spec -
Athlon AMD 2500+
Asus A7V600-E Motherboard
1.5GB DDR333 RAM
Western Digital 120Gb SATA Drive
Asus NVidia GeForce 4 Ti-4200 128Mb Delux (V8420)
The overall performance is not bad but the system is let down by the graphics card which drags the overall 'Performance Rating' down to a score of 2. This means that the Aero Glass UI doesn't get enabled and it falls back to the Windows Vista Basic look and feel which looks like a chromed up version of the XP teletubby UI.
In an attempt to improve the performance rating score I bought an Asus N6200 256MB graphics card which is based on the NVidia 6200 GPU. According to this NVidia Vista page the 6200 GPU is 'Vista Ready'. In reality the card is a disaster and causes Vista to lock and hang for long periods at a time with the MS supplied WDDM driver. The latest NVidia Beta 2 driver (release 88.61) just won't install and complains that there are no drivers compatible with my current hardware. Trying a manual hardware install using Add Hardware in the control panel and browsing to the 'nv_disp.inf' results in an empty list, so no joy there either. It's possible that the Asus implementation just isn't quite what Vista is happy with in the current Beta build.
I have a plan in the pipeline to build an uber machine with some new Intel bits but I kinda hoped this existing box would've been sufficient for the time being.
Yesterday I was working on a product list using the Gridview component and needed to render the list of products ordered by category. The list also had to have a subheading for the category of the product e.g.
It took a while to figure out but this article by Tim Heuer (there's a show/hide code at the bottom of the page) helped solve the problem. With a minor modification I got what I wanted.
I didn't require the sorting mechanism so I assigned the DataKeyNames property of the Gridview the names of the fields used to order the list before binding to the datasource so that I could pick out the category ID (line 71) in the controls overridden Render method:
1 protected override void Render(HtmlTextWriter writer)
2 {
3 Table table = (Table)this.productsGrid.Controls[0];
4
5 int lastCategory = -1;
6
7 foreach(GridViewRow row in productsGrid.Rows)
8 {
9 int realIndex = table.Rows.GetRowIndex(row);
10 int currentCategory = Convert.ToInt32(this.productsGrid.DataKeys[row.RowIndex].Values[1]);
11 if(currentCategory != lastCategory)
12 {
13 GridViewRow groupHeaderRow =
14 new GridViewRow(realIndex, realIndex, DataControlRowType.Separator, DataControlRowState.Normal);
15 TableCell newCell = new TableCell();
16 newCell.ColumnSpan = this.productsGrid.Columns.Count;
17 newCell.BackColor = System.Drawing.Color.FromArgb(233, 229, 229);
18 newCell.ForeColor = System.Drawing.Color.DarkGray;
19 newCell.Font.Bold = true;
20
21 switch(currentCategory)
22 {
23 case 515:
24 case 517:
25 newCell.Text = "Home Products";
26 break;
27
28 default:
29 newCell.Text = "Business Products";
30 break;
31 }
32
33 groupHeaderRow.Cells.Add(newCell);
34
35 table.Controls.AddAt(realIndex, groupHeaderRow);
36 lastCategory = currentCategory;
37 }
38 }
39
40 base.Render(writer);
41 }
Yay! MS have a shiney new website just for IIS at http://www.iis.net. If I were you, my first port of call would be the .NET show interview with Bill Staples and Scot Guthrie where they show off some of the really cool features that are going to be part of IIS7.
|