CodeFrenzy

It’s been so long since I posted anything on this blog, I thought it was about time for an update.

First off, I’ve moved to London. Jason and I decided on a whim to come over and see if we could find work – which, as it turns out, wasn’t all that hard. Can’t believe we’ve been here for almost 5 months already (wow, time really does fly by when you’re having fun!!).

Even though the economy was going down the drain and everyone was stressing about the lack of work, Jason and I managed to find work within only 2 weeks of starting to look. Jason scored himself a job at Virgin Games as a Senior .NET Software Engineer and I landed a contract also as a Senior .NET Software Engineer at a small start-up called mFlow. mFlow is actually a desktop application that mixes the music side of iTunes with social networking. The social networking side of it is quite simple really – as a member, you can follow other members and see which tracks and albums they’re buying, as well as which tracks and albums they’re recommending. And the best bit? If someone who is following you buys a song that you recommended, you get paid for it! Great huh? ;)

The atmosphere at mFlow is really cool – we work in an industrial loft style office where everyone sits together. That means everyone interacts with everyone and nobody feels excluded. They’re super well equipped in terms of technology – lots of really grunty servers and well spec’ed dev machines. I personally love my twin 27” monitor set-up drooooool :D.

All the developers at mFlow are incredibly smart and there has been a heap of stuff for me to learn. I work with a couple of other guys on the back-end services whilst a team of other developers work on the front-end. Overall it’s a really cool place to work and it was awesome to be at mFlow when they first launched the application. It’s currently in beta invite-only mode but I hear the ‘real’ launch will be soon. It’s all very exciting because it’s a really neat idea, it’s been well designed and looks reeeeally sexy, and it has the potential to be really big. Fingers crossed eh? :)

In my chosen career, I solve problems everyday. Sometimes the problems I’m given are small and simple to solve, and sometimes they are most definitely not. That, I can deal with. What annoys me is when a problem seems like it should only take five or so minutes to solve and yet somehow, it takes you all day. It’s not that you’re bad at what you do, it’s just that the thing you’re trying to do wasn’t quite as simple as you or anyone else had thought it would be. Or perhaps the framework you’re working with has some nasty little quirks that you weren’t aware of. Or perhaps the thing you’re trying to do just hasn’t been done before, or at least hasn’t been well documented. Whatever the reason, spending all day on a “simple problem” isn’t good for your sanity and makes you feel like you ought to be doing COMP101 all over again.

One such problem that I’ve come across more than once in the last few weeks is how to make a text string fit inside a label or other similar control. If the string is too long to fit, the end should be truncated and replaced by an ellipsis. Sounds pretty straightforward eh? Nope, think again.

After coming up with a few complicated solutions including but not limited to iterating through every character in the string and measuring the length of the string (yes, highly inefficient, I know!), I finally found a solution which seems to do the trick. I feel this amazing solution needs to be shared with everyone so here it is:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

private string textToDraw = "Hello, how are you? Why does this string not fit in the label that I have drawn? Maybe it is because it is too long?";
 
public Form1()
{
    InitializeComponent();
    label1.Text = ShortenString(textToDraw, this.Width - 10, label1.Font);
}
 
public string ShortenString(string myString, int width, Font font)
{
    string result = string.Copy(myString);
    TextRenderer.MeasureText(result, font, new Size(width, 0), TextFormatFlags.EndEllipsis | TextFormatFlags.ModifyString);
 
    return result;
}
 
private void Form1_ResizeEnd(object sender, EventArgs e)
{
    // Set the width to something - I've just set it to the width of the form - 10 to allow for the ellipsis but
    // I guess this would need to depend on which control the label is to be displayed inside of
    int width = this.Width - 10;
    label1.Text = ShortenString(textToDraw, width, label1.Font);
}

The trick to solving this problem was to use the TextRenderer class and calling its MeasureText function. MeasureText doesn’t seem like the most obvious function to use but it seems to work.

Note that this example is for a C# winforms application. The same could be done for a web application although you’d have to use JavaScript to re-calculate the string when the browser or element is resized.

Has anyone else ever had to solve this particular problem? If so, I’m interested to hear how you did it!

All the gadgets I take with me on holiday… is it too much?

A few years ago I went on a 4 month long trip around the world and I took with me 1 film-based camera, 1 mp3 player and 1 gameboy. Not bad for 4 months I thought. Didn’t take long however before I was robbed and lost the mp3 player and gameboy. Without much choice in the matter, I was left carrying only one ‘electronic’ item, my camera. And guess what? I had a great holiday and didn’t miss any of the other stuff that I thought I would need.

More recently, Chris and I took a 3 week holiday to Canada and between us we took: 3 cameras (+ xtra sd-cards, chargers and cables), 1 laptop, 2 cellphones, 2 ipods (80gig video) and a GPS unit (which we hardly ever used). Hmm. Writing that made me laugh. At myself. You’d think that our bags have nothing but electronics in them. But seriously, at some point whilst packing our bags we figured that we’d need all of that stuff and well, to be honest, we did use it all in one way or another.

So what should you take with you when taking your next holiday? In reality, it all depends on where and when you’re going, how long you’re going for and what you’ll be doing when you’re there (oh and how much of a geek you are). Although there is no definitive answer, I thought I’d share some of the factors that affect my decision making when it comes to picking which gadgets to take with me on holiday.

• Take only what you really think you won’t be able to live without.
  If you don’t take your cellphone and you really need to make a phone call, you can always use a payphone. Alternatively, you could rent a cellphone. Many airports house shops that will rent you a cellphone for the duration of your stay. Or you could even buy a new cheap phone if you absolutely run out of other options. See? You really don’t need to take yours.
• Take small, stream-lined versions of all the electronics you think you’re going to need.
  If you can’t stand the idea of not having your own laptop whilst on holiday then make sure you take a small, light netbook with you, not a full-sized desktop replacement brick. You really don’t want to be carrying 5kg of solid expensive gear with you everywhere you go. You’ll end up a stooped old hunchback if you do.
• Try to detach yourself from caring too much if your stuff does get stolen or damaged.
  This is hard to do, especially if you have some sort of emotional attachment to your gadgets. If it’s irreplaceably special to you or would cost a lot of money to replace, I wouldn’t recommend taking it. Leave it at home, safe and sound. You can’t control how or when some scummy thief out there may take an interest in it and just take it from you. I’m particularly guilty of this and often worry about losing something of value. It just ends up frustrating me that I spend more time worrying about locking away anything of value than I do just relaxing, letting go and enjoying myself.
• If you have a digital camera and are taking lots of photos, back them up early and often.
  If something were to happen to your camera, you don’t want to lose all your photos as well. The simplest option is to take your camera into a shop that can write your photos to a CD/DVD (you’ll find these all over the world) or if you have another gadget with you, you could back them up there instead. For example, I backed some of my photos up onto my Ipod since it had plenty of free space on it.
• If you’re traveling with someone else and you’re both taking gadgets that have the same chargers / cables, take only one charger between you.
  Chances are that you’re not going to need to fully charge your gadget at exactly the same time as whoever else you’re traveling with so if you can, share one between you. Chris and I took two sets of Ipod chargers and cables with us on one of our long trips and ended up sending 1 set home to save space.

If you’re a traveler, what do you take with you?

Since I was about 5 years old and got my little hands on my first Commodore 64, I’ve been comfortable around computers. At first it was all about the games, and then it was about the BASIC programs that my mum and I wrote after school. Later on it was about mIRC, ICQ and horrible geocities pages. And now computers are my job, hobby and obsession. Computers have been in my life for well over 20 years in one way or another and I totally take them for granted. Oh, and did I mention that I’m a girl?

However, this is not the norm. The norm is that girls don’t play with computers and don’t work in IT. But why? Why are there so few girls in IT?

Well, the answer is that there is no one simple reason. It’s something that Universities and education ministries around the world have struggled with for years. For every 200 guys graduating from Computer Science at University, there is 1 girl. This may not be the same at every University around the world but it’s a pretty sad statistic. The same is true in the IT industry. Basically, girls are under-represented in IT almost everywhere you look.

Anyway, I thought I would list a few of the factors that I believe strongly contribute to why girls end up in IT:

• Programming is not taught in all-girls high schools
  This is obviously a pretty big reason why girls don’t take up computer science at University. I actually experienced this myself when I was told in no uncertain terms that “girls don’t program” after asking what programming languages we’d be learning in our Computer Studies course in an all girls’ college I went to in Wellington, New Zealand. The result of this is that any girls who may be interested in trying Computer Science or Computer Engineering at University are already starting off at a disadvantage, especially compared to boys who apart from being curious and probably having played computer games and scripted for years already, may well have been taught some form of programming in high school, simply because they are boys.
• Barbies versus binary
  Parents continue to buy their daughters dolls while their sons get computer games and game consoles. I don’t have children but I have friends who do and I have seen this happen time and time again. If children that young are seeing and being made part of this divide, how can we really expect it to be any different when those same children are trying to decide which career to follow?
• Working with computers is seen to be nerdy and uncool
  There is quite a strong stereotype around geeky computer programmers and it could be possible that a lot of girls, in their formative years, don’t feel that it would be cool to be associated with that sort of image. Peer pressure is a huge motivator for many children and adults, and if that peer pressure is telling girls not to spend time on computers but rather to spend that time reading fashion magazines then that is what they will do.
  
• Could it be that our brains are just wired different?
  I’m no psychologist or doctor so I don’t have the answer to this one. But obviously males and females are different in many other ways so it only follows that our brains probably work differently as well. However, I do believe that this is the last string in the list of reasons why girls aren’t in IT and should most definitely not be used as an excuse for it. As pointed out above, I think there are other reasons why girls don’t pursue IT careers that need to be looked at carefully before we fall back onto a reason that we can’t really prove or do anything about.

• You don’t have to be a social outcast to be a girl software developer
  There is a stereotype surrounding girls in IT – usually very geeky looking, perhaps overweight, no friends, bad skin, etc etc. This is not true and most of the girls I know in IT are very much the opposite – smart, intelligent and strong women. It doesn’t matter what you look like or how you dress; if you want to be a programmer, go for it.
• All guys working in IT are geeky and no fun to hang out with
  Again, this is complete rubbish. Guys who work in IT are for the most part smart, funny, kind and caring. I’ve been friends with geeky guys all my life and in my experience, they’ve been way cooler to hang out with than the mindless jocks who don’t even know how to turn a computer on.
• As a girl in IT, you’ll never be as good as the guys you work with
  Not true. If you’re good at what you do, people will realize that and treat you accordingly. Just make sure you keep up to date with the technologies that you use in your job and don’t be afraid to speak up if you’ve got some ideas you want to share. The guys in your team will come to trust and respect you and trust me, that’s a great feeling.
  

• If you have some geeky friends, ask them for help or advice.
  Asking people who already work in IT what it’s like for them may help you get a better idea of what it might be like for you. Ask them if they can show you some of the work they do, or help you get started with a small project of your own.
• Set up a blog or a small website for yourself.
  Creating a blog for yourself is a great way to start learning about IT. There are plenty of free blogging engines out there like Blogger, WordPress or Textpattern. This is a great introduction into some common but very useful technologies (HTML, JavaScript, CSS) and you’ll end up with a cool blog that you can use to express yourself online. Pretty cool huh?
• Keep up with some technologies that interest you by reading online blogs and articles.
  Whether you’re interested in web programming, desktop application development or linux scripting, there are many resources out there for you to keep an eye on. It’s always handy to be able to tell interviewers that you actively follow some geeky site – it shows that you’re truly interested in IT. Some good sites to check out are Coding Horror, Joel on Software, MSDN Blogs, however, there are many many more out there.
• Go get yourself some IT qualifications.
  If possible, go to University and do a Computer Science degree. However, if you can’t or don’t want to do that just yet, do a short course with a polytechnic or some equivalent. A qualification will not only give you the introduction you’ll need to start off in IT, but it will prove to those who interview you that you’re serious about what you want to do and that you’ve got the smarts to pull it off.
• Don’t let the lack of women in IT put you off.
  For me personally, being in IT has been a lot of fun. I’ve met heaps of really great people and have fit right in with all the development teams I’ve been on. IT guys will treat you like one of them and you’ll never feel left out.

I know this is not rocket science but it’s actually something I’d never had to do until recently. Normally I populate my drop down lists (and repeaters, etc etc) using data from databases, not XML.

However, fear not. Using XML as a datasource in .NET is super easy. Here is one way to do it:

1
2
3
4
5
6
7
8

XmlDataSource source = new XmlDataSource();
source.DataFile = Server.MapPath("Values.xml");
source.XPath = "ParentElement/ValueList/ValueItem";
 
myDropDownList.DataSource = source;
myDropDownList.DataTextField = "Text";
myDropDownList.DataValueField = "Value";
myDropDownList.DataBind();

And your xml file, Values.xml, may look something like:

<?xml version="1.0" encoding="utf-8"  standalone="yes" ?>
<ParentElement>
  <ValueList>
    <ValueItem Text="Item 1" Value="1" />
    <ValueItem Text="Item 2" Value="2" />
  </ValueList>
</ParentElement>

Happy coding!

The following article is part 4 and therefore the last in a 4 part series of articles about developing .NET applications using SSL. Part 1 in this series can be found here, part 2 can be found here and part 3 can be found here.

How to set up a web application to automatically redirect to HTTPS if accessed via HTTP when SSL is required

SSL can be “required” at the site level, folder level or even file level.

If any file that has SSL set to “required” is requested via HTTP, HTTP Error 403;4 “Forbidden” will be returned automatically by IIS.  As far as I can tell, there is no simply way to tell IIS to re-direct to the same page via HTTPS.  This effect can be achieved in two different ways and if “defence in depth” is the preferred approach then both solutions can be implemented together.  Note that both solutions require custom code to be written however.

Redirect with IIS and code:

1. Create a new Web Form (aspx) in your Web Application called RedirectToSSL (or similar).
2. In the Page_Load event handler, insert the following code:
   
   
   ^?View Code CSHARP

   1 2 3 4 5 6 7 8

   string redirectUrl = HttpContext.Current.Request.Url.Query; redirectUrl = redirectUrl.Substring((redirectUrl.LastIndexOf(';')+1) , redirectUrl.Length - (redirectUrl.LastIndexOf(';')+1));   System.UriBuilder secureUrlBuilder = new System.UriBuilder(redirectUrl); secureUrlBuilder.Scheme = System.Uri.UriSchemeHttps; secureUrlBuilder.Port = -1; // Use default port HttpContext.Current.Response.Redirect(secureUrlBuilder.Uri.ToString(), true);

3. The aspx needs to be at least 512 bytes, otherwise IIS won’t redirect to it. So make sure you don’t delete everything out of it, it should never get displayed anyway.
4. In IIS, right-click your Web Site and go to Properties > Custom Errors.
5. Select the “403;4” HTTP error in the list HTTP errors and click the Edit Properties button.
6. Select “URL” from the Message type drop-down list and enter “/RedirectToSSL.aspx” into the URL textbox, as shown below.
7. Press OK twice to close the dialogs down.
8. Restart the website and/or reset IIS to ensure all settings have been applied.
9. Open Internet Explorer and go to: https://<servername>/<securedpage> and verify that you are automatically redirected to the https version of the same page.

1. Insert the following code at the beginning of the Page_Load event handler of every page that needs to be secured:
   
   
   ^?View Code CSHARP

   1 2 3 4 5 6 7 8 9

   // Make sure the request has come through SSL (ie that HTTPS has been used) if (!HttpContext.Current.Request.IsSecureConnection) { System.Uri currentUrl = HttpContext.Current.Request.Url; System.UriBuilder secureUrlBuilder = new System.UriBuilder(currentUrl);   secureUrlBuilder.Scheme = System.Uri.UriSchemeHttps; secureUrlBuilder.Port = -1; HttpContext.Current.Response.Redirect(secureUrlBuilder.Uri.ToString(), true); }




• 

The following article is part 3 in a 4 part series of articles about developing .NET applications using SSL. Part 1 in this series can be found here and part 2 can be found here.

Installing Certificates into the correct Certificate Stores

Applications depend heavily on server SSL and client certificates being installed in the correct certificate stores. Certificates may need to be copied and pasted or exported and imported into stores in order to get the systems correctly working together in a secure manner.

Client application (with client certificate):

1. Local Computer > Trusted Root Authority store should contain the Root CA certificate of the Server SSL Certificate Issuer of the Web application.
2. Current User > Personal store should contain the Client Certificate for the Client application.
3. Current User > Trusted Root Authority store should contain the Root CA certificate of the Client Certificate Issuer of the Client application

1. Local Computer > Personal store should contain the Server SSL Certificate for the Web application.
2. Local Computer > Trusted Root Authority store should contain the Root CA certificate of the Server SSL Certificate Issuer of the Web application.
3. Local Computer > Trusted Root Authority store should contain the Root CA certificate of the Client Certificate Issuer of the Client application.
4. Current User > Trusted Root Authority store should contain the Root CA certificate of the Client Certificate Issuer of the Client application.

1. From the Start menu, select Run, type “mmc” and click OK. This will open the Microsoft Management Console.
2. Click on the File menu option then on “Add/Remove Snap-in”.
3. In the Add/Remove Snap-in dialog, click the Add button.
4. From the Add Standalone Snap-in dialog, select “Certificates” from the list of snap-ins, and click Add.
5. Select the “Computer account” option and click Add. Select “Local computer” and click Finish.
6. If you are logged in as the user that will be used to run the client application, add the “My user account” as well.
7. Now you will be able to look through the Certificates that are installed in all the different stores.

The following article is part 2 in a 4 part series of articles about developing .NET applications using SSL. Part 1 in this series can be found here.

Setting Up Client Certificates

Client certificates can be used to authenticate the client connecting to a web application. The client can either be a browser or a custom written client application.

Requesting a client certificate:

1. Open IE (Firefox didn’t work so well for me…) and type in: http://<certauthservername>/certsrv/
2. Click on the “Request a certificate” link.
3. Click on the “Web Browser Certificate” link.
4. Enter all required information into the form shown above click “Submit”

1. Log onto the Windows Server 2003 machine and open the Certification Authority dialog from Administrative Tools.
2. Expand the root certification authority “Pending Requests” folder.
3. The certificate you just requested should be in the “Pending Requests” folder. Right-click on this request and select All Tasks > Issue. The certificate request will be removed from the “Pending Requests” folder and appear in the “Issued Certificates”.

1. Go back to IE on your web server and type in http://<certauthservername>/certsrv/ again.
2. Click on the “View the status of a pending certificate request” link.
3. Click on the certificate request you want to view.
4. Click on the “Install this certificate” link.
5. Click “Yes” on the dialog that opens to install the client certificate.
6. Click “Yes” on the next dialog as well.

1. On the client machine, open a Microsoft Management Console with the Certificates snap-in. Export the client certificate without the private key. This will generate a .cer file. Copy this file over to the server hosting the web application.
2. On the server hosting the web application, right-click the website in IIS and select “Properties”.
3. Under Properties, go to the “Directory Security” tab.
4. Under the Secure Communications section, click the “Edit” button.
5. In the Secure Communications dialog, change the “Client Certificates” option to “Require client certificates” and check the “Enable client certificate mapping” checkbox.
6. Click on the “Edit” button in the “Enable client certificate mapping” section.
7. This will open up the Account Mappings dialog.
8. Click the “Add” button.
9. Select the client certificate .cer file recently exported from the server that hosts the client application or client browser.
10. Give the mapping a relevant name and choose the windows user that the web application will be run under.
11. Click OK.
12. Click OK to close the Account Mappings dialog and Secure Communications dialogs.
13. Remove all other authentication options in the IIS manager Directory Security setting by clicking on the “Edit” button under Anonymous access and authentication control in the Directory Security tab.
14. Uncheck all authentication options and press OK.
15. Open up a browser and verify that you cannot reach the web site unless you navigate to it from the machine that has the client certificate installed on it.

The following article is part 1 in a 4 part series of articles about developing .NET applications using SSL. These articles are based on my experience and I hope that they will help others develop secure applications as well.

Setting up a Development or Test SSL Server Certificate on a Website in IIS (5.0/6.0)

When developing an application that requires SSL you may want a test SSL certificate to develop against.  You can request test SSL certificates from companies such as Verisign however these only last 14 days (and you will be called up by Versign representatives asking you when you would like to buy the real deal).  A much simpler and more flexible solution is to issue your own test SSL and client certificates by setting up a Windows Server 2003 machine that has the Certification Services windows component installed.

First, create an SSL server certificate request:

1. In IIS, right-click the Upload web site and select “Properties”.
2. Under Properties, go to the “Directory Security” tab.
3. Click the “Server Certificate” button and then click Next.
4. Select the “Create a new certificate” option and click Next.
5. Select the “Prepare the request now, but send it later” option and click Next.
6. Go through the next few forms and fill in all required information.
7. At the end of the wizard you will be asked to save the certificate request as a text file. Do this so you can send this request to a CA later.
8. You will be shown a summary of your SSL certificate request. Check this thoroughly to make sure you have all the correct values.
9. Click Next to finish the IIS Certificate Request Wizard.

1. Open IE (Firefox didn’t work so well for me…) and type in: http://<certauthservername>/certsrv/
2. Click on the “Request a certificate” link.
3. Click on the “advanced certificate request” link.
4. Click on the “Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file” link.
5. Copy and paste the contents of the certificate request generated by IIS (certreq.txt) into the “Saved Request” text box.
6. Click the “Submit” button to request the certificate

1. Log onto the Windows Server 2003 machine and open the Certification Authority dialog from Administrative Tools.
2. Expand the root certification authority “Pending Requests” folder.
3. The certificate you just requested should be in the “Pending Requests” folder. Right-click on this request and select All Tasks > Issue. The certificate request will be removed from the “Pending Requests” folder and appear in the “Issued Certificates”.

1. Go back to IE on your web server and type in http://<certauthservername>/certsrv/ again.
2. Click on the “View the status of a pending certificate request” link.
3. Click on the certificate request you want to view.
4. Click on the “Download certificate” link. A “File Download” dialog will open. Click Save to save the new SSL certificate as a .cer file.
5. Go back to the Web Site properties in IIS and from within the Directory Security tab, click on the Server Certificate button.
6. Select “Process the pending request and install the certificate” and click Next.
7. Browse to the certificate file saved to disk in step 4 above that contains the SSL certificate issued to this server by your test Certification Authority.
8. Follow the wizard until the SSL certificate has been successfully installed.

1. Once an SSL server certificate has been installed on the website, go back to IIS > > Properties > Directory Security tab > Secure Communications section and click on the “Edit” button.
2. Check the “Require secure channel (SSL)” checkbox but leave the “Require 128-bit encryption” checkbox empty.
3. Leave the “Client Certificates” section set to “Ignore client certificates” and the other two checkboxes unchecked for now.
4. Close this window down and restart the website and/or reset IIS.
5. Open up a browser and verify that you cannot reach the web site by using http only, instead you must use https.

1. If the browser tells you that your certificate was issued by an untrusted CA when you navigate to your website, you will have to download the CA certificate from your test Certification Authority website and install it into the Trusted Root Authority store of the Local Computer.
2. You may also find that the browser may tell you that the certificate is not valid because it was issued to a different name – that will happen if you are accessing your site using http://localhost/ rather than the server name. The certificate was most likely issued with the actual server name and the browser will think that your site is being spoofed if the domain name in the browser and the certificate don’t match. Use the server name instead.

Summer is pretty much here (well, in Brisbane summer actually never really wasn’t here), and the thought of being able to cruise on up to the beach with our new car (wooohooo!) has got me thinking about just how little exercise I get on a day to day basis.  I sometimes walk to work, but let’s face it – when you have a fairly regular train service, multiple buses, and now car at your disposal… you know where I’m going with this.