Upgrading Java for Firefox on 64-bit Windows

By ChrisEdwards | Published: November 7, 2011

If you are on a 64-bit Windows machine and are getting a notification that your Java plugin version is out of date in Firefox even after installing the latest version, you need to install the 32-bit version of Java.

Firefox runs as a 32-bit application on Windows, so it uses the 32-bit version of Java. I should have read the fine print on the Java website. It tells you to install both 64 and 32-bit versions if you are on a 64-bit system, but are running a 32-bit browser. I did, and now my Java version is up to date in Firefox.

If you are on a 64-bit Windows machine and run Firefox, you may want to make sure you are upgraded to the latest version of 32-bit Java. You can find out by going to the Addons Manager in Firefox, clicking the “Plugins” tab on the left, then click the “Check to see if your plugins are up to date” link at the top of the page. If Java is out of date, it will give you a red warning.

Posted in Tools | Tagged , , , | Leave a comment

You ARE protecting your passwords in your config files AREN’T YOU?

By ChrisEdwards | Published: November 1, 2011

When we are writing software for our clients, we have a fiduciary responsibility to ensure the security of their site.

One way to increase security is to ensure that passwords and other sensitive information are not laying around in our config files unsecured (in plain text). All too many times I have seen something like the following in a config file:

Code Sample:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <appSettings>
        <add key="UserName" value="PresidentSkroob" />
        <add key="Password" value="12345" />
    </appSettings>
</configuration>

Fixing this problem is as easy as using Microsoft’s Data Protection API. Just encrypt the value by calling ProtectedData.Protect(). And to decrypt the value, call ProtectedData.Unprotect().

Both methods take an entropy value (salt), and a DataProtectionScope value that defines the scope for which the value should be encrypted. The scope may be one of the following: CurrentUser – Only the current user can decrypt the value, or LocalMachine – The value can only be decrypted on the local machine. CurrentUser can be a little complicated since it may require you to impersonate users in certain cases, so I just use LocalMachine. This does mean that you can’t ship the config file with the values pre-encrypted because they will not be decryptable on the machine its installed on (it can only be decrypted by the machine that encrypted it).

The functions return a byte array, so I Base64 encode the values prior to writing them to the config file. To do this, I wrote a few extension methods. Here they are:

Encryption:

/// <summary>
/// Converts a string to a protected value (encrypted using Data Protection API)
/// </summary>
/// <param name="value">The value.</param>
/// <param name="entropy">The entropy.</param>
/// <returns></returns>
public static string ToProtectedValuethis string valuestring entropy )
{
    var entropyBytes = Encoding.UTF8.GetBytesentropy );
    var valueBytes = Encoding.UTF8.GetBytesvalue );
 
    var securedBytes = ProtectedData.ProtectvalueBytes,
                                              entropyBytes,
                                              DataProtectionScope.LocalMachine );
    
    return securedBytes.AsBase64();
}

Decryption:

/// <summary>
/// Converts a string to a protected value (encrypted using Data Protection API)
/// </summary>
/// <param name="protectedString"></param>
/// <param name="entropy">The entropy.</param>
/// <returns></returns>
public static string ToUnprotectedStringthis string protectedStringstring entropy )
{
    var entropyBytes = Encoding.UTF8.GetBytesentropy );
    var encryptedBytes = Convert.FromBase64StringprotectedString );
    
    var decryptedBytes = ProtectedData.UnprotectencryptedBytes,
                                                  entropyBytes,
                                                  DataProtectionScope.LocalMachine );
    
    return Encoding.UTF8.GetStringdecryptedBytes );
}

After encrypting these values appropriately, your config file will look like this:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <appSettings>
        <add key="UserName" value="ADZgAAwAAAABAAAACLYg+TEHoFh88HcfvNTg0yAAAAAASAAACgAAAAEAAAAMFLpAQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA8BdWygYhjUWaw3teJQo04AQAAAACAAAAAAXFMCeBnOURIBAl2DJoQAAAAN7+sLiIZl+x9vPjC16wcmRQAAADS4d9bdlcLF9CmKrsbgGWPM29zAQ==" />
        <add key="Password" value="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA8BdWygYhjUWaw3teJQo04AQAAAACAAAAAAADZgAAwAAAABAAAAAhfu4ghotvmXphmGWOHFfbAAAAAASAAACgAAAAEAAAAMBMv0D9/mDwktrFSVNIPcwQAAAAwg2IDL1+MOHwdx2A1cax2RQAAACZLB62COjpupN2+pW4yT8LKR5Udg==" />
    </appSettings>
</configuration>

Now you and your clients can sleep a little better at night knowing their sensitive information is just a bit more secure.

Posted in .NET, C#, Configuration, Security | Tagged , , , | Leave a comment

Video: Padawan to Jedi – A Developer Jump-Start (my presentation at Austin Code Camp 2011)

By ChrisEdwards | Published: September 15, 2011

Here is the video of my “Padawan to Jedi – A Developer Jump-Start” presentation I gave last week at the Austin Code Camp 2011. It touches on all the principles, patterns, practices, and such that I have learned in my many years being a developer. I designed the Padawan2Jedi talk to present knowledge in a two-fold manner:

  1. To cover a very wide range of topics so that newcomers to the craft can gain an understanding of the full scope of modern software development practices. As such, there is not time to cover any one topic in very much detail
  2. To provide links to detailed information on each topic so that anyone could dig in deeper to learn about anything presented that they wanted to begin putting into practice

This second manner of presenting information required a different medium. If I wanted people to have access to all these links, I knew that I couldn’t just put links on my slides…no one would want to write them all down. And after all, we are technologists…I had to use something suitable to the audience, so I thought Twitter would be a more suitable way to convey the links during my presentation. I did some searching and found a script that would send tweets from the presenter notes as you moved through the slides of an Apple Keynote presentation. The script is called Keynote Tweet 2.

So as I went through the slides, the resources were tweet(ed?) out over the #Padawan2Jedi hashtag. I really wanted them to walk away with all the links to the resources, and they did. The talk lasted 2 hours, and my screencast recording software (Camtasia) died halfway through, so if you notice a change in the audio, partway through, that is why. I also had to re-record the last half of the video of the slides, so if they aren’t perfectly in sync with the talk, that is why. (Its amazing how hard it is to anticipate when to change the slide…even when you were the one talking…)

Here is the abstract that I submitted for the talk:

Are you wanting to become a better developer, but don’t know where to start? Do the terms TDD, BDD, CI, SOLID, etc. seem foreign to you? This two part presentation will cover many of the modern development practices today that every developer should know. Learn about object oriented design principles, design patterns, testing (mocking, TDD, BDD), source control, continuous integration, agile practices, plus many useful tools and techniques. That’s a lot to cover, so while some topics will be discussed in-depth, others will be touched on lightly, with resources on where to get more information. The purpose of the presentation is to give a broad overview of how modern developers work and the tools they use to be efficient and productive and provide resources so that any aspiring developer can get on the fast-track to becoming better at their craft.

Posted in .NET, Agile, C#, Continuous Integration, Continuous Learning, Design, Humility, Leading, Mocking, Patterns, Presentations, Principles, Productivity, Simplicity, Soft Skills, Test-Driven Development, Testing, Tools | Tagged , , , , , , , , , , , , , , , , | 1 Response

Video: Introduction to MongoDB – Austin Code Camp 2011

By ChrisEdwards | Published: September 10, 2011

Here is the video from my Introduction to MongoDB talk that I did today at the Austin Code Camp 2011. This is an updated presentation that includes some animations to explain the replication and sharding concepts in MongoDB. In the talk, I also cover indexing and querying of the data. I also have attached the slides in Apple Keynote format if anyone is interested in seeing how I put together the animations.

Introduction to MongoDB – Austin Code Camp 2011.key (Keynote presentation file)

Introduction to MongoDB (Austin Code Camp 2011) from Chris Edwards on Vimeo.

Posted in MongoDB, NoSQL, Presentations | Tagged , , | Leave a comment

I Will Be Presenting at Austin Code Camp 2011

By ChrisEdwards | Published: August 24, 2011

I will be giving 3 presentations at the 2011 Austin Code Camp.

The first will by my Introduction to MongoDB talk that I have given several times…

Introduction to MongoDB

MongoDB is one of the new breed of “NoSQL” databases available as alternatives to relational databases. It is a document database that represents its data as JSON, and thus requires no schema. It can easily scale across many machines using sharding and replication. Come get an overview this database, its scalability and redundancy features, and how to access it via C#. While MongoDB is not meant to replace all SQL databases, its good to know there is an alternative for the cases where it is the better fit.

This is the same talk I gave at the code camp last year, however I have updated it to include a lot of new functionality released in MongoDB v1.8 and some upcoming features of v1.9. I also incorporated animations to help explain the movement of data across shards and other internal workings of Mongo. I have found animations to be invaluable to helping explain complex interactions. I feel they will add a lot to the presentation.

Right after my MongoDb talk (in the same room), a colleague of mine, Josh Peterson, will be presenting the open source C# LINQ provider for MongoDB that he wrote here at BancVue. The provider works with the 10gen-supported C# driver. Its some pretty cool code. If you use MongoDB with C#, it will be worth your time to check it out.

The other two presentations are actually a two-part series. Below is the abstract for them:

From Padawan To Jedi — A Developer Jump-Start

Are you wanting to become a better developer, but don’t know where to start? Do the terms TDD, BDD, CI, SOLID, etc. seem foreign to you? This two part series will cover many of the software development principles, patterns & practices that every developer should know. The goal is to give a broad overview of how modern developers work, and to provide resources to help any aspiring developer get on the fast-track to becoming better at their craft.

Episode 1: The Theoretical Side of the Force

We all know good design when we see it. But why is one design better than another? How can we consistently create code is worthy of being called great? In this episode, we will look at the theoretical side of software development and see the principles and patterns that form the foundations of good design. We’ll look at the importance of testing and learn about good test design, TDD, BDD, mocking, AAA, and more.

The goal of this talk is to give you a broad overview of design theory and testing techniques, so we will cover a lot of ground quickly. I’ll be tweeting links to related resources and articles throughout the talk. Follow @cedwards or hashtag #Padawan2Jedi during the talk so you can dig in and learn more afterwards.

Episode 2: The Practical Side of the Force

Being a productive developer is far more than just typing in code, especially when working in a team. In this episode, we look at basics like source control, automated builds and refactoring. We’ll also touch on more advanced topics like continuous integration, IoC containers, ORMs, and application architecture. We’ll finish by discussing agile software development practices and how they enhance the software development process.

The goal of this talk is to give you a broad overview of modern practices, processes and tools, so we will cover a lot of ground quickly. I’ll be tweeting links to related resources and articles throughout the talk. Follow @cedwards or hashtag #Padawan2Jedi during the talk so you can dig in and learn more afterwards.

In this talk I will be using a new script called Keynote Tweet that will automatically tweet content for each slide in a Keynote presentation. I plan to cover a broad range of topics, and can’t get into a lot of detail in the allotted time, so I wanted to make the resources available to anyone who wants more information. I think twitter is an excellent way to do this. Anyone interested can follow me , or the hashtag (as mentioned above), but I won’t be tweeting the links on the #AustinCodeCamp hashtag because I don’t want to flood the channel.

I hope to see you there!

-Chris

Posted in Presentations | Tagged | Leave a comment