Rockford Lhotka's Blog

Home | Lhotka.net | CSLA .NET

 Friday, 08 September 2017

ASP.NET Core only works with ClaimsPrincipal. Specifically, the http context from ASP.NET Core only accepts a ClaimsPrincipal instance, not the more general IPrincipal type.

Confusingly, the rest of the .NET world (full .NET, Xamarin, .NET Core, and netstandard2.0) still support IPrincipal. This makes ASP.NET Core an outlier, but an important one.

As a library author, I’m wondering if the consensus is that IPrincipal is dead, and that all principal objects should now subclass ClaimsPrincipal? Is this a new universal truth?

Specifically, should I run through all of CSLA .NET and in the netstandard2.0 version only support ClaimsPrincipal?

This would ultimately affect people building for Xamarin, full .NET, UWP, .NET Core, mono, as well as ASP.NET Core.

This would be a major breaking change for anyone trying to get existing .NET code (using CSLA) to run in any netstandard2.0 environment. The thing is, if you want to use ASP.NET Core you are kind of forced into that major breaking change anyway right?

My first reaction is NO – I shouldn’t make such a big change, because all the platforms not running in ASP.NET Core shouldn’t be forced to accept this burden just because ASP.NET decided to make a low-level breaking change by not supporting the IPrincipal type.

But I’m interested in hearing other people’s thoughts on this. What is the right answer?

Friday, 08 September 2017 15:16:28 (Central Standard Time, UTC-06:00)  #    Disclaimer

I was just reading this article about how to migrate from LastPass to 1Password.

http://lifehacker.com/how-to-switch-from-lastpass-to-1password-1802689696

I can't argue with what the author says in terms of LastPass having had some security issues. So I quickly checked to see if 1Password supported Windows 10.

It does not. No app in the store, no plug-in for the Edge browser.

Conversely, LastPass has an Edge browser plug-in and a (clunky-but-functional) app in the store.

Having a password vault and actually using a password vault aren't the same thing, and I'm pretty sure I wouldn't actually use one if it was a pain.

So at the moment LastPass wins, because they've put in the work to make it easy to use on my Win10 and iOS devices.

Their store app could be a lot better, but even a clunky app is infinitely better than no app at all.

Friday, 08 September 2017 14:55:01 (Central Standard Time, UTC-06:00)  #    Disclaimer
 Thursday, 07 September 2017

One of Magenic's largest business areas is QAT, and we have a serious focus on automated testing (including our open source MAQS testing framework).

The Software Test Professionals Conference (STPCon) is the leading event where test leadership, management and strategy converge.

I'm extremely pleased that this year's STPCon keynote speaker is Paul Grizzaffi) from Magenic.

Join us as Paul Grizzaffi explains responsible ways to approach automation, some of the knowledge we’ll need in order to be responsible, and shares insights about automation responsibility from his own career. Let’s allow history to remember our automation initiatives fondly instead of as Pyrrhic forays into irresponsibility.

Paul is also hosting a round table discussion on automation challenges.

Please join us in a round table discussion of attendee-provided automation challenges where we can share our thoughts and potential solutions to these challenges.

Troy Walsh, Magenic's practice lead for QAT, is also presenting at the conference. He'll talk about WinAppDriver vs Winium.

In this session, we will go hands on with WinAppDriver and Winum. We will dig into code and see how each tool works. We will also compare and contrast the tool features, usages and shortcomings.

Finally, Paul and Troy will team up to provide a demo of the open source MAQS framework.

We will demonstrate the Magenic Automation Quick Start framework, and its integration with CI/CD/CT workflows. MAQS is an open source package designed so that you can be running automated tests in minutes.

We are proud to be involved in STPCon, and hope you'll join us at the event!

Thursday, 07 September 2017 08:14:22 (Central Standard Time, UTC-06:00)  #    Disclaimer
 Wednesday, 30 August 2017

Groove Music

Long ago I switched from a Windows 10 phone to an iPhone. But I remained a Groove Music user, because I really like the service and its features.

  1. Offline sync of playlists so I can listen on the airplane
  2. Available on iPhone, Android, Windows, Xbox
  3. Plays music videos when available
  4. "Radio" (used to be Smart DJ or something) to help find new music

The only big issue I've struggled with on the iPhone is that the app doesn't have an easy way to sync all my music from OneDrive onto the phone for offline play. This was a simple option on Windows, but there's no support in the iPhone app.

I've got a few thousand songs in my library, all on OneDrive. They auto-sync to my Windows 10 devices for offline play, but the most important device for offline play is my phone, which I use when on airplanes and driving through northern Minnesota.

I tried syncing the music to the phone using iTunes, but that only makes the music available via the Apple Music app, not Groove, and I want my music in a single app across all my devices.

After trading some emails with a gentleman named Bob Spiker (I think the original email exchange was in response to a twitter rant of mine), it turns out there's a hack that sort of works.

These are the steps:

  1. Open the Groove app on Windows and create a set of playlists that contain only your OneDrive music
    1. Playlists can only have 1000 songs, so you may need to create several playlists
    2. It is probably easiest to add artists to the playlists, as you'll have fewer of them then albums or songs
    3. You can do this on your phone too, but the UI is tedious, so it is far easier on Win10
  2. Open the Groove app on your iPhone and you'll see the playlists; open each playlist and mark it available for offline use
  3. Make sure your phone has enough storage to handle your music; the sync will stall if the phone runs out of storage
  4. Groove will only download songs when the app is open and the phone's screen isn't locked
    1. Go to the iPhone settings, search for "Lock" and set the phone to never lock
    2. Plug in the phone so it is on AC power
    3. Leave the Groove app open as the active app
    4. Make sure your phone is on high speed wifi
    5. Wait patiently until the music has all synced onto the phone (which might take a long time)
  5. Go back into your phone's settings and set the auto-lock back to its original setting

This isn't a perfect solution. It does get all the music onto the phone, but I'm finding that artist/album indexing isn't always working as expected against the music synced from OneDrive. In other words, the music is there and you can see it in the playlists, but you can't always find it from the artist or album views (though it is usually there).

Maybe the "right" answer is to switch to another music service. But I'll only do that if I get the same cross-device support (including xbox), offline sync for my phone, and music videos.

Wednesday, 30 August 2017 13:03:12 (Central Standard Time, UTC-06:00)  #    Disclaimer
 Friday, 28 July 2017

People might wonder why I'm personally so pro-diversity when it comes to STEM (and pretty much everything else for that matter). Some perhaps assume I'm just a blind SJW gamma male or whatever.

My motivation certainly does flow, in part, from a broad sense of fairness and inclusion. But there are two key points that really drove me toward being active in this space.

First, diverse perspectives and ways of thinking through a problem are, frankly, a lot of what makes America great.

There are other countries out there with much larger populations, and rapidly expanding middle classes and educational systems. China, for example, has more children in their gifted and talented school programs than we have children total here in the US.

We have a substantial cultural advantage, at least in terms of the western style corporate world, because our culture is non-conformist. Americans generally feel comfortable expressing their viewpoints and "sticking their necks out" with their ideas. The result is that we often seem to come up with, and implement, new ideas at a comparatively fast pace.

That diversity of ideas, and the willingness to take that risk, is really key. This is backed up by research btw, here's an article from Scientific American for example.

Diversity of thought comes from diverse backgrounds, cultures (regional or global), educational experiences, and overall life experiences. The best way to get that diversity of thought is to have a diverse workforce in terms of gender, race, background, etc.

Or to put it another way: diversity is good for America.

Second, and perhaps somewhat related, it seems entirely unreasonable to me that mankind can be successful in the long term if we are only willing to accept contributions from a minority of humans - most notably straight white males.

It is true, I'm a SWM. But my life is full of non-white and/or non-male and/or non-straight people who are amazingly smart, talented, educated, and driven. Several of these folks have contributed directly or indirectly to my personal experience/success/whatever over the years - in work and life in general. Hopefully the reverse is true as well.

I guess my point is that, specifically from a US-centric perspective, we can't afford to treat any smart, educated, driven people as second class or unworthy if we are to compete on the global stage. Our absolute population is too small, and we need all our people to remain competitive.

Half the population is female. It is crazy to think we'd ignore half the brainpower in the world. Self-defeating actually.

Similarly, 37% of the US population is non-white. And that number is rapidly growing. Again, it would be self-defeating to ignore well over a third of our country's brainpower.

So yes, some of my motivation comes from my view that all people are created equal. A view that seems like an obvious part of being American.

Add to that the hard reality that to be against diversity in STEM is to intentionally shut out a majority of the brainpower in the US, much less the world at large. That's obviously ridiculous and irresponsible - as a professional and as a human.

Friday, 28 July 2017 11:13:48 (Central Standard Time, UTC-06:00)  #    Disclaimer
 Sunday, 04 June 2017

I read this thread on reddit thanks to terrajobst - with some amazement, and empathy.

Perhaps most people haven't made a major mistake in their careers, but I've made more than one. And my mistakes were probably more directly my fault than the mistake this poor person make - a mistake that was clearly caused by poor practices by the employer, not be the fresh-out-of-college employee.

I'll summarize what I believe are the two worst mistakes I've made.

Major mistake one was about eight months into my first real job out of university. This predated the concepts of source control like we know it now, so we all worked on a common directory structure that contained the source code for everything. And I deleted it all.

Yup, thought I was deleting something else, but did a recursive delete of the entire source code directory structure, instantly bringing all our developers to a full stop and losing a day's work (or more if the backups weren't good).

Fortunately the backups were good, thanks to a competent system administrator who not only performed the backups, but also regularly tested them. Yeah, just because you "have a backup" means nothing unless your regular IT process includes testing the restore process.

My mistake essentially cost all developers at least two days of time. The day lost when I deleted their work, some hours for the restore, and then another day for everyone to redo their work.

Still, I didn't get fired, though I did get a lot of crap from my colleagues and was on management's sh*t list for a while. And rightly so in my view.

This is probably a bit arrogant, but I strongly suspect I got to keep my job because I was a young hot-shot with no kids, and really no life to speak of, so my productivity as a developer was the best on our entire team. Except probably for my boss, who was an amazing developer!

Major mistake number two was about three years into my career (working at my second real job after university). I worked in IT and had (temporarily) left software development to become the system administrator and manager of the help desk.

I thought our security policies were too lax, and I'd been researching how to tighten up the rules around who had which kind of network and system permissions. Unfortunately what I didn't know was that changing these policies would invalidate everyone's password. Nor did I have the wisdom to do this over a weekend or anything - so I made the change midday.

Next thing you know, a few hundred people lost access to the entire computer system, basically bringing the entire bio-medical manufacturing company to a halt.

Sweating profusely, with basically every manager in the company breathing down my neck, I wrote a script to reset all passwords to a known value so it was possible to get everyone back online.

Basically I cost the company a half day's work, and I'm sure people had to work overtime to catch up and meet deadlines for products to be delivered to customers on time.

Yet again, my f*ckup to be sure. Fortunately I'd been there for quite some time and had built up non-trivial personal capital - all of which was probably spent in that one brief moment when I pressed enter on the line that accidentally locked everyone out of the system.

I read through that reddit post from the poor junior dev, apparently just following flawed onboarding instructions. I suppose the end result of that mistake is comparable to mine, and they had no personal capital to spend (this being day one on the job).

Regardless, from the poster's account it is so clear that the mistake was absolutely the responsibility of the employer - flawed onboarding instructions, extremely shoddy separation between dev and prod environments, apparently no regular testing of backups to make sure they could restore. The sort of environment I experienced back in the 1980's - and wouldn't expect to see anywhere today!

In my view the poster on reddit shouldn't have lost their job like that. They probably should get a lot of crap from coworkers, and perhaps go down in company history as the person who accidentally instigated better processes for development and IT. But not job loss.

On the other hand, perhaps this is for the best - a place run so poorly perhaps isn't a great start to anyone's career. Just think of all the bad habits a new employee might pick up working in a place like that.

Sunday, 04 June 2017 13:39:38 (Central Standard Time, UTC-06:00)  #    Disclaimer
 Tuesday, 02 May 2017

There seems to be some confusion around what Microsoft announced today around Windows 10 and the Surface Laptop.

These are two separate things.

Windows 10 S

This is a new flavor of the Windows 10 operating system. It has nothing to do with hardware. Numerous hardware vendors announced Intel-based devices that'll run this flavor of Windows - including Microsoft.

This version of Windows 10 is restricted to running apps deployed from the Windows store. That includes WinRT/UWP apps, and it includes Win32 apps. For some time now it has been possible for software developers to deploy Win32/.NET apps via the store - Slack is a good example.

Microsoft has said that they'll soon have the full Win32 version of Office in the store. Which makes sense, since they'll want Windows 10 S users to also use Office.

It is also the case that Windows 10 S is more locked down than standard Windows 10, both from a security and battery life perspective. Lower-level features/tools used by developers aren't available, improving security and battery life by eliminating things you don't want students (or most users) to do anyway.

Can a flavor of Windows survive if it only runs apps deployed from the store? I don't know, but given that it is pretty easy for software developers to deploy their existing apps via the store, plus there's quite a lot of nice UWP apps there too, I think it might have a shot.

Personally I wish more software vendors deployed via the store, as that radically reduces the chance that people will get a virus from some random website deploy.

Surface Laptop

This is a new member of the Surface hardware family. It is a laptop, not a tablet or convertible like the Surface Pro or Surface Book.

This is a nice looking and pretty high end laptop. It has Intel Core i5 or i7 chips, a beautiful touch screen like all the other Surface devices, works with the stylus, and comes with as much as 16gb memory and a 1tb SSD. Microsoft is claiming up to 12 hours battery life.

Personally I really enjoy my Surface Pro 4, and use it as a tablet quite often, so I'm not planning to switch to a laptop. So I'm holding out for a Surface Pro 5 😃

But I understand that a lot of people really like the laptop form factor, and this is like a super-powered Macbook Air with a touch screen and (imo) a better operating system.

Speaking of which, the Surface Laptop will ship with Windows 10 S, and can be upgraded to Windows 10 Pro. So for a lot of "regular users" they'll be able to use it as-is, and for power users or developers we can upgrade to Pro to unlock all the power (though Microsoft warns that this will reduce battery life, because Windows 10 S does a better job in that regard).

Summary

Hopefully this helps with some of the confusion. This is not another Surface RT sort of thing. Nor is it a return to ARM-based hardware.

It is a new flavor of Windows 10 focused on regular computer users, thus providing enhanced security and battery life, with a consistent way of deploying apps.

And it is a new member of the Surface hardware family. A high-end laptop for Windows 10 S or Windows 10 Pro.

Tuesday, 02 May 2017 14:45:50 (Central Standard Time, UTC-06:00)  #    Disclaimer
 Friday, 07 April 2017

Trying to figure out the core "meat" behind blockchain is really difficult. I'm going to try and tease out all the hype, and all the references to specific use cases to get down to the actual technology at play here.

(this is my second blockchain post, in my previous post I compare blockchain today to XML in the year 2000)

There are, of course, tons of articles about blockchain out there. Nearly all of them talk about the technology only in the context of specific use cases. Most commonly bitcoin and distributed ledgers.

But blockchain the technology is neither a currency nor a distributed ledger: it is a tool used to implement those two types of application or use case.

There's precious little content out there about the technology involved, at least at the level of the content you can find for things like SQL Server, MongoDb, and other types of data store. And the thing is, blockchain is basically just a specialized type of data store that offers a defined set of behaviors. Different in the specifics from the behaviors of a RDBMS or document database, but comparable at a conceptual level.

I suspect the lack of "consumable" technical information is because blockchain is very immature at the moment. Blockchain seems to be where RDBMS technology was around 1990. It exists, and uber-geeks are playing with it, and lots of business people see $$$ in their future with it. But it will take years for the technology to settle down and become tractable for mainstream DBA or app dev people.

Today what you can find are discussions about extremely low-level mathematics, cryptography, and computer science. Which is fine, that's also what you find if you dig deep enough into Oracle's database, SQL Server, and lots of other building-block technologies on top of which nearly everything we do is created.

In other words, only hard-core database geeks really care about how blockchain is implemented - just like only hard-core geeks really care about how an RDBMS is implemented. Obviously we need a small number of people to live and breathe that deep technology, so the rest of us can build cool stuff using that technology.

So what is blockchain? From what I can gather, it is this: a distributed, immutable, persistent, append-only linked list.

Breaking that down a bit:

  1. A linked list where each node contains data
  2. Immutable
    1. Each new node is cryptographically linked to the previous node
    2. The list and the data in each node is therefore immutable, tampering breaks the cryptography
  3. Append-only
    1. New nodes can be added to the list, though existing nodes can't be altered
  4. Persistent
    1. Hence it is a data store - the list and nodes of data are persisted
  5. Distributed
    1. Copies of the list exist on many physical devices/servers
    2. Failure of 1+ physical devices has no impact on the integrity of the data
    3. The physical devices form a type of networked cluster and work together
    4. New nodes are only appended to the list if some quorum of physical devices agree with the cryptography and validity of the node via consistent algorithms running on all devices
      1. This is why blockchain is often described as a "trusted third party", because the cluster is self-policing

Terminology-wise, where I say "node" you can read "block". And where I say "data" a lot of the literature uses the term "transaction" or "block of transactions". But from what I've been able to discover, the underlying technology at play here doesn't really care if each block contains "transactions" or other arbitrary blobs of data.

What we build on top of this technology then becomes the question. Thus far what we've seen are distributed ledgers for cryptocurrencies (e.g. bitcoin) and proof of concept ledgers for banking or other financial scenarios.

Maybe that's all this is good for - and if so it is clearly still very valuable. But I strongly suspect that, as a low level foundational technology, blockchain will ultimately be used for other things as well.

I'm also convinced that blockchain is almost at the top of the hype cycle and is about to take a big plunge as people figure out what it can and can't actually do.

Finally, I believe that blockchain, assuming there's money to be made in the technology, will become part of established platforms such as Azure, AWS, and GCP. And there might be some other niche players left, but the majority of the many, many blockchain tech providers out there today will ultimately be purchased by the big players or will just vanish.

Friday, 07 April 2017 10:02:32 (Central Standard Time, UTC-06:00)  #    Disclaimer
 Wednesday, 05 April 2017

It seems to me that blockchain today is where XML was at the beginning. A low level building block on which people are constructing massive hopes and dreams, mentally bypassing the massive amounts of work necessary to get from there to the goals. What I mean by this is perhaps best illustrated by a work environment I was in just prior to XML coming on the scene.

The business was in the bio-chemical agriculture sector, so they dealt with all the major chemical manufacturer/providers in the world. They'd been part of an industry working group composed of these manufacturers and various competitors for many years at that point. The purpose of the working group was to develop a standard way of describing the products, components, parts, and other aspects of the various "products" being manufactured, purchased, resold, and applied to farm fields.

You'll note that I used the word "product" twice, and put it in quotes. This is because, after all those years, the working group never did figure out a common definition for the word "product".

One more detail that's relevant, which is that everyone had agreed to transfer data via COBOL-defined file structures. I suppose that dated back to when they traded reels of magnetic tape, but carried forward to transferring files via ftp, and subsequently the web.

Along comes XML, offering (to some) a miracle solution. Of course XML only solved the part of the problem that these people had already solved, which was how to devise a common data transfer language. Was XML better than COBOL headers? Probably. Did it solve the actual problem of what the word "product" meant? Not at all.

I think blockchain is in the same position today. It is a distributed, append-only, reliable database. It doesn't define what goes in the database, just that whatever you put in there can't be altered or removed. So in that regard it is a lot like XML, which defined an encoding structure for data, but didn't define any semantics around that data.

The concept of XML then, and blockchain today, is enough to inspire people's imaginations in some amazing ways.

Given amazing amounts of work (mostly not technical work either, but at a business level) over many, many years XML became something useful via various XML languages (e.g. XAML). And a lot of the low-level technical benefits of XML have been superseded by JSON, but that's really kind of irrelevant, since all the hard work of devising standardized data definitions applies to JSON as well as XML.

I won't be at all surprised if the same general path isn't followed by blockchain. We're at the start of years and years of hard non-technical work to devise ways to use the concept of a distributed, append-only, reliable database. Along the way the underlying technology will become standardized and will merge into existing platforms like .NET, Java, AWS, Azure, etc. And I won't be surprised if some better technical solution is discovered (like JSON was) along the way, but that better technical solution probably won't really matter because the hard work is in figuring out the business-level models and data structures necessary to make use of this underlying database concept.

Wednesday, 05 April 2017 11:40:44 (Central Standard Time, UTC-06:00)  #    Disclaimer
On this page....
Search
Archives
Feed your aggregator (RSS 2.0)
September, 2017 (3)
August, 2017 (1)
July, 2017 (1)
June, 2017 (1)
May, 2017 (1)
April, 2017 (2)
March, 2017 (1)
February, 2017 (2)
January, 2017 (2)
December, 2016 (5)
November, 2016 (2)
August, 2016 (4)
July, 2016 (2)
June, 2016 (4)
May, 2016 (3)
April, 2016 (4)
March, 2016 (1)
February, 2016 (7)
January, 2016 (4)
December, 2015 (4)
November, 2015 (2)
October, 2015 (2)
September, 2015 (3)
August, 2015 (3)
July, 2015 (2)
June, 2015 (2)
May, 2015 (1)
February, 2015 (1)
January, 2015 (1)
October, 2014 (1)
August, 2014 (2)
July, 2014 (3)
June, 2014 (4)
May, 2014 (2)
April, 2014 (6)
March, 2014 (4)
February, 2014 (4)
January, 2014 (2)
December, 2013 (3)
October, 2013 (3)
August, 2013 (5)
July, 2013 (2)
May, 2013 (3)
April, 2013 (2)
March, 2013 (3)
February, 2013 (7)
January, 2013 (4)
December, 2012 (3)
November, 2012 (3)
October, 2012 (7)
September, 2012 (1)
August, 2012 (4)
July, 2012 (3)
June, 2012 (5)
May, 2012 (4)
April, 2012 (6)
March, 2012 (10)
February, 2012 (2)
January, 2012 (2)
December, 2011 (4)
November, 2011 (6)
October, 2011 (14)
September, 2011 (5)
August, 2011 (3)
June, 2011 (2)
May, 2011 (1)
April, 2011 (3)
March, 2011 (6)
February, 2011 (3)
January, 2011 (6)
December, 2010 (3)
November, 2010 (8)
October, 2010 (6)
September, 2010 (6)
August, 2010 (7)
July, 2010 (8)
June, 2010 (6)
May, 2010 (8)
April, 2010 (13)
March, 2010 (7)
February, 2010 (5)
January, 2010 (9)
December, 2009 (6)
November, 2009 (8)
October, 2009 (11)
September, 2009 (5)
August, 2009 (5)
July, 2009 (10)
June, 2009 (5)
May, 2009 (7)
April, 2009 (7)
March, 2009 (11)
February, 2009 (6)
January, 2009 (9)
December, 2008 (5)
November, 2008 (4)
October, 2008 (7)
September, 2008 (8)
August, 2008 (11)
July, 2008 (11)
June, 2008 (10)
May, 2008 (6)
April, 2008 (8)
March, 2008 (9)
February, 2008 (6)
January, 2008 (6)
December, 2007 (6)
November, 2007 (9)
October, 2007 (7)
September, 2007 (5)
August, 2007 (8)
July, 2007 (6)
June, 2007 (8)
May, 2007 (7)
April, 2007 (9)
March, 2007 (8)
February, 2007 (5)
January, 2007 (9)
December, 2006 (4)
November, 2006 (3)
October, 2006 (4)
September, 2006 (9)
August, 2006 (4)
July, 2006 (9)
June, 2006 (4)
May, 2006 (10)
April, 2006 (4)
March, 2006 (11)
February, 2006 (3)
January, 2006 (13)
December, 2005 (6)
November, 2005 (7)
October, 2005 (4)
September, 2005 (9)
August, 2005 (6)
July, 2005 (7)
June, 2005 (5)
May, 2005 (4)
April, 2005 (7)
March, 2005 (16)
February, 2005 (17)
January, 2005 (17)
December, 2004 (13)
November, 2004 (7)
October, 2004 (14)
September, 2004 (11)
August, 2004 (7)
July, 2004 (3)
June, 2004 (6)
May, 2004 (3)
April, 2004 (2)
March, 2004 (1)
February, 2004 (5)
Categories
About

Powered by: newtelligence dasBlog 2.0.7226.0

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

© Copyright 2017, Marimer LLC

Send mail to the author(s) E-mail



Sign In