comments edit

Atlas With The Weight Of The
Codebase I read this article recently that describes the mind frying complexity of the Windows development process.  With Vista sporting around 50 million lines of code, it’s no wonder Vista suffers from delays.  Quick, what does line #37,920,117 say?

Microsoft has acknowledged the need to release more often (as in sometime this millenia), but that agility is difficult to achieve with the current codebase due to its immense complexity as well as Microsoft’s (stubbornly?) heroic efforts to maintain backward compatibilty.  The author of the article labels this the Curse of Backward Compatibility.

I don’t think anyone doubts that maintaining backwards compatibility can be a Herculean effort because it goes beyond supporting legacy specification (which is challenging enough).  Just look at how Microsoft supports old code that broke the rules.  Additionally, the fact that old code poses a security threat requires even more code to patch those security threats.  Ideally alot of that code would be removed outright, but it is challenging to remove or rewrite any of it in fear of breaking too many applications.

Of course there are very good business reasons for Microsoft to maintain this religious adherence to backwards compatibility (starts with an m ends with a y and has one in the middle).  The primary one being they have a huge user base when compared to Apple, which does not give Microsoft the luxury of a “Do Over” as Apple has done with OSX.

A different article (same magazine) points to virtualization technology as the answer.  This article talks suggests a virtualization layer that is core to the operating system.  I think we are already seeing hints of this in play with Microsoft’s answer to developers angry that Vista is not going to support Visual Studio.NET 2003.

The big technical challenge is with enabling scenarios like advanced debugging. Debuggers are incredibly invasive in a process, and so changes in how an OS handles memory layout can have big impacts on it. Vista did a lot of work in this release to tighten security and lock down process/memory usage - which is what is affecting both the VS debugger, as well as every other debugger out there. Since the VS debugger is particularly rich (multi-language, managed/native interop, COM + Jscript integration, etc) - it will need additional work to fully support all scenarios on Vista. That is also the reason we are releasing a special servicing release after VS 2005 SP1 specific to Vista - to make sure everything (and especially debugging and profiling) work in all scenarios. It is actually several man-months of work (we’ve had a team working on this for quite awhile). Note that the .NET 1.1 (and ASP.NET 1.1) is fully supported at runtime on Vista. VS 2003 will mostly work on Vista. What we are saying, though, is that there will be some scenarios where VS 2003 doesn’t work (or work well) on Vista - hence the reason it isn’t a supported scenario. Instead, we recommend using a VPC/VM image for VS 2003 development to ensure 100% compat.

This answer did not satisfy everyone (which answer does?), many seeing it as a copout as it pretty much states that to maintain backward compatibility, use Virtual PC.

Keep in mind that this particular scenario is not going to affect the average user.  Instead, it affects developers, who are notorious for being early adopters and, one would think, would be more amenable to adopting virtualization as an answer, because hey! It’s cool new technology!

Personally I am satisfied by this answer because I have no plans to upgrade to Vista any time soon (my very own copout).  Sure, it’s not the best answer I would’ve hoped for if I was planning an impending upgrade.  But given a choice between a more secure Vista released sooner, or a several months delay to make sure that developers with advanced debugging needs on VS.NET 2003 are happy, I’m going to have to say go ahead and break with backward compatibility.  But at the same time, push out the .NET 2.0 Framework as a required update to Windows XP.

With Windows XP, Microsoft finally released a consumer operating system that was good enough.  Many users will not need to upgrade to Vista for a looong time.  I think it is probably a good time to start looking at cleaning up and modularizing that 50 million line rambling historical record they call a codebase.

If my DOS app circa 1986 stops working on Vista, so be it.  If I’m still running DOS apps, am I really upgrading to Vista?  Using a virtual operating system may not be the best answer we could hope for, but I think it’s good enough and should hopefully free Microsoft up to really take Windows to the next level.  It may cause some difficulties, but there’s no easy path to paying off the immense design debt that Microsoft has accrued with Windows.

comments edit

A few days back Jon Galloway and I were discussing a task he was working on to document a database for a client.  He had planned to use some code generation to initially populate a spreadsheet and would fill in the details by hand.  I suggested he store the data with the schema using SQL extended properties.

We looked around and found some stored procs for pulling properties out, but no useful applications for putting them in there in a nice, quick, and easy manner.

A few days later, the freaking guy releases this Database Dictionary Creator, a nice GUI tool to document your database, storing the documentation as part of your database schema.

Database Dictionary Entry

The tool allows you to add your own custom properties to track, which then get displayed in the data dictionary form grid as seen above. Audit and Source are custom properties. It is a way to tag our database schema.

You ask the guy to build a house with playing cards and he comes back with the Taj Mahal.

Check it out.

comments edit

As developers, I think we tend to take the definition of Version for granted.  What are the components of a version?  Well that’s easy, it is:


Where the Build and Revision numbers are optional.  At least that is the definition given my the MSDN documentation for the Version class.

But look up Version in Wikipedia and you get a different answer.

The most common software versioning scheme is a scheme in which different major releases of the software each receive a unique numerical identifier. This is typically expressed as three numbers, separated by periods, such as version 2.4.13. One very commonly followed structure for these numbers is:




Notice that this scheme differs from the Microsoft scheme in that it places the build number at the very end, rather than the revision number.

Other versioning schemes such as the Unicode Standard and Solaris/Linux figure that three components is enough for a version with Major, Minor, and Update (for Unicode Standard) or Micro (for Solaris/Linux).

According to the MSDN documentation, the build number represents a recompilation of the same source, so it seems to me that it belongs at the end of the version, as it is the least significant element.

In Subtext, we roughly view the version as follows, though it is not set in stone:

  • Major: Major update.  If a library assembly, probably not backwards compatible with older clients.  This would include major changes. Most likely will include database schema changes and interface changes.
  • Minor: Minor change, may introduce new features, but backwards compatibility is mostly retained.  Likely will include schema changes.
  • Revision: Minor bug fixes, no significant new features implemented, though a few small improvements may be included.  May include a schema change.
  • Build: A recompilation of the code in progress towards a revision.  No schema changes.

Internally, we may have schema changes between build increments, but when we are prepared to release, a schema change between releases would require a revision (or higher) increment.

I know some developers like to embed the date and counter in the build number.  For example, 20060927002 would represent compilation #2 on September 27, 2006.

What versioning schemes are you fans of and why?

comments edit

When Log4Net doesn’t work, it can be a very frustrating experience.  Unlike your typical application library, log4net doesn’t throw exceptions when it fails.  Well that is to be expected and makes a lot of sense since it is a logging library.  I wouldn’t want my application to fail because it had trouble logging a message.

Unfortunately, the downside of this is that problems with log4net aren’t immediately apparent.  99.9% of the time, when Log4Net doesn’t work, it is a configuration issue.  Here are a couple of troubleshooting tips that have helped me out.

Enable Internal Debugging

This tip is straight from the Log4Net FAQ, but not everyone notices it. To enable internal debugging, add the following app setting to your App.config (or Web.config for web applications) file.

<add key="log4net.Internal.Debug" value="true"/>

This will write internal log4net messages to the console as well as the System.Diagnostics.Trace system.  You can easily output the log4net internal debug messages by adding a trace listener.  The following snippet is taken from the log4net FAQ and goes in your <configuration> section of your application config file.

  <trace autoflush="true">
        initializeData="C:\tmp\log4net.txt" />

Passing Nulls For Value Types Into AdoNetAppender {.clear}

Another common problem I’ve dealt with is logging using the AdoNetAppender. In particular, attempting to log a null value into an int parameter (or other value type), assuming your stored procedure allows null for that parameter.

The key here is to use the RawPropertyLayout for that parameter. Here is a snippet from a log4net.config file that does this.

  <parameterName value="@BlogId" />
  <dbType value="Int32" />
  <layout type="log4net.Layout.RawPropertyLayout">
    <key value="BlogId" />

Hopefully this helps you with your log4net issues.

tags: Log4Net

comments edit

Tag Duncan Mackenzie writes about the issue of Categories vs Tags in blogs and blog editors.  I tried to comment there with my thoughts, but received some weird javascript errors.

I’ve thought alot about the same issues with Subtext. Orginally my plan was to simply repurpose the existing category functionality by slapping a big tag sticker on its forehead and from henceforth, a category was really a tag.  One big rename and bam!, I’m done.

But the API issue Duncan describes is a problem.  After more thinking about it, I now plan to make tags a first class citizen alongside categories.  In my mind, they serve different purposes.

I see categories as a structural element and navigational aid.  It is a way to group posts into large high-level groupings.  Use sparingly.

By contrast, I see tags as meta-data, use liberally.

One thought around the API issue is that there is a microformat for specifying tags (rel=”tag”) and Windows Live Writer has plugins for inserting tags into the body of a post. 

My current thinking is to pursue parsing tags from posted content and using that to tag content.

tags: Rel-Tag, Microformat, Categories, Tags

personal, comments edit

UPDATE: This code is now hosted in the Subkismet project on CodePlex.

Source: Not too long ago I wrote about using heuristics to fight comment spam.  A little later I pointed to the NoBot control as an independent implementation of the ideas I mentioned using Atlas.

I think that control is a great start, but it does suffer from a few minor issues that prevent me from using it immediately.

  1. It requires Atlas and Atlas is pretty heavyweight.
  2. Atlas is pre-release right now.
  3. We’re waiting on a bug fix in Atlas to be implemented.
  4. It is not accessible as it doesn’t work if javascript is enabled.

Let me elaborate on the first point.  In order to get the NoBot control working, a developer needs to add a reference to two separate assemblies, Atlas and the Atlas Control Toolkit, as well as make a few changes to Web.config.  Some developers will simply want a control they can simply drop in their project and start using right away.

I wanted a control that meets the following requirements.

  1. Easy to use. Only one assembly to reference.
  2. Is invisible.
  3. Works when javascript is disabled.

The result is the InvisibleCaptcha control which is a validation control (inherits from BaseValidator)so it can be used just like any other validator, only this validator is invisible and should not have the ControlToValidate property set.  The way it works is that it renders some javascript to perform a really simple calculation and write the answer into a hidden text field using javascript.

What!  Javascript?  What about accessibility!? Calm down now, I’ll get to that.

When the user submits the form, we take the submitted value from the hidden form field, combine it with a secret salt value, and then hash the whole thing together.  We then compare this value with the hash of the expected answer, which is stored in a hidden form field base64 encoded.

The whole idea is that most comment bots currently don’t have the ability to evaluate javascript and thus will not be able to submit the form correctly.  Users with javascript enabled browsers have nothing to worry about.

So what happens if javascript is disabled?

If javascript is disabled, then we render out the question as text alongside a visible text field, thus giving users reading your site via non-javascript browsers (think Lynx or those text-to-speech browsers for the blind) a chance to comment.

Accessible version of the Invisible CAPTCHA

This should be sufficient to block a lot of comment spam.

Quick Aside: As Atwood tells me, the idea that CAPTCHA has to be really strong is a big fallacy.  His blog simply asks you to type in orange every time and it blocks 99.9% of his comment spam.

I agree with Jeff on this point when it comes to websites and blogs with small audiences. Websites and blogs tend to implement different CAPTCHA systems from one to another and beating each one brings diminishing margins of returns.

However, for a site with a huge audience like Yahoo! or Hotmail, I think strong CAPTCHA is absolutely necessary as it is a central place for spammers to target.  (By the way, remind me to write a bot to post comment spam on Jeff’s blog)

If you do not care for accessibility, you can turn off the rendered form so that only javascript enabled browsers can post comments by setting the Accessible property to false.

I developed this control as part of the Subtext.Web.Control.dll assembly which is part of the Subtext project, thus you can grab this assembly from our Subversion repository.

To make things easier, I am also providing a link to a zip file that contains the assembly as well as the source code for the control. You can choose to either reference the assembly in order to get started right away, or choose to add the source code file and the javascript file (make sure to mark it as an embedded resource) to your own project.

Please not that if you add this control to your own assembly, you will need to add the following assembly level WebResource attribute in order to get the web resource handler working.

[assembly: WebResource("YourNameSpace.InvisibleCaptcha.js", 

You will also need to find the call to Page.ClientScript.GetWebResourceUrl inside InvisibleCaptcha.cs and change it to match the namespace specified in the WebResource attribute.

If you look at the code, you’ll notice I make use of several hidden input fields. I didn’t use ViewState for values the control absolutely needs to work because Subtext disables ViewState.  Likewise, I could have chosen to use ControlState, but that can also be disabled.  I took the most defensive route.

[Download InvisibleCaptcha here].

tags: CAPTCHA, Comment Spam, ASP.NET, Validator

comments edit

Akismet is all the rage among the kids these days for blocking comment spam.  Started by the founder of Wordpress, Matt Mullenweg, Akismet is a RESTful web service used to filter comment spam.  Simply submit a comment to the service and it will give you a thumbs up or thumbs down on whether it thinks the comment is spam.

In order to use Akismet you need to sign up for a free non-commercial API key with WordPress and hope that your blog engine supports the Akismet API.

There are already two Akismet API implementations for ASP.NET, but they are both licensed under the GPL which I won’t allow near Subtext (for more on open source licenses, see my series on the topic).

So I recently implemented an API for Akismet in C# to share with the DasBlog (despite the bitter public mudslinging between blog engines, there is nothing but hugs behind the scenes.) folks as part of the Subtext project, thus it is BSD licensed.

You can download the assembly and source code and take a look.  It is also in the Subtext Subversion repository.

comments edit

FebreezeThere’s nothing worse than waking up on game day and realizing you forgot to wash your soccer jersey from last game.


Thank god for Febreeze!

UPDATE: The Febreeze worked! We won 8 to 1!

comments edit

I saw this story on the debugging section of Anecdota and thought it was funny, though I find it hard to believe.

Laptop warmer {.post-title}

In 1998, I made a C++ program to calculate pi to a billion digits. I coded it on my laptop (Pentium 2 I think) and then ran the program. The next day I got a new laptop but decided to keep the program running. It’s been over seven years now since I ran it. and this morning it finished calculating. The output:


Mindblowing eh? I looked in the code of my program, and I found out that I forgot to output the value.

You would think he’d do a test run for smaller digits of PI, but I’ve done things like that.  You make a small test run. It works. You make a tiny tweak that shouldn’t affect anything and then start it running because you’re in a hurry.  Seven years later…

Of course, most (if not all) algorithms for calculating PI aren’t all or nothing.  Usually they start calculating digits immediately, so there ought to be immediate output as you calculate PI to further and further digits, unless this person decided to store all billion digits in a string before displaying it.

tags: C++, Bugs, PI

comments edit

Conceptus, a client of my company, recently launched not one, but two blogs using Subtext.

I emphasize two because I only really knew that their CEO wanted to start a blog.  Of course, once you have Subtext set up, it’s quite easy to start another blog.

This is our first (of hopefully many) commercial implementations of Subtext.  The best thing about this particular project was that our client was very kind in contributing some of the customization work we did back to the Subtext project.

For me, I loved that this projected combined my passion for Subtext with my passion for feeding my family.

DISCLAIMER: I am not a medical professional so my brief description of the product is not medical advice. This is merely information I gleaned off their product website.  For medical advice, consult your doctor.

To give you more background, the client is named Conceptus and they’ve developed a non-surgical permanent birth control device and procedure that takes around 35 minutes (not including doctor waiting room time and a typical post procedure wait of 45 minutes).  Their procedure beats the pants off the typical alternative, tubal ligation (getting the tubes tied).

We worked with this client before under the direction of Shepard Associates to develop Conceptus’s consumer focused site and their doctor focused site, both built on top of DotNetNuke.

blogging comments edit

Game Way back when I announced the first Roadmap for Subtext, I stated that Subtext would remove the multiple blogs feature and only support a single blog.  Fortunately I was persuaded by many commenters to abandon that change and continue to support multiple blogs.  Instead, I set out to simplify the process of configuring multiple blogs.

Now I am really glad that I did so.  I currently have three blogs running off of a single installation of Subtext.

  1. This one
  2. My non-techie blog
  3. My soccer team

The benefit of this approach is that setting up a new blog is very easy. Rather than dealing with the rigamorel of setting up another IIS site and database, I can simply add a new DNS entry and point it to my existing IP address, add a host header in IIS, and then create the blog in my Host Admin.

Three easy steps to a new blog.  I better be careful or I may get too crazy with this.  A blog for every day of the week, anyone?  You know, to color coordinate with my outfit.

comments edit

UPDATE: In one comment, szeryf points out something I didn’t know and invalidates the need for the tool I wrote. This is why I post this stuff, so someone can tell me about a better way! Thanks szeryf! I’ve updated the post to point out the better technique.

Based on my recent spate of posts, you can probably guess that I am working on improving a particular build process. 

In this situation, I have a pre-build step to concatenate a bunch of files into a single file.  I tried to do this with a simple command like so:

FOR %%A in (*.sql) do CALL COPY /Y Output.sql + %%A Output.sql

Yeah, that would work, but it is so sloooooow.

Szeryf points out that I can simply pass *.sql to the COPY command and get the same result.

copy *.sql output.sql

This ends up running plenty fast as it doesn’t dumbly iterate over every file calling COPY once per file. Instead it lets COPY handle that internally and more efficiently. How did I not know about this?

So I wrote a one minute app by simply scavenging the code from BatchEncode and concatenating text files instead.

     sourcedir: source directory path
     extension: examples... .sql, .txt
     output:             the resulting file.
     encoding:  optional: utf7, utf8, unicode, 
                        bigendianunicode, ascii

     All paths must be fully qualified.

This ended up being mighty fast!

I figure someone out there might need to do this exact same thing in their build process and won’t mind using such crappy code.

Technorati Tags: Tips, TDD, Utilities

community comments edit

Hand I am going to pull a Nostradamus here and predict that the Mix series of conferences (did I ever tell you how much I loved Mix06?) will end with Mix09 if they even reach that point.  Why do I make this prediction?  Because Microsoft has,, and registered, but not (although is available at the moment).  ;)

I know, I’m being rather silly.  This evening I was on a Skype chat with Atwood and Galloway asking when is the next big conference that we should all attend.  Atwood’s reply was Mix07 which is a bit long of a wait, but Ok.  That got me wondering if they plan on some more Mix conferences afterwards.

If they do, looks like Microsoft has it covered for the next three years.

open source comments edit

From Wikipedia:

You’re a struggling young 15th century composer (because who lived to be old back then?) in Europe struggling to make ends meet while trying to advance the state-of-the-art when it comes to counterpoint.

Perhaps you’re also dabbling in tonality as the next big thing in music, going so far as to call it Music 2.0 because you know that people are tired of that cookie-cutter modal music everyone else is producing.

What do you do to scrape by?

Well if you were lucky, you’d catch the attention of the Medici family.  Fuggedabout the Sopranos, if you want a lesson in powerful Italian families, the Medicis make episodes of Cribs look like a documentary on poverty.  With immense wealth, power, and influence, they had a big hand in jump starting the Italian Renaissance.

Many of the great artists of the time honed their crafts under the patronage of the Medicis such as Michelangelo and Donatello (thus paving the way for Teenage Mutant Ninja Turtles).  They were also patrons of the sciences, funding Galileo in much of his work.

I started thinking about all this when I read John Lam’s post, Open Source, The Microsoft Community and Funding.  Like the struggling 15th century composer, John is working on something that has a very small niche audience at the time.  However, it also has the potential to be the next big thing in .NET development, who knows?

A project like this is not necessarily something VCs line up to throw money at, because its commercial viability may lie far in the future or because it is ahead of its time and not well understood.  This is perhaps why John mentions in his comments that he is looking for a patron.

Yes, I am looking for a patron, and hopefully something will come out of my meetings here this week.

Another commenter then asks the question…

Doesn’t expecting to be paid for OSS work also belong in the “sense of entitlement” box? That someone chooses to develop and publish software in their spare time is that same as me choosing to go climbing in my spare time, and I doubt anyone will pay me to do that.

I wonder.  Did Galileo feel a sense of entitlement every time he had a bowl of pasta paid for by his patron while working on his equations?  What about Michelangelo?  Perhaps they would have if they were the only ones to enjoy their own work.  In their cases, their work was shared for many to benefit, unlike the rock climber.

In some respects, I see parallels with open source software in the recent direction of the music industry.  Many music critics feel the music industry is stuck in a rut with cookie-cutter music artists who all sound the same dominating the air waves.  The cost to produce a hit is so large, that the studios are unwilling to take gambles on something innovative (with notable exceptions of course!)

Not only that, the music industry is waging a losing battle against technology that makes it essentially free to copy and distribute its product.

Hmmm. What else is free to copy and distribute?  Oh, I know.  Open Source Software!The key difference obviously is that OSS makes this distribution intentional, causing many to wonder whether these people are simply nuts (we are).  Free distribution is the whole point in OSS.

So what is in store for the music industry? Some have suggested that the music industry will die if it does not adapt.  One proposed means to fund musicians is to take a fresh look at the patronage system, though refitted for the Internet Age.  MySpace comes to mind in that regards.  Perhaps some budding Medicis are online looking to start a new renaissance in music.

I’m not enough of a historian to understand the Medici’s true motivations in funding art and science.  Did they do it out of pride in their city to demonstrate to the world how Florence is the source of great art and science?  Was it pure showmanship?  Did someone lose a bet?  Or was there simply a desire to support the creation of beauty, whether it take the form of science or art?

Like I said, I have no idea, but I think the answer might shed light on whether the model of patronage would work today.

Recent discussions around who should contribute to Open Source projects tend to argue (myself included) that those who benefit from Open Source should consider contributing back to it.

Unfortunately only looking at it this way frames OSS as a quid-pro-quo situation.  You get what you give.  But many OSS project founders don’t see it that way.  I can’t speak for John, but I bet he gives a lot to his project without expecting an equivalent contribution from others.  What about the other side of the coin then?

Will we see the rise of the Medicis of Open Source Software, patrons with deep pockets who view interesting open source projects as a form art or science worth supporting because they push their fields forward, whether or not it equivalently lines their own pockets with cash? Or should the only software that be produced be software that is commercially viable, much like music on the radio?

Some are calling upon Microsoft to take that role. If so, would that even be a good thing?  Quite possibly, if done well.

These are all questions I ask myself when I’m trying to procrastinate and start to get a bit too philosophical for my own good.  These are not intended to be leading questions trying to promote one view or another, but rather questions whose answers I am working through for myself.

comments edit

Jon Galloway is my batch file hero.  He’s the one who introduced me to the FOR %%A in ... syntax.

Today I needed to rename a bunch of files.  On one project, we haven’t kept our file extensions consistent when creating a stored procedure file in a Database project. Some of them had .prc extensions and others have .sql extensions.

I wanted to rename every file to use the .sql extension.  I couldn’t simply use a batch rename program because I wanted these files renamed within Subversion, which requires running the svn rename command.

So using a batch file Jon sent me, I wrote the following.

FOR %%A in (*.prc) do CALL :Subroutine %%A


svn rename %~n1.prc %~n1.sql

Pretty nifty.  For each file in the current directory that ends in the .prc extension, I call a subroutine.  That subroutine makes use of the %~n1 argument which provides the filename without the extension.

For help in writing your batch files, type help call in the command prompt.

I can see using this technique all over the place. I will leave it to my buddy Tyler to provide the Powershell version.

comments edit

I hesitate to blog this because this tool is really really really really rough, quick, and dirty.  As in it needs a big ol’ box of Tide.  

I needed to convert a bunch of UTF-16 text files into UTF-8 so I spent five minutes writing a little console app to do it.

This thing literally has no exception handling etc, but it gets the job done for my needs and I thought others might find it useful if they have exactly the same need. 

Hey, feel free to clean up the code and send it back to me, or point me in the direction of some free tool I should’ve used all along.

USAGE: batchencode extension encoding [backup]
    extension: file extension with the dot. ex .sql, .txt
    encoding:  values... utf7, utf8, unicode, bigendianunicode, ascii
    backup:    optional fully qualified (sorry) backup directory.

Download the code here.

comments edit

Dumb and
Dumber In general I like to regale my readers with stories of my brave accomplishments, ideally embellished to make me look like a hero. 

But last night I was dealing with a problem that when I realized the solution, I knew I deserved a big red WTF on my forehead.

I was playing around with an Atlas UpdatePanel in a form on some existing code.  No matter what I tried, the site would perform what appeared to be a full post back.  I started cursing Atlas and it’s gee-whiz-bang-newfangled-broken UpdatePanel.

This morning, before work I thought I would take a quick look at the underlying code behind (not sure why I didn’t do this last night).  Right there in the submit button event handler was the following line of code (actually slightly modified for brevity).


I had totally forgotten that there was a redirect in response to that button event!  So the UpdatePanel was working just fine.  The apparent post back was actually a redirect.

See, that’s the problem with software. It does exactly what you tell it to do. Even when you mean otherwise.

tags: Atlas, WTF

comments edit

UPDATE: Looks like this will get fixed in the next release according to a comment on Steve’s blog.

Steve Harman, a Subtext developer, was prototyping using Atlas in Subtext and encountered a rather problematic bug.

Not only did he encounter the bug, he went through the hard work to dig into the source of the bug right down to the line of code and proposes a fix.  How is that for constructive criticism?

Unfortunately, he hasn’t received any response from the Atlas team (at the time of this posting) regarding whether or not they recognize this as a bug and if they will fix it.  He subsequently filed an official bug report at Microsoft Connect.

This is not some arcane bug, so you may get bit by it as well if you use any browser extension such as CoComment with Atlas. 

Please validate and vote on this bug here.

tags: ASP.NET, Atlas

comments edit

Remember my recent post in which I suggested that we need more heuristic approaches to the comment spam problem?

Check out this new **NoBot control in the Atlas Control Toolkit.  I wonder if this came out before or after I wrote my piece, because I don’t want y’all to think I cribbed my ideas from this control.  It has a couple features that I mentioned.

  • Forcing the client’s browser to perform a configurable JavaScript calculation and verifying the result as part of the postback. (Ex: the calculation may be a simple numeric one, or may also involve the DOM for added assurance that a browser is involved)
  • Enforcing a configurable delay between when a form is requested and when it can be posted back. (Ex: a human is unlikely to complete a form in less than two seconds)
  • Enforcing a configurable limit to the number of acceptable requests per IP address per unit of time. (Ex: a human is unlikely to submit the same form more than five times in one minute)

I think that will be a nice minor addition to a comment spam fighter’s toolkit. It’s Invisible CAPTCHA.  Very cool!

tags: ASP.NET, Atlas, Comment Spam