Activate the Hidden Administrator Account in Windows Vista

When you install Microsoft Windows Vista, it asks you to create an account which it gives administrator rights to. However, behind the scenes it also creates an account called “Administrator”, but by default it is locked out. It also doesn’t tell you what the password is for this account.

If you ever need to activate the hidden Administrator account, here’s how you do it.

1. Log in as a user with administrative privileges.
2. Click on the Start Button, then in the “Start Search” box type “cmd”.
3. When “cmd.exe” pops up in the list of search results, right-click on it and choose “Run as administrator”.
4. In the command prompt window, type “net user Administrator password” and hit return, where password is the new password you want to assign to the Administrator account.
5. Type “net user Administrator /active:yes” and hit return.
6. Log off from the current user, and now you should be able to sign in as the Administrator account.

Home Antivirus Comparison

Up until recently, I used to run several servers at home to support my personal consulting business. I had a Windows domain controller, an Exchange 2007 server, SQL Server, plus a few Linux CentOS systems that hosted virtual machines under the Xen hypervisor. Recently I had a couple of hardware failures that made me re-evaluate the wisdom of maintaining these servers myself. It just takes too much of my time, so I started looking for other alternatives. The first to go was the Exchange server, which was replaced by Google Apps. In short, it is simply awesome. Next to go was my antivirus setup, which is the point of this post.

Previously, I had been using Symantec Endpoint 11. Now I hate Symantec and Norton antivirus products as much as anyone else, but the main reason I was using it was because it worked on Windows server operating systems (I had both 2003 and 2008 servers running). Many of the more popular (and frankly, better) systems wouldn’t run on server OS’s. But now that I’m getting rid of my servers, it’s time to look for something better.

There are dozens upon dozens of antivirus products and I’m not going to do a comparison of all of them. Just the top 3 or 4 that meet my needs. My criteria for these are:

• Must have a proven track record
• Easy to use, stable system
• Free or relatively inexpensive
• Needs to run on Vista and Windows 7 (64-bit for both)
• Not interested in peripheral features, like firewalls, because I already have other solutions in place for those needs
• I need at least 3 licenses to cover my laptops and workstation

In order to determine what the top 3-4 are, I looked at two main websites that rate antivirus products: AV Comparatives and Virus Bulletin. Both of these websites are well-respected in the antivirus community and they both use different methods and criteria to rate products. It is also worth noting that the rankings change quite often so I wasn’t too worried about which one was #1 at any given moment. But my choices are based on the rankings as of June 2010.

AV Comparatives gave the highest ratings to TrustPort, G DATA, Kaspersky, Microsoft, AntiVir (Avira), NOD32, F-Secure, BitDefender, and eScan. According to Virus Bulletin, the top-rated products were by AntiVir (Avira), avast!, and AVG. I picked 3-4 that were pretty high on both lists and were popular with most users. My picks were:

• AntiVir (Avira)
• avast!
• Kaspersky
• AVG

Keep in mind, I wasn’t out to evaluate the actual effectiveness of these products, because I trust AV Comparatives and Virus Bulletin to do that for me. All I needed was to compare the feature sets and prices.

Avira

Avira has three products targeted at the home market: Avira AntiVir Personal, Avira AntiVir Premium and Avira Premium Security Suite. These break down as follows:

• Personal – basic antivirus, spyware, and rootkit protection. Cost: FREE
• Premium – adds protection against phishing and protection for web browsing and emails. Cost: $26.95 for one license, $67.95 for three licenses.
• Security Suite – adds backups, network bot protection, spam filter, firewall, and parental controls Cost: $53.95 for one license, $79.95 for three licenses

avast!

avast! comes in three versions as well:

• Free – basic antivirus and spyware protection. Cost: FREE
• Pro – adds the Sandbox, which uses Process Virtualization to run a web browser or other app in a safe, isolated environment. Also adds protection against scripts and “suspicious websites”, as opposed to the free version which only provides protection against “common websites”. This version also allows scheduling of scans, whereas the free version only supports manual scans. Cost: $39.95 for one license, $54.95 for three licenses
• Internet Security – adds firewall and spam filters. Cost: $44.95 for one license, $59.95 for three licenses.

AVG

Much like the previous two products, AVG also comes in three different versions:

• AVG Anti-virus Free – basic antivirus, spyware, and web page protection. COST: FREE
• AVG Anti-virus 9.0 – adds rootkit and phishing protections. COST: $27.99 for one license, $83.97 for three licenses
• AVG Internet Security 9.0 – adds identity protection, firewall, and spam filter. COST: $43.99 for one license, $131.97 for three licenses.

Kaspersky

Kaspersky breaks the mold by offering only two versions of their product instead of three. Most notably, there is no free version. While they do offer a free trial of their two products, it’s only good for 30 days so there is no long-term free solution if you go with Kaspersky. Their two products are:

• Anti-virus 2010 – basic antivirus, spyware, email and website protection. Also includes a virtual keyboard for entering sensitive data, privacy tools to clean up browsing history, and parental controls. COST: $49.95 for 3 licenses. They don’t have a way to buy just a single license.
• Internet Security 2010 – adds protection against hacker attacks, phishing, and identity theft. Also includes a spam filter and a firewall. COST: $59.95 for 3 licenses. Again, there is no way to purchase just a single license.

For me personally, I chose to go with the Pro version of avast!, because it rated high on both surveys and had the lowest price. I couldn’t go for the free version because their free license only covers non-commercial use and my computers are used for business. Plus I like some of the extra features, like scheduling and protection against scripts.

But at the end of the day, I think any of these products would work well. They are all highly regarded. Even many other products not on this list are quite good, and even ones that aren’t would still be vastly superior to not having any antivirus protection at all.

Team Foundation Server vs. Subversion – An Objective Comparison

I was asked by my client to write up a comparison of Microsoft Team Foundation Server (TFS) and one other SCM (Software Configuration Management) system, so they could evaluate whether TFS was a goof solution or not. I picked Subversion as the other one to compare to, because it is one of the most popular systems out there. I tried to stay away from most of the “religious wars” about TFS vs. Subversion and tried to look at it objectively in several key areas.

Ease of Use and Learning Curve

TFS: For developers with a background in using Visual SourceSafe and Microsoft development tools, TFS is much more familiar.

Subversion: This requires more of a learning curve for developers familiar with Microsoft environments. Instead of the more familiar check-in/check-out paradigm, Subversion uses the edit/merge/commit concept.

IDE Integration

TFS: By far the best integration into the Visual Studio IDE, and the best choice for programming in .NET languages. Not the best choice if you’re not developing in Visual Studio.



Subversion: Fairly good integration into Visual Studio, especially with additional third-party tools and plug-ins, but not as good as TFS. This is probably the better choice if you’re not programming in a .NET language, though, especially if you’re not using Visual Studio.



Scope and Productivity

TFS: In addition to source control, TFS also has features that help with project management, especially Agile development, test driven development (TDD), managing test scripts, and defect tracking. TFS is not marketed as a pure source control product, it is an application lifecycle management product.

Subversion: Subversion is only a source control tool, and doesn’t include any project management, testing, or defect tracking functionality.



Management

TFS: TFS is integrated with Active Directory, and users are Active Directory users. Has a nice GUI interface for management. TFS also has better support for implementing overall corporate or project check-in policies, and better support for measuring metrics.

Subversion: Subversion can be made to work with Active Directory, but it can be tricky to set up.



Features Unique to Each System:

TFS (not available on Subversion):

• Shelving – Shelving is a way of saving all of the changes from your local development workstation to the TFS server without actually checking in. At a later time you, or anyone else, can “un-shelve” them to a workstation. This can be useful in a variety of situations:
  
  • Allowing others to review your code on their own machine
  • Switching tasks, for example to fix a defect, before you’re done with the code you have checked out.
  • Saving your progress onto a server, which is backed up.
  
  
• Work Item Integration – associating a check-in to a work item, such as a defect or task. That code can then be tracked along with that work item.
• Merge History Tracking – stores history of all merges and allows you to query it. This is great for collaborative team environments.

Subversion (not available on TFS):

• Anonymous Access – Anyone can grab a read-only copy of the code to look at it. This is a bigger advantage for open source development environments than it is for the typical corporate IT environment.
• Patch Submission – Subversion can compare two completely different builds of the code and generate a patch to update one version to the other. While TFS can do something like this, it is much easier to do in Subversion.
• Offline Support – Subversion allows for offline work, when the user is not connected to the network or is not on-site. Again, this isn’t a big deal for most corporate IT environments but can be important for open source development.

Web Server

TFS: TFS requires IIS as a web server.

Subversion: Subversion is designed to work with Apache, not IIS. It can be made to work with IIS, but most of those solutions still require Apache to be installed and proxies to be created between the two.



Software Requirements

TFS: Windows Server 2003 or 2008, IIS, Active Directory, SQL Server.

Subversion: Apache, MySQL

Cost

TFS:

• Visual Studio 2010 Ultimate (7 licenses) – retail is $6900/license, but the price varies greatly on volume of licenses and contracts or agreements previously existing with Microsoft. It also depends if you have an MSDN Subscription or not (or if you buy one along with Visual Studio). Other editions of Visual Studio 2010 will have more limited functionality with TFS, but will also cost less.

• Team Foundation Server 2010 - $500

• TFS Client Access License - $500 for first 5 developers, plus $500/developer after that.

Subversion: Free (open source)

All in all, I think both systems are quite capable. Currently we use Visual SourceSafe 2005, so pretty much anything would be an improvement. However, TFS is a better choice for us overall because:

1. We’re exclusively in a .NET development environment.
2. We’re working at a large government agency, so the cost isn’t a huge obstacle.
3. The client likes the support that comes with TFS.
4. The client already has contracts in place with Microsoft, thus lowering their initial cost of adoption for TFS.

For open source projects, or small projects either at home or at start-ups, I think Subversion would be an excellent alternative.

Binding an SSL Certificate to a Web Site in IIS 7

I run my own Exchange 2007 server, which requires an SSL certificate to enable all functionality (like syncing to my iPhone). A few days ago, my SSL certificate expired so I renewed it and installed the new one. As soon as I did that, I could no longer sync my phone or use Outlook Web Access (OWA). In fact, I got a “Page Not Found” error when navigating to the server using “https”.

The solution to the problem turned out to be simple, but it took me a while to figure out. Mainly because I haven’t done a lot of configuration on IIS 7, as the place I’m currently consulting at uses older technologies like IIS 5 and IIS 6 (government work…it isn’t always bleeding-edge, by a long shot, but it can be stable…).

IIS 7 gives you the option to bind an SSL certificate to each website. My old certificate was bound to the Default Website, and when I deleted the certificate the binding was obviously removed. When I installed the new certificate, I forgot to rebind it. So here’s how you do it.

Start up IIS 7 and select the web site you want to bind an SSL certificate to (in this example, “Default Website”):

Next, click on “Bindings…” on the right-hand menu. This will bring up the site bindings menu. If you still have the old https binding listed here, click “Remove” before proceeding. Trying to edit the old binding can be problematic and doesn’t always work.

After that, click “Add…” to bring up the “Add Site Binding” dialog.

In the “SSL certificate” dropdown, choose the certificate you want to bind to this website. Click “OK” to close out of all dialogs, and then make sure to restart IIS. That’s it! :)

Reference for Wordpress.com Shortcodes

Wow, two posts in one day! Not much else to do while I sit here watching people tear out our old carpet and install new carpet. Everything's unhooked and has been moved out to make room, so it's just me and my laptop for the rest of the day.

I find myself looking up the syntax for these shortcodes pretty often, so I thought I'd post it. What's a shortcode? It's like an HTML tag, but using square brackets instead of angled brackets. Wordpress interprets them as shorthand for doing something more complicated. They can be very handy, so check them out if you're not already familiar with them. Here is the list of shortcodes supported by Wordpress.

Querying Newly Added Entities in LINQ to SQL

In LINQ to SQL, when you want to add a new record to the database, you have to follow these steps:

1. Create the object in memory.
2. Attach it to the current context, using either InsertOnSubmit() or InsertAllOnSubmit().
3. Submit the context, using SubmitChanges().

The other day, I was working on some complicated logic and as part of debugging I tried to check if a certain object had already been attached to the context (step #2). Unfortunately, this doesn’t work. Let’s say I had a Customer table in the database, represented in LINQ as follows:

Then I add a new Customer using this code:

1:             using (var ctx = new MyDataContext(connectionString))
2:             {
3:                 Customer newCustomer = new Customer
4:                 {
5:                     Id = Guid.NewGuid(),
6:                     Name = "James Bond",
7:                     AccountNumber = "007",
8:                     JoinDate = new DateTime(1953, 3, 15)
9:                 };
10:
11:                 ctx.Customers.InsertOnSubmit(newCustomer);
12:
13:                 int count = (from c in ctx.Customers
14:                              select c).Count();
15:             }
16:

Assuming that there were 10 records in the table prior to executing this code, the value of count in line 13 will still return 10. This is because even though newCustomer is attached to the context, LINQ will not “see” it when you query until it has been submitted.


Instead of adding it directly to the context, if you add it to the Entity collection of another Entity, like in the following example, you would have the exact same results.

1: using (var ctx = new MyDataContext(connectionString))

2: {

3:      Customer newCustomer = new Customer

4:      {

5:           Id = Guid.NewGuid(),

6:           Name = "James Bond",

7:           AccountNumber = "007",

8:           JoinDate = new DateTime(1953, 3, 15)

9:      };

10: 

11:      var myOrder = (from o in ctx.Orders

12:                     where o.Id == orderId

13:                     select o).Single();

14: 

15:      order.Customers.Add(newCustomer);

16: 

17:      int count = (from c in ctx.Customers

18:                   select c).Count();

19: }

If you need it to return in the results, you have to submit the context first:

1:             using (var ctx = new MyDataContext(connectionString))
2:             {
3:                 Customer newCustomer = new Customer
4:                 {
5:                     Id = Guid.NewGuid(),
6:                     Name = "James Bond",
7:                     AccountNumber = "007",
8:                     JoinDate = new DateTime(1953, 3, 15)
9:                 };
10:
11:                 ctx.Customers.InsertOnSubmit(newCustomer);
12:                 ctx.SubmitChanges();
13:
14:                 int count = (from c in ctx.Customers
15:                              select c).Count();
16:             }
17:

Now, the count in line 14 will return 11 instead of 10.


It’s a fairly simple concept, but when you’re writing complicated code sometimes that’s the exact type of thing you can overlook. Unfortunately, I haven’t found a way to actually query what LINQ has pending for submission. If anyone has ideas, please let me know!

Smush It

This is a handy little tool for anyone creating or maintaining websites or blogs (which isn't just developers these days). Yahoo! has a free web-based tool called Smush.It that will convert any JPG, GIF, or PNG file to a smaller, more compressed version. This means faster downloads and lower bandwidth requirements for your site (and $$$ savings, depending on your hosting service). Plus it's just plain nice to do for your site visitors - nobody likes waiting around for pictures to load, especially on slower mobile devices. Smush.It can achieve up to a 70% reduction in some cases, without any quality loss. Not bad for free.

Planning Out Unit Tests

Test driven development is the practice of writing unit tests before writing any code. It's very helpful in knowing when to stop writing code (when all the tests pass) so you don't create unnecessary code bloat. TDD is a common practice in Agile or Extreme Programming methodologies.

I'm a fan of test driven development (TDD) about 99% of the time. The 1% I don't like it is when writing code that I'm not sure how to write. When you're prototyping, it's hard to write unit tests ahead of time, because you're not sure how the code is supposed to work or even what it's supposed to do yet. But this post is about the 99% of the time it is worthwhile (perhaps I'll talk about that other 1% in more detail at a later time).

So for the 99% of the time that it is beneficial to use TDD, how do you know how many unit tests to write and what to test? A web app I’m currently working on is used to process applications for licenses through a large state agency. When it came time to write a unit test for the application approval method, ApproveApplication(), we sat down and came up with all of the variables that could affect the approval process. A few mathematical calculations later and we discovered that there were roughly 3.2 billion combinations of the variables. Clearly, we were not going to write 3.2 billion unit tests for a single method. This is the first rule to remember when writing unit tests – you do not need to test every possible combination of variables.

We went into a conference room and wrote out all of the most likely use cases and came up with 523 tests. If this number results in an amount that fits your scope and schedule, then you can stop reading here and go write those tests! But for us, 523 tests for a single approval method was not acceptable, because our business domain consists of 11 different applications, so we were really talking about 5,753 unit test. We decided to see if any of these tests could be combined to reduce the total number even further. At this point, I bet one of my coworkers, Christine Lambden,  that we couldn't get the number down to 80 tests or less. She disagreed. But more on this later…

When trying to combine unit tests, avoid combining two tests into one if you just end up with a single test that is twice as long. This won’t gain you anything, except a meaningless reduction in the number of tests. The second rule is do not combine tests unless it gains you something meaningful.

First we looked at combining tests that were testing the same business cases, or where business cases overlapped. This got us down to roughly 140 tests, give or take a few. It also makes use of the third rule: combine tests with overlapping or duplicated use cases.

The next step was to combine tests that exercised the same section of code. Since the same piece of code doesn’t need to be tested more than once, combine tests that exercises that same piece of code.

The final step was to improve the performance of the unit tests. In our particular case, the setup for each test is very time-consuming, so by combining tests where we could would save us a considerable amount of time every time we ran unit tests. So if it makes a significant impact, combine tests if it will help performance.

In summary, my rules of planning out unit tests in order of importance are:

1. Do not test every combination of variables.
2. Combine tests when you can, but not unless it gains you something meaningful.
3. Combine or eliminate tests with overlapping or duplicates business use cases.
4. Combine or eliminate tests that exercise the same piece of code.
5. Combine tests if it will significantly improve the performance of unit test execution.

Oh, and about that bet…our final tally was 43 tests, so I definitely owe my coworker lunch. That should be Rule #6: Never bet against coworkers with more real-world experience than yourself. That's okay, though, because whenever I speak with her, I usually end up learning something new, so I don't think I really lost at all. :)

Posting Source Code to Wordpress.com

I’ve been less than pleased with Wordpress.com’s facilities for posting source code. The built-in shortcode sourcecode isn’t too bad, but it’s hard to control through custom stylesheets. For me, I found the font size too small and hard to read. Also, it doesn’t always highlight the syntax the way I want. So here are a couple of solutions that worked for me.

CopySourceAsHtml – this is a add-in for Visual Studio 2005, 2008, and 2010. It lets you copy code into your clipboard as HTML from Visual Studio. This is nice and easy, but only if your code is coming from Visual Studio.

Windows Live Writer – this isn’t strictly for posting code, but an all-purpose blog editor that works with a lot of different blogging systems (including Wordpress.com). It’s much easier to use than the built-in Wordpress.com editor. You can get it here. It also accepts plug-ins, like the Source Code Formatter.

WLW Plug-in: Source Code Formatter – a plug-in for Windows Live Writer. It let’s you customize the style, such as font, color, box outline, and alternating shading. You can also set select lines to be highlighted. It’s reliable, easy to use, and isn’t dependent purely on Visual Studio.

Both of these solutions generate <pre> tags, but it’s possible that your Wordpress.com theme messes with that tag and thus makes your code unreadable. If that’s the case, you can simply append your CSS style sheet with the following to “reset” your <pre> tag style. The exact style you set it to is not that important, because the source code HTML you paste in should override what it needs to. It just needs to “undo” anything your theme’s CSS might be doing. Note that you will need the CSS Upgrade in order to do this.

pre {
background:#ffffff;
border:none;
font-family:consolas, "Courier New", courier, monospace;
font-size:12px;
margin:0;
padding:0;
}

Resume Tips

I spent yesterday and today looking through close to a hundred resumes in order to fill 3-4 developer positions. I'm not a big fan of throwing out a resume on a technicality, like a misspelled word, so I actually read through every single one of them (with help). Part way through this ordeal, I came to a conclusion: If I'm going to show people the courtesy of reading through every resume, then I expect them to respect my time and effort. So here are some tips to help people do just that:

1. Keep it short. I lost count of how many resumes had 12-16 pages, and these were for developers with 7-8 years of experience. There's no reason that resume should be more than 2-3 pages, max.

2. Do not list every inane detail of what you did, just give an overview. For example:

• Sent a status report to my manager to update him on my status
• Called methods using C#
• Compiled code

(these are all real examples, unfortunately)

3. Don't capitalize words randomly. I guess this is a weak effort to emphasize key points:

• wrote stored Procedures in order to optimize code Performance
• wrote Business Objects in c++

4. User proper spelling and grammar. I can overlook a single misspelled word, but I saw literally dozens of resumes that each had at least 4-5 mistakes. Make sure your sentences make sense, use consistent verb tenses, and are complete. Not doing this consistently shows me that you're not a detail-oriented person, and therefore not someone I want to hire to write code.

and most of all,

5. DO NOT LIE! And if you do, at the very least do it well. Everyone at one point or another has probably done some harmless "resume padding", but outright lying is not acceptable. Especially if you reveal your own lie. A requirement for the job we're hiring for is at least one year of experience with NUnit. One resume put "3 years of experience with NUnit" in the summary section, but later in the detailed experience for one of the jobs, wrote:

I used NUnit for the first time in this position, which gave me an opportunity to learn something new.

The problem was, that position only started 4 months ago. So either this person was a liar or they can't do simple math. Either way, I don't want to hire him.

Setting an EntityRef in LINQ to SQL

I was debugging a unit test today and came across a behavior in LINQ to SQL that I thought it would be beneficial to review. It has to do with setting the EntityRef of a LINQ to SQL object in memory. According to MSDN, EntityRef is a structure that:

Provides for deferred loading and relationship maintenance for the singleton side of a one-to-many relationship in a LINQ to SQL application. 

In the system we're currently developing, most database records have temporary copies that we refer to as shadow records. A shadow record is a temporary copy of a database record that is used for editing until it is "approved", at which point it gets copied to the real record. Shadow records are identical to the actual record, but with a different primary key. They are stored in the same database table as the real records. Those tables have a foreign key relationship to themselves from a shadow source column to the primary key column.

For example, one table is Address. In addition to all the columns that represent the address information, there is the AddressId column and a ShadowSourceId column. The ShadowSourceId is a foreign key to the AddressId in the same table. Rows with a null value for ShadowSourceId are approved records, while rows with a value for ShadowSourceId are shadow records.

In LINQ, we create a shadow record by first duplicating the original record:

1: Address duplicateAddress = DuplicateAddress(originalAddress);

 Then we modify the duplicate to turn it into a shadow record:

1: duplicateAddress.AddressId = Guid.NewGuid();
2: duplicateAddress.ShadowSourceId = originalAddress.Id;

In the DBML designer, I named the EntityRef as ShadowSource, so that writing duplicateAddress.ShadowSource will give you originalAddress. This is where the tricky behavior comes in. In the lines above, I set the ShadowSourceId directly. At this point, if you try to access the ShadowSource EntityRef, you will get a null value (even though ShadowSourceId has been set). Instead, if I were to create the shadow record as follows:

1: duplicateAddress.AddressId = Guid.NewGuid();
2: duplicateAddress.ShadowSource = originalAddress;

then the ShadowSource EntityRef will have the expected value. However, now the ShadowSourceId property will contain a null.

The reason for this is that the ID property and the EntityRef, even though they reference the same thing, are not "wired up" by LINQ to SQL until you call SubmitChanges(). Whichever one you set, the other will still be null until you submit your changes and LINQ to SQL creates all the proper connections. If for some reason you don't want to submit your changes, you will have to set both the ID property and the EntityRef for them to have their proper values:

1: duplicateAddress.AddressId = Guid.NewGuid();
2: duplicateAddress.ShadowSource = originalAddress;
3: duplicateAddress.ShadowSourceId = originalAddress.Id;

While this seems redundant, sometimes it's necessary. In my situation, I didn't need to submit my changes because this was a unit test for a small piece of the process. If you need both of these to be available, then you'll need to decide which solution is the most appropriate in your situation - submitting your changes or simply setting both manually.

Welcome to Code Connection!

Welcome to the Code Connection! In this blog, I will focus on practical applications of programming, as opposed to more theoretical topics. My focus will be primarily on C# and .NET, but other topics and technologies may come up from time to time. Please don't hesitate to share you comments and suggestions - I look forward to them!