Volkan Uzun

Today i passed 70-528 Microsoft .NET Framework 2.0 - Web-Based Client Development. this is my second certification exam after sql server.

keep taking the exams

Tags:

I started to read a new book a few days ago; The Pragmatic Programmer, From Journeyman to Master by Andew Hunt, David Thomas. so far i am enjoying the book, once i am done with i will write a brief review about it.

Tags: pragmatic programmer, book

Our campus site is using an iframe, and we encourage the other sites on campus using our iframe to have an identity of the university. This iframe has links to campus address, campus online directory, contact campus page link, an index of the campus pages, google search and most importanty a list box of quick links. This quicklinks informatin is held in the database, and unfortunately when it was programmed, nobody thought of performance, or optimizing i guess. The page accesses the database everytime iframe is loaded. Our main campus page gets a hit of 25000 to 35000 hits per day, and as we have decentralized structure, we cant control other departments' web site, so we have no idea how many hit they get, but roughly i will say, the iframe gets a hit of 45000 a day. Guess what, as there is no caching, or any other optimizing structure, the web sites hit the database 45000 times a day just to get a 80 or 85 rows of data which is quicklinks. It is not easy to add or delete a link from the quicklinks as it requires some meetings, management decisions so i can say it is mostly read-pnly database; it has been updated once a month at most.

So why was caching the information not thought at the beginning; i have no idea; but whenever i see code that i think it is really ugly, i try to fix it. What is the best fix for this? I can think of some different approaches:

• Read the quicklinks from the database, put it in a cache, have sqlcachedependency to monitor the table (I will call this Approach I); so whenever there is an update dont read the dirty cache but update the cache
• Read the quicklinks from the database, put it in a cache; have 1 day of lifetime for cache (Approach II)
  
• Dont use database at all,use an xml file read; from the xml file, so dont hit the databas; however it requires a disk access of 45000 times (Approach III)
• Dont use a database at all, use an xml file, read from the xml file one time during a day. so if there is an update, it will be reflected to quicklinks the next day (Approach IV)
• Like Approach IV but instead of reading the xml file the next day, read the last modified day, and if it is different from the last read day, read the xml file again (Approch V)
• Hardcode the links in the code :) (Approach VI)

Immidiately i eliminate Approach VI, as i dont like putting data in the code itself. Approach I looks ok to me at the beginning but we are only talking about 80 rows, and the links are updated once a month, i dont think it is good idea to poll the table for new updates, so i eliminate this. Approach II  too is basically like Approach I, but we dont poll the database for updates, we just read the entire table (once again we are talking about 80 rows at most) the next day, this is better  than approach i, as there will be 1 database hit per day. Comparing to 45000 hits per day, this of course a lot better approach, and if there is any update in the table, the worst case it will be up in the site after a day.

Approach III is eliminated as it hits the disk 45000 times. Approach IV is of course better, as it will hit the disk 1 time per day to read the xml to the memory. I dont see any performance implementing approach V against IV cause, the xml file will be very small, and instead of checking the last modified date, the whole xml could be read easily. 

So what is the verdict and why ? I picked approach II, as it hits the database only 1 time a day, and use cache to store the data. If there is any update in the table, it will be reflected to the site the next day. In fact i was planning to implement approach IV, as there wont be any database hit, and reading 80 lines of data in an xml will be faster, but we might be sharing or reusing this quicklinks table in other projects too; so instead of sharing xml file between projects and ending up different versions of the xml file in the future, i decided the approach II. 

Have fun refactoring :)

Tags:

After i have Resharper (thanx to the inland empire .net user group) i understand that IDE can really help you write better code. Visual studio is a very powerful ide and i dont think i, myself utilize it too much, i want to a list of nice things i like with visual studio.

1. Line numbering, i love to see line number in the code file so whenever the error message is talking about a line number, i can easily navigate to that line, how do you activate it for all your codes ? Go to Tools => Options => Text Editor => All Languages => Check Line Numbers section
2. When you are writing the code, and you refer to a .net class but dont have the using statement ? Hit Control+.
   
3. Your IDE's default language setting has changed from C# to VB.NET (or anything else?) ? Tools =>Import and Export Settings => Reset All Settings => No, just reset... => Select your language
4. You need to come back to a certain line of code? put a bookmark,Edit=>Toogle Bookmarks r Control K,Control K , to go to that line Control K+N
5. You want to leave a note to urself or to a friend who is going to maintain the same project? Comments to too difficult to manage task. Just add a comment that starts with //TODO: and when you compile the code, you will see the note in the tasks window. 
6. TODO: isnt good enough? you want to add your own types? Tools=> Options =>Environment => Task List. You can add yours tasks types here giving them a priority too

Tags:

As much as i am trying to learn and implement test driven, we have lots of projects in our hands that dont have any unit tests. Writing unit tests to the preexistingg functions are'nt that easy. One of the reasons is most of the functions are heavy-duty workers, they do lots of stuff. Unit testing or at least thinking how to test your functions teaches you to write very simple, short functions; and if you already have heavy duty functions, u try to refactor them. By refactoring, u usually endup having very small functions; a few lines maybe, and also having more independency; if you think about the scraper functions i posted a few days ago, one of them: GetSource was a heavy, obese function. It has more than 1 type of dish on its plate to eat, so let's try to refactor that code, below is the code before refactoring

 The first few lines of code is checking if string is empty, if not, does it have http:// prefix or not. So lets refactor this part, and write a function, below is the small function

Now the above function is a slim function, not only it is simple to test the function but also it helps to simplify the GetSource() too. The second part we can refactor is, the dependency on the WebRequest and WebResponse. We can write a function that returns a StreamReader and replace it in GetSource(), let's do this

Now we have a function that checks for http prefix, another function that returns StreamReader. As we return StreamReader from the function, now it should be easy to mock out this function cause any function that returns a streamreader could replace it. Let's recap out GetSource() function changing it so that it takes a streamreader parameter. By doing this, we simplify the unit testing. (cause it is now easier to mock out, if you have the streamreader inside the body of the function not as the parameter, it wont be easy to mockout)

Have fun 

Tags:

One of our web application which is developed using classic asp, has security problems all the time and causing problems to us. I compiled a number of things you should do to escape the same problems, let me know what u think

• Keep security in ur mind starting the design level
• use stored procedures or at least parameterized sql
• keep connection string in web.config and encrypt it
• validate user input including form inputs, querystring inputs etc
• encode user input
• dont give out hacker friendly error messages
• dont reinvent the wheel for user management, account management, use membership provider
• encrypt or better hash passwords in the database
• instead of sql authentication try to use windows authentication to connect to sql
• dont create too many admin accounts; use delefation
• log failed attempts
• monitor your application
• patch your system
• When u need ssl, use it
• dont reinvent encryption algorithms use .net framework security algos
• dont forget software ages like human being; the older it is, the more complains you will get
• have a backup plan
• have backups
• document ur apps, ur security tests
• read owasp.org
• read ms security bulletin

Tags:

Yesterday, i showed a function which does a regular expression check on a passed string, and returns true/false. Below is the code again one more time:

So lets unit test this function using ms unit test. Right click on the function name, and then click on create unit tests, click ok again on the next window. Name your project.

Rename the unit test that vs created for you to "CheckWhenThereisNoIframe" , we are going to pass a string that does not have any iframe and test it. below is the simple code for it

We should unit test the conditions where string is empty, when iframe is there with a wrong pattern, when there is iframe with right pattern, below is my code

Tags:

In our campus environment, we do have a banner that we strongly encourage other sites on campus to add the banner inside an iframe. I had to write an application which gets the urls from the database, and check if the site is using or banner or log, here is what we expect to see in the sites:

<iframe src ="http://www.csusb.edu/banner2007" width="100%" height="90" frameborder="0" 

    scrolling="No" title="CSUSB main navigation">

 so i need a regular expression that checks the above signature, below is the function i wrote:

It is a simple function which uses regular expressions to see if there is any pattern of iframe with the specified source. now the second part of the problem is connecting to the sites, to achieve this i use webrequest class as below

tomorrow i ll try to write a unit test agains this :)

have fun

Tags: scraping, webrequest

If you work in the states, and do a project for the government, then your projects should be accessible according section 508 guideline.  So if you are doing a web site, what does that mean?

• If you have an image on the page, the image tag should have an alt attribute describing what the image is about ( .net puts the alt attribute in the code but it is blank )
• if you have complex table,you should define scope and table header (gridview supports this)
• if you put a video, you should have subtitles
• if you have a form and labels regarding to textboxes, you should use label for to associate labels to textboxes, in asp.net you have a label, use associtedcontrolid property
• dont imitate the header using css
• make sure ur site is visible when you disable the css
  

these are the common problems i see in the web sites but not all :)

good luck making ur site accessible

Tags:

Ok, i told abot our problem yesterday. For some reason, the .net framework was throwing an error to event logs, saying that connection pool is full, and it couldnt connect to the database so the site was down. We rebooted the servers, restarted iis etc, this solved the problem for only a few hours. Of course our first intention is to go to the code and try to find the connection leaks, and fix them, but in the mean time what are we going to do ? when the site isnt working, your first goal should be making the site work, not coming up with the best solution.

My first dirty, fast solution is turning off the connection pool. To do this, open your web.config file, go to connectionStrings node, and inside the connection string properties add: "Pooling=false;". This will turn off all the pooling, I did this, and site came back alive, i was suspecting a slow web site, as now there is a hit on the database everytime the page loads, a connection is created everytime. Our daily hits is like between 25-35000. The default page is hitting the database 4 times to query 4 different tables, and guess what we dont have caching. The simple calculation shows that we hit the sql server 120,000 times/day just to display the home  page. If there is a leak in the connections, it is pretty costly. So anyways, we turned off the pooling, and next thing is, i asked the server admins to monitor the sql server resources as we might be using lots of cpu and ram for not using pooling. They told me after a day that, sql server was ok, no performans problems :) sweet!!, so i turned off connection pooling, and site is working without putting a load on the sql server. Then why do we have pooling enabled ? :) probably it ll be even faster once we fixed the leaks. 

We found out that one of our programmers do not open the connections inside a try catch block, also not disposing the sqldatareader. So we are fixing those (see yesterday's blog about the solution), and also we started to implement a caching mechanism so that the first time page is loaded, we will read the data from the database, put it in the cache. I ll measure the performance, before and after and will let you know what happens :)

Tags: