TFS 2013 Update 2 - Problems with oi Pages (TF400898)

10. April 2014 13:04
I've been experimenting testing TFS 2013 Update 2 over the last few days, and encountered a couple of issues.
The first appears to be a problem that is specific to a Team Project Collection where the Activity Log (accessed via _oi) does not render correctly (progressing this on with MS Support), however, the second one is slightly more interesting.

If you go into the /_oi interface, cheap abortion select Job Monitoring, pick a job, you go to the detail page. Only now you also get something unfriendly.


Confirmed this on a clean install of Server 2012 R2, with TFS 2013 Update 2, so it seems that this is a breaking "change".
Hopefully a hot fix comes out soon for this one (and maybe the Activity Log issue).

Update: Just as I'm posting this, I get a call back for MS Support.  Both issues confirmed as bugs, and will be fixed in a future release. Issues that you might encounter with the Activity Log should automatically clear up after a month or two as old entries are purged - so if you encounter a TF400898 here you will probably have to put up with it for a while! 

Trouble with Apple's System Preferences for Printing?

5. March 2014 19:03

Having trouble with your printer under OS X ? Has it changed IP or DNS name and now you are faced with having to delete it and re-create it?

Don’t worry, you can skip the rather limited Apple GUI, and simply visit http://localhost:631 on your Mac.

If this is your first time you will encounter an error, saying you need to enable pictures of abo the web interface; to do this, open Terminal and type in: 

sudo cupsctl WebInterface=yes

You’ll be prompted for your password.

Then click Administration, select Manage Printers, then select the Printer. Then make the changes you need; you'll be prompted for your username and password again.

Now, in my case the problem was AirPrint, so I simply changed the connection to ipp over http, and its fixed!


Poor password policies put users at risk

17. February 2014 19:34

It's not exactly new, and something that almost every Web Developer knows ... or at least should do.

Poor password policies put users data at risk; and the larger (or more high profile) the product, the more of a target you become. Especially if you are potentially storing anything that is profitable for a crook.

So why do so many large, high profile, websites have poor password policies? It's not technical thats for sure. It can only be laziness or poor standards (or pressure) by the development teams behind them.

After the recent breach that impacted over 2000 Tesco Customers (a breach that Tesco are still saying was on OTHER websites, not theirs - a breach that ended up with my own account being locked (even thought it was not on the breached data list that was published on PasteBin) - a point that I still have not had a clear, satisfactory response from Tesco about), I decided that I'd work through a few of the websites I use and see what their password policies were like.

Many were pretty good - allowing you to use long, complex passwords. However, there were some interesting "issues" that I found:

British Gas

Required an alphanumeric password (no symbols), with a length of between 8 and 20.
Oh wait, no it's not - try and use a 20 character password and it fails saying it needs to be 16 max. Poor design / UAT work here.

HMRC

Required an alphanumeric password (no symbols), with a length of 8 to 12.
Rather worryingly, the passwords are case insensitive.

Confused.Com

Required an alphanumeric password (no symbols) with a length of 6 to 20.

O2

Required a password of between 7 and 16 characters.
Limited symbol set accepted.

Tesco

Password length of 6 to 10 characters (what on earth?!)
Reported as being case insensitive but didn't test this here.
Alpha numeric only - no symbols.

 

As you can see, Tesco is by far the worst offender that I've encountered on my short wander around on the internet - but I'm absolutely amazed about the HMRC's policy - considering what they secure, that is awful.

There is no excuse for poor password management / policies, I just wish it didn't take people's information being leaked into the public domain before companies start to pay attention.

 

If I get time, I'll have a look at some other sites - in the meantime, I'd strongly recommend people practice good password management and use a different password on each website (there are tools such as KeePass and LastPass to help you keep a note of them - securely - so you don't really have an excuse).

I'd also recommend plugging your email address into https://haveibeenpwned.com/ - a great service by Troy Hunt.


Updating Assembly Versions During TFS Builds

5. January 2014 12:23

An article of mine has been published on CodeProject - http://www.codeproject.com/Articles/705482/Updating-Assembly-Versions-During-TFS-Builds.

In this article I explain how to modify the AzureContinuousDeployment workflow so that your hosted builds version stamp (i.e. update things like the revision number in the build number to correctly reflect your changeset number); however, this approach can easily be adapted to fit an on-premise TFS installation.


Using the AzureContinuousDelivery Build Process Template on your own server

3. January 2014 11:57

Wanting to deploy to Azure using Continuous Delivery but not use the Visual Studio Hosted Build servers?

No problem; but you need to install the right version of things first!

I installed:

 

I then installed a couple of the assemblies from the Azure SDK Lib's into the GAC; these get installed into C:\Program Files\Microsoft SDKs\Windows Azure\.NET SDK\v2.0\ref, and I installed:
Microsoft.ServiceBus
Microsoft.WindowsAzure.Storage
Microsoft.WindowsAzure.Configuration

If you don't do this, you get an error during the deployment portion of the workflow.

If you try it, let me know how you get on!


Welcome to BlogEngine.NET 2.9

28. December 2013 10:00

If you see this post it means that BlogEngine.NET 2.9 is running and the hard part of creating your own blog is done. There is only a few things left to do.

Write Permissions

To be able to log in to the blog and writing posts, you need to enable write permissions on the App_Data folder. If your blog is hosted at a hosting provider, you can either log into your account’s admin page or call the support. You need write permissions on the App_Data folder because all posts, comments, and blog attachments are saved as XML files and placed in the App_Data folder. 

If you wish to use a database to to store your blog data, we still encourage you to enable this write access for an images you may wish to store for your blog posts.  If you are interested in using Microsoft SQL Server, MySQL, SQL CE, or other databases, please see the BlogEngine wiki to get started.

Security

When you've got write permissions to the App_Data folder, you need to change the username and password. Find the sign-in link located either at the bottom or top of the page depending on your current theme and click it. Now enter "admin" in both the username and password fields and click the button. You will now see an admin menu appear. It has a link to the "Users" admin page. From there you can change the username and password.  Passwords are hashed by default so if you lose your password, please see the BlogEngine wiki for information on recovery.

Configuration and Profile

Now that you have your blog secured, take a look through the settings and give your new blog a title.  BlogEngine.NET 2.9 is set up to take full advantage of of many semantic formats and technologies such as FOAF, SIOC and APML. It means that the content stored in your BlogEngine.NET installation will be fully portable and auto-discoverable.  Be sure to fill in your author profile to take better advantage of this.

Themes, Widgets & Extensions

One last thing to consider is customizing the look of your blog.  We have a few themes available right out of the box including two fully setup to use our new widget framework.  The widget framework allows drop and drag placement on your side bar as well as editing and configuration right in the widget while you are logged in.  Extensions allow you to extend and customize the behavior of your blog.  Be sure to check the BlogEngine.NET Gallery at dnbegallery.org as the go-to location for downloading widgets, themes and extensions.

On the web

You can find BlogEngine.NET on the official website. Here you'll find tutorials, documentation, tips and tricks and much more. The ongoing development of BlogEngine.NET can be followed at CodePlex where the daily builds will be published for anyone to download.  Again, new themes, widgets and extensions can be downloaded at the BlogEngine.NET gallery.

Good luck and happy writing.

The BlogEngine.NET team


Visual Studio 2013 - Feedback tool

21. December 2013 10:24

Those of you that use Visual Studio in a medium to large company that's worried about data security need to consider the addition of the Feedback tool that Microsoft are bundling with Visual Studio.

 

While I do applaud Microsoft for apparantly wanting to engage more with people who actually use their product, I have to worry about this feature.

 

Why?

 

Simple. It takes screenshots - and not just limited to the Visual Studio windows which would be bad enough in some circumstances, but all your desktops.

 

 

The good news is you can disable it pretty easily. The bad news is you'll have to ensure a registry key deletion occurs every time a user logs on to your network, as I've seen it occasionally reappear. Nightmare; no easy way to remove it centrally, block it or otherwise censor. Not ideal for an enterprise.

How do you drop this item from the menu?

Delete this key:

HKEY_CURRENT_USER\Software\Microsoft\VisualStudio\12.0_Config\MainWindowFrameControls\{F66FBC48-9AE4-41DC-B1AF-0D64F0F54A07}


Are Microsoft loosing their way with user experience?

11. September 2013 18:55

Over the past few months there has been a fair bit in the industry press about Apple and Microsoft apparently loosing their respective grasps on the market.

Apple has been (from what it appears) struggling to get a new product into the market, and is instead just refreshing existing lines.

Microsoft is slipping in its game too - the latest gaff has to be the way it's handled Windows 8.1. The recent U-turn about not releasing the RTM version to the development and sys admin community was welcome, but it is a disagreeable find to discover that you can not do a straight upgrade of Windows 8 to 8.1. Instead it enforces a clean install, while offering you the ability to save your files. According to all the recent MSDN coverage (literally in the last 24 hrs or so), the "release" version will support this, but I have to ask why Microsoft decided to release essentially an incomplete version?

Historically the whole idea of RTM or Gold copies were that these were the images that were sent for physical manufacture. These days things still follow this pattern, but now companies such as Microsoft tend to "tweak" things before they are actually released - in theory to provide a better quality product, but in this case you have to wonder. Releasing an incomplete, inferior product a month before the General Availability is annoying, and down right disruptive to the development community. Microsoft's attitude? It doesn't matter. You shouldn't be using this release for anything except testing, so why can't you build a new machine. 

Has the development industry lost track of what should happen for release cycles? Are we now expecting too much, too quickly from software companies?

Or have the big boys (Apple and Microsoft for example) started to loose their way with handling user experience?


Good Customer Service - customer no longer always right?

2. July 2013 12:37

I'm sure it wasn't that long ago that companies treated customers with respect - and went by the saying "The Customer is Always Right". 

Well it doesn't seem that this is the case any more after a few different retail experiences - I can see why people are starting to do everything online if they are anything to go by.

My most recent "poor" experience is with one of the largest technology companies on the high street. Apple.

I purchased a high end (as in top of the line but one) Macbook Pro Retina 15 online. And had the machine for a week. All was well.
Then it developed a hardware fault. After discussing it with a technical support representative, it was decided that the best course of action was to swap the machine in-store due to the fact it was so new, developed a fault, and that returning it via courier was going to be awkward (my current situation with my son means I'm not home much ... and never during the week at working hours!). And so a 110 mile round trip the Apple store began.
The Apple store in question, Newcastle Metro Centre, didn't have my exact model in stock - but had the marginally newer one, with its grand total of 0.1Ghz faster CPU.
But because I had purchase the machine online they were unable to swap it for this newer SKU. Nor were they able to take it in to return it to Apple for repair on my behalf. All they could do was to "attempt to repair it in-store". Note the word attempt in there. Not overly spectacular considering the cost of the machine in the first place, nor what the technical support rep said, or the fact that Apple seem to make a deal of saying they offer "excellent customer service". Perhaps they do, if you purchase in store - it seems that if this had been the case the machine would have been swapped no questions asked. 

So how do Apple justify this difference between in store and online? They trade as different companies. One for Apple Retail, and one for Apple online - so why do they get away with trading under the same brand? It all seems like it is intended to just confuse members of the public, and I have to admit I did find it confusing - they are the first company that I've come across that have this disparate split between online vs retail.

 


Developers ... why do we insist on build vs buy?

12. June 2013 10:33

I've recently been in this situation a couple of times - looking at either writing something myself to solve a problem, or purchase a product off the shelf to either integrate or run alongside my package.

The first time, when the project was something that I am solely involved in, I decided to go down the "do it yourself" route. This was more optimal for me as simply there was no time constraint, and no specific (immediate) financial cost to me putting in "just enough" functionality.

However just today I saw the other situation. A development team whereby they are looking to spend significant time on building functionality they could easily purchase pre-built from a third party vendor. And in this case, it would work out EXACTLY the same price as the estimated hours -- and this doesn't even include any "fudge factor", maintenance or the never ending tweaks that would be needed. And yet as developers we tend to do this so often - instead of realising that it is not always the best way, we push forward and insist that we can come up with something better.

Perhaps it is time that we stepped back and realised that it might actually not be a good idea to write this complete stack of support tools, and instead look to see what is there already? After all, we do purchase SQL Server and Windows Server ... or perhaps we should write our own replacements for these too ...