The Tomes Of Experience

This morning at work we had a conundrum – one of our client’s websites was displaying the infamous “This page contains unsecured content” message when you navigate to the secured (HTTPS) version of their website.

In order to work out which parts of the page were making references to unsecured (HTTP) content, I could either start by trial and error and target code I believe might be causing the problem. Possibly time-consuming and in the end no guarantee I will work it out.

Enter Google Chrome. This new little beauty has a built in debugging console, which allows me to inspect JS elements on the page, or view any errors which are thrown. and coincidentally, it perfectly listed all the URLs which were being referenced via the unsecured scheme. It’s unreal. Just saved me 10-20 mins of unnecessary work.

Xerxes IT & Software Browsers

Well first thing i have to state is that unlike FireFox, the initial download is actually a 500KB downloader which actually gets the full Chrome package off the net. Just how big is the full package? Well Chrome drops itself into the %Program FilesUserLocal SettingsApplication DataGoogleChrome directory, and the installer there is about 22MB, so not terribly big.

Its also nice to see that after installing, Chrome will import my bookmarks (not that I use any). You need to close FF in order for it to access the bookmark data file (presumably) but that’s really a negligible issue.

i’m somewhat surprised that Google have seemingly ignored the use of standard windows controls for the application. It doesn’t adhere to my Windows theme, there’s no menu system at all. It really is the minimalist app, but they must have gone to a lot of effort to make it look and work like that.

[UPDATE 1]
Chrome allows you to customise which search engine is your default and interestingly enough, it’s actually modified the list of available search engines based on my locality and the services provided. So I can choose Yahoo7, Sensis or ninemsn as my default search engine…

[UPDATE 2]
Scarily enough, Chrome has a “Passwords” section in its options dialog which allows you to see all usernames and passwords that it has kept track of during your browsing session…..Or as in my case, the passwords it has imported from FireFox. I never realised just how much data my browser was keeping for me…

[UPDATE 3]
The address bar text is color coded!! Simple idea, pretty effective, too. The domain portion of the URL is in full-black colour, and all other parts of the URL are in a lighter, grey colour in order to emphasise the fact that you’re still viewing a primary site, and not interested in the subdirectories below the top. And when you’re viewing a site which is encrypted with SSL, the “https” scheme is green in colour.

[UPDATE 4]
Boy it’s fast. very fast. And the popup-blocker is non-obtrusive!

[UPDATE 5]
Lol this is great. It even has a built-in task manager for micro managing any tabs which get out of control! For each tab, it clearly tabulates the memory usage, the CPU usage and live bandwidth that tab is consuming. At the bottom of the tab, is a link “Stats for nerds” which takes you to the URL “about:memory”, and gives you a complete breakdown of all memory usage (physical and virtual) for all internal threads.

[UPDATE 6]
This is bizzare….The DNS resolver built into Chrome seems to ignore any overrides I specify in my HOSTS file….I have changed the resolving IP for Site A in the hosts file, and despite many <CTRL>-F5 refreshes, Chrome is still adamant on using the old IP. There is an option called Use DNS pre-fetching to improve page load performance in the Options dialog. Only after turning this option OFF and restarting Chrome did it faithfully adhere to my HOST entry override. This might catch other people out there.

[UPDATE 7]
Most applications have external dialogs for configuration, or options, or downloaded files etc…I’ve noticed that Chrome does away with a lot of these. The Options dialog is probably the only desktop-level window apart from the main browser window itself. Everything else is represented as an HTML page in the browser itself. (sorry i correct myself – the task manager is another top-level dialog)

[UPDATE 8]
Very cool – I can drag-drop tabs from FF into Chrome. This is a BIIIIG boon considering i’m a tab-slut and have no less than 10-15 open at any one time.

[UPDATE 9]
Chrome attaches a little resize “grip” to the bottom left of any HTML <textarea> control. This allows you to resize the textarea beyond what the original designers intended – perfect for those designers who still have websites running in “1990’s” mode (ie: 800×600)

[UPDATE 10]
Cute. When you forcibly kill a process using Chome’s built-in task manager, the offending page changes to the following:

…I guess the obviosu problem here is that there is no Reload button…..but i digress…..

[UPDATE 11]
Well this just bugs me. The address-bar search feature seems to take precendent over the fact that I haven’t entered a scheme in my URL, and therefore won’t resolve my website unless I specifically put “http”.
For example: If i create a host header entry called mywebsite.localhost and navigate to “mywebsite.localhost” in Chrome (nb: no HTTP://), it takes me to a Google search with that web-address as the search seed. IMO what it *SHOULD* have done was to try and resolve mywebsite.localhost FIRST, and IFF it couldn’t resolve, should it fall-back to the keyword search.
After you enter the scheme for the first time (and it resolves), Chrome learns that mywebsite.localhost is actually a site, and in future will resolve the website without requiring the scheme to be input.

This bugs me because i constantly enter URLs without entering a scheme. Moreover, as a web-developer i’m creating lots of host-header entries in order to run multiple websites too, so without entering HTTP the first time around for each URL, i’ll end up going to search when I didn’t actually need to. Very simple fix, guys – it would be nice if you could do it!

[UPDATE 12]
My enthusiasm for Chrome and what it represents has been recognised by my fan base in New Zealand. In an effort to try and achieve *some* work today, This will be my last update to this entry…
Application shortcuts are very cool. You can take any tab in Chrome, click the Options icon and select Create Application Shortcuts…This creates a launcher shortcut for Chrome to open in a very specific window, designed to make it looks and feel like a desktop-application.
Why does this excite me? Because I authored a project to do exactly that about 5 years ago, and it was incorporated and sold into a suite of products at the time. Unlike Chrome, my software was built using Internet Explorer’s rendering engine, but the “browser-less” concept was the same – to make a web-application feel like a desktop app…..And to the best of my knowledge, the project is still in use.

Xerxes IT & Software Browsers

http://www.google.com/chrome

Downloading and installing it now…

In a way, i’m kind of excited. I hope this represents the start of a short, fast journey to push up the web…The one thing that I *hate* most about web-development is cross-browser incompatibility problems.

Reviews are here

Xerxes IT & Software Browsers

Microwave Chocolate Cake In A Mug In 5 Minutes

I don’t normally blog about non-IT related things (although recently i’ve felt that less and less), but food is so much like a second profession to me (the eating part, not the cooking part), that i couldn’t NOT share this link.

i want to try this out now…

Xerxes IT & Software

World of Warcraft: It’s entirely possible to drop one of your professions, take up enchanting, and be at lvl 275 enchanting (high enough to d/e Outland blues) in one weekend. Don’t let anyone tell you otherwise – i did it.

Only downside is that you’ll spend upward of 1200g. I’m sure i could have easily continued onto lvl 300 (high enough to d/e any game item), but I ran out of money

Xerxes IT & Software World Of Warcraft

I’ve seen this now twice in about 30 mins, and its bugging me.

One of the developers i work with is writing code like this:

string postingUrl = CmsHttpContext.Current.Posting.Url.ToLower(CultureInfo.InvariantCulture);

Whats bugs me with this code is that it shows no understanding or care for defensive programming.

Q1: Why do you assume that CmsHttpContext.Current is safe? Sure, within ASP.NET the framework creates a new Context for you upon request, and (in this case) Microsoft CMS wraps the HttpContext and guarantees you a copy of a context for you. Under these known conditions, the CmsHttpContext.Current is safe.

Now that’s been chained onto Posting, which throws the exception. Why assume that you’ve hit a posting? Why assume that there would be a posting at all? This kind of lack of thinking just demonstrates lazy programming, to me.

*grumble*

Xerxes IT & Software .NET, C#, Paradigms

The great SQL Performance saga continued today, taking a turn for the….ah…..different…

Facts:

• The servers are exhibiting high disk I/O activity.
• So much disk activity, that all queries are nearly brought to a grinding halt while the disks are thundering away.
• The Query Plans for all I/O intense queries use index seeks – no scanning at all.

This leads me to conclude that the behaviour of the server is fine, and that the system is doing everything expected of it. Which leads me to ask the question why is an index seek taking so long to run off the disk?

Well it turns out there is in fact a way to determine the level of fragmentation of SQL indexes.

I’d written a simple query based on this content to calculate the amount of fragmentation on the live server’s indexes, and needless to say i’m a bit shocked. I sincerely thought this is something that the “qualified” DBA consultant on the other end was capable of doing, however in his defense he might have forgotten to run it and then moved onto the next high-paying job, leaving us to sweep up the shambles.

I’m no DBA….Although if I’m correct i’ll be justified in calling myself one and, i’ll also have a few more letters to add to the end of my job title and hopefully a zero to throw on the end of my salary….all for doing SFA.

FWIW, here is the query which revealed all the gory details:

select	i.object_id, i.index_id, i.name, s.avg_fragmentation_in_percent, s.avg_fragment_size_in_pages
from	sys.indexes i
JOIN	sys.dm_db_index_physical_stats(DB_id('DATABASE_NAME_GOES_HERE'), null, null,null, null) s
	on i.object_id = s.object_id
	AND i.index_id = s.index_id
	where     (
		s.avg_fragmentation_in_percent > 0
		OR s.avg_fragment_size_in_pages > 0
	)
	AND i.index_id <> 0

Xerxes IT & Software SQL

OMFG.

I think that just about sums up the Fully LINQified Raytracer….I missed this when it hit the blogosphere back in October last year, but wow i’m just gobsmacked….

I found this while reading about Mono’s 100% compliance with .NET 3.0

I feel so suddenly inadequate in what I do…..

Xerxes IT & Software C#, LINQ, Silly Code

I’ve long been noticing the following errors come up at the end of our NUnit testrun, but never had a chance to look into it in detail until now…They’ve never resulted in a broken build, and they do clearly look like something happening outside the scope of our unit test (even if it was caused by our test)

Unhandled exceptions:
1) : System.InvalidOperationException: This action is invalid when the mock object is in verified state.
at Rhino.Mocks.Impl.VerifiedMockState.MethodCall(IInvocation invocation, MethodInfo method, Object[] args)
at Rhino.Mocks.MockRepository.MethodCall(IInvocation invocation, Object proxy, MethodInfo method, Object[] args)
at Rhino.Mocks.Impl.RhinoInterceptor.Intercept(IInvocation invocation, Object[] args)
at ProxyInterfaceSystemSystemObject_System_DataIDataReader_Rhino_Mocks_InterfacesIMockedObject_System_Runtime_SerializationISerializable.Close()
at ExternalDataComponent.Data.DataRecordEnumerator.Dispose()
at ExternalDataComponent.Data.DataRecordEnumerator.Finalize()

Any obvious names have been masked to protect the innocent/stupid.

The error message quite is quite obvious in what the problem is, and leaves little doubt as to where it’s originating from….But the difficulty in this problem is finding out what causes the exception in the first place.

After attaching the VS debugger to NUnit, and turning on “Break On Exception” for the System.InvalidOperationException exception, All i would get is a debugger breaking into a location which was not relevant to any executing code, and the entire call stack consisted of non-managed code.

After a lot of thought, and with a little luck, i realised that what’s happening is that some of our tests are creating a stub object and passing it into the ExternalDataComponent during testing. The ExternalDataComponent is assuming that it is safe to call dispose on the object and thus doing so. The Rhino.Mocks framework then throws an exception when it intercepts the Dispose() method of the mocked interface, because the mock object “is in [the] verified state”.

My GoogleFu is in good form.

Unfortunately, we aren’t able to make changes to the ExternalDataComponent i’ve so eloquently disguised, as it’s a dependency library we’re using, so the “solution” is to reset all mocks to the original Record state before calling dispose (which additionally the tests weren’t doing).

Xerxes IT & Software C#, mocking

The DateTime.Parse() method (and all its derivatives, i assume) are locale sensitive and will assume that the string you provide it is in the standard ISO date format, or in the format for your locale.

The buggy implementation I found in our system was calling DateTime.Parse() with a value of “23-07-2007″, which threw an exception citing that the string was not in the correct format. I dug around a bit with the code and tried different implementations with different results. It was only after i provided it a US date value (which it did not baulk at) I realised that my system’s locale was set to English (US).

The code was wrong to assume the current system locale is the expected input data format, in the first place, but this one tripped me up for a little while.

Xerxes IT & Software .NET, C#

My wife would disagree.

Xerxes IT & Software

I’m currently in the process of building my source repository at home – after well over a decade of neglect i’m importing everything into SVN and organising my little spike projects from various languages, environments, project, you name it.

In any event, my development machine is a virtualised Windows XP running on a Windows XP host (connected using NAT) with VirtualBox. My laptop has a direct cross-over cable connecting it to my server, so the throughput should be at best 100Mbps. When importing content into the repos, i was concerned by how slow the import felt to take. It was transferring 1MB in about 30-40 seconds, which by all right should have been virtually instant.

Fortunately I was able to find the program iperf which runs on both Linux and Windows. Set-up the server on linux and connected to it from the windows client and was shocked to learn I was achieving (get this) less than 90kbps.

Yes, jaw-drop and all that.

I found these two tickets on the VirtualBox support site which identify it as a limitation of running vbox under NAT, which if you ask me is pretty silly considering i can’t run bridged networking over WiFi.

not    happy    jan.

Xerxes IT & Software Networking, Virtualbox

http://www.anewmorning.com/2008/01/30/how-to-create-the-ultimate-windows-xp-installation-cddvd/

My laptop is in the perfect condition to try this out – fresh install with all the base apps ready to go.

Xerxes IT & Software Windows

In (the now famous) Project P, working with Microsoft CMS’s security model had me ripping my hair out.

Whenever I made a call to the context.Searches.GetByGuid() method, the system would throw a COMException, citing the quite unhelpful message “Server Error. Please contact your administrator”

For future reference (in case anyone comes across this themselves) the problem was caused because the GUID i was passing into the application was not formatted in the correctly for what CMS was expecting.

My code was doing:
string inputGuid = myGuid.ToString();

But it turns out it actually needed to be:
string inputGuid = myGuid.ToString(“B”);

The difference (according to MSDN) is that .ToString() with no overload assumes the format identifier of “D” which results in a GUID formatted without curly braces. Format “B” provides the same guid string but with curly braces.

Why this needed to throw a “Server error” exception, is beyond me. A simple ArgumentException would have sufficed, or better still it could take in a Guid as the parameter instead of a string.

For a blow-by-blow account of this problem, visit my newsgroup post about UserHasRightToBrowse Always Returns True

Xerxes IT & Software C#, MCMS

Covariance and Contravariance are terms used in programming languages and set theory to define the behaviour of parameter and return types of a function.

Yes, that’s a mouthful, but in a nutshell:

• Covariance mandates that the return type and the parameters of a function must be a subtype of the original base class type for any superclass
• Contravariance allows the return type and/or the parameter types to be super-types of the defined types and not necessarily sub-types

Nothing better than using an example:

   1:  public abstract class Animal

   2:  {

   3:      Animal CreateChild();

   4:  }

   5:   

   6:  public class Human : Animal

   7:  {

   8:      Animal CreateChild( return new Human(); }

   9:  }

  10:   

  11:  public class Dog : Animal

  12:  {

  13:      Dog CreateChild( return new Dog(); }

  14:  }

In this example:

• Animal is a superclass.
• Human is a subclass of Animal, with a covariant (no change) override to the CreateChild method to return the looser type Animal
• Dog is a subclass of Animal, with a contravariant override to the CreateChild method to return the stronger type Dog

More reading on Eric Lippert’s blog series on Covariance and Contravariance in C#

EDIT: I thought it best prudent that I clarify that this is only one example of where variance is used. Method signatures, delegates and arrays are some more examples of where the theory of co and contra variance can be found.

Xerxes IT & Software .NET, C#, Paradigms