Out of the box, ASP.NET 1.1 doesn’t recognize FireFox, but FireFox is
now probably the second most popular browser behind IE.  IE still
has the market, and if you are just checking IE, you probably won’t
feel any pain, but when developing an app for the Internet, you should
make sure that your site works and looks good in the popular
browsers. 

Since ASP.NET 1.1 doesn’t recognize FireFox, the built-in WebControls
will render down-level html.  What that means is that every
<div/> tag will be replaced by a single-cell table, and a host of
other changes.  This isn’t good because it will distort the layout
of your page.

The good news is that ASP.NET 1.1 can easily be told of the
capabilities of other browsers through the web.config file.  You
can customize the regular expression used to evaluate the User Agent
string, but if you quickly need to support FireFox as well as IE, paste
the following into your web.config within the <system.web/> node:

    <browserCaps>
            <case
match=”^Mozilla/5.0 ([^)]*) (Gecko/[-d]+)(?’VendorProductToken’
(?’type'[^/d]*)([d]*)/(?’version'(?’major’d+)(?’minor’.d+)(?’letters’w*)))?”>
                browser=Gecko
                <filter>
           
        <case
match=”(Gecko/[-d]+)(?’VendorProductToken’
(?’type'[^/d]*)([d]*)/(?’version'(?’major’d+)(?’minor’.d+)(?’letters’w*)))”>
                        type=${type}
                    </case>
           
        <case> <!– plain
Mozilla if no VendorProductToken found –>
                        type=Mozilla
                    </case>
                </filter>
                frames=true
                tables=true
                cookies=true
                javascript=true
                javaapplets=true
                ecmascriptversion=1.5
                w3cdomversion=1.0
                css1=true
                css2=true
                xml=true
                tagwriter=System.Web.UI.HtmlTextWriter
           
    <case
match=”rv:(?’version'(?’major’d+)(?’minor’.d+)(?’letters’w*))”>
                    version=${version}
                    majorversion=0${major}
                    minorversion=0${minor}
           
        <case match=”^b”
with=”${letters}”>
                        beta=true
                    </case>
                </case>
            </case>
        </browserCaps>

I’ve inherited an ASP.NET application that evolved as it went, and my task is jump in and continue to enhance it. In order to do that, I’ve found that I need to refactor it in order to sustain its development. As it is now, it will continue to be a large, unmaintainable beast.

The most important thing I’m doing is taking parts that are repeated and refactoring them into controls. This app was made with aspx pages as the focal point, and I’m refactoring to focus on controls. My goal is to enable a new page to be constructed by simply adding the appropriate controls. I don’t want any code in the code behind of pages except for a property setting or method call on child controls. It’s a lot easier to test custom controls than it is pages. Plus, it leads to a more maintainable site. For those reading: if you aren’t comfortable with custom controls, then put everything inside user controls. You will still get the benefits of reuse and encapsulation.

My rule of thumb for pages is if I have to scroll to see all the markup, then it’s too much, and I’m going to refactor to controls. I’m a little more relaxed with this rule for user controls because they can be reused, but I’m firm about pages. Less is more.

One quick note: I’m not doing RAD (disposable) software, and I rarely use the designer, so my rules apply to a more sustainable software paradigm, but they make no sense in a RAD environment [not many things do :)].

I’m a little slow on testing my ASP.NET apps with non-IE browsers, and it’s because I used to be in an environment where I was writing internal web applications, and IE 5+ was mandated.  That took away headaches, but now I need to have ASP.NET apps that look good and function well in all the major browsers, so right now, that includes FireFox.  Although IE still has an overwhelming market share, in my opinion, the Internet savvy are split more evenly in browser usage.  There are tons of computers that don’t get on the Net very often, and those all have IE, so I think it skews the numbers.

When testing my apps with FireFox, I noticed that ASP.NET was rendering for a down-level browser.  This is most likely because when .Net shipped, FireFox wasn’t a major player, but now it is, and it supports all the high-level features, so it’s necessary to add an entry to the <browserCaps/> section of the web.config.  Here is a page that can provide an applicable entry to make .Net render up-level to FireFox.

Some of the issues you will run into is that <div/> tags will be rendered as tables, and style percents will not be rendered at all.  It will dumb down the page to HTML 2.0.  Adding the <browserCaps/> section will cause the HTML rendered to be the same as that rendered to IE.  In IE, I use the style: TEXT-ALIGN:cetner to center contents of a div, but in FireFox, that doesn’t work (it may be a standard thing, I’m not too sure), but doing <div align=“center“/> fixed the problem in both browsers.

I’m also using the XHTML doctype.  If you search newgroups, you’ll find a lot of people poo-pooing xhtml as just a worthless fad, but if there is one and only one benefit (I’m sure there are more), it’s that my CSS is truly cascading.  In HTML 4.0, I have to redeclare classes because the settings don’t flow from the parent container to all children.  <td/> tags are notorious for this.

If you didn’t go to Tech Ed, you can get all the training for free.  Thanks to Scot Curry for alerting me to this.  Most of the Tech Ed webcasts are available online:  http://www.microsoft.com/events/series/teched2005.mspx

I plan on downloading the sessions I missed and listening to them on my commute to and from work.

Yesterday was my last day at Dell, Inc.  I was with the company for 4 years and did my best to push Agile methods including Test-Driven Development in the CMM-crazy enterprise.  I’m now a Senior Software Engineer for Pluck.  Pluck is a company with several business lines around RSS and content aggregation.  There is a C++ team here, and a .Net team.  I’m obviously on the .Net team, and it’s an Agile shop whose practices are a mix of several Agile tracks.

Speaking of Agile, the AgileATX (ATX is for Austin, TX) group is meeting for lunch today at the Mongolian BBQ on N Lamar just south of Rundberg at 11:30AM.  If you are in the Austin area, check it out.  You can also subscribe to the AgileATX Yahoo! group.

Microsoft has a whole new reputation now that so many employees are blogging.  There is a new face to the company, and it’s a good one.  Information is flowing more freely, and I think the community is more comfortable with Microsoft now.  The environment at Dell isn’t like that.  For one, it’s mostly a manufacturing or assembling company that produces computers and accessories.  The IT department is only a few thousand people, and the minority are software developers.  Second, management isn’t comfortable being that open, so I wasn’t free to talk about what’s going on inside the company.

At Pluck, I hope to be very open.  We have several consumer products that I’ll be talking about.  Pluck is a software company, so I expect it to be very different.  The first thing I noticed was the free drinks.  For the last 4 years, I’ve had to get my Dr. Pepper from a vending machine!  🙂

Juval Lowy, on Friday, gave a talk about Being more productive with the .Net framework. The session was “simulcast” on the web. Juval contends that most books focus on the raw technology, and this talk is dedicated to things that can enhance productivity when programming with .Net.  Below are the tips and tricks that he explained in the talk.

WinCV – the utility shows header-life information. If you need to search for a type, you can search for it. You can load your projects in WinCV by modifying the config file. In VS2005, there is a mouse menu item “Go To Definition”. VS will open the class headers in the code window. Using the “Code Definition Window”, you can hover on any type, and VS will put the class headers in the docked window.

WinDiff – Get your VS 6.0 CDs, and copy WinDiff to your box for use in comparing code files. Better than the comparer in VSS.

Animation Speed – The default speeds are a little slow, so go to Tools, Options, and put animation speed all the way up.

Multiple Startup Projects – in solution properties, you can launch multiple startup projects and have the debugger attach to them all for simultaneous debugging.

Linked Files – Every project has its own AssemblyInfo.cs, and you’d like your version number to be the same. Create a SolutionInfo.cs file with all the shared attributes and link the SolutionInfo.cs file into the project, and it will get compiled with the project.

Solution Directory – when creating a new project, VS puts it in a directory with the project name. If you click the “more” button, you can select a solution name and check “Create directory for Solution”, and it will give a cleaner solution hierarchy.

External Tools Integration – Automate invoking of external tools. Go to tools -> external tools. Give the name of an EXE to be invoked. Don’t hard-code the name, but insert a macro to insert, for instance, the assembly name. Then, more options will appear on the Tools menu.

Treat warnings as errors – Make level 4 warning for building. This should be the default setting.

Derive classes from Component to enable drag and drop – Inherit from System.ComponentModel.Component. Then you can use .Net data access designers with that class. If you hold down the alt key, you can use rectangular selection of code.

Editing config files – When viewing an app.config file, use the Document Outline to show a stepped outline of your Xml file. You can use this for Html as well.

Search hidden text – When doing a find, select “Search hidden text”, and it will search inside closed regions of code.

Conditional Compilation – Exclude a method call from compilation. Use System.Diagnostics. Stay away from #ifdef. ConditionalAttribute is a method-level attribute that controls whether or not to compile the method. Lines that call the method also become conditional.

Event Accessors – Instead of raw event member, use add/remove accessors like properties. It promotes encapsulation and loose coupling. C# has this. VS will have this in 2005. Use property-like accessors for delegates. Don’t expose your member variables. You wouldn’t expose fields, so don’t expose fields that are a delegate either.

Windows Forms Opacity – Every visible control has an Opacity property. It can make the window translucent or completely transparent. One use if if when you close a form, you want to have the window fade away.

Name threads – naming threads can be very useful in debugging. If you have multi-threaded code, and you hit a breakpoint, you don’t know what thread you are on. Give it a name as well.

Thread name breakpoint – Go to breakpoint window and make a conditional breakpoint. Set the condition to “System.Threading.Thread.CurrentThread.Name == “MyThreadName” In 2005, breakpoints have a filter command where you can use ThreadName = “MyThread” There are certain tokens you can use. By default, this feature is disabled in 2005. Tools->Option->Debugging->Enable breakpoint filters.

Killing a thread – Do not call Abort(). Abort() does not allow graceful exit. Does not allow error handling. Abort() is not guaranteed to run. Make a custom Kill() method. Should set flag and wait for thread to terminate. Abort() has another flaw. The thread can do indefinite processing in catch{ }. Juval went through a custom class that he uses to abort the thread.

Have a coding standard – Naming conventions and style, coding practices, project settings and structure, framework-specific guidelines. The standard should be thin on Why, and rich in What. Minimize harm. You can use the Idesign coding standard at www.idesign.net.

Import/Export Settings in VS – Tools->Import and Export Settings. This will make it easier to have everyone on the team using the same IDE settings. VS has team settings file. You can automatically reapply if newer version is available.

Language Version – You can restrict the Visual C# version. The default in 2005 is C# 2.0. ISO-1 is C# 1.0 (VS 2002). If you have a VS 2003 application, you can use VS 2005 to maintain this application by going to the project settings->Build->Advanced->Language Version. Selecting ISO-1 is the C# 1.0 standard. You will use the older compiler and it will ensure you don’t use new language features. Good for maintaining an olde rapp.

Interfaces factoring and design – One big class is a bad design. A bunch of little things unrleated is a bad design too. When designing, you pay for the cost of building a unit, and you pay for integration. A large number of modules is a high cost to interface (effort). A low number of modules has a high cost/module for effort.. You need middle ground. If you graph the two lines, you have an area of minimum cost. You want to be there. The key is properly factoring the interfaces for the modules. When factoring, think in terms of reusable elements. Interface factoring results in interfaces with fewer members. Just one member is possible, but avoid it. Optimal number is 3 to 5 members. In the .Net framework, interfaces have more methods than properties. You need a ratio of at least 2:1. The exception is an interfaces with properties only – should have no methods). Avoid defining events. On average, .Net has 2.75 members per interface. The methods to properties is 3.5:1. Less thatn 3 percent of the members are events. On average, .Net framework interfaces are well-factored. Someone also did a survey on the JDK. On average, they have 4 members per interface.

Steve Riley and Jesper Johansson gave a cabana talk on security myths. It moved to a big room because you can’t fit 700 people in a cabana room. It evolved into a breakout session.

They defined a triangle between usable, secure, and cheap. You can’t have all three. You can pick 2. Usable and secure are opposites. If it is both, it’s prohibitively expensive.

Network security claims:  Our network/software/hardware is “secure”, “impenetrable”, “unbreakable”.

Newsflash: Security is Hard! There is no easy fix.

The security myths:

• Security guides make your system secure.




• Hiding: Security by obscurity is weak defense.


• Rename Administrator account


• Turn off SSID Broadcast


• Do not display last logged on user


• Change your web/ftp banner


• If we hide, the bad guys won’t find us.




• Hiding: Security by obscurity is weak defense.


• Rename Administrator account


• Turn off SSID Broadcast


• Do not display last logged on user


• Change your web/ftp banner


• The more tweaks the better.


• All environments should follow the advice of <insert guide here>.




• Turn on account lockout after 3 bad tries.
  Password reset calls cost $70/call.
  Hackers can use that it as denial of service.
  It covers up the real problem: weak passwords. Instead, use pass phrases.


• High security is an end goal for all environments.


• Security tweaks can fix physical security problems.


• The lemming security model – always follow the expert recommendations.


• We need to audit _everything_.


• Password cracking is our biggest problem.




• Passwords need to be uncrackable.
  If you can crack a password, you need access to the hashes. If that is the case, you have a bigger problem.
  If you have the hash, you can use a tool to calculate an authentication.
  Smart card readers help this, but biometrics don’t because if you use a fingerprint for authorization, and it gets
  ompromised, you can’t throw it away and get another one.
  If the bad guys have your password hash, you have already lost.


• Security tweaks will stop worms and viruses.


• Technology can fix user problems.


• Friends will always be by your side: what is the basis of your trust?


• Encrypted attack traffic is much better than plain text.

Protect your Windows Network by Steve Riley and Jesper Johansson.

On Thursday afternoon, Stefan Schackow gave a talk on ASP.NET and IIS: New Developments in Web Security with IIS 6.0 and ASP.NET. I decided to attend this talk not only because I’m interested in the subject matter, but also because I’m the technical editor for his new book, Professional ASP.NET 2.0 Security, Membership, and Role Management by Stefan Schackow

Some of the security features of IIS6 are very cool. There is an new feature called wildcard mapping that will let the ASPNET runtime process a request before and after another request (like asp or html).

It was a great presentation on web security.

I had the recent opportunity to ride a Segway at the convention center.  I think I did pretty good for my first time.