OK so I am really late on the heads-up, but tonight is our monthly Atlanta geek dinner. Hey there! Yes, you reading this, you are coming right? You did RSVP to Shawn right? Thought so.

The Powerpoint Presentation and Source Code I used in monday's Visual Studio Integration topic can now be downloaded from this link.

If you just want to install the NVEdit Add-In (with Core Library and Help File), you can download it from this link.

If you have no idea what I am talking about:

NVEdit is a simple Visual Studio 2003 Add-In that I created as a working example for my presentation to the Atlanta C# Users Group. This Add-In allows you to store large "non-volatile" textual data (SQL queries, XML/XSD documents, etc) as an embedded resource in your assemblies. The NVEditor keeps seperate name/value collections (Dictionaries) for SQL, XML, XSL, XSD, and HTML. The values are accessible in a very easy manner at runtime using static members, not too unlike the ConfigurationSettings class of the .NET Framework. Unlike the ConfigurationSettings class however, the NVData values are not stored in the .config file (which is succeptible to tampering).

The whole idea is that this gives you a very viable alternative to cramming stuff that doesn't belong into .config files or into hard-coded string constants.

Here you can see a screen capture of the simple NVEditor UI:

I apologize for the delay in getting this uploaded. I tried (again) to get the RichTextBox to perform colorizing the way I wanted it, and it just wasn't working out (jeez that control really sucks). All of that stuff is ripped out now, and I cleaned up a few other bits since my presentation.

And I also compiled a help file that gets installed as well now (Hooray for NDoc!). Even though it really didn't need a help file. I mean, come on, this is a pretty darn simple tool!

Anyone else dig motorcycles?

The 2005 Great American Motorcycle Show is being held in Norcross this weekend. I went last year, and some of the bikes really kicked ass! So I am thinking about going this year too. Anyone else into hogs and choppers and all that, and wanna go check it out too?

Tattoos and grizzly beards are optional!

And yeah, I know my VTX has been sitting in the garage for a year now (undriven), but one day... one day.. I will get to take it out again on the road :/

My VTX (well, mine also has saddlebags and stuff):

(yeah, it's not a Harley... can't afford a HD or a custom bike just yet...)

Shawn Burke is attempting to get the Windows Forms framework source code and PDBs released with the FX 2.0 SDK.

First Post

Second Post

Sweet.

Sounds like it will be stripped of comments and such if it happens (at first deployment at least), but who cares. We can at least see the original variable names and step through it in the debugger.

Back in my years of working with the Delphi platform, I always saw the inclusion of core library source code as invaluable. Just being able to clearly see how the framework is implemented internally provides immense insights into how you *should* be interacting with it.

It was also a very good learning tool. I spent many hours (days) just browsing through the VCL source, finding little nuggets here and there - useful techniques, undocumented features, and internal implementation details that can make all the difference in a production application.

I sure wish I had access to that source code when I found an anomaly with animated GIF's in the PictureBox control. Instead of debugging and troubleshooting that issue for weeks (at my own expense I should add), I most likely would have uncovered the culprit far sooner if I had the source code in my hands.

I hope this goes through, and further hope that even more of the framework gets opened up like this in the future.

This coming monday, I expect to be doing a presentation to the local C# group. The last time I presented to the group, it was a hastily prepared practical examination of WSE2 programming (without ASMX), schema-oriented messaging, service agents, and other basics of using WSE2 in a SOA environment.

The presentation this month is completely different.

This time, I will define a common issue/concern with application design: the handling of non-volatile textual data. Stuff like SQL queries, HTML fragments, template XML documents, and so forth that often pepper the codebase of our projects, making maintenance difficult.

I will present a solution to this issue in two parts: A simple core library to provide an extremely friendly "developer experience", and also a Visual Studio Add-In that works hand-in-hand with the core library to make the solution very simple to use.

We will talk about the issues I encountered while building the core library, the process of building and deploying a VS Add-In, and also the issues that may arise during construction of an Add-In.

At the conclusion, we will end up with a functional and useful tool that can be employed in our code projects, along with a better understanding of how sometimes extending the Visual Studio environment can provide a good return on investment.

So, if this subject interests you at all (I find it extremely interesting - but I am truly a geek), or if you simply want to get your hands on this useful project tool, then make sure to attend this months Atlanta C# User Group meeting!

I have been watching a fair number of live webcasts lately... from Systems Builder events (OEM info for MCE configurations), to Visual Studio integration, to Web Services topics, to... well... pretty much almost everything. I love free seminars and presentations, I guess its why I go to so many user group events.

Well, two days ago I got an email from Microsoft...

"Congratulations, Keith, you have been randomly selected as a winner in the Windows Mobility Marvels Sweepstakes!  You became eligible for this sweepstakes by attending the MSDN Webcast: .NET Compact Framework 2.0 (Level 100) on January 19, 2005 and by submitting a completed webcast evaluation."

After confirming my mailing address, the following day they overnighted a new Pocket PC to me!

It arrived today, as promised. I didn't know anything about it (mfg, model, etc) until it arrived... but it turned out to be an HP iPaq h2200. Not the fastest or most feature-rich PPC, but definately good enough for what I want (something to bang code against). Honestly, the only downsides to it are the (relatively) slower CPU (intel pxa255), not a huge amount of onboard memory, and lack of WiFi. However, it has CompactFlash2 and SDIO/MMC slots, so the memory and networking can easily be addressed.

I have been wanting a PPC for a long time now, just never worked up enough "impulse shopping" momentum to actually click the "buy now" button on any merchant sites. And now I don't have to!

I love this - not only do I get FREE great-quality education, I now also get great gizmos!

OK, so I stirred up a few bees in the last post :)

I would have VERY much preferred if it (captcha as implemented in major blogging engines) were more solid. But it *cant* be. Blogs are made to be open and accessible. Thats the whole point, the ability to post comments is a big part of that. Like you say, blogs without comments enabled are highly inconvenient.. they are nothing more than traditional "programming" - one way communication. So, we *want* them to be accessible. Obviously, captcha throws a speedbump in that, the whole idea of captcha is to be a speedbump.

And that would be OK *if* it actually WERE a speedbump. As soon as I saw the implementation (always 6 letters, easy contrast, fixed character set - actually it's plainly just 3 hex values, background always a fixed pattern) I knew instinctively that it would be incredibly easy to circumvent. I don't even think you need an AI engine to do it... I can think of a few algorithms that have zero Neural Network components that could achieve a 50% success rate. My point is this is just a very brief escalation in an arms race, which buys us very little time but throws up a significant deterrent to valid comment posters.

I would also point out that as far as I can tell, the Web Service comment APIs do not even support it. And these are the most visible and obvious spammer attack vector. After all, they are using automated tools... its easier to just call a web service than scrape a web page exchange. And of all the blogs I read, only two that I can think of right now (Shawn's and Daily WTF) have proprietary comment submission API (or no WS API) that is not exposed here.

This guy's work is not going to give spammers any kind of leg-up. You can bet they were well on the case long before... it's just too enticing for them. They are fully willing to send out email spam just to get the one in 10,000 who will click the links... blogs are a gold mine compared to that... even the comment links. As far as I know, they still havent breached it yet (en masse), but it's only a matter of time.

The reason I say I think this guy did a good thing here is that he is making it very clear to his peers (he only spammed MVP's) that they do not have as much security as they think they do with this. It's easy to get mad at him for "opening the pandoras box", but he didn't really open it so much as he said "hey, everyone open your eyes, the box is already open!".

I would personally like to see a real solution to the spam problem (I hate it as much as anyone else). But this wasn't it. This was too easy to circumvent in an automatable way... and once a spambot is made for ONE dasBlog site, it works for ALL of them, same goes for the other platforms.

The only way to give yourself real relief is to implement your own captcha (or other confirmation process) so that you won't become vulnerable by virtue of your platform. It's one situation where "roll your own" security may actually be better - since we dont have a "standard" that is solid enough. Thats too much work for me though (maybe for others it is not), I just dont have the time for it. It's less hassle to just delete the garbage as it comes in at this point.