Dec29

Lego Mindstorms for Christmas

It's the Monday morning after Christmas weekend, and the office is almost utterly devoid of any signs of life. My stomach is full with the warmth of bad train station coffee, and a fresh cup sits at my desk. My mind is restless and in search of a mission – but not quite in the right frame of mind to take on any heavy lifting. This is the perfect sort of morning for a little light blogging to get the creative juices flowing.

Many people do product reviews on their blogs. I briefly considered doing some of my own, but I'm not sure if anybody really cares what I think of any of these gizmos, and I still feel a bit guilty at all the neat stuff I got for Christmas on a year when so many people have had to do without. Maybe I'll review my toys a little later on, especially since it will give me time to learn how to use them.

Instead, this morning I think I'll talk about one of the toys my son got this Christmas, the Lego Mindstorms NXT robotics set. (Specifically, this is Lego set #8527 for hardcore Lego fans.) The kit comes with all the basics that your little geek in training needs to build one of several possible robot toys. As the product description will tell you, it includes 3 motors, 4 sensors (light, sonar, sound, and touch/collision), a variety of Technic style building pieces, and what they call the Intelligent Brick – a computer with a modest amount of I/O and programmability that controls the other pieces via several cables.

For our family, the NKT set is a re-tread of a Christmas gift Eric got either last year or the year before. The kit suggests that it is for ages 10 and up, and in retrospect I am slightly inclined to disagree. Certainly Eric was capable of playing with the NXT two years ago, but even though he's an avid robot enthusiast, the first time through Eric made a couple of false starts at actually building the robot and had one fun session of playing with its programming features before finally losing interest in it.

By the time he eventually circled back to it again, he had rather predictably misplaced several of the major components, which he blamed on his four year old brother. This was disappointing, though not entirely unexpected. For others, I would suggest that you invest in some kind of organizing and carrying case, preferably with some kind of locking mechanism to keep little fingers out (if you have those around), since at $250 US this is not the kind of toy you want to have to buy twice if you can avoid it. (Sadly, this is exactly what we did.) I am leaning towards a good old fashioned tackle box like the kind your grandpa probably used to organize his fishing lures. That would have lots of little compartments for organizing and possible a loop for locking the box. A good one should have lids on the inside so turning it upside down won't spill its contents all over the place.

It seems I have a soft spot for little boys who dream of someday designing and building giant mecha for the Defense Department. Also, Eric's recent acquisition of my old Windows Mobile PDA phone (aka the T-Mobile MDA/HTC Wizard) is a perfect accessory to the NXT, since both sport a Bluetooth interface and Lego has graciously developed an API and a nifty programmable controller for the Pocket PC.

After some tedious sorting though literal Lego mountains, we were able to locate all but a few of the pieces from his previous set, most of which are large enough that we expect them to turn up in the next round of room cleaning. If this quest provides him any incentive towards that end, I will be both shocked and delighted. What kid wouldn't want to host their very own Battlebots competition? He'll need to find about six cables, a motor, and two sensors that went missing in order to have the entire second robot available.

This year was a much better experience than the previous one with regard to how well Eric was able to enjoy it. He has matured somewhat noticeably in the past year, though some of this may have to do with a change in his medication regimen which was also quite positive. Eric was able to correctly identify the Start Here box on his own and get going on the basic construction of the robot's core. For the most part he was almost completely autonomous. No doubt, failing all else, he has a promising career in Ikea furniture assembly. There were only a couple points where I had to step in to help – one where an axle and its accompanying hole required just enough extra English that even I was afraid I was pushing it too hard, and the other where the order of assembly made one wire practically impossible to insert without taking half the damn thing apart again. Eric also warns me that one of the pages in the instruction guide may have two steps reversed. Beyond that, Eric was able to do practically everything on his own (including installing and using the unit's programming software) with only minimal encouragement and occasional redirection, leaving me idle to search for the lost pieces of his older set.

In a few hours, Eric completed the Tri-bot, a three wheeled robot with a front facing claw for carrying little plastic balls. The design uses the touch sensor to detect if the ball is reachable, and a light sensor facing downward to detect if it has crossed the black border of its testing pad. Voice and ultrasound sensors provide additional flexibility. Following the instructions, Eric programmed the robot to retrieve a ball from a stand and carry it to the outside of the test pad where it would release it. I can already imagine a number of cool variants for this program even before I have done any research on my own to see what's already been done. Hopefully, he'll be equally inspired.

An extra $250 got us a rechargeable Lion battery pack, DC transformer, several alternative sensors (Compass, Heat/IR Seeker, Color, and Accelerometer), and a pile of extra cables. Of these, the battery pack is the most essential and money saving. I have noticed that the unit will quickly chew through six AA batteries, so an extra $60 will pay for itself quickly and prevent this expensive toy from becoming an unused waste of space. I can only imagine how many batteries he would consume using both "bricks". The other sensors are just "goodies", but they can greatly increase what the unit is capable of. Since we have two bricks, it made sense to add some diversity. I didn't waste any time on the IR Link, since we have a lot of Bluetooth devices and I want to see how far we can push that technology before resorting to the line-of-sight only IR.

Frugal Shoppers' Note: the K9833 includes the DC transformer and the battery and will save you a couple bucks, as I learned a few minutes too late. Or, if you haven't bought the base NXT yet, consider the NXT Education Base Set that includes the battery and a few extra sensors and cables for only ten bucks more than the retail NXT set. If I had it to do over, I would definitely go that way.

For the truly robot obsessed, I strongly recommend you take a visit over at Lego Education, where there are more advanced components and plenty of books. For an additional $260, you can get the super cool RFID Sensor and tags, an Infrared Ball, and a Touch Sensor Multiplexer. Of course, by this point you have probably depleted your child's college fund, but I believe it will be well worth it.

I went ahead and got the RFID to fulfill a promise I made to Eric when he first got the set, that if he built and programmed one robot with it I would go ahead and get some of the cool stuff he pointed out to me online. There's no way to know with kids if they'll have the attention span needed to make good use out of these things, but I'm hoping that he will. Considering the A+ he got in Cryptography back in November and all the work he needs to do in order to prepare for the SAT in a few weeks, it just seems fair to reward his hard work. Though now that I think about it, I've now sunk over a thousand dollars into what it ostensibly a child's toy. Either I'm completely insane or a genius. I suppose there's no reason it can't be both.

Maybe in future, Eric and I can do some cooperative blog posts about what we come up with together.

Published: Dec-29-08 | 0  Comment | 0  Link to this post

Dec16

Did You Know: Include XSL In SharePoint Search Results

Maybe some of you already knew this, but I sure didn't until I tried it. Thanks to Ian Morrish for his post about the XSLT Standard Library for helping me put the peices together.
 
So my little journey into customizing SharePoint Search Results started a few days ago. I won't go into a ton of detail because there are plenty of good blogs out there on how to do this, and anything I have to say on the subject will likely go into Memex. It suffices to say that the method of using XSL to transform the rendering of search results is about a thousand times better than the crazy web part development that I had to do in 2003 in order to accomplish the same results.
 
But my headaches began when I decided to try and make use of XSLT 2.0 function capability to leverage some nifty string manipulations like those found here. I needed to use something like "substring-before-last" to trim the file extension off the end of document titles (really, URLs) that were coming from a search protocol handler for content outside of SharePoint.
 
Try as I might, I could not get it to work, and the error information for XSL validation is hidden from you, so my attempts to determine the cause were only causing me more grief. I could switch the stylesheet to version 2.0, add the necessary namespaces, and even declare functions with xsl:function. But whenever I would try to call the function (even with constants) I would get that monolithic web part error "Unable to display this Web Part. To troubleshoot the problem, open this Web page in a Windows SharePoint Services-compatible HTML editor such as Microsoft Office SharePoint Designer. If the problem persists, contact your Web server administrator."
 
So, in the end here is what I was able to do. I downloaded the entirety of the XSLTSL zip file and uploaded its contents into a document library on my SharePoint site using Explorer View. (I safely ignored the error I got from one file that wouldn't upload.) This makes all the XSL files web accessible, but I suppose there could be other approaches that would work just as well, like uploading these files into a subfolder under "/_layouts/".
 
Now, I tried making the xsl:import tag work, but there was no love there. However, xsl:include seems to work just fine. I wonder why the SharePoint folks don't make more use of includes in their own XSL. Though I guess it wasn't strictly necessary, it would've made for cleaner code and easier customization of things like Data Form Web Parts and such.
 
So, once you have you library chock full of stylesheets, modify the top level tag of your Search Results XSL to look like this:
 
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:doc="http://xsltsl.org/xsl/documentation/1.0" xmlns:str="http://xsltsl.org/string" extension-element-prefixes="doc str">
Then, add includes just below the last "xsl:param" tag, like so:
 
<!-- Import libraries for common use -->
<xsl:include href="/XSL%20Library/xsltsl-1.2.1/string.xsl" />
You can add as many includes as you like. Generally I try to only include the ones I will actually be using. The URL for the include statement should point to the path of the desired XSL document on your site. I was able to get both absolute URLs (with protocol and DNS names) and root relative URLs (leading slash) to work, but I didn't try file system based URLs to see if they would work.
 
Now, you can use the templates defined in the included file just like they were declared directly in the web part itself.
 
In my example, I put this tag between the document title and the description.
 
   </xsl:choose>
   <!-- code added - TC -->
   <div style="font-weight:bold; color: red">
   <xsl:call-template name="str:to-upper">
    <xsl:with-param name="text" select="title" />
   </xsl:call-template>
   </div>
   <!-- end code added - TC -->
   <div class="srch-Description">
 

The results look like this:
 
Custom Search Results Screen Capture
 
If I were to dig through all these function, I bet I could think up some fancy stuff to try. Better yet, why not make an XSL template library specific to SharePoint and share it with the community?
Published: Dec-16-08 | 0  Comment | 0  Link to this post

Dec16

Ahh hacking attempts, the true sign you have "arrived" on the Internet

So I was doing some maintenance on my SharePoint servers today and I noticed something interesting in the security event logs.
 
After seeing the user "alien" repeatedly failing to log in to my FTP server, I checked the logs for IIS. Looks like someone has been trying to knock down my FTP server's front door. I found the following addresses successively trying to access the service using user names like "Administrator", "admin", and "staff".
  • server77-68-44-143.live-servers.net [77.68.44.143] in the UK and already has a bad reputation as an abuser
  • 82-100-4-189.net.maiva.cz [82.100.4.189]
  • host-88-217-181-222.aspiria.de [88.217.181.222]
  • 222.33.56.98 (Also somewhere in Germany)
  • cpe-212-18-40-62.static.amis.net [212.18.40.62] Looks like Austria
Okay, so maybe I don't have all the time in the universe to do security on my network, but I feel a bit better about some of the steps I took. Here's some stuff we did here that maybe helped protect us a little.
 
We run Snort on the RED port of our Endian firewall. I really would've thought this IDS would shut these guys down, but apparently it didn't. I will have to go over it again and make sure everything is set up correctly - and maybe upgrade to the subscription ruleset.
 
Long ago we stopped using names like "admin" or even "Administrator". Only hardware firewalls that won't let us change the name of the high level accounts and the occassional development VM use the defaults here. I suggest you consider changing the name of all your Windows NT Administrator accounts to "GrandPoobah", "Dogbert", "ScriptKiddieKiller", or your personal fave. You can do this easily in the registry.
 
We have security audit logs for login failures enabled. We would not have seen this attack if we hadn't.
 
We use strong passwords wherever possible. Even so, a password of only eight digits can eventually be brute forced. I am now seriously considering making our account passwords longer, just in case the User IDs are leaked. You should never depend on the User ID to provide added salt and computational weight to your password, since it is almost never a [well kept] secret.
 
In truth, I should not have this FTP port open to the world anymore. It was for my own access before we implemented OpenVPN client on my phone, and now there is no reason for it. We generally shut down access to any open ports.
 
So, was this a coordinated attempt by actual people? I figure probably not. Most likely it is a zombie network doing the bidding of its masters and simply thought it might have something it could break. Most of the IPs involved appeared to be clients - only two were servers. If IP addresses came with contact info, I would tell these folks to update their virsu checkers. Oh well.
 
Published: Dec-16-08 | 0  Comment | 0  Link to this post

Dec08

MARC Penn Line Schedule for Pocket PC

If you have a Windows Mobile phone or Pocket PC and you ride the MARC from Baltimore to DC (or elsewhere North or in-between), then you might find this pocket sized Excel file handy. It contains an XL Mobile version of the Fall 2008 MARC Penn Line Schedule.
 
Note that if you live North of Baltimore, I have hidden those columns, as well as those for Amtrak trains that no longer take MARC tickets for passengers in my area. Later, I'll add the Camden Line as well.
 
Please note you may need to reality check this. I am not responsible for any errors that lead to you missing a train or anything like that.
Published: Dec-08-08 | 0  Comment | 0  Link to this post

Dec08

Extreme Custom Navigation in SharePoint

I was digging through old tasks in Outlook that were never marked completed, and I came across an e-mail from a coworker. I won't paste it here, but the gist was a question regarding using images in the SharePoint top level navigation. I put this question into the same category as others like how to customize the navigation HTML or control word breaking so long items appear on two lines. This sender had wanted to know how to include custom icons within each navigation node.

The question referred to an early SharePoint article (link) that mentioned interactive buttons. Sadly, this is not the same thing as navigation. Even so, the images are obtained through the use of backgrounds in CSS, and this is not exactly the same as having an icon alongside the text in the form of an IMG tag.

So, what are the best options for creating very customized navigations in SharePoint? I spent a little time in Memex, describing a little bit about what's good and bad about different methods. Later, I want to return to this post and really delve into some kind of out of the ordinary things you could do using custom navigation - hopefully with some demos and code samples.

Published: Dec-08-08 | 0  Comment | 0  Link to this post

Dec04

My Four Day Trip through Wonderland: Fixing Windows Live Authentication in the CKS EBE

At first, I was thinking about naming this blog post "Can It Really Be That Stupid?" After a few seconds, I realized the answer is "Yes.", got over it, and moved on. For one thing, I would have to decide which thing was *that* stupid, and that's just asking too much.

So, there are a number of people out there using SharePoint with WLA. It seems like a cool concept. Just use the WLA membership and role providers the way you would any provider for forms based authentication, and "Voilla!" your friends or business partners on Live Messenger can log in to your site using their Live ID , whereupon you can give them special access.

Last year, the Community Kit for SharePoint released a WLA membership provider designed to be used with the Enhanced Blog Edition. If you're curious - and very brave - you can get the source code from CodePlex here. The solution comes with a readme, which leaves out a couple of minor steps, but Rolf Eleveld has a nice walkthrough with screenshots on his blog.

Oh, if only it had actually been that easy!

Access Denied Errors on Login for LiveAuth-Handler.aspx

After following all the instructions to set up WLA, I tried to log in on the public facing site by clicking the Sign In link, but I kept receiving the "401 UNAUTHORIZED" error. A quick check of the IIS logs reveleaded this as "HTTP 401.5: Denied by custom ISAPI/CGI Web application", which means that the access issue is occurring within SharePoint itself.

There are so many causes for this kind problem, but I remembered solving such an issue about a year and a half ago. Here are some of the things you can try if you are having 401 problems.

  1. Disable Loopback Checking
    This security "feature" is enabled by default with the latest service packs, but it was not really meant to be used in SOA environments like SharePoint. Basically, whenever SharePoint attempts to hit its own web services on the local machine, IIS will block the attempt and cause SharePoint to throw an Access Denied error. The issue described in the Microsoft KB Article is not exactly what I was seeing, but it contains instructions on how to perform the registry hack. In the past I have seen this problem cause unusual symptoms within SharePoint that you normally wouldn't see in a vanilla ASP.net application, so I wouldn't rule it out.
  2. General Tips for 401 Errors in IIS
    You can also try some of the things suggested by this Microsoft KB Article. It has useful links to some diagnostic tools including the AACD 1.0 and FileMon. At the very least, following this approach should help to uncover any typical problems that would interfere with any SharePoint install, with or without CKS.
  3. SharePoint File Permissions
    Make sure you have all the correct file rights set up for the anonymous (IUSR_MACHINE) and application pool accounts. You can use FileMon to test for this (see above). This will include rights to the ASPX files in the LAYOUTS folder, including special anonymous access permissions that are needed for Login.aspx, Authenticate.aspx, and in our case LiveAuth-Handler.aspx. Generally, if you have IUSR_MACHINE in the WSS_WPG group, and the application pool account in the WSS_ADMIN_WPG group, then that ought to do it.
  4. Is Your Provider Working?
    Make sure your authentication provider is set up correctly. In this case, I would double check the setup as per the instructions described with the WLA provider above.

    One way to test this is to add the same provider settings to your internal (Windows Authentication) and Central Administration sites. With these added, you should be able to go into your windows authentication based site and add Live Authenticated Users as a group with rights within SharePoint – even if you can't successfully get the Live ID login process to work.


    Figure: Testing correct setup of WLA Users and Groups from the intranet (Windows Auth) site

    In my case, I added the membership, roleManager, and appSettings nodes to the web.config file located at C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG, because I wanted these providers to be accessible to every web application on my development machine. However, I will probably go "by the book" in production.

    Also, note that I have commented out the identity node (namely, impersonation="true") in the public facing (FBA) web.config file, as this is normal practice for FBA sites, but wasn't mentioned in the WLA documentation.

Unfortunately, none of these things I tried actually solved my problem. Every page I would try to visit would redirect me to Authenticate.aspx, and then that would subsequently 302 redirect me to LiveAuth-Handler.aspx?action=login, which would give me the same 401 error.

As a quick aside, let's look at how the login process actually works, because I was thinking about it a lot at the time. We start on the main page of the blog, and if you have Anonymous Access configured in SharePoint and also correctly configured in IIS, then you'll see the default.aspx page with its Sign In link displayed correctly.

As you can see, this link takes you to Authenticate.aspx, which is SharePoint's default page for requiring a login, and the one that is responsible for redirecting you to LiveAuth-Handler.aspx as described in web.config, whereupon, we get the dreaded 401.5 error. Authenticate.aspx seemed to be working as designed, but I was at a loss to explain the error.

My Eureka Moment: Running Out Into the Street without My 401

After a full day of beating my head against the machine I was getting a bit crazy, so I decided to take a break. I put the computer away and went to an Orioles game with a pal of mine. Perhaps my best tip of the day, do not underestimate the value of taking a break. Your brain will keep working on the problem in the background while you recharge your batteries. In fact, I had a great time. Not only was this the first time in over a decade that they won while I was at the stadium (what awful luck!), but they delivered a spectacular grand slam followed by a three run homer, literally crushing the Cleveland Indians.

So, the following morning I was thinking about what is different in the WLA that I have never seen in any FBA based solution before. If I could find the variables, and eliminate them, I might solve the problem or at least discover the cause. One thing that struck me as just-too-stupid-to-think-about was the URL that specified in the loginUrl attribute of the forms tag in the authentication section of web.config.

"What if," I thought, "however unlikely it may be, there is something in the .NET authentication provider that refuses to recognize the login page simply because it can't handle the query string at the end?" Well, it sure seemed like the kind of shortcoming that would typically sneak into code, but I had never heard of such an issue. Still, there are lots of patches both for .NET framework and SharePoint, so maybe I'm on a patched version that has this rare problem.

So, I tried a little experiment. I took out the query string, like so.

Click the Sign In link again, and…

"Wow! There's no way it can be that simple." I put the query string back into the web.config, then tried to log in again, just to be sure.

In fact, if you take the query string out of web.config, but you add it manually on the address line of your browser, it will work as expected. The result redirects you to the Windows Live web site without any 401. Note that I've made some improvements to my source code. If you manually type the login URL on the address bar using the code as downloaded from CodePlex, you are much more likely to see some kind of NullReferenceException instead of a successful 302. But my point is that it will actually run your code.

The Final Verdict: Ye Not Guilty

So, then, this answers how to fix the problem, but doesn't identify the cause. Is this an issue with the .NET framework or maybe SharePoint itself? Well, that might be possible, but I thought it was unlikely given that these products have probably gotten some pretty thorough testing, especially compared to CKS and the WLA provider. But, I was on a mission. I wanted to make this work, and I had a clear path to explore, so there was no time to ponder this in depth.

What should've also crossed my mind at the time - but didn't - is that this issue might have been caused by code running in CKS itself. I ran into some other issues in the following days, but after everything blew over, I did some experiments to try and prove that CKS EBE itself was not at the heart of this particular problem. (Turns out I proved myself wrong.) To test this, I tried changing the settings for Secure System Pages in the CKS EBE Settings (a.k.a. Blog Settings).

There were two takeaways from this that finally explain this issue in black and white.

Lesson #1
The first is that just because you change your Blog Settings on the internal (Windows Authentication) site, does not mean they will automatically change on the public facing (FBA) site. While trying to make changes to the setting above, I learned that you need to make changes to Blog Settings manually to both sites. This is actually pretty cool, because it means you can select different themes for each and change some settings as appropriate. Also, it makes sense, since these blog settings are stored as a section in web.config for each site. But it is also a pain, especially if you have already configured FBA on the public site and you can't actually login to make settings changes.

Lesson #2
Second, I learned that everything I did from here on out is – at least partly – unnecessary. To work around this issue you simply need to turn Secure System Pages off. This will eliminate the problem with the login page having a query string. Of course, I happen to like this setting and want to use it on my public facing site, so I'll be working with this code to make it work properly with WLA.

Ever Deeper Down the Rabbit Hole

Now that I've revealed "whodunit" in this little mystery, let me jump back. Instead of finding the exact cause right away, I would spend the next two days trying to make the login page work correctly without the query string. I went through a lot of code changes to liveatuh-handler.cs in the attempt, and I learned a lot. Because this is not the end of the story, I plan to talk about these things just a bit before I'm done, but nobody will blame you if you skip all that and just get the code. [TODO: publish and link to code please]

So my first approach was to try and rewrite liveauth-handler.aspx so that it could just tell that you were going from Authenticate.aspx and redirect you to the Windows Live site automatically without being told via the query string. To some extent, this worked, but it took some messing around the find the right commands, and the HTTP_REFERER was not always what I expected it to be.

Here's a screen shot from my early code:

You can see at this point that I had already done some work to eliminate "Object Reference Not Set" exceptions. That's pretty typical of code written in a rush. You get it working to the extent that you need it to. Since you have other stuff to do, there isn't time to imagine every way in which it might go outside that corral, you move on. Unfortunately, it results in code that breaks easily, which it did for me many times.

You can see in these shots of the debugger as I was digging around for the HTTP_REFERER variable within the page Request object.

Its value would typically be something ending in "default.aspx" or "authenticate.aspx" whenever I was clicking through from the Sign In link. It would be easy enough to tell that the referrer was on the same server using a string comparison or RegEx, but fortunately the .NET framework has provided a couple of handy properties in the HttpRequest class that help to isolate the host name. These are Url and UrlReferer as seen below.

Interestingly, page redirects from the WLA site would have no referrer at all. I would've preferred something like "https://login.live.com/ppsecure/post.srf?appid=000000004400143A&alg=wsignin1.0..." Alas, no, they are just blank. This makes them indistinguishable from URLs entered on the address bar, and that made testing a nuisance.

Despite this, I was able eventually to muddle through. There were a number of setbacks, like this one:

This issue, or some other error, will happen when you have Secure System Pages turned on. (The exception message is my code and not part of CKS EBE or WLA, because I thought it would be helpful for other developers.) I did some experimentation to prove that when Secure System Pages is turned off, the new users will be automatically redirected to liveinfo.aspx as they should be. Also, the issue does not affect users who have already entered an email address in their Blog User Profile, because those users are typically redirected to a generic (unsecured) page such as default.aspx instead.

What's going on here is that Windows Live returns with a valid session ticket as an HTTP form post, but since the user does not yet exist in SharePoint or have any rights other than those granted to Live Authenticated Users, they get redirected from liveinfo.aspx to the liveauth-handler.aspx login page, probably by way of authenticate.aspx. (In the original source code from CodePlex, this would've forced their session to be logged out.) The redirect causes the contents of Request.Form to be lost, which is the means by which WindowsLiveLogin.ProcessLogin() method receives data from the Windows Live website. Even though you'd think that such an internal referral should have some kind of value in Request.UrlReferrer, its value is in fact null. The code, as I had written it at this point, failed because this condition is a contradiction. On the one hand it thinks it is supposed to process some kind of result from Windows Live, but that information has been dropped.

In a nutshell this means that any user who hasn't provided an email address is going to get some kind of error after they log in, and it is very likely that such an error will cause the authentication process to break down before all the cookies have been properly set. Looking at all this strange behavior, I have decided that the entire flow for the page needs to be streamlined and bulletproofed. (Though as of December I still haven't gotten around to it.) It's too convoluted and unreliable when conditions fall outside the norm. In the long run, the issue can be corrected entirely by fixing the code for BlogHttpModule.cs in the CKS.EBE solution.

But, let's talk a minute about the process by which I came to discover that this is what was going on, because it did not come easily.

To have results come back from the Windows Live site, and not have any form attached to them, was very confusing to me. I wanted to try and prove that the form was in fact coming back across the wire, and then being lost someplace else. To this end, I downloaded a very useful tool called EffeTech HTTP Sniffer which I have used on many passed projects to gain insight into what SharePoint is doing behind the scenes. It is my opinion that an HTTP Sniffer of some kind should be included on every SharePoint developer's installation checklist.

I was unable to get any meaningful data from the HTTP Sniffer though, which returned only a generic HTTP request and a GIF for the passport logo. Upon post-back from the Windlows Live server there was not showing up in the trace. So, I tried their EtherDetect product to see if I could figure it out. Here is an example of what came back.

Digging into these, I was able to determine that my server was opening a random port that connected to their server on port 443. Several tests concluded the port was random, and so I was unable to add it to the list of ports in the HTTP sniffer, and everything I saw in the Ethernet sniffer was of course encrypted. Unfortunately, this is a failing of the EffeTech HTTP Sniffer. The MSN Sniffer was totally useless for WLA. But, at least I was able to determine that there was some kind of data coming back.

Eventually, I was able to blunder into the solution of manually adding an email address to my entry in ProfileList, and that got me around the problem with redirection to viewinfo.aspx. This is not a good final solution, but I was able to move on to the next problem.

Okay, so now I could see that I had a form and I was able to step through code to the point where I could see that SetAuthCookie was executing. But, as far as I could tell, there was no cookie and no authentication within SharePoint going on at this point.

By this time, I may have been chasing foo-fighters. I had been a while in the weeds, and the default theme for CKS EBE provides no visual indication that you are signed into SharePoint as any particular user - something I have since changed in my own blog site as you can see at the top of this page. For this reason, I recommend that you create your own theme that makes use of the wssuc:Welcome control to tell you who is logged in. It could very well be that for some time I was actually successful at authenticating and did not know it, because Live Authenticated Users was not assigned any special rights. Note that even if you add this group to the Contributors, it will not automatically be able to create Blog Posts.

Another thing I tried was to remove the domain and path properties from my forms tag in web.config, but I have since put them back so I know they are not to blame in this case. I also tried changing the name of the form from "livelogin" to "LiveID", but I have also changed this back without any effect. For the time being if there were authentication issues around cookies, I have been unable to reproduce the problem.

Ultimate Solution: Fix Secure System Pages

Although I did eventually end up reverting to the use of a query string for the liveauth-handler.aspx page, I wanted to clean up the code somewhat anyway. I also implemented a fix for the BlogHttpHandler.cs that resolves many of the issues described above, and could probably be improved upon even more. Given time I would like to make the list of allowed system pages configurable from an XML file in the Feature (or maybe even web.config itself).

You can download the code here. I only provide the files in question, and I'll submit these issues to CodePlex as soon as I get the chance, but I wanted to make them available here for those experiencing similar problems. Enjoy! [TODO: publish code and provide link]

Published: Dec-04-08 | 0  Comment | 0  Link to this post

Dec01

So What's Eric Doing? (Sarah "Hey, what about me??")

Since today seems to be turning into my annual Catch Up On Blogging Day, here are a few things about what my kids have been up to this year.
 
Eric recently finished a class on Cryptography: Math & Codes through Johns Hopkins CTY. He received a grade of A+ (better than 100%). Also, he completed all of the extra credit projects, and got perfect scores on many of the tests. His submissions were excellent, and I will be posting links here later. For me, it is great news that he is finished with this class, since it was very time consuming for him. Even simply helping to keep him focused on the work was a big challenge for me. Congratulations Eric on a well earned success!
 
During the class he developed a new love for MS Excel Mobile and his HTC Wizard, a phone that he got as a hand-me-down after I upgraded to the Wing. For a kid, he makes amazingly good use out of that device. I steal some of my best mobile ideas from him.
 
Earlier in the summer, Eric attended a game developers' camp, where he learned to use tools to design 2-D games. He still has a long way to go, so I am hoping he will spend more time with Phrogram and MMF2.
 
Eric will now go on to study for the SAT, which he needs to pass this winter in order to stay in the CTY program.
 
Sarah started school this year at the Mt. Royal Elementary and Middle School, as part of their Ingenuity project. She didn't apply in time to be part of the program at Roland Park, but I think that the diversity at Mt. Royal will be a good thing for her. Another plus, she can take the train to school.
 
Sarah is in the school band and is helping raise money for their trip to Florida later this year. Sadly, there was no chess club for her to join at Mt. Royal.
 
Over the summer, Sarah went to a CTY class on Minerals and Polymars. They don't give grades for the summer program, but she got good marks all the same.
 
She also spent a week at NYSP in Washington DC. Sadly, we applied too late (See a pattern here) so she won't be able to go with the NYSP program to the inauguration.
 
Both Eric and Sarah helped me volunteering for the Obama campaign in Leesburg, VA during the final days leading up to November 4th. They (and the li'l ones) came with me, Alara, and James to see Barack speak at a rally on the 3rd in Mannassas. 90,000 people were there. It was crazy!
 
By far Talya's favorite word of the fall was "Barack Obama Button". It sounds fun even just saying it - try it! She also recently told Eric's 12 year old friend Elmer, "You're in my seat, little boy!" I can't believe she talks so much now, but I don't know why this suprises me since I've been through so many toddlers before. She likes to re-enact scenes from Steve Carrell's "Lanlord" skit.
 
Alex is still doing his thing. He enjoys his pre-school. He loves Iron Man, Spider Man, Baby Cthulu, his Loc Nar (it's a green ball), and the Companion Cube. He drew an amazing picture of our family that included the six of us, James "with a samari sword to chase away bad guys", and "Robot Barack Obama hat out of control".
Published: Dec-01-08 | 0  Comment | 0  Link to this post

Dec01

Short of Breath? Maybe You Have Asthma

Reading one of my previous posts made me think of this.
 
As of about a month ago, it's official. Though the cause is indeterminate, I have asthma.
 
I'm writing up a short explaination in case someone stumbles upon it in Google and decides it is similar enough to what they are experiencing to warrant seeing a doctor.
 
First off the symptoms started almost four years ago, in spring 2005. We had just bought our house and had been there only a few months. As the wet and rainy but still cold part of winter-spring was upon us, I developed the most awful symptoms that felt like bronchitis. I used to get bronchitis nearly every year during the winter when I was in my late teens and early wenties, so I blew it off. I spent several weeks convalescing, and when the warmer sunny weather prevailed my symptoms subsided.
 
But, they never really went away. The shortness of breath, coughing, fleghm, fatigue, intermittent bronchitis, and even early morning vomiting would return any time the weather became cool or damp.
 
We did a lot of rennovations in the house over that time, and some of it involved some nastiness - plaster dust, whatever-was-in-the-attic-for-a-hundred-years dust, sanding, insulation. And then there was the mold. When we moved in, there was lots of it. (See Breaking the Mold for the full story.) I seriously was starting to think I had given myself silicosis, COPD, or something.
 
It took me many months to stich all these symptoms together. I saw an allergist and was told to my suprise that I was only allergic to dust (despite many other known irritants). I began to wonder if this was a long term effect of drinking.
 
I complained to my doctor, who gave me an Albuterol inhaler for the really bad days. She recommended I see a pulmanologist, and though it took me a long time to get around to it, I wish I had done so sooner.
 
So what the specialist said was that there are many factors that can cause asthma: mold, construction dust, allergies, poor air quality, acid reflux (which I didn't know) also called GIRD, and others - and I had practically every one.
 
My thinking now is that the basement mold may have caused it, and it never really went away. The mold never really went away either. We just had a test done and there is still some measurable amount in the basement. So there's that.
 
In any case, the doc gave me another inhaler - a steroid - to use twice daily. It worked so well I could feel it immediately. I guess it's a testament to how well it works that there are days where I can't tell if it is working or not, but then I will have a bad day and then you bet I can tell it is working when that happens.
 
It's not a long term solution, but it's something I can do for now to start my recovery while we try to figure out the causes.
 
When something is wrong, see your doctor. Don't wait. Whatever you may think, you aren't too busy.
Published: Dec-01-08 | 0  Comment | 0  Link to this post

Dec01

My Annual Review: Revisiting the Idea of the "Job I Love"

Some time back, I wrote this little gem as a musing about what kind of job I would enjoy.
 
At the time, I had a job that wasn't particularly thrilling. Here were a few of my reasons for daydreaming.
 
  • Stagnant pay: In spite of positive reviews and even awards, I'd received no raise for two years. In fact, I observed a general trend towards stinginess, particularly towards those who demanded the best compensation up front. To me this begs the question, if you are competitive about acquiring talent, wouldn't it be prudent to be as-or-more competitve to keep it.
  • Abusive management: I had seriosly considered giving some of the people I worked for copies of The No Asshole Rule for Christmas. (Work Matters, Bob Sutton's blog is also a good read.) In my line of work you have bosses back at the company and at the client; there were no shortage of jerks embedded in both places.
  • Few (if any) prospects for promotion: With plenty of competitors, relocation out of the question, and my path blocked by immediate superiors, realism demanded that I did not delude myself into thinking I could move forward by moving up.
  • Allies leaving the company: when those most willing to defend or make a place for you are finding better opportunities elsewhere, it's time to pack your chute.
If you start to see signs of any of these things, take my advice and do whatever it takes to find yourself another gig quick.
 
Looking back, it was almost as if my bosses were reading my blog, because only a few days after I made that post, I was shown the door. I have heard stories of such occurrances.
 
I was lucky. Despite a very strong desire to be loyal to the company, I had never fully come to trust in them to do the same for me. After alternately witnessing and being on the wrong end of a number of instances of office "unpleasantness", I had resolved to stay on my assignment only throught the 1st of March and had prepared myself for the market, so by the time I was dismissed I already ahd everything in place to find a new job.
 
And so I returned to the world of independent contracting from wence I had come two years prior. I can't be bitter at my former masters. For one thing, losing my job was the best thing financially that could've happened to me. Also, as it turns out I think I am better suited for the life of an independent consultant.
 
So, as I come up on one year from that time, I want to take a look back at what my goals were, and make some observations about where my work life has met them and where it has fallen short.
  1. A+: Work mainly with SharePoint
  2. A: Don't work (directly) for the "Evil" Empire
  3. B: Variety in work
  4. B-: Limited practical and social impact of assignemnt changes
  5. C: See lasting changes (transformation) from my work
  6. B-: Focused mostly on the new and "yes you can" and less on the existing and "why you can't"
  7. A: Autonomous commute
  8. A+: Show me the money
  9. D: Leadership, example to others
  10. B: Fewer conflicts with others
These letter grades are relative to last year; so "A" means I made a major improvement, "C" means little has changed, and a "D" means that my attempts were fristrated. (It wasn't in the original list, but I threw in #10 "just because".)
 
I'd say overall, the changes have been good. Perhaps I'm best sutied to working independently after all. I'll be making my resume a standing part of the web site, so no need to repost a link here. Anyway, here's the drill down - more for myself than in case anybody cares.
  1. MISSION ACCOMPLISHED I want to work with SharePoint most or all the time, because it's really cool!
    Well, the demand for SharePoint has seen to that better than anything. There's been such explosive growth in this product line that it's just insane. I never did spend much more than a week on the bench lat winter, and even during the wall street meltdown in September/October I was only seriously looking for work for a few weeks. (My biggest error was in taking a much needed inter-gig vacation in late August.)

    Having my own consulting firm means being able to make a choice to turn down any assignments that don't make good use of the skills I have. That anyone at my old job ever for a moment thought it was a good idea to assign me any work that didn't include SharePoint proved to be completely short-sighted; in doing so, they had sacrificed both long term profitability and my marketability.

  2. MISSION ACCOMPLISHED But, I don't want to work for Microsoft.
    It's easier than you'd think, but I did get a call about a couple of jobs from one of their people in Reston.

  3. DOING BETTER I like working on lots of little short-term projects. Veriety in work and in solving different problems for different types of users is exciting. For that reason, I could probably spend my whole life building nifty web parts and showing people how to use them.
    Well, being an independent contractor does lend itself to changing tasks and roles at least as well as working full time for a consulting firm does. I would prefer to have things mixed up a bit more while on a single project. DHS had so much variety it was almost a problem. Here at IMF it's less so, but I suspect that as I grow into the role that will change somewhat.
  4. MODEST IMPROVEMENT But, I hate having to think about my commute [or the people I have to work with] changing whenever the project ends.
    I still hate this aspect of changing jobs, but there have been some improvements. I've had some mixed success. I did form some lasting friendships while I was at Constellation, and I try to keep in touch with people that I enjoyed working with. I've had trouble keeping in touch with some of my old colleagues - John, Erin, I am lookin' at you - lol. Joining a local user's group helped too, but I haven't been to a meeting in quite a few months now. One good thing is that my current gig is only a few blocks from my previous one, so I can get together with pals from the old gig every now and then.

    As for the commute changing, it was for the better. These days, I have more control of the locations where I work. Though there were moments when I worried that finances would force me to take an assignment that would make commuting a challenge, fortunately things worked out differently.
  5. STILL ABOUT THE SAME I truly enjoy using technology to help transform a business. Getting only little wins is really frustrating, so buy-in from the top is very important to me. If that means part of my job is to fight for that support, then so be it. Unlike many people, I find debate invigorating.
    In many ways, SharePoint lends itself to "little wins", so I see a lot of those. Transformations can be hard to fight for and take a while to happen. I think the trick is to keep the little wins lined up so they keep coming. Give a day or two each week to doing the little things that impress the people who are easily impressed, and use the remainder to take on the big challenges.

    I am very fortunate that here at the Fund, the CIO is a big advocate for SharePoint, so maybe I will get to see some of that awesomeness soon.

  6. MODEST IMPROVEMENT I like doing work on proof of concept and design. Finding out what can be done is fun. Finding out that you *could*, except that you *can't* because there either a) aren't the skills, b) aren't the resources, or c) isn't the time is no fun at all. So, a place where there is a real investment in technology (as opposed to band aid solutions) is a real plus. (Update: Add "lack of political will" to that above list of frustrations.)
    So what else is new? Many companies large enough to truly leverage SharePoint run into the problems of bureaucracy, process, and political willpower. The ones that are small enough to be agile run into the time-skills-resources roadblock. Part of the challenge of working with SharePoint is finding a way in spite of this conundrum, so I am learning to accept this.

    I still prefer development over software maintenance, so I am making the use of TFS and wiki for documentation at part of my mission here. I want other people to take over my stuff so it does not weight me down later.

  7. MISSION ACCOMPLISHED I would like to either have a very short commute to downtown Baltimore, or else a reasonable train ride to Washington DC that I can do myself. I am tired of relying on my wife for transportation. I wouldn't mind working in my boxers either, but I need an excuse to get out of the house once in a while, and some things are better done face to face.
    I spent about twleve weeks of the year working in my boxers. I also did a short term part-time gig that was mostly telecommuting - though it tried like hell to become full time or worse. Later, I took an eight week unpaid vacation and sat around the house.

    As for the commute, all my other work has been either very local to my house or in Washington DC. Only a few visits to Booz Allen in McClean, VA in the early part of the year were outside that spec - and although they were quite a haul, they didn't undermine my autonomy. These days, my wife only gives me a lift to the train station, and I'd love to find a way to save her from that.
  8. MISSION ACCOMPLISHED I'd like a job title where the median base salary is in the neighborhood of $150,000/yr. Software Engineering Director looks nice, though frankly I have never seen anybody hiring for that one. They always use terms like Developer, Analyst, or Architect. Sorry, but the pennies don't spend like they used to, and wages don't seem to be going up to meet inflation. I guess I could accept a lower salary for the right perks, but the money is pretty important.
    I won't go into specifics, but I am making much better money as an independent contractor. Even with the two month gap in employment this fall, I am well set this year. The net compensation is about double what I used to make as a salaried employee. Although, one thing I really need to be mindful of is the taxes.

    This is important though, and I can't stress this part enough. I would not be able to pull this off if my wife were not working. Her job provides the health insurance, taking that worry off my plate. Also, even though her salary covers virtually nothing beyond the mortgage and day care, it provided the much needed butress which allowed me to go through extended unemployment without sinking irrecoverably into debt. Given enough time to amass some savings and shop for benefits, I could possibly take care of both of these issues on my own, but this year it was an indespensible aid.
  9. NOT QUITE WHERE I WANT TO BE Funnily enough, I like managing technical people, and I am good at it too. That's an aspect of work that I miss when being stood up as a lone gunman in consutling gigs. You rarely if ever have the authority to direct a team. Well, at least sometimes you can act as the trusted advisor; that can be nice.
    I have to be honest, this is the one thing that hasn't been everything I'd like from a job. Being realistic, that's probably a good thing, since this year has been full of challenges that would've made taking a stronger leadership role difficult. I did get some technical leadership responsibilities at DHS. Due to the practicality of working with govies it wasn't what I was originally promised, but what it morphed into was acceptable. There is a good chance that some leadership duties will emerge here at the Fund, but it's too soon yet and hard to predict at this point. There is some of this in running my own business, but I need to find a way to profitability beyond my own hours if I want it to have any measurable role in my daily life.
  10. DOING BETTER Work in an environment that is less hostile and/or stressful. Have fewer conflicts with others and resolve them more amicably when they occur.
    Life as an independet is absolute not conflict free. For starters, I had one client who got to be over $12,000 in arrears early in the year when I needed the money most, and he practically begged for conflict. I mean how many times was I supposed to accept "it's in the mail" as an excuse, anyway? Another client tried to bully me into working more hours than we'd previously agreed on - honestly more than I could handle while trying to run and grow the business. Finally, the security clearance process at DHS will just wreck your sanity - especially if like me you are prone to explaining things in detail and have a lot of petty baggage to disclose.

    That said, I will take all this in trade for one abusive boss, or one client who thinks it's funny to tell his developers to go wash his car. There is a different power dynamic at play when a business is your own and you are (at least on paper) supposed to be independent. For one thing, it is much easier emotionally to stand up for yourself.
Published: Dec-01-08 | 0  Comment | 0  Link to this post

Dec01

What Tool Should You Use to Deploy SharePoint Projects?

At this point, I have tried them all. I hand rolled my solutions; used early versions of WSPBuilder; struggled with the interface for VSeWSS 1.0, 1.1 CTP, and 1.1 final; and even tried a few offbeat solutions.
 
Until this summer, every method had serious problems that made packaging and deployment problematic. Revisiting my posts, I see that I never mentioned this before, but I owe props to my colleague Ted Calhoon who turned my on to the WSPBuilder Extensions. I switched over, and I never looked back.
 
 
They are a bit counterintuitive, and the commands to flush out the folder structure are well buried, but once you get the hang of them, they are the best around - at least until someone comes up with something better.
 
In future, I'll do a walkthrough.
Published: Dec-01-08 | 0  Comment | 0  Link to this post

 Next >>
`