Scott Hanselman

UPDATE: Lots of testers and readers installed this RC and found some good bugs. Image uploading was slightly broken in this build, so if you haven't upgraded, hang back a bit. Remember that all bug reports should be filed on SourceForge, not sent to Omar and I directly. Feature requests should be filed also. We'll do another RC and/or possibly the 1.8 Gold Release later this week. There are also a few more features sneaking in, including 'pluggable' pings to blog sites like Technorati.

What are you doing this weekend? Why not install DasBlog 1.8 RC1? (as always back up your data!)

New Features of Note

• Anti-Spam Features
• Automatic Referral and Trackback blacklist update
• CAPTCHA for non-admin users
• Logging and display of Comment IP addresses and resolved Hostnames for Admins
• DasBlogUpgrader can strip spam from existing content folders
• Support for rel="nofollow"
• Ability to delete referrals and trackbacks directly from the Admin UI
• Security Features
• HttpOnly cookies
• Admin access auditing
• SMTP Authentication for outgoing mail
• Syndication Features
• Improved RSS Comments support for SharpReader and RSS Bandit
• Upgraded Atom support from 0.3 to Valid Atom 1.0. Syndication permalink changes but 301 is issued.
• RSS 2.0 validates via FeedValidator.
• Ability to mark entries as "syndicated" or not. Entries can appear on the site but not in RSS/Atom.
• Performance Features
• Search Highlighting is optional now
• Referrals are logged but not stored in XML by default. Configurable.
  (This has huge performance benefits for high traffic sites.)
• DasBlog Upgrader can optionally remove all referrals.
  (Again with high traffic sites some folks had 5meg XML files full of referrals)
• Theme templates are now cached in memory.
• Content Features
• Ability to pre- and post-date entries
• Permalinks based on Title and Date optional: 2005/06/06/title.aspx
• Latest build of Free Text Box including ability to upgrade FTB without upgrading DasBlog.
• Text Editor (FTB) supports FireFox
• Blog Statistics macro
• Mail-To-Weblog continues to improves. Works with Thunderbird.
• Extensibility Features
• Custom Macro Plugin model without recompiling DasBlog
• Theme Features
• DasBlog now ships with 16 themes and a Theme Combo to change between them.
• New theme.manifest file makes themes and image assets more portable.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

About   Newsletter

Hosting By

After a small bit of work today, DasBlog 1.8 will (does) produce valid Atom 1.0 feeds. This is response to the bakededness of Atom 1.0 and Sam's desire to deprecate 0.3. DasBlog won't produce Atom 0.3 anymore (it was always marked under "experimental' anyway) so when you upgrade to 1.8 your Atom feed will upgrade automatically.

We do, as always, produce valid RSS 2.0 and now Atom 1.0. Here's a list of known Atom 1.0 consumers if you care.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

About   Newsletter

Hosting By

Well, my wife is out of town and as usual, I can't sleep at all. We've been married 5 years and we just can't sleep separate. This is both a good and a bad thing. Bad because it's 3:23am, good because I felt compelled to write some software.

I've been digging Watir lately and have introduced it around work. The question that everyone keeps asking is "ok, so how do I automatically record Watir scripts" and the answer has been, to the best of my knowledge, "um, you don't. Hopefully someone will do something soon."

I got tired of waiting. I started at 10pm and now it's 3:25 and Conan is being repeated. So, here's a screencast of my results after 5.5 hours. It's very rough but it supports text boxes, buttons, links, select lists (kinda), radios and checkboxes. It doesn't support frames, iframes, the back button, divs, tables, etc yet. It's also very sloppy code, so I think what I'm going to do is get a few volunteers in the Watir community who are also .NET savvy to help me out and I'll try to release it in a week or so.

There's some really crazy stuff going on in here with UCOMIConnectionPoint in order to get "IE on a string." Also, a lot of things are being caught on the onfocusout event. I also need to understand if HTMLDocumentEvents2 is the right object model to be watching.

If there's interest, we shall see. Interested? Here's the screencast of WatirMaker 0.1. I'm off to bed.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

About   Newsletter

Hosting By

Internet Explorer 6 SP1 supports an extra "HttpOnly" cookie attribute, that prevents client-side script from accessing the cookie via the document.cookie property. Cookies still round trip.

The value of this property is questionable since any sniffer or Fiddler could easily remove it. That said, it could slow down the average script kiddie for 15 seconds.

You can do it a few ways. I added this to the Global.asax and catch all the cookies on the way out the door. You could choose to do this to specific cookies if you like.

protected void Application_EndRequest(Object sender, EventArgs e)

{

    foreach(string cookie in Response.Cookies)

    {

        const string HTTPONLY = ";HttpOnly";

        string path = Response.Cookies[cookie].Path;

        if (path.EndsWith(HTTPONLY) == false)

        {

            //force HttpOnly to be added to the cookie

            Response.Cookies[cookie].Path += HTTPONLY;

        }

    }

}

Of course, ASP.NET 2.0 can do all this for you via a Web.config setting.

SILLY GOTCHA: If you do this in your ASP.NET 1.1 app and then run your 1.1 app under 2.0 without changes, be aware that ASP.NET 2.0 will blindly append ANOTHER HttpOnly after every cookie giving you the value TWICE. You'll then need to turn if off in web.config as your code would be handling it.

<httpCookies httpOnlyCookies="false" requireSSL="false" domain="" />

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

About   Newsletter

Hosting By

A while back I posted some Presentation Tips. I will update them one day as I've learned oodles since then.

However, for the CodeCamp this weekend (surely you're going...) I've been asked to give a Presentation Skills Workshop.

That's a tall order, as everyone has their opinion about what makes a good or bad presentation. At any rate, here's the PPT I'm going to use during my talk.

Hanselman Presentation Tips.zip (1430 KB)

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

About   Newsletter

Hosting By