Monday, July 28, 2003

Visiting the Mothership

I'm in Redmond this week, visiting Microsoft for the first time ever. It seems a bit odd that I've never been here, having made a living focusing on their technologies for the last eight years. Anyway, I'm excited about the trip for two reasons.

First, I think it'll be fun to check the place out. There are a number of people working here that I haven't seen in a while, and I'm hoping to catch up with them.

Secondly, when this week is over, so is my contract. I've been renewed for another month, but because the project is going to be in a planning stage for a few weeks, and because I'm going to Taiwan in early September, that month doesn't start until about seven weeks from now. That means that for all of August, I'm only going to be working about two days a week. The rest of the time I'm going to devote to catching up on a number of things that have been slipping through the cracks in my life, like finishing the basement, sending thank-yous for our wedding gifts, and generally decompressing.

I'm sure that a month won't seem like enough by the time it's over, but it beats a poke in the eye with a sharp stick.

Friday, July 25, 2003

False Memories Prevalant




Fascinating.
I will look forward eagerly to the next few decades’ transformation of psychology
into cognitive science.



My new favorite shortcuts




 I was just looking for this yesterday. Love it.




If you're in VS, and you hit CTRL+- (that's control
minus), it's the equivalent of the browser back button.  This is great when you
right-click on something, and select "Goto Definition", and then you want to go back
to where you were.



CTRL+SHIFT+- is like the browser forward button.



[Sean
'Early' Campbell & Scott 'Adopter' Swigart's Radio Weblog
]




Thursday, July 24, 2003

Sealed is Good




I’m constantly hearing from people, “Why would Microsoft do that?”
Or sometimes it takes the form of, “Why didn’t Microsoft
do that?” Almost invariably, this is because people are examining the situation
from the narrow perspective of their own problem domain. “Hey, I need something
that knows how to connect to any database and hide all the differences, and I’ve
figured out how to do it for my problem domain where I control all the variables.
So Microsoft should be able to do it for everyone.”



Well, the lessons of the last two decades have shown us that solving a problem generally
is much, much harder than solving it for one specific case. Or, to put it another
way, things are almost never as straightforward as they first appear. Along those
lines, Ingo has posted an article that
is an excellent example of this precept.



Security Is All About Risk Management

Keith Brown just sent this out to one of the internal DevelopMentor mailing lists. He’s often said that security is about risk management. I agree; it’s not about making everything super tight, it’s about making everything tight enough.

 

I just found a great example of this. This company (mailinator.com) allows you to use them for temporary email addresses. You just tell someone to send mail to SOMETHING@mailinator.com (where SOMETHING is any string you want) and then you surf to mailinator.com, type in SOMETHING and press the button to read your mail. All mail is deleted after a few hours.

In their FAQ they have the following:

Q: This sounds pretty insecure. What if I send important emails with sensitive super-secret information in them to mailinator?
A: Then you are a stupid-head. That isn't what this is for.

I just about died laughing after reading that answer. It's a great example of security being all about risk management.

 

Apparently he heard about this over on Joel’s blog.

Tuesday, July 22, 2003

Injecting CLR Code at Runtime

One of the questions I see fairly often is, “How do I change what the JITter produces at runtime to get logging/security/validation/whatever?” The answer to this question is generally, “If you have to ask, it’s probably more complicated than you want to deal with.” But although it smacks of programming by side effect, I still found this article about how to do exactly that interesting.

Friday, July 18, 2003

Social Software, Groups, and Collective Minds




Franci Penov (whose homepage I don’t know) posted this
link
 over on the win_tech_off_topic mailing
list. It’s an absolutely fascinating speech given by Clay Shirky earlier this
year about the effects of people on software and vice versa. Since I’m willing
to bet that just about everyone reading this is involved somehow in connecting humans
to computers or vice versa, I feel comfortable predicting you will find this relevant.



The piece is entitled “A Group Is It’s Own Worst Enemy”, and I think
the central lesson of the paper can be summed up this way, “Your users will
do things their way, individually and collectively. Deal with it.” There’s
some great bits. Here’s one of my favorites:



The Calvinists had a doctrine of natural grace
and supernatural grace. Natural grace was "You have to do all the right things in
the world to get to heaven..." and supernatural grace was "...and God has to anoint
you." And you never knew if you had supernatural grace or not. This was their way
of getting around the fact that the Book of Revelations put an upper limit on the
number of people who were going to heaven.



Social software is like that. You can find the
same piece of code running in many, many environments. And sometimes it works and
sometimes it doesn't. So there is something supernatural about groups being a run-time
experience.



 



Thursday, July 17, 2003

System.Security.Crytpography Buglet

I was talking to my friend Rich the other day about a problem he was having with the .NET encryption routines. He was using my How to Encrypt a String sample, so he asked me if I could take a look at it.

The symptoms were strange. He built an app that was almost exactly like the one in my sample. One of the few differences was that he was using the 3DES algorithm instead of the Rijndael algorithm. But he discovered that if he hit the “Encrypt” button a bunch of times, that after a few times, the encrypted output would change to something else. I would have expected that if he were using an asymmetric algorithm like RSA, since random padding is added to the data in that case, but for 3DES it should encrypt to the same thing every time. The really weird part was that it was only exhibiting this behavior on one machine.

The first thing I asked him was what he was using for an Initialization Vector (IV). The IV is important because symmetric algorithms are often implemented using a sort of feedback loop: they encrypt a block, then use the output of that encryption to parameterize the encryption of the next block. If you do this, you need something to feed into the encryption of the first block: that’s the IV. If he was somehow changing the IV, that would change the encryption of the first block and thus the entire output. Rich said he wasn’t mucking with the IV at all: he was initializing it once at process startup and storing it in a static variable. Then he’d hand a reference to that array into each call to create the encryptor or decryptor object.

Well, Rich is no dummy. Following up on my suggestion around the IV as the culprit, and combining it with his own insight that this sort of intermittent error could be caused by something getting finalized after a garbage collection cycle, he put in some code to force a GC. Sure enough, as soon as a GC was forced, the encryption changed. From this, he was able to figure out what was going on.

It turns out that there’s a bug in the 1.0 implementation of the wrapper classes that System.Security.Cryptography uses to give you access to the Crypto API in Windows. When you call CreateEncryptor or CreateDecryptor, the object that comes back implements IDisposable. The object that they’re using zeros out the IV in Dispose. This wouldn’t be so bad, but the problem is that it isn’t making a copy of the IV during creation – it’s making a copy of a reference to the IV. So during finalization of the object, the buggy code will actually zero out an array that someone else owns. Bad.

Clearly, Microsoft is aware of this problem, because it’s fixed in the 1.1 framework. This is why Rich only saw it on one of his computers. And it’s not a problem if you’re using RijndaelManaged – only if you use the DES, 3DES, or RC2 implementations in the libraries. But be aware of it – if you think you might run code on the 1.0 version of the framework, be sure to use Array.Copy or Clone to hand the crypto libraries something they can safely zero out without screwing up your code.

Tuesday, July 15, 2003

Windows.h

I came across this link on the DOTNET-CLR mailing list today. It points to a GotDotNet workspace where Peter Hallam has posted a library containing interop declarations for many, many of the APIs from Windows.h in [DllImport] form. Handy!

Apparently, he has some sort of semiautomatic process for producing this file. If you head over and bug him, he might post the code that he used to create the declarations.

Saturday, July 12, 2003

LinkD




I like to work at the command line. Indeed, for some of the work I’m doing right
now, I have to, since our build process is command-line driven. But I have a particular
directory structure that I like to use to put all my files that need backing up in
one place. Unfortunately, that means that from the command line I’d have to
work with paths like this:



C:\data\work\consulting\28 – FooCustomer\sources\build



Which is a pain to type.



I’ve been using the subst command for a long time to address the problem. It
lets you create a drive letter that actually maps to a particular location on your
hard drive. So if I do this



Subst S: "C:\data\work\consulting\28 –
FooCustomer\sources\build"



I can now simply work from the S drive and I’ll be in my build directory. This
has been very handy for some long-distance music collaboration that I’ve been
doing, too, since the digital music program I use (Cakewalk) likes to embed absolute
paths in the files it saves. If my partner and I both map some drive to the directory
that we like to use, we can fool Cakewalk into working, making it easy for us to share
files.



The problem with this approach is that it doesn’t work for anyone other than
the currently logged in user. This wasn’t a problem until recently, when I wanted
to run some automated setup as part of the build process. Because that setup does
things like set up a database, and because the database is a service that runs non-interactively,
it means that I had to go back to using the actual path off the C drive in my config
files. Being a programmer, this horrible lack of symmetry – using the S drive
in the build script except for the bits
that deal with the database – really grated on me. Not to mention that using
two different paths depending on what piece I was dealing with confused both me and
my source control program.



That’s when I went searching for one of my favorite tools: linkd. Linkd lets
you create symbolic links in your filesystem, just like under Unix. A symbolic link
is a directory that actually redirects you to somewhere else on the harddrive. So
by running



Linkd \etc\build "C:\data\work\consulting\28
– FooCustomer\sources\build"



I now have a directory on my C drive called \etc\build that’s actually a reference
off to some other directory. Any changes I make in one place are reflected in the
other – and unlike .lnk files, it works at the file system level, meaning it’ll
work from the command line, and is visible to all sessions on the machine, not just
the ones in the current session. It quite literally just gives two names to the same
directory.



I could have chosen to use it the other way, too. Rather than creating a link to a
directory within the one directory that I back up, I could have used it to build up
my backup directory by creating links off to all the places that contain data I want
to back up.



I was able to find linkd and many other great tools here.



Thursday, July 10, 2003

Change Your Brain




From Brad.
Interesting… 




The thing that sold Windows as a viable gaming
platform for most people was the appearance of WinQuake (and
then later GLQuake and QuakeWorld). Taking a cue from past days, Vertigo Software
has ported the now GPL'd Quake
II engine to .NET
(using Managed C++, of course).



[The
.NET Guy
]




AOP "Smackdown"

A few weeks ago I got an email from a reporter at Software Development Magazine, telling me that she’d written something using stuff off my blog and asking for a picture. As amused as I was to have a complete stranger asking me to send them a headshot, I was curious to see what she’d written. My referrer log told the tale today. The article is here. As suspected, she’d come across the AOP bit I’d written and that John Lam (and others) replied to. And she refers to my stance this way:

DevelopMentor instructor Craig Andera is also smacking down aspects.

 

Heh. One of the wonderful things about blogs is that one can post some fairly uninformed speculation (I’ve never used AOP) and it winds up in the strangest places. Still – the discussion is interesting!

Viruses and Customer Service

After ordering a computer from Alvio, I got an email virus that looks like it came from them. Herein lies documentation of my attempts to communicate with them about it. 

Wednesday, July 9, 2003

Managed Direct3D Tutorial - Mesh Article Available

I’ve had my latest Direct3D article ready for a while now, but because I author using Word 11 Beta 2, and because the XML format changed between the “released” beta and the recent beta refresh, I had to make some code changes to my website before I could post it. Then, when I did so this morning, the whole CraigWriter.Write section of my website stopped working altogether. Dammit!

As it turns out, it was completely unrelated to the changes I had made. Rather, the little _vti_cnf directories that FrontPage barfs in your site were screwing up my code because of security issues. That issue has been addressed. Sorry to those that came by looking for things today and found them unavailable.

In any event, the Meshes article is now available! Meshes are Direct3D’s way of wrapping up all the stupid little details that make up an object, so you don’t have to remember that your ogre model is made up of 23,000 polygons, and the first 1527 are red, the second 42 lime green, and the rest kind of purple. I like to say that they frees us from working with vertex geometry and let us work with object geometry. Enjoy!

Monday, July 7, 2003

DVIO

One of the things I’m looking forward to about having a new computer that runs Windows XP and has some reasonable graphical horsepower is that I’ll be able to screw around with Windows Movie Maker. We took a bunch of video when we were in Hawaii getting married, and I’d like to play around a bit with some editing. WMM is convenient because it ships with the OS.

One of the problems I have, though, is that my camera (like all video cameras, I believe) only downloads video via FireWire. And the only IEEE 1394 port in the house is on my laptop, which runs Windows Server 2003, which doesn’t support WMM. After a bit of poking around, I found DVIO. It lets me stream video out of my camera to my laptop, where I can save it off to one of the machines where I can do some editing. It’s free and it seems to work. About the only issue I’ve seen with it is that it crashes when I stop streaming, but that doesn’t seem to affect the file.

I’m a complete newbie when it comes to video, so if anyone has any advice, I’d love it if you left a comment.

Saturday, July 5, 2003

Well, I Still Like My New Computer

I feel a bit dumb. Phil Scott and Nic Wise both pointed out in comments that my complaints about Direct3D not working well under Windows 2003 were easily addressed by running dxdiag and enabling DirectX acceleration. I had remembered the other necessary part (which turns on acceleration at the OS level) but not the part where you need to turn it on at the DirectX level. (The FAQ they pointed me to contains some other useful details, too.)

What’s funny is that I must have done this the last time I installed Windows 2003 – I just forgot half of the process. Oh well, perhaps my ignorance will help someone else figure out how to play Quake on their work machine. And the good news is I still have good reasons to have bought my new computer.

SOAP Processing Model




Martin Gudgin – a friend from his DM days and now a Microsoftie – has
a good clarification of the SOAP Processing Model:  





The SOAP Processing Model continues to cause confusion
amongst my friends, enemies, colleagues and associates. This may be in part to the
somewhat vague nature of the description in SOAP
1.1
. The description in SOAP
1.2
, which has also been appropriated somewhat by the WS-IBasic
Profile 1.0
, is more complete, yet confusion still reigns





 




[Musings
from Gudge
]




Friday, July 4, 2003

Mmmm...Tasty New Computer

For a project I’m working on, I’ve had to convert my laptop and my desktop/server to Windows 2003 Enterprise. Unfortunately, I’ve discovered that video performance completely sucks under W2K3. For example, I haven’t been able to get Direct3D hardware acceleration working at all on my laptop. This has been making it painful to write my Direct3D tutorial series, as I can get at best three frames per second. On top of that, I want to do a little digital music work, and because Creative sucks when it comes to drivers, none of the advanced features of my Live! Platinum 5.1 work under Windows 2003, either. None of which was a problem with Windows XP on the same hardware.

I downloaded the trial of VMWare, but it didn’t help – 3D performance was still pitiful even running Windows XP, and the Creative XP drivers won’t install on a virtual machine. “Oh well,” I thought, “Time to get another computer – they’re cheap these days.” With the kind help of Brad Wilson, I was able to figure out what I wanted. A little poking around on the ‘net, and pretty soon I had found a winner:

INTEL, D865GBFL Motherboard Kit (Starts w/ INTEL P4 2.4 GHz)

 * INTEL, D865GBFL, Socket 478, Intel 865G, , DDR-400, HT, Lan. Audio, Retail
 * INTEL, Pentium 4 2.4B GHz, Socket 478, 512K, 533MHz, Retail
 * GENERIC, None Selected ( Fan is included if purchasing Retail CPU!)
 * MICRON, 512MB PC3200 DDR, 400MHz, Non-ECC
 * WESTERN DIGITAL, 80.0GB Caviar Ultra DMA/100 7200rpm, 8MB Cache, oem
 * ANTEC, Full Tower, Alluminum Deluxe, Black, 400 Watt PS, ATX 

All for only $600 including shipping, assembly, and testing, and this machine is twice as fast as anything I currently own, from Alvio. Intel motherboard, (and therefore Intel chipset), Intel CPU, so it’s quality parts.

Ordered Monday, arrived on Thursday. I don’t think I’ll ever buy a desktop from Dell again. I am a very pleased customer.

I also picked up a GeForce Ti 4200 for about $100. That has yet to arrive, but in the meantime the new machine has onboard video so I can get on with installing the OS.

Thursday, July 3, 2003

ASP.NET Apps Without Web Projects

VS.NET Web Projects suck. If you’ve used them, you know this. Fritz has written up a little article that talks about how to create ASP.NET web pages and web services without using VS.NET web projects.  

Basically, he shows you how to enable the “Add Web Form” and “Add Web Service” wizards in a regular Library Project. That along with a few other small tweaks, and you’re ready to go.  

Wednesday, July 2, 2003

WordML to HTML XSLT

So I’d finally got my writing infrastructure in place, having slaved away over an XSLT to turn the new Word “Save as XML” XML into HTML (with help from Don), when I see this WordML to HTML XSLT. Nice. I’ll have to incorporate what bits I can when I get a chance to go back to it. It looks far more comprehensive than the one I wrote, though.  

A word of caution: this XSLT will not work if you’ve applied the Beta 2 Refresh. I’m not sure what all the changes are, but at the very least they’ve altered a few namespace URIs – that may be all, or it might be more.