Octopus Deploy and Proget

This weekend I switched my local Octopus Deploy server to use the ProGet as the package repository.

Generally speaking, it was pretty painless switch - but I was getting errors until I added an advanced MSBuild Argument (/p:OctoPackPublishApiKey=BuildKey) on to provide an API Key; obviously you need to configure this in ProGet :)
Initially I didn't think I would need to provide this API Key as the user the build agent was running under a user account that had full access to the feeds; it seems, however, that this is not the case when you are running normal authentication (i.e. not domain joined).

TFS 2013 Update 2 - Problems with oi Pages (TF400898)

I've been experimenting testing TFS 2013 Update 2 over the last few days, and encountered a couple of issues.
The first appears to be a problem that is specific to a Team Project Collection where the Activity Log (accessed via _oi) does not render correctly (progressing this on with MS Support), however, the second one is slightly more interesting.

If you go into the /_oi interface, select Job Monitoring, pick a job, you go to the detail page. Only now you also get something unfriendly.


Confirmed this on a clean install of Server 2012 R2, with TFS 2013 Update 2, so it seems that this is a breaking "change".
Hopefully a hot fix comes out soon for this one (and maybe the Activity Log issue).

Update: Just as I'm posting this, I get a call back for MS Support.  Both issues confirmed as bugs, and will be fixed in a future release. Issues that you might encounter with the Activity Log should automatically clear up after a month or two as old entries are purged - so if you encounter a TF400898 here you will probably have to put up with it for a while! 

Trouble with Apple's System Preferences for Printing?

Having trouble with your printer under OS X ? Has it changed IP or DNS name and now you are faced with having to delete it and re-create it?

Don’t worry, you can skip the rather limited Apple GUI, and simply visit http://localhost:631 on your Mac.

If this is your first time you will encounter an error, saying you need to enable pictures of abo the web interface; to do this, open Terminal and type in: 

sudo cupsctl WebInterface=yes

You’ll be prompted for your password.

Then click Administration, select Manage Printers, then select the Printer. Then make the changes you need; you'll be prompted for your username and password again.

Now, in my case the problem was AirPrint, so I simply changed the connection to ipp over http, and its fixed!

Poor password policies put users at risk

It's not exactly new, and something that almost every Web Developer knows ... or at least should do.

Poor password policies put users data at risk; and the larger (or more high profile) the product, the more of a target you become. Especially if you are potentially storing anything that is profitable for a crook.

So why do so many large, high profile, websites have poor password policies? It's not technical thats for sure. It can only be laziness or poor standards (or pressure) by the development teams behind them.

After the recent breach that impacted over 2000 Tesco Customers (a breach that Tesco are still saying was on OTHER websites, not theirs - a breach that ended up with my own account being locked (even thought it was not on the breached data list that was published on PasteBin) - a point that I still have not had a clear, satisfactory response from Tesco about), I decided that I'd work through a few of the websites I use and see what their password policies were like.

Many were pretty good - allowing you to use long, complex passwords. However, there were some interesting "issues" that I found:

British Gas

Required an alphanumeric password (no symbols), with a length of between 8 and 20.
Oh wait, no it's not - try and use a 20 character password and it fails saying it needs to be 16 max. Poor design / UAT work here.

HMRC

Required an alphanumeric password (no symbols), with a length of 8 to 12.
Rather worryingly, the passwords are case insensitive.

Confused.Com

Required an alphanumeric password (no symbols) with a length of 6 to 20.

O2

Required a password of between 7 and 16 characters.
Limited symbol set accepted.

Tesco

Password length of 6 to 10 characters (what on earth?!)
Reported as being case insensitive but didn't test this here.
Alpha numeric only - no symbols.

 

As you can see, Tesco is by far the worst offender that I've encountered on my short wander around on the internet - but I'm absolutely amazed about the HMRC's policy - considering what they secure, that is awful.

There is no excuse for poor password management / policies, I just wish it didn't take people's information being leaked into the public domain before companies start to pay attention.

 

If I get time, I'll have a look at some other sites - in the meantime, I'd strongly recommend people practice good password management and use a different password on each website (there are tools such as KeePass and LastPass to help you keep a note of them - securely - so you don't really have an excuse).

I'd also recommend plugging your email address into https://haveibeenpwned.com/ - a great service by Troy Hunt.

Updating Assembly Versions During TFS Builds

An article of mine has been published on CodeProject - http://www.codeproject.com/Articles/705482/Updating-Assembly-Versions-During-TFS-Builds.

In this article I explain how to modify the AzureContinuousDeployment workflow so that your hosted builds version stamp (i.e. update things like the revision number in the build number to correctly reflect your changeset number); however, this approach can easily be adapted to fit an on-premise TFS installation.

Using the AzureContinuousDelivery Build Process Template on your own server

Wanting to deploy to Azure using Continuous Delivery but not use the Visual Studio Hosted Build servers?

No problem; but you need to install the right version of things first!

I installed:

 

I then installed a couple of the assemblies from the Azure SDK Lib's into the GAC; these get installed into C:\Program Files\Microsoft SDKs\Windows Azure\.NET SDK\v2.0\ref, and I installed:
Microsoft.ServiceBus
Microsoft.WindowsAzure.Storage
Microsoft.WindowsAzure.Configuration

If you don't do this, you get an error during the deployment portion of the workflow.

If you try it, let me know how you get on!

Visual Studio 2013 - Feedback tool

Those of you that use Visual Studio in a medium to large company that's worried about data security need to consider the addition of the Feedback tool that Microsoft are bundling with Visual Studio.

 

While I do applaud Microsoft for apparantly wanting to engage more with people who actually use their product, I have to worry about this feature.

 

Why?

 

Simple. It takes screenshots - and not just limited to the Visual Studio windows which would be bad enough in some circumstances, but all your desktops.

 

 

The good news is you can disable it pretty easily. The bad news is you'll have to ensure a registry key deletion occurs every time a user logs on to your network, as I've seen it occasionally reappear. Nightmare; no easy way to remove it centrally, block it or otherwise censor. Not ideal for an enterprise.

How do you drop this item from the menu?

Delete this key:

HKEY_CURRENT_USER\Software\Microsoft\VisualStudio\12.0_Config\MainWindowFrameControls\{F66FBC48-9AE4-41DC-B1AF-0D64F0F54A07}

Are Microsoft loosing their way with user experience?

Over the past few months there has been a fair bit in the industry press about Apple and Microsoft apparently loosing their respective grasps on the market.

Apple has been (from what it appears) struggling to get a new product into the market, and is instead just refreshing existing lines.

Microsoft is slipping in its game too - the latest gaff has to be the way it's handled Windows 8.1. The recent U-turn about not releasing the RTM version to the development and sys admin community was welcome, but it is a disagreeable find to discover that you can not do a straight upgrade of Windows 8 to 8.1. Instead it enforces a clean install, while offering you the ability to save your files. According to all the recent MSDN coverage (literally in the last 24 hrs or so), the "release" version will support this, but I have to ask why Microsoft decided to release essentially an incomplete version?

Historically the whole idea of RTM or Gold copies were that these were the images that were sent for physical manufacture. These days things still follow this pattern, but now companies such as Microsoft tend to "tweak" things before they are actually released - in theory to provide a better quality product, but in this case you have to wonder. Releasing an incomplete, inferior product a month before the General Availability is annoying, and down right disruptive to the development community. Microsoft's attitude? It doesn't matter. You shouldn't be using this release for anything except testing, so why can't you build a new machine. 

Has the development industry lost track of what should happen for release cycles? Are we now expecting too much, too quickly from software companies?

Or have the big boys (Apple and Microsoft for example) started to loose their way with handling user experience?

Good Customer Service - customer no longer always right?

I'm sure it wasn't that long ago that companies treated customers with respect - and went by the saying "The Customer is Always Right". 

Well it doesn't seem that this is the case any more after a few different retail experiences - I can see why people are starting to do everything online if they are anything to go by.

My most recent "poor" experience is with one of the largest technology companies on the high street. Apple.

I purchased a high end (as in top of the line but one) Macbook Pro Retina 15 online. And had the machine for a week. All was well.
Then it developed a hardware fault. After discussing it with a technical support representative, it was decided that the best course of action was to swap the machine in-store due to the fact it was so new, developed a fault, and that returning it via courier was going to be awkward (my current situation with my son means I'm not home much ... and never during the week at working hours!). And so a 110 mile round trip the Apple store began.
The Apple store in question, Newcastle Metro Centre, didn't have my exact model in stock - but had the marginally newer one, with its grand total of 0.1Ghz faster CPU.
But because I had purchase the machine online they were unable to swap it for this newer SKU. Nor were they able to take it in to return it to Apple for repair on my behalf. All they could do was to "attempt to repair it in-store". Note the word attempt in there. Not overly spectacular considering the cost of the machine in the first place, nor what the technical support rep said, or the fact that Apple seem to make a deal of saying they offer "excellent customer service". Perhaps they do, if you purchase in store - it seems that if this had been the case the machine would have been swapped no questions asked. 

So how do Apple justify this difference between in store and online? They trade as different companies. One for Apple Retail, and one for Apple online - so why do they get away with trading under the same brand? It all seems like it is intended to just confuse members of the public, and I have to admit I did find it confusing - they are the first company that I've come across that have this disparate split between online vs retail.

Developers ... why do we insist on build vs buy?

I've recently been in this situation a couple of times - looking at either writing something myself to solve a problem, or purchase a product off the shelf to either integrate or run alongside my package.

The first time, when the project was something that I am solely involved in, I decided to go down the "do it yourself" route. This was more optimal for me as simply there was no time constraint, and no specific (immediate) financial cost to me putting in "just enough" functionality.

However just today I saw the other situation. A development team whereby they are looking to spend significant time on building functionality they could easily purchase pre-built from a third party vendor. And in this case, it would work out EXACTLY the same price as the estimated hours -- and this doesn't even include any "fudge factor", maintenance or the never ending tweaks that would be needed. And yet as developers we tend to do this so often - instead of realising that it is not always the best way, we push forward and insist that we can come up with something better.

Perhaps it is time that we stepped back and realised that it might actually not be a good idea to write this complete stack of support tools, and instead look to see what is there already? After all, we do purchase SQL Server and Windows Server ... or perhaps we should write our own replacements for these too ...