I announced this on Twitter late last week, but I open-sourced a number of common helpers and service interfaces that I use throughout all of my production ASP.NET MVC applications and wrapped it into a project I call MVC.Utilities.
MVC.Utilities has a number of helper classes for the following:
- Security for user-uploaded files;
- and display helpers for things like Hacker News-style datetimes.
If you want more details and examples of what the library does exactly, be sure to check out the MVC.Utilities Wiki on Github. All of these services are meant to be Dependency-Injected into ASP.NET MVC controllers and are designed as such.
The library has a lot of room to expand and grow, and I encourage your ideas and contributions to the project! Just create a fork of MVC.Utilities on Github and send me a pull request; props to...
The LA startup scene is fascinating, having lived and worked in it for a year now - it's a scene teeming with brillaint people with big ideas, and it's starting to attract some major capital from the Bay Area. It has one major issue: a big shortage of technical co-founders.
As a result, people like me get approached fairly regularly by companies that are either trying to recruit me or recruit through me - the vast majority of the time it's a pair of non-technical co-founders looking to third founder aboard, a technical cofounder, to build the MVP prior to raising some money. In my personal experience, the majority of pitches I've received have been poorly calculated and in need of much improvement.
Speaking as a former and future technical founder, I wanted to share my perspective on what non-technical (and technical, for that matter) founders could do differently to...
One of the first projects I put together this year was Captain Obvious, a nifty little application that runs off of AppHarbor and ASP.NET MVC3. What made Captain Obvious special for me was that it was my first time using something other than a relational database[footnote: typically I’ve only used SQL Server / MySQL in the past] in production – I chose MongoDB because it stands out to me as a lightweight, easy-to-work with store that’s easier to use for most CRUD applications. Since then I’ve gone on to build other projects which depend on Mongo.
What I’ve learned since is that MongoDB and SQL Server are tools that aren’t 100% interchangeable and are more situational than dogmatists make them out to be.
My goal in writing this is to help inform you on how you should decide to judge these two technologies as options for...
One of the more interesting things I had to do as part of building XAPFest was handle bulk image uploads for screenshots for applications and user / app icons. Most of the challenges here are UI-centric ones (which I resolved using jQuery File-Upload) but the one security challenge that remains outstanding is ensuring that the content uploaded to your servers is safe for your users to consume.
Fortunately this problem isn't too hard to solve and doesn't require much code in C#.
Flawed Approaches to Verifying Image Uploads
Here's what I usually see when developers try to allow only web-friendly image uploads:
- File extension validation (i.e. only allow images with .png, .jp[e]g, and .gif to be uploaded) and
- MIME type validation.
So what's wrong with these techniques? The issue is that both the file extension and MIME type can be spoofed, so there's no guarantee that...
I made a tiny splash on Hacker News a month ago when I asked for feedback on my newest side project, CaptainObvio.us – a simple portal for sharing ideas and soliciting feedback from a community of peers. The idea was popular and I’ve received a ton of feedback – I’ve implemented most of the Hacker News community’s suggestions but haven’t had the chance to do another round of customer development.
What I wanted to share in this blog post was some of the secret sauce I used for creating CaptainObvio.us – I originally created it mostly to learn MongoDB, and learned way more than that along the way.
Webstack: ASP.NET MVC3 on AppHarbor
I used ASP.NET MVC3 as my webstack of...
I am pleased to announce something very exciting that Microsoft is doing in my neighborhood of Santa Monica, California: we’re putting together XAPFest, a massive Windows Phone 7 hackathon aimed to bring together startups and mobile developers of all skill levels for a day of creativity and competition.
XAPFest is going down on Saturday, June 4th at the Loews Santa Monica Beach Hotel (directions) – doors open at 9:00am and will close at approximately 10:00pm. There will be opportunities for individuals and teams of developers to win prizes, eat great food, and have fun hacking down by the beach.
XAPFest is free to attend, and anyone can register for XAPFest if they wish to participate....
Tonight I gave a brief talk to WinMo LA about using Geolocation Services and Bing Maps on Windows Phone 7. I mostly covered the APIs and controls that developers can use in the current Windows Phone SDK, the steps developers need to take in order to protect a user's data, and some of the future things that are changing in Mango for Windows Phone 7 developers.
Source Code for Demos:
I spent about three hours banging my head against the wall trying to figure out why my browser could connect to the Internet but the Windows Phone 7 emulator couldn’t, and if you find yourself in the same boat as me I thought I would spare you the trouble.
Are you seeing something like this when you try to pull up a web page in IE on the emulator?
If that’s the case, then you’re having network connectivity issues specific to the Windows Phone 7 emulator. There’s a guide to troubleshooting Windows Phone 7 emulator issues on MSDN, and it speaks to the root of the issue: your HTTP proxy settings.
If you’re like me, you like using Fiddler for testing network I/O when you’re trying to connect...
My newest project, Captain Obvious, got a fair amount of attention this week when it landed on the front page of Hacker News – one of the key features that makes the first version of Captain Obvious tick is Twitter @Anywhere integration.
One of the key features to integrating Twitter @Anywhere users with your ASP.NET MVC site is reading the cookie that Twitter sets after users have authenticated – this cookie contains two parts:
- The Twitter user’s unique ID, an integer representing their unique account (because remember – Twitter users can change their...
I wanted to post this the morning after Startup Weekend Los Angeles concluded in late February, but due to the fact that I along with half my team (Minboxed) came down with the flu the following morning, I postponed this for long than I would have liked.
Startup Weekend Los Angeles stands out among other Startup Weekends in that each one of these events have produced real companies like Vol.ly, Foodme, Ming.ly, and Zaarly – who took first place in this very Startup Weekend and recently closed a $1m dollar round of funding and soft-launched at SXSW (great job, guys!)
The quality bar for talent is high and the judges are terrific – this year we...