Hello (cruel) World

The use of anti-forgery tokens is a necessary safeguard against cross-site request forgery attacks. The ASP.NET MVC framework provides easy-to-use security mechanisms right out of the box, but unfortunately these are opt-in rather than opt-out and are easy to miss/forget. For a non-trivial website it is difficult to guarantee tokens are supplied and checked in all form submissions and AJAX posts. This is how I do it. Note: Web security is a tricky business and I do not consider myself a security expert. Use the information in this post at your own risk. 1. Use the ValidateJsonAntiForgeryToken attribute for AJAX calls There's a nice post by Johan Driessen on anti-XSRF validation with newer versions of the .NET framework. I use Johan's ValidateJsonAntiForgeryToken attribute to great effect. In summary, Johan's attribute should be applied to actions invoked via AJAX calls. Check out his blog post - it explains everything in detail. 2. Ensure all AJAX posts conta...

Note: I am not affiliated in any way with Typemock Unit testing methods that contain NHibernate calls is notoriously difficult. In fact, a common suggestion is to give up and use an in memory database instead. This is fine (I've personally tried it on multiple occasions), and it works I suppose, but has always felt more like integration testing than unit testing (what happened to "no external dependencies"?..perhaps I'm a purist) and undoubtedly slows down the test suite - especially in all but non trivial cases where reference data needs to be loaded. I'm a novice Isolator user and messed around with the RecordExpectations syntax for a little bit before realizing just how simple Isolator makes things. Once you understand the warnings that Typemock puts out there, things get really easy. Really easy . First Attempt Let's say I wanted to fake the count of the products currently mapped to a specific category on my website. Normally the chained nature...

Disclosure: I received a review copy of this title from O’Reilly Computer Science, more than any other field I know of, poses a difficult balance between theory and practice. It is difficult to understand the theory without having some practical knowledge. It is difficult to teach the practical aspects of Computer Science without a solid foundation in theory. I'm years into my development career and still discovering the true value of CS concepts I was able to mentally retain long enough to sit an exam. I wanted to review this book for 3 reasons: 1. I am on a mini ruby kick at the moment and am reading/viewing everything I can get my hands on 2. I wanted to see how Computer Science was taught from a non traditional language (C/Java) standpoint 3. I wanted to fill any holes in my knowledge and/or revisit what I've already forgotten The book is a short read, at 188 pages, yet does an admirable job of providing a basic overview of both the core Ruby programming language and s...

Disclosure: I received a review copy of this title from O’Reilly This set is without doubt my favorite set of O’Reilly videos to date. If you’ve read my earlier reviews you’ll know that I’m a big fan of O’Reilly’s videos and conferences. What differentiates this set is that combines the usual diversity of topics from a good tech conference with numerous deep dives - groups of videos with 4 or 5 titles in the set that dig deeper into a specific subject.  As with previous O'Reilly content that I have reviewed, the production quality of this set is amazing. Video is high definition, sound is crystal clear and, while not cheap, at a whopping 107 hours the set is very reasonably priced at $400. So far some of my favorite talks have been:   An Introduction to Hadoop – Mark Fei This talk demonstrates everything that is great about this conference and video set. In this 4 part introduction to Hadoop Mark Fei does a great job of introducing MapReduce, core Hadoop and hdfs and ...

I’ve used NopCommerce for years and have had very few issues. For the last few days a project which had been working without issue broke down due to a runtime error on my development machine. The error was an unhandled ReflectionTypeLoadException exception but the LoadException properties showed something more obscure – the following error when attempting to load an assembly: [Exception: Method 'MS.Internal.Interop.PROPVARIANT..ctor(Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32)' is security transparent, but is a member of a security critical type.] What threw me off the scent was the fact that I received the same error on my desktop PC and my recently formatted laptop environment. This led me to believe the issue was with the code but, having gone back through GIT and failing to build numerous commits previou...

This weekend I played around with Couchbase’s caching infrastructure on my Windows 8 box. Getting things set up was a bit of a nightmare, but thanks to some perseverance and much Googling, I got things up and running. You’re likely to run into two issues post install: Post install: Navigating to localhost:8091 resulted in an error page Upon successful login: the Active Servers count is 0 and the Servers Down count is 1 The following guide should address both issues Installation Guide Install Couchbase as usual Fix IP Address issue . For some reason the registration process generated a strange IP address on my box. Looking at the registration script it became obvious that the IP was saved and subsequently read from an ipaddr.out file Copy the file C:\Program Files\Couchbase\Server\bin\ipaddr.out to your desktop and replace the IP with 127.0.0.1 Copy the modified version back to C:\Program Files\Couchbase\Server\bin\ Replace tcmalloc binary (glad somebody smarter figured t...

My beloved Nexus 4 – seriously, I LOVE the thing! - has inspired me to write some Android Apps. I haven’t used Eclipse in years, and have never written a non-hello-world Android App, so had some teething issues getting started with on-device debugging. Here are a few tips for the uninitiated: Enabling debugging on Jellybean and above is interesting. Developer Options are not enabled by default and to make them visible you need to go to Settings->About Phone and tap Build number 7 times! You even get a playful message indicating when you are halfway there… Once you’ve performed step #1, go back to settings on your phone and Developer Options should now be present. Make sure to enable USB debugging. Your system may recognize your N4, but that doesn’t necessarily mean that it has the driver it needs for debugging. Typing adb devices in the command prompt from the ADT’s sdk\platform-tools folder will enumerate the devices on your system. If you see one, ignore this step Otherwis...

This week I created a Ruby script to facilitate downloading purchased video content from O’Reilly. I love O’Reilly’s products, especially their videos, but the need to download each video file individually, while understandable, is very frustrating and time consuming (note: it is possible to stream videos, but I like to watch my purchases while on the go when I typically don’t have an internet connection) The code is pretty simple – using the mechanize gem to log into the site (after requesting credentials), and loop through the pages of video product purchases, downloading each mp4 file that doesn’t exist locally (complete with loading status via the mechanize-progressbar gem!). Here’s the link: https://github.com/irwinj/oreilly-downloader If any O’Reilly folks are reading and have any questions or concerns, please drop me a line!

Tonight I installed RVM on my MacBook Pro in order to use multiple versions of Ruby side by side. I ran into a number of issues: Issue 1: Failed to build gem native extension After installing RVM and ruby 1.9.4 I needed to install some gems but running the gem installer resulted in the following error: ERROR: Error installing mechanize: ERROR: Failed to build gem native extension The solution: Download and install the gcc installer for Mac OS from here: https://github.com/kennethreitz/osx-gcc-installer The source: This tip came courtesy of Alex Zak on stackoverflow. It looks like gcc used to come bundled in XCode’s command line tools but no longer does. http://stackoverflow.com/questions/9552292/failed-to-build-gem-native-extension   Issue 2: Gems I installed were not visible This time the gem install worked and I didn’t receive the above error message. However, when I attempted to run my application the require statement failed and executing gem list did not show my gems. ...

Disclosure: I received a review copy of this title from O’Reilly Recently I wrote a review of O'Reilly's Fluent Conference video compilation. I gave the set a gushing review and enjoyed the content so much that I decided to review the 2012 Velocity Conference set. I wasn't disappointed. For those who don't know, Velocity is O'Reilly's Web Performance and Operations conference. Similar to O'Reilly's other conferences Velocity brings together experts from many prevalent technology companies - including Google, Amazon, Facebook, Twitter and Walmart, to name but a few. The conference was split into four tracks: Web Performance, Operations, Velocity Culture and Mobile Performance and focuses a lot of attention on web metrics and large scale web performance. The set weighs in at a whopping 54.5 hours for $400 (at time of writing). As with previous O'Reilly content that I have reviewed, the production quality of this set is amazing. Video is high defin...