Second Life just announced the beta testing of Mono in Second Life (see http://blog.secondlife.com/2008/01/29/mono-beta-launch/).  It's a pretty limited beta so far ... only a few islands look like they will be Mono-enabled. Now, the blog entry mentioned something about LSL VM, which, from what I can tell, was an effort to Mono-enable SL sometime back in 2005. I can't seem to find much more about it than that. So, that said, there's some big questions. Will it support our favorite .Net languages? Sometime in the future, they say. Right now, it'll just be faster ... some 220x faster! On top of that, will we be able to use our favorite .Net editor? Dunno ... nothing is said about that. But I've mentioned what I think of the native LSL editor before so I'm hoping so. It'd be nice to see some Visual Studio project (vsi) templates for it -- or (even better) a fully integrated Visual Studio shell. From a technical standpoint, I don't see why it wouldn't be feasible though I imagine that (at least initially) the deployment story will leave some to be desired. (Lindens ... are you listening??) Will we be able to get to the core BCL? It is, after all, Mono, which supports the relevant ISO/ECMA standards (this includes an "Additional Generics Library" specification!!!!!). Unknown; they aren't commenting. The "FAQ" doesn't really address my Q's (and I'm gonna guess that these will be FAQ's for a bunch of other .Net developers).

I guess I'll just have to download the beta viewer and play with it. That just breaks my heart.

On other news, I'm working on my next security-related entry (Hashing) but things have been absolutely crazy-busy between work and my new "lady friend". But I promise to have it up before the weekend.

When I posted the notes yesterday from Zain's presentation, I posted something about adding users in code ... but I only mentioned the CreateUser() method.  Well, I just got an email from the person that requested this little tip ... with a little curve thrown in.  They also needed to add some profile information.  So, I sat down and wrote a little sample of how to do this (liberally sprinkled with comments).  For those that attended my peformance session in Second Life, there's another little perf tip in here that I forgot to put into my presentation (it's going in now though). 

Here it is ...

    //Some assumptions ...
    //You have all the user information in a data reader
    //It actually doesn't matter where it comes from
    //but using a reader makes the sample easier. :)
    //The using statements that are important here:
    //using System.Web.Security;
    //using System.Web.Profile;
    public static void AddUsers(SqlDataReader rdr)
    {
        //Set the script timeout to 10 minutes ...
        //Use a reasonable value
        HttpContext.Current.Server.ScriptTimeout = 60000;
        //And we will get the indexes for the fields that we want
        //This is a good deal more efficient than rdr["FieldName"]
        //but ... you *must* do it before entering the loop.
        //It's also type safe as well. :-)
        int userId = rdr.GetOrdinal("UserID");
        int password = rdr.GetOrdinal("Password");
        int email = rdr.GetOrdinal("Reader");
        int favColor = rdr.GetOrdinal("FavoriteColor");
        int height = rdr.GetOrdinal("Height");
        int street = rdr.GetOrdinal("Street");
        while (rdr.Read())
        {
            //Add the users ...
            //I'm using one of the overloads here ... there are several.
            //This returns the membership user that was created;
            MembershipUser usr = Membership.CreateUser(rdr.GetString(userId),
                rdr.GetString(password), rdr.GetString(email));
            //Now you will need to create the profile. 
            ProfileBase prof = System.Web.Profile.ProfileBase.Create(usr.UserName);
            //And I'm making up some properties here.
            //These will need to be configured.
            prof.PropertyValues["FavoriteColor"].PropertyValue = rdr.GetString(favColor);
            prof.PropertyValues["Height"].PropertyValue = rdr.GetString(height);
            //And, if you're using groups
            //(A good idea if you have a lot of properties)
            ProfileGroupBase addrGroup = prof.GetProfileGroup("Address");
            addrGroup.SetPropertyValue("Street", rdr.GetString(street));
            //Make sure that the profile is saved
            prof.Save();
        }
    }

And ... that's all folks!

Hung out today to watch my buddy Zain deliver his Microsoft Across America presentation today. Cool stuff and he did an awesome job (as always)!

So ... some resources that were mentioned out there today:

OWASP (Open Web Application Security Project): www.owasp.org. All kinds of great stuff here. 

Houston OWASP Group: http://www.owasp.org/index.php/Houston. David Nester runs this.  Great guy ... and great content.

For completeness, two other great resources for security stuff:

Microsoft Security Central: http://www.microsoft.com/security/default.mspx.  One place for all kinds of security related content, from end-user to advanced administrator.

MSDN Security Developer Center: http://msdn2.microsoft.com/en-us/security/default.aspx. Good resources for security-conscious devs, including how-to videos and more. Also has a link to Michael Howard's blog where you'll find all kinds of good security stuff. He's one of the authors of Writing Secure Code. And that book changed my life. I am not kidding there. It was eye-opening and terrifying the first time I read it.

When removing all of the modules in IIS 7, it returns an HTTP 401 (Unauthorized). This is different from HTTP 403 (Forbidden). With 401, authentication will make no difference. Here is the raw response:

HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/7.0
Date: Fri, 11 Jan 2008 01:51:02 GMT
Content-Length: 0

I got this from Fiddler. Now, why it didn't work for Zain, I can't say. I think he was jinxed.

ASP.NET Membership Provider Stuff

Here's where the Access Providers live: http://msdn2.microsoft.com/en-us/asp.net/aa336558.aspx.  There is also a bunch of good stuff for creating providers there. Here's a web cast that goes through it as well: http://www.asp.net/learn/videos/video-189.aspx. And, if you are going to do your own provider, keep your eyes here. I'm going to talk about hashing shortly ... this is the best way to store passwords!

Adding users to ASP.NET membership in code (like when you need to import several thousand records):

System.Web.Security.Membership.CreateUser()

There a few overloads for this that have different options (of course).  Now ... the other thing that you can do is to create a membership provider that uses the existing database. There's a couple of ways to skin that cat. (Poor kitty!)

I think that's all ... I'm out!

Here's the latest on Brian Harry's blog: http://blogs.msdn.com/bharry/archive/2008/01/09/jan-08-devdiv-dogfood-statistics.aspx.  Keep in mind that this is just for DevDiv (Developer Division) ... so we're talking about the developer tools (i.e. Visual Studio, etc).  There are other groups using TFS inside of Microsoft.  Looking at this ... wow ... it gives you an appreciation of the amount of development that is done here. 

Speaking of TFS, I heard a customer story about TFS recently that really speaks to the value. So ... a remote dev center was coding away on an application, but Central IT noticed that they had a lot of bugs being re-opened and that overall, things didn't seem to be going too well.  Of course, re-opened bugs ... well ... that's definitely a problem. This was exposed to the Central IT team through the OLAP and reporting capabilities of TFS. But the data and processes ... well, it's easy and natural for devs to work with so they tend to actually do it. Having the working items completely integrated into VS and into your check-in process was a huge thing for me.  So ... Central IT was very concerned and they had the remote team come down to see them. They went over what was going on. As it turned out, the remote team didn't have a clear idea of the vision of the project and this was leading to a lot of issues. They got this resolved ... and the team got back to work. This time, though, the stats were better. It took the business another 3 weeks to notice this; by that time, the underlying issue had been corrected. Three weeks of development time that would have been ... ummm ... less than productive had already become very productive. It saved 3 weeks on a time-critical project. And, of course, the largest cost of a software project is the people ... the developers' time. Well, I thought it was cool.

OK ... here goes.  I do have to say that I don't much like the web-based editor that dasBlog uses (FreeTextBox) for writing long entries and stuff.  It's great for shorter things where you need some HTML formatting and need to do it on the web, but when you're doing a long entry (like some of mine) ... well, it has it's challenges.  I know ... I'm being picky and persnickety. 

So, I've giving Windows Live Writer a shot.  Setup was a breeze ... enter the blog url and credentials and off it goes.  Sets itself right up and actually recognizes dasBlog.  Looking at the HTML code generated, it actually looks pretty clean (though it will be interesting to see what it does with code).  It also doesn't seem to read the entire CSS file .. just enough to allow you a preview.  It would be nice to have the CSS styles available in the editor to choose them.  Minor complaints, really.  I do like quite a bit of what it does, particularly how you can save a local draft. 

So ... here goes ... wish me luck!

-------

A couple of minutes later ...

Posted it ... showed up right away.  Hmm, not bad.  HTML was clean so CSS styles applied.  Good.  And now ... I'm opening the same post again and adding some babble into it.