Web Dev Matters and Me

Web Development Matters - HTML, XML, C#, .NET, AJAX/Javascript(jQuery), CSS, XML-XSLT

ME - LIFE,Philippines, Tokyo, ECE, PhilNITS/JITSE,情報処理, 日本語

things about Philippines, gaming, C# development and web development, how to make money in stock trading

Web Dev Matters and Me

C# Code Optimizations

Today, I asked few developers from a forum(S.O) about some conversion. On my post, I said my need to get the data by performing bit shifts instead of divisions. Though, most of the people there suggested that it is not something that can improve optimization, I strongly disagree.


So, to make an experiment.. how about trying to make two Stopwatch objects ..
on the method that will be executed, initialize an instance, then invoke the Start method. just below that have a loop that performs 10000 times and inside this loop, perform a multiply operation.

After it exits the loop, invoke the Stop method.

then, on the next line, initialize the second Stopwatch object, invoke the start method and have a loop that performs 10000 times and inside this loop, perform a division operation.

after it exits the loop, invoke the Stop method of this object as well...


You can see the difference by checking on the ElapsedTicks of the Stopwatch objects.. I'm sure you now know what I'm talking about (^_^)



Getting reference to Controls in Lightswitch

While trying something in Lightswitch, we encountered a problem that involves using different controls (non-default), like Textbox,Stackpanels, etc. Now, the problem is, the data that will be displayed using those custom controls are not really part of the actual data model.

To Cache or Not To Cache - ASP.NET

I've recently implemented caching on some pages of my website. But it seems that caching won't help much because it is hosted on a shared server. While the page will be optimized using the cache, it can also be a reason to hit a 503 very soon, especially if caching is implemented with varying parameters.


But when should we use caching? I think caching can only solve scenarios to lessen the delay of serving resources to client browsers, instead of having a direct query to resources per request.

For example, I need to display data from database that takes about 1-2 minute query. This data can just be cached to have it served right away. But also, we should keep in mind that, if we put this on cache, we are putting these on memory..... and these memory takes a portion of the application pool's resource.

So, it is important to consider what to cache, and if the server (app pool) can cache.

Philippines amids issues, calamities, etc.

After recent typhoons that hit Philippines, we're still experiencing slightly depressed weather and also moods. Just by looking at the news, we can see the damages these recent typhoons have left, especially in Agriculture businesses. It seems like typhoons get a little bit devastating over years, it was 2 years ago since we got hit by Ondoy (Intl' name Ketsuna), and now we had Pedring (Nesat), which is followed by two typhoons (Quiel and Ramon).

I'm writing this again on a sleepless night, and recalled a conversation with my two co-workers. we discussed about the recent rallying (planking) by jeepney drivers association, who did a mass, metro-wide strike in an effort to ask for higher fares fee and lower gasoline price. Sometimes, I'm getting sick of hearing the same stuffs where they don't care about the aftermaths of their doings.

As of the current post, standard fare was 8.00PHP. For me, if there are other modes of transportation, I would least prefer riding a jeepney. Why? I experienced great annoyances and discomfort when I ride them. I'm not a jeepney hater btw, I had a close friend who lives on a jeepney family business. I just don't feel like paying the fare is really worth when:

1. The driver have to make a stop at a gasoline station to refill gas while the passengers are there, when it can be done before. For me, it was really an act of disrespect to passengers. Ever heard a saying that if you take time from someone without their conscent, you are stealing money from them.

2. The driver calls that there are still available seats, but when you take a step inside, you'll see that it was really a small spot where you can't even sit comfortably. You have to squat inside until somebody disembark the vehicle. And if you decided not to ride, the driver will make the jeepney move, forcing you to just squat there...

3. Stopping anywhere and waiting like it is OK for passengers to waste their time! If Metro Manila only have the subways of Tokyo Metro, nobody will have to ride on these jeepneys.


As for the planking issue, they might feel bad about taxation things and complains about their taxes, but how about us who works on IT firm, including those who work on call-centers, BPO firm, etc. On every 15th and 30th of the month, there are no other thing that drives us mad other than looking at our payrolls, with high Gross pay and a low resulting net pay, then face the horror of the amount of tax deducted.... (T-T). Apparently, I believe that most of the contributions on income taxes came from IT/BPO/CallCenter industries, yet we don't even raise a strike and stop from doing our work. In fact, I wish we could just do, but by thinking of the work we do and the sincerity to deliver quality output, we just end up grinding our teeth and hoping that one day, our taxes will work for us.

Each time these jeepney drivers strike, we have difficulties going to work and return to home. The problem here is that, when they strike do they know where to direct all their issues? It seems like they are barking the wrong tree here... I hope they just go rally in front of the house of the person responsible for their sufferings... and do some planking there. Those people are just drinking wine, watching TV and laughing how they do their act. If they do this again some other day, it will be the same, because these people responsible for their problems don't even need to ride a public utility vehicle, because they own a lux car... yes, those are probably from hard extracted taxes....

HttpRequests, Browser, UI Invokes, asynchronous ways in Silverlight 4.0

I had difficulties making HttpRequests/Response handling in Silverlight since it most of the events are asynchronous by nature. It all rooted on a task that involves data to be exported on CSV format. This is really easy (first approach) as I only have to format it accordingly using commas, but unfortunately this was not the case. SaveFileDialog must be invoked on a UI thread, meaning constructing it on non-UI event handlers will throw an exception (must be User invoked), which makes sense since we're dealing with client side here and placing files on a client side without the user's conscent is like planting something wicked on their machine.

With this, I have decided to just have Silverlight post to a server then store those data on the context of Application's Cache. With this, I don't need to worry about getting the stream and deal with the security. So, I did a quick handler hack. At first, I made a synchronous one. After I got it working, I considered a concurrent user request performance and converted it to asynchronous. I noticed slight difference here. The file received from a synchronous handler indicates the complete size of the file, while asynchronous handler don't. It doesn't affect how the request is handled, meaning if your usual query for a resource took 5 seconds, asynchronous handler can't change that. The performance benefit takes place when multiple users performs the same query. Since it doesn't have to wait for the handle to process the request and instead start on a new thread, it offers better performance.

But, I have to write HttpRequest, then another HttpRequest after the asynchronous callback fires, where I can write POST datas, then submit it again and take the response back. It was really different on what I used to do in web, but somehow I starting to find a bit of liking to it.


Things that I found useful:

Dispatcher.BeginInvoke();// Use anonymous method to invoke or set properties

getting my hands dirty on Silverlight 4

I was too busy doing silverlight 4 related works that I'm unable to blog here. And since it was a client-side application, I don't have to worry much about the control states , unlike web development , but still I prefer doing web development since I'll have some time reading those MCTS learning kit while doing some quality deliverables of work.

Anyway, I'm able to familiarize myself that controls without actual click or selectedindexchanged events are only solid on their borders. Filtering datas from DomainDataSource is quite a pain, since nested filters doesn't work with DDS... unless one can bear with a ContainedIn method with non-accurate result and the asynchronous way of loading data, I missed Dataset based manipulation, although it seems that Microsoft believed that DomainDataSource is the right direction and Datasets are history.

Another thing that gave me sleepless nights are the the SaveFileDialog objects. These things protect client side things that sometimes they are a pain to deal with. For example, if I have an asynchronous data from DB or from a Service call, and I need to save the result of the query or service call somewhere in the client PC. Showing the SaveFileDialog in non-UI related events (like button click, selected index changed, etc) will throw an exception that "Dialog must be user initiated".

I understand that Silverlight was a client-side application and if SFD won't do it like this, client PC are at big risk to malicious things, but because of this restriction, it is hard or maybe impossible to keep the saving and loading of data in sync, even with sleeping threads, on assumption that it runs on different thread..


I hope they made some fix for those issues in SL 5.0

Substring function in XSLT

And they just didn't make it something like javascript... I'm never expected that XSLT has function like this, and it just helped me in one of my XML/XSL parsing task.


 substring("ABCDEFG",3,3)  will display CDE since XSLT doesn't refer the first element on 0 index.


Actually, I really disliked the way XSLT do in loops. you can't overwrite variables, and for-looping and performing something on a node-specific basis is really painful, you have to do it the HARD way, which makes your coding experience a bit dirty, especially if you are already attached to the OOP way of doing things...


XSLT was never meant to be a programming language anyway.. .

Learning Silverlight 4.0 from 1.0

Finally! Maybe I should thank my previous manager. Now I have this much awaited chance to continue my Silverlight 1.0 experience to Silverlight 4.0 and maybe 5.0. When Silverlight was on pilot version, I was enthusiast enough to apply it to a task, 2008 (I'm still on Tokyo that time). It was completely a client-side thing, that I have to make AJAX request just to make a server-side request and back to XAML.

I noticed the great addition since version 1.0. There are many controls now, which I also expected. I remember my nostalgic 1.0 days making animations using simple ellipses, rectangles, some fills and few images. Now, there are controls. I'm starting to feel that, it was like an ASPX/Windows Form hybrid which have mutated over time , but for good.




But, I still have something that I'm expecting Silverlight team to draw. I'm sure every youtube fans already know that they can record a video using their computer's built in camera and have it uploaded in youtube servers. I've long expected Silverlight to have this, without having users make a custom control, at least for the part that accepts the data binaries and have it collected at serverside (like aspx posted file, or wcf way).

Or maybe, I'll just implement one, if I can grab some reference on how to use video devices and have the stream buffered and then send to server.



 

Get XML results for your Query (SQL 2008)

I'm still find it hard to squeeze all available optimization on my site. I successfully had facebook plugins in it after trying, and now I'm staring at the SQL Server database, which can be a potential bottleneck to my web app.


So, maybe it would be nice if I can simply get my query as XML and pass it directly to be rendered. This will eliminate additional mappings and will free me some rendering process too, which is sweet! ^_^



So, how to do it? Very simple...just use "FOR", "XML PATH" and TYPE

so, in this sample query...



         SELECT 'TEST Title' as title
        ,'SAMPLE Description' as [description]
        FOR
        XML PATH(''),
        TYPE
        


will produce 

<title>TEST Title</title>
 description SAMPLE Description </description



Simply replace the hard-coded string to column-names and you're making XML queries in no time. So, instead of mapping everything to some object/classes, I'll have this coupled by the presenter page to the view. Now, the only problem I have is to wait for weekends to continue doing my xslt site.






 

Decoding Google's querystring

Everytime we search our web companion google, our form from google's page is posted to another page handler. It was really hard to know what informations are obtained on process since it is doing a POST (probably to get few information that the users cannot set, plus the logging for querystring based request).

Deploying WCF to IIS Server 7.5

I had to take few minutes to figure out how to deploy Virtual Applications, etc in IIS 7.5 . For me, deploying web applications and services in IIS 5 and 6 is easy, but maybe Microsoft did something new in IIS 7, that can improve the way we develop in .NET technologies.

Web Optimizations in a shared hosting environment

One of my hosted site receives concurrent visitors, and eventually goes down in few seconds. I never thought that it would be that bad, when most of the websites/web applications I've done runs smoothly in web servers where I deployed it. Just how many application pools are running in that shared server? Probably, hundreds? I tried to check for the specs, but unfortunately Diagnostics classes are prevented due to security policies (clients might close their site hosting from them if they realize that the server is crappy).



The biggest challenge here is to optimize everything. Instead of an object mapper, I'll just have the database return specific records, and perform minimal manipulation. Use limited variables and trim everything by size. ( I think that server runs approx 1MB - 100MB RAM for my application pool).



The page loads faster now, though still cant survive the slashdot effect.

Problem with IE

On my recent web development, I've decided to implement XML+XSLT to save some server processing to render HTML contents. Also, I'm considering this for future maintenance, if ever I would need to change the layout, I'll simply change the XSL templates.The next time xml pages are loaded using that XSL transform file, the browser will not download it anymore and simply apply the transform locally. This also has the benefit of making information reusable. Since the information is already available as an XML document, anyone can simply make a Webrequest to a page URL, convert the stream into an XmlDocument, and information is there. I also decided to monitor all file request on my website. This is to get all site activity as much as possible,and make it invisible to user without specifying additional variables (session, querystring, form, viewstate or cookie).


I've tested this on FF, Chrome and IE9. Got it working, but when I tried it on IE 8, it made me sad that IE8 strips UrlReferrer of XSLT file. (other files do have their UrlReferer btw).


I can't make a big step to decide and assume that all visitors of my site won't be using IE8 or below. I think IE is still the most used browser, and it was already a fact. And another depressing fact is that, to install Internet Explorer 9, you need to upgrade to a more recent version of Windows *cough* 7. Yes,

IE9 is only available to Windows 7.

 Now, this has been an issue with Web Developers. Flash or Javascript? How many users would install or upgrade their Flash version just to have everything on your website rendering OK? I don't want to think that, I can have few visitors to install Windows 7 for me and have them use IE9.

Beware of Credit Card Scams used in Fitness Gyms

I didn't cared much about this until later when I got my Credit card charged with un-Authorized transactions. To share this, I enrolled to a Fitness Gym. At first, I was hesitant to use my credit card but with good salestalk, I was blinded by the freebies provided for those who will register, and also avail their promo. Then, after I got everything OK, I was approached by one of their staff. I was told that there are other members who want to join, but don't have a credit card. So, this staff explained to me that they just need some credit card to be registered with their registration, so they can avail their promo but no charges will be sent to my credit card, as it will be nullified on purpose (Was explained to me that, they will just charge 1 peso and cancel the transaction, so no charges will be sent.). I'm just tired and really want to call it a day, so I said, OK but be sure that I won't have any trouble with this, which the staff expressively said "yes, absolutely no problem!".

Frustration in XML+XSLT

Had a hard time developing my site. One of doubting challenge would be SEO. We all know (ok, maybe not really), that a site is friendly to search engines when contents can be "somehow" readable to the search engine crawlers. The site I'm making now is not for a popular brand that people already know. So, every web crawler's effort is appreciated.

If we send the data thru XML, we are sending the raw information using our own format. Google, Yahoo or Bing won't know that a text I've enclosed with some name tags is for, other than it is a readable text, something that can be matched with related informations.

So, the present that XML data to a human user, we have to transform it HTML that the browsers can understand, using XSLT. During testing, I have noticed that the browser caches few files, which made me conclude that, it really does save bandwidth problems for high-traffic sites.

 Added up with HTML5 (which gives me some real pain in the neck, thanks to stubborn as ever, IE), it is possible to make cool web UIs. I already up'ed the site, and will see in weeks how the contents result in major search engine results.

Using MVP Pattern + XSLT

I just finished developing my web framework in MVP and now, it is time to do work on the client side. XSLT made the missing piece I want for my website complete. Using this, data will be presented in pure XML, which means datas on the website can be easily re-used on different platforms, and even javascript too, which is nice.

This doesn't limit my site to just have a passive view. I can still have all those input fields and accept all those user input datas, yet my site will be in XML form, web crawlers can easily see my site, no unnecessary SEO paranoia things, hehe.

All this facts leaves me to one last task, mapping each request in IIS to make those URLs pretty to search engines.

UPDATE:



I tried some dynamic XSLT approach, Chrome is OK, IE is OK (even 6.0), but FF (3.5 and 4.0)gives an error... I think I need to make a good re-write rule to trick FF that the xsl file referenced is a static one.

Current cravings for development

Lately, I'm doing a series of RnD. These involves facebook integration, few optimization in IIS 6/7.x and some UI considerations, thanks to HTML5, CSS3 , javascript and some SVG things as well.

For the FB integration, it was really simple in concept, quite intimidating at first. FB uses OAuth as a mean of authentication. This means developers doesn't have to store private informations (like user password), they just require an access token, something that grants them specific permission given by users of their appliction. This token can do lots of things on behalf of the user.

No one can stop facebook from growing now. I think everyone is already hooked with facebook, so developing something inline with FB's graph API is a good choice, IMO.


After few handshake process, a token must be stored and can be re-used. post to friends's wall, like something, etc.

Top 10 Web Application Security Risks

What makes Web Application different from Windows apps or other client apps is that it is accessible remotely and all users can access the same application anywhere. This also eliminates the need to have all users install software upgrades, the developer can update the version on the server. However, web applications are prone to security issues like

1: Injection

- Can be done by simply adding input to invalidate SQL query and add their own potentially dangerous query.
- Can be prevented by filtering the user inputs and have the methods accept specific types of data (parameter based query commands).


2: Cross-Site Scripting (XSS)
- Same with injection. If the inputs available to user are filtered,

3: Broken Authentication and Session Management

4: Insecure Direct Object References

5: Cross-Site Request Forgery (CSRF)

6: Security Misconfiguration
- configs

7: Insecure Cryptographic Storage

8: Failure to Restrict URL Access
- disable directory browsing

9: Insufficient Transport Layer Protection
- SSL

10: Unvalidated Redirects and Forwards


Source: OWASP (http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project)

Cheap webhosting for ASP pages

I was really amazed that winhost now offers these to subscribers, Microsoft WebMatrix and ASP.NET MVC 3 for small investment of 5USD. I really love web development and I enjoy studying new technologies which probably won't be allowed at work.

Anyway, to mention some specs for the cheap 5USD per month bill, I have 2GB disk space, nice monthly bandwidth , 200mb MSSQL (the new version, at the time of writing 2008 R2) and 200mb MySQL, which makes it 400mb. This is enough for me to develop some good apps or make a portfolio site.


Checking for iDevices

C#(asp.net)
Request.UserAgent.ToLower.Contains("iphone;")) 


Javascript

navigator.userAgent.match(/iPhone/i) 



I think this can be used with iPads/iTouch

CNEG Smallest-In-the-World USB Wireless Adapter

I noticed this tiny USB device while walking somewhere in mall. It is a small USB device that allows you to setup an access point. I'm not into making an internet sharing thing, but I think I'll use it to test my web applications using other devices like PSP, iPhone, etc. I'll simply setup an access point and have IIS enabled and serve request to all clients connecting to my notebook (yes, I cant carry my heavy things while I'm taking break at Starbucks).

Probably will try it and update some findings here in the coming days.

with HTML5 or not?

With new mobile devices selling like hot cakes, I think web developers should really consider using HTML5 and apply good practices when designing their UI. I've always wanted to extend my webdev in mobile too, and with the latest iPhone browser, everything is displayed OK, things are placed exactly where it is on the layout (liquid layout), javascripts are working fine, css is OK, except for one thing, which is "sprite-ing".

I used sprite techniques to make a fast-loading UI. I just came up with the term when I remembered playing 8-bit games. Whenever the game would crash, a screen with multiple repeated image will be displayed.

Back to webdev.Since my UI images will be in a sprite image, I'll just have the browser load it once, and just use CSS to point to a file, instead of having the browser load different image, one by one. This really helps a lot, especially if we are aiming for the 5-10 seconds rule of websites. BTW, for those who aren't familiar with it, X seconds rule simply means, the page must deliver the idea to the viewer in X seconds, otherwise that viewer is lost.

Makes sense. Let's say you have a shopping website, and a potential customer tried to view your page, you must show customer friendly things and convince the viewer that you got what they are looking for. But instead, they waited for the page to load, got impatient and closed the page. One potential customer away. It can be a trivial thing, but shouldn't be taken lightly, just as considering cross browser compatibilities, etc.

Canvas might eliminate the need to make complex UI sprites, but might depend heavily on javascripts, which is not common to all browsers. (For example, making AJAX request for IE vs other browsers).

FB Connect