We've all been there.  It's a quiet day at the office, you've been working hard on some repetitive task for a while now and suddenly it hits you.  Bathroom break!  Your immediate thought process directs you to wonder if anyone else is in there, because you think this might be an embarrassing one.  You quickly make your way to the washroom, only to find that all of the stalls are in use.  Now you are stuck because all of that walking has shaken up your insides a bit; you can't go back.  If only you could have known that all of the stalls were in use and been notified when one had become available - instead you've soiled yourself.

Ok, good point, that normally doesn't happen.  Most people can hold it.  Still though, it's an interesting thought.  Enter Stall Status.

Our good friends over at Coding4Fun have given us yet another excellent application that allows us to avoid the situations noted above.  Stall Status is a Silverlight-based Vista Sidebar Gadget that interfaces with the Z-Wave wireless protocol and door sensors to notify you of the current occupied/available state of the bathroom stalls.  This amazing little tool is brought to us by Jerry Brunning from Clarity Consulting, Inc.  While this may seem a little bizarre to you, the implications are huge.  Imagine deploying the gadget to every machine in your office (assuming your company isn't too cheap to use Vista) and giving employees this sort of power. 

From a technology point of view, this application is fantastic.  It capitalizes on both an easy to use home networking technology (Z-Wave) and the rock solid Microsoft .Net programming platform.  Even if you aren't trying to bring your office into the next century of connectivity, this is a great way to get some hands on experience writing Vista Sidebar Gadgets, using Silverlight, and utilizing Z-Wave products.  If you are not familiar with the Z-Wave family, they bear a resemblance to the X-10 line of products that are heavily advertised around the interweb.

From the Coding4Fun website, they give the following synopsis of the project:

Wow!  Wow, wow, wow!

I love code analysis tools.  FXCop was a dream come true.  While many developers cringe when they think about that tool, I tend to get a little excited.  FXCop was a great code analysis tool that helped me learn a lot about development best practices.  There are many little nuances to development and FXCop caught them all.  When Visual Studio 2005 Team Suite was release and FXCop was included under the name "Code Analysis", I was ecstatic to say the least.  This great little add on helped me learn all about globalization and naming conventions.  It also saved me from a memory leak or two.

Well today was another glorious day.  Microsoft has announced the release of a new developer tool called "Source Analysis".  This new tool is similar in a lot of ways to FXCop (or Code Analysis), however there are some important differences.  FXCop only performs analysis on compiled libraries - dlls or exes.  Source Analysis will analyze source code directly.  This means that while FXCop is focused primarily on design, the new tool will focus on layout, readability, and documentation. 

The ultimate goal of Source Analysis is to help you produce elegant, consistent code.  Any team member or developer will regard it as highly readable.  Out of the box, this new tool comes with about 200 predefined best practice rules and is fully compatible with Visual Studio 2005 and 2008.  The rule base includes:

After installation, Source Analysis integrates into the Visual Studio IDE and can also be integrated into MSBuild commands.  You can get your own copy of this great tool from MSDN free of charge!

Microsoft has finally released the much anticipated version 4.0 of the Enterprise Library.  Two of the biggest changes in this release are support for Visual Studio 2008 and the integration of the Unity dependency injection container, also dubbed the Unity Application Block.  You can download the new version from Microsoft Download Center, free of charge!

If you are a developer and are unfamiliar with the enterprise library, head over to the Enterprise Library home page and check it out.  Here is an excerpt from their site:

The patterns & practices Enterprise Library is a collection of reusable software components (application blocks) designed to assist software developers with common enterprise development challenges (such as logging, validation, data access, exception handling, and many others). Application blocks are a type of guidance; they are provided as source code plus documentation that can be used "as is," extended, or modified by developers to use on complex, enterprise-level line-of-business development projects.

As many of you know, I am a huge fan of the Windows Vista Sidebar Gadget.  Most notably, I have blogged about the UT3 Vista Gadget that lets your keep track of your servers.  What many of you don't know is that I am also a huge fan of developing gadgets.  Earlier tonight I read a great post on MSDN about improving the quality of the Vista Gadgets that you develop.  Truth be told, most of the material would be very useful in any web-based gadget or widget.  Google Gadgets, Yahoo Widgets, web parts, and anything else you can think of.  The link to the site is at the bottom of this post and it was written by Michael Howard and David Ross.  From what I can tell, these guys know their stuff (and suffer from a little bit of common sense).

The bulk of the article offers some advice and code on how to secure your gadgets and avoid any cross site scripting (css) attacks.  The golden rule, and this applies to any programming, is to never trust input.  Malicious and/or malformed input can lead to a whole host of problems.  Many applications, including gadgets, read, manipulate, and then display untrusted data.  This is often from an XMLHttpRequest object or an ActiveX control.  The solution is to validate your input.  Validate, Validate, Validate!

One good way to validate input is to build a function that can check for invalid characters in the input such as apostrophes and quotes.  The first example that they provided allows numbers, brackets, dashes and spaces between 6  and 14 characters.  They also have samples for sanitizing input, enclosing untrusted data, setting the gadget code page, reviewing the gadget for bugs, and more. If you want to know more about it, check out their excellent article!

Validate Input

Read the original article...