OK, who can tell me what's wrong with the following VB.NET code?
Public Sub MyMethod(ByVal inputString As String)
Try
' Validate input
If inputString Is Nothing Or inputString.Trim.Length = 0 Then
' However you want to handle the error...
End If
' More functionality here
Catch
' Error-handling code
End Try
End Sub
[Jeopardy theme plays...]
Basically, the line where we check the "nothing-ness" or "blank-ness" of inputString will always error-out if the string actually is nothing. This is because And and Or in VB.NET are not short-circuited. Both sides of the operator always run, and Nothing.Trim.Length will cause an invalid object exception. Technically, it's not worth checking the right side of an And if the left is false nor the right side of an Or if the left is true, but VB.NET does it anyways by default. If one argument in an And statement is false, the whole statement is false. If one argument in an Or statement is true, the whole statement is true (not counting exclusive or). To achieve this level of functionality, an earlier version of VB.NET introduced the AndAlso and OrElse operators. Basically, they will stop evaluating if the outcome can be determined after looking at just the left side of the statement. So, our code above would become:
If inputString Is Nothing OrElse inputString.Trim.Length = 0 Then
Now, with VB.NET 2.0, we have a new operator that achieves the same code as above. So, it can be further reduced to:
If String.IsNullOrEmpty(inputString) Then
Microsoft must have realized that people were having issues because they may have been used to languages where And and Or are short-circuited by default. It's a nice shortcut if you can remember to use it!
Monday, December 10, 2007
Sunday, December 2, 2007
Visual Studio 2005 Debugging Bug
I suppose one might say that the title of this entry is somewhat ironic. Regardless, I'm not bashing Microsoft. Indeed, I am actually very fond of Visual Studio and all the features it provides. The problem I recently encountered, though, was a bit of a nuisance. I've gotten in the habit of running the websites I'm developing with Ctrl-F5 to start without debugging when I'm fairly certain there won't be any issues. Internet Explorer opens a little faster and you can continue to edit in Visual Studio even if the browser window is still open. However, I occasionally encounter a flaw in my code during this debugger-less browsing and decide to start the site with debugging to get more details. Here-in lies the crux of the problem. If you forget to close the original browser window that was started with you were running without debugging, the new session with debugging will actually time-out with an error message that your action failed. Even if you then go back and close the original browser window, all subsequent attempts to run with debugging will fail in the same manner. Performing an IIS reset does not solve the issue. The only thing that seems to work is to close and re-open Visual Studio. At one point last week, I actually had to re-boot to get things working again. So, remember to always close any browser window previously spawned by Visual Studio prior to hitting F5 to launch the site you are developing with debugging enabled.
Monday, November 5, 2007
My Latest Favorite Keyboard Shortcut for Visual Studio 2005
So, the Visual Studio 2005 IDE offers a really nice smart tag feature for renaming your variables, constants, methods, etc. Instead of doing Ctrl-H to find and replace (possibly changing more than you planned), you can simply go to the location where the item is defined and type a new name. When you are done, the smart tag for that item becomes active as indicated by a little, red line that appears under the end of the word. You can move your mouse over the red line and the smart tag will expand and give you the option to rename. Selecting this option renames all uses of the item you are changing as opposed to simply changing everything with the same name like replace does. This is a very nice, time-saving feature, and I just recently figured out how to do it without the mouse. Pressing Ctrl-. also makes the smart tag expand with the rename option already highlighted. Then, you can simple press enter. This makes the process a little easier since you don't have to reach for the mouse. If you want to make a custom shortcut (Tools/Options), the command can be found under "keyboard" and is called "View.ShowSmartTag".
Sunday, October 7, 2007
Las Vegas Activities
I know there are some folks from my company planning to attend a conference in Vegas in the near future. For them, and for any other interested parties, here's my list of tips.
The erupting volcano in front of The Mirage Hotel and Casino
Inside part of the Miracle Mile shops attached to The Planet Hollywood Hotel
The free Pirates of TI show in front of The Treasure Island Hotel and Casino
The Paris Hotel and Casino
Planet Hollywood Hotel and Casino
The fountains at The Bellagio - probably the coolest free attraction in Vegas
A sleeping lion at The MGM Grand - I was standing in a glass walkway upon which a pair of very large males were sleeping.
New York New York Hotel and Casino - I've heard that the roller coaster is hard on your neck
The Excalibur Hotel and Casino - Attached to The Luxor, the two seem to offer the most family entertainment if that's what you're looking for. Keep in mind, though, it's definitely not Disney... :)
I apologize if any of this information is inaccurate. I've tried to ensure that the hours and locations are accurate but things may change.
- Allow for an extra 10 minutes to find your way out of your hotel on the first morning. Since you have to pass through the casino, they don't really make the path to the front doors very obvious.
- Bring some business casual clothes. I wore shorts and t-shirts most of the time, but you feel oddly under-dressed in that attire.
- Get up early and walk or jog around the town. It's nice to be able to see many of the sites with very few folks around. Note that most things, i.e., fountains and free shows aren't running in the morning, though,
- For Food Network fans, several of the TV chefs have excellent restaurants there:
- Mesa Grill in Caesars Palace - Bobby Flay (excellent food, had lunch there twice)
- Delmonico in The Venetian - Emeril Lagasse
- B & B Ristorante in The Venetian - Mario Batali
- The gelato at The Bellagio is excellent even if it does cost $6.50 per cone.
- You can buy discount, same day tickets to many of the shows and attractions from a few different places. They open around 11:00 AM and close by 9:00 PM. Your best bet is to run out to one at lunch.
- Tickets2Nite - Showcase mall near MGM Grand
- Tix4Tonight - Fashion Show Mall
- Shark Reef at Mandalay Bay (10:00 AM - 11:00 PM)
- White Tigers, Dolphins, etc. at The Mirage (11:00 AM - 5:30 PM Monday - Friday and 10:00 AM - 5:30 PM Saturday and Sunday)
- Lions at MGM Grand (11:00 AM - 10:00 PM) FREE as close as would ever want to get to a lion
- Fountains at The Bellagio (every 15 Minutes starting in the afternoon and going until late evening) FREE and very cool
- Amusement park rides at New York New York (10:00 AM - 11:00 PM)
- Crazy rides on top of the Stratosphere Tower over 900 feet in the air
- Carnival Midway and brief trapeze act at Circus Circus FREE
- Dragon battle and Motion Simulators at The Excalibur
- Las Vegas Mini Grand Prix Go Karts (10:00 AM - 11:00 PM)
- Imperial Palace Auto Collection (9:30 AM - 11:30 PM)
- Desert Passage Thunderstorm at Miracle Mile Shops attached to Planet Hollywood Hotel FREE but kind of lame
- SPEED rollercoaster and Nascar Simulators at The Sahara (10:00 AM - 11:00 PM)
- Sirens of TI show at Treasure Island FREE and mildly entertaining
- Erupting volcano at The Mirage (every 15 minutes starting in the afternoon) FREE
- King Tut's Tomb, IMAX, motion simulators, worlds brightest light beam, etc. at The Luxor
- Star Trek Experience at The Hilton expensive at $50 or so, but discount tickets are available from the previously noted ticket places (11:00 AM - 8:30 PM)
- You have to be sure to go inside all the various casinos. In particular, The Bellagio, Luxor, New York New York, Paris, and Venetian are pretty cool to see.
- You can print off a very good map of The Strip from here.
- You can still get free drinks even if you're only playing the penny slots. You just need to find a spot that's visible to the waitresses serving the higher rollers.
The erupting volcano in front of The Mirage Hotel and Casino
Inside part of the Miracle Mile shops attached to The Planet Hollywood Hotel
The free Pirates of TI show in front of The Treasure Island Hotel and Casino
The Paris Hotel and Casino
Planet Hollywood Hotel and Casino
The fountains at The Bellagio - probably the coolest free attraction in Vegas
A sleeping lion at The MGM Grand - I was standing in a glass walkway upon which a pair of very large males were sleeping.
New York New York Hotel and Casino - I've heard that the roller coaster is hard on your neck
The Excalibur Hotel and Casino - Attached to The Luxor, the two seem to offer the most family entertainment if that's what you're looking for. Keep in mind, though, it's definitely not Disney... :)
I apologize if any of this information is inaccurate. I've tried to ensure that the hours and locations are accurate but things may change.
Wednesday, October 3, 2007
SANS Network Security 2007 (Post Conference)
Well, I'm back from Vegas, and I've finally found a few minutes to post. The Securing Critical Web Applications and Web Services class was quite good. Interestingly enough, it wasn't actually a SANS class. Instead, it was taught by Jeff Williams, the founder and CEO of Aspect Security and the current chair of the Open Web Application Security Project (OWASP). Basically, we covered the security vulnerabilities in the OWASP Top Ten list plus some discussion specifically about AJAX and web services. We also used an intentionally very poorly written web application called Web Goat and a proxy tool called Web Scarab for some hands-on experience. Both are available for free on the OWASP site. At the very least, I highly recommend that anybody doing web development should thoroughly read and understand the vulnerabilities noted on the top ten list. It's a little frightening to see what a decent hacker can do and the complexity of the tools readily available to them. For anybody that uses the internet, here's my tip of the year:
Never use tabbed browsing to open any other website at the same time as one that contains any secure information or has the ability to perform transactions that involve anything important like money or your identity. Keep in mind that once you log in to the secure site, the sites in other tabs can access the secure site because they are open in the same browser. For more information on how this is done, check out the OWASP page on cross-site request forgery. To be even safer, use the profiles feature of Firefox to run under a limited profile with scripts disabled when accessing a highly secure site.
Since we often reference OWASP where I work, it was very interesting to meet and converse with the chair of the project. He was excited to hear about somebody actually making use of their work. As he noted, there must be many people doing the same because the traffic on their site is high. However, he seldom gets the opportunity to meet most users. If anybody is interested in the field, he did mention that Aspect Security is hiring, and it seemed like it would be a good company to work for. Certainly, Jeff knows his stuff and would be a good person in the industry with whom to connect.
That's it for tonight. I'll post again soon and share some tips on things to do in Vegas if you're there for a couple days at a conference.
Never use tabbed browsing to open any other website at the same time as one that contains any secure information or has the ability to perform transactions that involve anything important like money or your identity. Keep in mind that once you log in to the secure site, the sites in other tabs can access the secure site because they are open in the same browser. For more information on how this is done, check out the OWASP page on cross-site request forgery. To be even safer, use the profiles feature of Firefox to run under a limited profile with scripts disabled when accessing a highly secure site.
Since we often reference OWASP where I work, it was very interesting to meet and converse with the chair of the project. He was excited to hear about somebody actually making use of their work. As he noted, there must be many people doing the same because the traffic on their site is high. However, he seldom gets the opportunity to meet most users. If anybody is interested in the field, he did mention that Aspect Security is hiring, and it seemed like it would be a good company to work for. Certainly, Jeff knows his stuff and would be a good person in the industry with whom to connect.
That's it for tonight. I'll post again soon and share some tips on things to do in Vegas if you're there for a couple days at a conference.
Thursday, September 20, 2007
SANS Network Security 2007 (Pre-Conference)
So, I just booked my limo ride to the airport for Sunday. I'm heading to Las Vegas for the SANS Network Security 2007 conference. Should be pretty fun. I haven't been to Vegas for more than 20 years. At least I can gamble without getting caught by the authorities this time around. Of course, I was only 8 or so last time, so I didn't know any better.
I'll be attending the Securing Critical Web Applications and Web Services class. Although I'm already fairly knowledgeable on the subject matter, it will be nice to get some hands-on experience in a more intensive environment. Since the class is 9-5 Monday through Thursday, I'll have my evenings free. Unfortunately, my company isn't sending anybody else, but I'm planning to keep myself occupied wandering around the strip and taking photos to post here on my blog.
Let me know if there's some place/thing/food I absolutely must see/do/eat and check back next week for more posts.
I'll be attending the Securing Critical Web Applications and Web Services class. Although I'm already fairly knowledgeable on the subject matter, it will be nice to get some hands-on experience in a more intensive environment. Since the class is 9-5 Monday through Thursday, I'll have my evenings free. Unfortunately, my company isn't sending anybody else, but I'm planning to keep myself occupied wandering around the strip and taking photos to post here on my blog.
Let me know if there's some place/thing/food I absolutely must see/do/eat and check back next week for more posts.
Thursday, August 30, 2007
ID Consistency Across Data Stores
Just thought I would share an amusing story about ID consistency. More accurately, I suppose, the lack of ID consistency. Without getting too specific, a friend was telling me a story about a process flow he ran into recently. Basically, the system had two places where data was stored. In the first, new items were added with several pieces of data including unique internal and external IDs. Each item would then be copied to a second data store via an automated process. Once in the new system, the item became available to end users so that they might add an additional set of information. Another automated process would see changes the users made in this second system and copy certain pieces of the data back to the corresponding item in the first data store. This was the most important part of the process because the primary goal was that the final data be correct in the first data store. Although a little complicated, this doesn't seem like a bad solution at first glance.
The problem for them started because the first data store used the internal ID as the unique identifier for the items while the second used the external ID. Then, they allowed the users to change the external ID for any item in the first data store. Hopefully you're starting to see where I'm going with this. Imagine an item in the first data store that has been around for a while. It's got all the data that was initially added plus the important data that was copied from the second data store. One day, a user comes and changes the external ID of the item in the first data store. The automated process picks up the change and attempts to copy it to the second data store. However, because the external ID is now different, the item is "new" as far as the second data store is concerned. So, a new row with just the minimal set of data coming from the first data store is created in the second. The automated process that copies changes from the second store to the first runs and finds the "new" item which is lacking any of the important information that users typically add in the second data store (previously added to the item with the original external ID). So, when the data is copied back to the first data store, all the information already there is simply deleted. A little while later, all the users are asking what happened to their records in the first data store.
I hope my story made sense. I found it amusing and thought I would share. Obviously, there are several things one can do to remedy the situation. However, it could have all been easily avoided by simply ensuring that both data stores used the same ID for each item.
The problem for them started because the first data store used the internal ID as the unique identifier for the items while the second used the external ID. Then, they allowed the users to change the external ID for any item in the first data store. Hopefully you're starting to see where I'm going with this. Imagine an item in the first data store that has been around for a while. It's got all the data that was initially added plus the important data that was copied from the second data store. One day, a user comes and changes the external ID of the item in the first data store. The automated process picks up the change and attempts to copy it to the second data store. However, because the external ID is now different, the item is "new" as far as the second data store is concerned. So, a new row with just the minimal set of data coming from the first data store is created in the second. The automated process that copies changes from the second store to the first runs and finds the "new" item which is lacking any of the important information that users typically add in the second data store (previously added to the item with the original external ID). So, when the data is copied back to the first data store, all the information already there is simply deleted. A little while later, all the users are asking what happened to their records in the first data store.
I hope my story made sense. I found it amusing and thought I would share. Obviously, there are several things one can do to remedy the situation. However, it could have all been easily avoided by simply ensuring that both data stores used the same ID for each item.
Subscribe to:
Posts (Atom)