Thursday, July 19, 2012

github–Clone in Windows button not working???

July 19, 2012 Posted by Jason 6 comments

Make sure you’re logged into github in your web browser prior to clicking the clone for windows button. Silly as it sounds, this just cost me 20 minutes of my life. On the one hand, the webpage should tell you to log in (if you haven’t already done so) upon clicking the button. On the other hand, you can’t fix stupid :o)

Monday, July 16, 2012

ASP.NET MVC–Model Error Visualizer

July 16, 2012 Posted by Jason , , No comments

To scratch my own itch (so to speak), I created a Visual Studio visualizer for ASP.NET MVC, allowing ModelState errors to be seen at a glance. This is particularly useful when debugging async requests when and modelstate are not displayed on screen. The visualizer works on the ModelStateDictionary type, iterating through the dictionary and presenting any errors and the associated property name in a datagridview (see the below screenshots).

I built this with VS2012 RC, but the code is simple enough that it should be trivial to modify it to work with older version of VS. The code and download are up on github. Just drop it into your Visual Studio 2012 Visualizers folder and you should be good to go. Feel free to use and abuse (and fork) it in whatever way your heart desires.



Visualizer in debug mode





For example, when I turn client-side validation off on the default Razor web application and forget to enter a password, I get the following:


Friday, July 6, 2012

Book Review–The Tangled Web

July 06, 2012 Posted by Jason , , No comments

Disclosure: I received a review copy of this title from O’Reilly

The Tangled Web


Oh, Cheryl, what a tangled web we weave when we something-something on Christmas Eve - According to Jim

For obvious reasons the above quote came into my head every time I picked up The Tangled Web by Michal Zalewski. It always makes me smile…

In The Tangled Web Mr. Zalewski paints a grim picture of web security, explaining in some detail the confluence of conflicting standards, incomplete RFCs, inconsistent browser behaviors and other anomolies that lead to today's current (spoiler alert: not good) state of web security.

This title is different than any other I've read on web security. It isn't a web security handbook by any means - it is more a descriptive history of the evolution of web standards and languages, focusing on decisions made that impact web security to this day. The author delves into every aspect of the web - HTML, HTTP, CSS, scripting languages, browers, plugins, etc. in astounding detail. Moving between topics he is consistently able to combine low-level technical details with a deal of historical context that is in itself remarkable. It is interesting to read explanations of how vulnerabilities came to be, whether caused by ignorance, good intentions, loyalty to a specific browser, etc. This more "human" information provides a respite from more technical content while being both insightful and entertaining.

While the content is highly descriptive Mr. Zalewski does a great job of providing security cheat sheets at the end of each chapter. These bite-sized nuggets of actionable content are invaluable and add an extra dimension to the title - I know I will come back to these time and again as I develop for the web.

Summary (a.k.a tl;dr;)

This book is definitely a worthwhile read, but it is not an easy read. It weighs in at about 300 pages but is packed with information and it took me quite some time to get through it. It is quite technical and I found myself re-reading sections to make sure I really understood what the author was saying. I'm somewhat conflicted: I wouldn't necessarily recommend this title to a novice web programmer but I wouldn't recommend deploying a website without reading it...

At the end of the day Mr. Zalewski takes what is realistically a dull and dry topic and makes it read like prose. I strongly suggest this title to anyone working in the web development world.Everyone will get something out of it and if you are the kind of person passionate about knowing how everything works behind the scenes you'll absolutely love it!