In developer/IT meetups, I always seem to hear people talk about the importance of developers having a portfolio — something that can showcase their accomplishments in a quick and easy to understand format.

I largely develop highly-specialized in-house apps. It isn’t like there’s much in the way of ‘glamour shots’ for these apps that would really show a whole lot. Similarly, my work on public-facing websites and mobile apps is generally behind-the-scenes on the backend.

Rather than trying to get permission to use code snippets from any of these applications or database logic, maybe I need to find some interesting open source projects to work on… At least that would be a decent start, I think…

First, let me just get this out of the way…

If you find yourself relying on DoEvents to make a process work in a way that seems more responsive than without it, you should probably be using asynchronous delegates, threading, Control.Invoke, etc. Yeah, yeah, yeah… I get it.

But sometimes yield on the UI thread and DoEvents is a simple way to do that. You’ll still got whatever performance issue was going on, of course, but using DoEvents can allow it to seem like the UI loads faster or that the application is under less strain, even though it isn’t. It’s a cheap and hacky solution, but sometimes ‘cheap and hacky’ are the right tools for the job…

It’s no secret that I am a huge fan of MS SQL Server. I’m not in the 1% of users answering SQL Server questions on StackOverflow for nothing…

SQL Server has come a long way over the years… Back in the day, indexes were decided upon with a method somewhere between best guesses and reading tea leaves… It required a lot of intimate knowledge of the system and was largely just a mystery to most developers.

With the introduction of Dynamic Management Views (DVMs) like sys.dm_db_index_usage_stats, this process became a LOT more trivial. With the right amount of scripting and being fortunate enough to learn from the work done by people like Brent Ozar, it became trivial to essentially ‘ask’ SQL Server what indexes it felt would be useful.

For a lot of SQL developers (and even some DBAs), it can become easy to just rely on these scripts to tell you when an index is needed. But then we go right back to it being just some Dark Art that no one really understands…

So with that in mind, why not just make SQL Server capable of managing index creating/deletion on its own? I mean, it already has usage stats… Why can’t it just do it? And then if someone wants to get more hands-on with the indexes, fine… give an option to override the automatic (automagic?) indexing process. But I think a lot of users without a dedicated DBA would really appreciate that sort of thing.

And I’m not trying to point fingers, Microsoft, but I’m pretty sure MySQL is able to do that sort of thing already… Just sayin’…

I’ve been using Google’s Apps Script to work on a side project of mine, during my free time at home (which has slowly diminished quite a bit lately).

It’s actually pretty cool. I started with the Quickstart Guide for Android and after a lot of trial-and-error and visits to StackOverflow, I have a pretty workable bit of code.

It’s a very niche application, but I liked getting more exposure with Android development. I had only done some very basic Hello World type apps on there before, so it was a good experience. That being said… I remembered just how much I have been spoiled by the .NET framework. I’m sure there are some nuances to it that I would quickly get used to if I worked in it more, but as it was… well… I’m glad it’s over for a bit ;)

Similarly, there were some aspects to Apps Script that I really didn’t like. One example of that was when I had accidentally removed the OAuth credentials needed for the web-based development client. I could run the script through my Android app, but I wasn’t able to use the web interface to execute or debug the script. Super annoying. Would’ve been great if there was some child-proofing in place to make it very difficult to remove those credentials. Or at least make it clear what happened and how to fix it. I ended up just having to blow away my original project and make a new one. Pointed my app at the new script id and was good-to-go, but it was a very frustrating hour or two — largely due to a general “something is wrong” error message.

Anyhow, once I’m done with it, I’ll post some screenshots and sample code.

By now, everyone is probably familiar with the “Click it or ticket” campaign, by the National Highway Traffic Safety Administration, with slogans like “Buckle up. It’s the law.”

We need something like that for the web…

It’s crazy how often I run across rather large sites not using HTTPS to protect sensitive data. Most recently, I was on the website of a rather popular vision care company, who is famous for the… crafting of lenses… if you know what I mean… The credentials were served by a page over HTTP and then passed to HTTPS for the actual account management portion. Not good…

Even though the actual account interactions are all happening within their HTTP-based web app, the initial login/registration was on an HTTP page. A simple man-in-the-middle attack would let you inject whatever extra content you want into that main page. At that point, harvesting the login credentials for yourself is quite simple. Though the site is fairly basic and (annoyingly, to me as a customer) doesn’t even offer basic features like checking the status of pending orders, there is still enough there for it to — at the very least — fall under the umbrella of HIPAA.

Thankfully, I won’t need to include screenshots demonstrating how this can be abused… The company in question (and its also-popular sister company) has now moved the website to full HTTPS. That’s good. But there are still countless sites out there that — for whatever reason — still don’t seem to see the need in making the switch to HTTPS. I don’t get it.

At this point, there’s almost no reason not to switch. Thanks to efforts like Let’s Encrypt, it’s now super-easy and free to get a certificate for your site. It’s a no-brainer, really. I just wish there was a better way of getting sites on board without having to resort to HTTP-shaming…