Frequently Forgotten Fundamental Facts about Software Engineering

This month’s column is simply a collection of what I consider to be facts – truths, if you will – about software engineering. I’m presenting this software engineering laundry list because far too many people who call themselves software engineers, or computer scientists, or programmers, or whatever nom du jour you prefer, either aren’t familiar with these facts or have forgotten them.

I don’t expect you to agree with all these facts; some of them might even upset you. Great! Then we can begin a dialog about which facts really are facts and which are merely figments of my vivid loyal opposition imagination! Enough preliminaries. Here are the most frequently forgotten fundamental facts about software engineering. Some are of vital importance – we forget them at considerable risk.

Read more

The Mystery Of The CSS Float Property

Years ago, when developers first started to make the transition to HTML layouts without tables, one CSS property that suddenly took on a very important role was the float property. The reason that the float property became so common was that, by default, block-level elements will not line up beside one another in a column-based format. Since columns are necessary in virtually every CSS layout, this property started to get used – and even overused – prolifically.

The CSS float property allows a developer to incorporate table-like columns in an HTML layout without the use of tables. If it were not for the CSS float property, CSS layouts would not be possible except using absolute and relative positioning – which would be messy and would make the layout unmaintainable.

Read more

Prevent One Click Attacks by setting ViewStateUserKey in ASP.NET applications

Here’s an easy way to avoid One Click Attacks in ASP.NET applications. If you have a Base class that all your ASP.NET pages derive from, override the OnInit function. For example:

protected override void OnInit(EventArgs e)

    if (User.Identity.IsAuthenticated)
        ViewStateUserKey = User.Identity.Name;

If you don’t have a base class defined, you would have to put the above code in every ASP.NET page.

Installing BugZilla 3.4.1 on Dreamhost

Here’s a quick guide on installing Bugzilla 3.4.1 on Dreamhost.

Fire up a shell and follow these steps (these command are from in the directory of the domain you want to install Bugzilla in.

mkdir bugs
cd bugs
tar zxf bugzilla-STABLE.tar.gz
rm bugzilla-STABLE.tar.gz
mv bugzilla*/* .

Next, follow setups 6, 7, 8 and 9 from the Bugzilla Dreamhost wiki.

Now you will need to manually install Module::Build and DateTime::Locale for Bugzilla to work. To do this, first get the latest CPAN download links for the modules.

For Module::Build, you’ll find the download link here:
For DateTime::Locale, you’ll find the download at:

I’ve used the latest available builds at the time of this writing for the example below. Next, follow these steps in the Bugzilla installation directory:

mkdir tmp
cd tmp
export PERL5LIB
tar xzf Module-Build-0.31.tar.gz
cd Module-Build-0.31
make test
make install
cd ..
rm -rf Module-Build*

# To install DateTime::Locale
tar zxf DateTime-Locale-0.43.tar.gz
cd DateTime-Locale-0.43
make test
make install
cd ../..
rm -rf tmp

Re-run ./ and then fix permissions as in the Dreamhost Bugzilla wiki page:

for i in docs graphs images js skins; do find $i -type d -exec chmod o+rx {} \; ; done
for i in jpg gif css js png html rdf xul; do find . -name \*.$i -exec chmod o+r {} \; ; done
find . -name .htaccess -exec chmod o+r {} \;
chmod o+x . data data/webdot

You should now have a working Bugzilla installation at

Encrypt your config please…

ASP.NET 2.0 makes encrypting configSections in the web.config file a snap and there is no reason to not encrypt sensitive configSections. Just google for “encrypt config” and there are tons of code snippets waiting for you to copy and paste. Below is a code snippet that is found most commonly in google search results for protecting and unprotecting web.config file:

private void ProtectSection(string sectionName, string provider)
{ Configuration config
= WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);

ConfigurationSection section
= config.GetSection(sectionName); if (section != null && !section.SectionInformation.IsProtected) { section.SectionInformation.ProtectSection(provider); config.Save(); } } private void UnProtectSection(string sectionName) { Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath); ConfigurationSection section = config.GetSection(sectionName); if (section != null && section.SectionInformation.IsProtected) { section.SectionInformation.UnprotectSection(); config.Save(); } }  
You would usually call ProtectSection method in the Application_Start event in global.asax. As you can see, it accepts two parameters, sectionName (like “connectionStrings”) and provider which is basically an encryption services provider. ASP.NET ships with 2 default providers:
  • The Windows Data Protection API (DPAPI) Provider (DataProtectionConfigurationProvider) If you use this provider then the encryption keys are provided by the Windows OS. You don’t need to maintain the keys. However, this also means that you will need to deploy you application initially with a plain-text config file and then wait for your application logic to actually encrypt it.
  • RSA Protected Configuration Provider (RSAProtectedConfigurationProvider) If you use this options then you are also required to create key containers to hold the public and private keys used for encrypting and decrypting the config information.
Once the data is encrypted, you don’t need to change anything in your code while accessing the settings. The ASP.NET configuration classes are smart enough to decrypt and provide you plain-text when they come across encrypted configSections. Pretty cool eh!

Please note that you may never need to invoke the UnprotectSection method. It is only provided, just in case you want to revert back to a plain-text config file.

For a complete detailed tutorial on encrypting configSections see

Disable UAC for Certain Applications in Vista

If you are a Windows Vista user, there is nothing more bugging than the UAC in Windows Vista. UAC which was supposed to bring improved security in Windows, does it pretty well but at the cost of user friendliness.

There are lots of apps and softwares that I run on my Machine, and Vista bugs me everytime I open them. For quite some time I’ve been looking to disable UAC for select applications, rather than disabling it all together, as that could possibly create a security havoc. After some time looking around for a solution, I finally found a solution that was recommended by Microsoft, and even Worked pretty well for me.

If you are looking to disable UAC for certain applications in Windows Vista, then follow this guide, and once you are done, the UAC may not really be all that bugging as it used to be.

Read more

Mount ISO’s on 64-bit Windows Vista

MagicISO Virtual is a free software that works on Vista’s 64-bit edition. You’ll receive a warning when installing it – just click “Continue anyway”. From their site:

MagicISO is very helpful utility designed for creating and managing virtual CD drives and CD/DVD discs. You can run programs, play games, or listen to music from your virtual CD-ROM. Allowing you to run your game images at over 200x faster than from a conventional CD/DVD-ROM. MagicDisc is a powerful utility that uses a unique combination of options to ensure a perfect back-up every time.


ASP.NET AJAX CalendarExtender losing styles

If the AJAX CalendarExtender control shows up without any style information or in the wrong places, the simplest solution is to copy the original CSS for the Calendar’s default style (located at AjaxControlToolkit\Calendar\Calendar.css into your application’s CSS file. Also make sure the CssClass property is not defined in your CalendarExtender. The actual content of the default Calendar style is below:

.ajax__calendar_container {padding:4px;position:absolute;cursor:default;width:170px;
.ajax__calendar_body {height:139px;width:170px;position:relative;overflow:hidden;
.ajax__calendar_days, .ajax__calendar_months, .ajax__calendar_years {top:0px;left:0px;
.ajax__calendar_container TABLE {font-size:11px;}
.ajax__calendar_header {height:20px;width:100%;}
.ajax__calendar_prev {cursor:pointer;width:15px;height:15px;float:left;
    background-repeat:no-repeat;background-position:50% 50%;
    background-image:url(< %=WebResource("AjaxControlToolkit.Calendar.arrow-left.gif")%>);}
.ajax__calendar_next {cursor:pointer;width:15px;height:15px;float:right;
    background-repeat:no-repeat;background-position:50% 50%;
    background-image:url(< %=WebResource("AjaxControlToolkit.Calendar.arrow-right.gif")%>);}
.ajax__calendar_title {cursor:pointer;font-weight:bold;}
.ajax__calendar_footer {height:15px;}
.ajax__calendar_today {cursor:pointer;padding-top:3px;}
.ajax__calendar_dayname {height:17px;width:17px;text-align:right;padding:0 2px;}
.ajax__calendar_day {height:17px;width:18px;text-align:right;padding:0 2px;cursor:pointer;}
.ajax__calendar_month {height:44px;width:40px;text-align:center;cursor:pointer;overflow:hidden;}
.ajax__calendar_year {height:44px;width:40px;text-align:center;cursor:pointer;overflow:hidden;}

.ajax__calendar .ajax__calendar_container {border:1px solid #646464;background-color:#ffffff;
.ajax__calendar .ajax__calendar_footer {border-top:1px solid #f5f5f5;}
.ajax__calendar .ajax__calendar_dayname {border-bottom:1px solid #f5f5f5;}
.ajax__calendar .ajax__calendar_day {border:1px solid #ffffff;}
.ajax__calendar .ajax__calendar_month {border:1px solid #ffffff;}
.ajax__calendar .ajax__calendar_year {border:1px solid #ffffff;}

.ajax__calendar .ajax__calendar_active .ajax__calendar_day {background-color:#edf9ff;
.ajax__calendar .ajax__calendar_active .ajax__calendar_month {background-color:#edf9ff;
.ajax__calendar .ajax__calendar_active .ajax__calendar_year {background-color:#edf9ff;

.ajax__calendar .ajax__calendar_other .ajax__calendar_day {background-color:#ffffff;
.ajax__calendar .ajax__calendar_other .ajax__calendar_year {background-color:#ffffff;

.ajax__calendar .ajax__calendar_hover .ajax__calendar_day {background-color:#edf9ff;
.ajax__calendar .ajax__calendar_hover .ajax__calendar_month {background-color:#edf9ff;
.ajax__calendar .ajax__calendar_hover .ajax__calendar_year {background-color:#edf9ff;

.ajax__calendar .ajax__calendar_hover .ajax__calendar_title {color:#0066cc;}
.ajax__calendar .ajax__calendar_hover .ajax__calendar_today {color:#0066cc;}