March 6th, 2014

Deploying a Ruby on Rails app to Amazon AWS Elastic Beanstalk, I had to make some changes to the default configuration. Luckily Elastic Beanstalk suppports a pretty powerful configuration file syntax. Nevertheless it took me some time to figure this all out hopefully I can save you some time:

 
February 13th, 2014

Inspired by Scott Hanselman's Ultimate Developer and Power Users Tool List for Windows here's a list of tools I use (in contrast to Scott's list, mine is more geared towards OSX).

 
August 19th, 2013

Please pardon the mess while I transition to Jekyll and rebrand from statichippo to hackerhasid

 
September 25th, 2012

What's wrong with this snippet from Authorize.net's .NET SDK? <!--more-->

public CardPresentPriorAuthCapture(string transactionID, Decimal amount)
{
  this.SetApiAction(RequestAction.PriorAuthCapture);
  this.Queue("x_ref_trans_id", transactionID);
  this.Queue("x_amount", amount.ToString());
  ...

Did you get it yet? Think about that last line, amount.ToString() -- what's that going to do?

 
July 2nd, 2012

Many if not most developers have a certain ingrained contempt for the goto statement available in many languages. I'll contend though that there are times it can aid readability and its existence in modern programming languages is useful.

 
April 25th, 2012
 
January 13th, 2012

My friend just called me to tell me something that happened to him.  He received a phone call from an unknown number.  There was a man on the other line who claimed to be from the internet provider or something of the sort and told my friend that he noticed that my friend’s router and therefore computers had been infected with a virus.  My friend was told to go to one of his internet-connected computers and the caller would step him through the necessary process to rid himself of this virus.  Luckily my friend realized this seemed fishy (or phishy I suppose) and started asking the caller some questions, received no good answers, and decided to hang up.

Beware!

 
January 12th, 2012

We have a default implementation over our API that we can customize for clients.  In order to support different feature-sets we have a custom configuration section inside our web.config that looks similar to this: <!--more-->

<sites />
  <add name="hackerhasid" />
    <hosts />
        <add name="blog.hackerhasid.com" />
        
        <profile enabled="true" />
    
...
 
January 9th, 2012

Recently we experienced an odd issue; on an intermittent basis authenticated users would see a non-authenticated view of the page they were on.  A little debugging revealed that each server behaved well in isolation but when the load balancer was in the mix moving requests between servers things got wonky.  Using his mad curl skillz, @andrewmglenn determined that the authentication cookie set from one of our servers was not playing nicely with the others.  This turned out to be a two way street – one server didn’t like the cookies set from the other servers and the others didn’t like the cookie set from this one.

It turned out this one server had a security update installed not long before we experienced the issue.  The link in Windows Update points to http://support.microsoft.com/kb/2656351 and mentions something about a “vulnerability that would allow an unauthenticated remote attacker to compromise your system”.  The update included updated versions of numerous important files including System.Web.dll and aspnet_wp.exe.  But it takes 2 clicks from the support url to actually get to a page with real information on the exploit and the solution taken in the security update.  Over at http://technet.microsoft.com/en-us/security/bulletin/ms11-100 towards the bottom of the page in the FAQ section there’s a mention of the workaround taken by the update: “The update addresses this vulnerability by correcting how the ASP.NET Framework authenticates users.”

So it seems that this server is generating and verifying authentication cookie values using a new algorithm!

The moral of the story is clear and is an important lesson for small shops: do not take Windows Updates lightly.

 
October 31st, 2011

BillRob turned me on to these Channel9 Function Programming lectures by Dr. Erik Meijer.  Unfortunately the episodes are really hard to find – I didn’t see a single playlist or search query that returned all 13 episodes.  And reverse engineering their URLs didn’t work either!  So after performing 13 different searches to find every episode I figured I’d post the links here.  Hopefully MSDN will introduce a Course or Playlist feature that gives quick access to multipart series! <!--more-->

Chapter 1 of 13

Chapter 2 of 13

Chapter 3 of 13

Chapter 4 of 13

Chapter 5 of 13

Chapter 6 of 13

Chapter 7 of 13

Chapter 8 of 13

Chapter 9 of 13

Chapter 10 of 13

Chapter 11 of 13

Chapter 12 of 13

Chapter 13 of 13