Friday, February 28, 2003
Wednesday, February 26, 2003
I was playing around with versioning in the CLR today, and I started to wonder what would happen under the following scenario:
Someone writes a component - call it Foo - and deploys another component - say A - that uses it. They also have a client that uses A. Later, they version Foo to v2, and build component B against it. Then they add code to the client to work with B. Both A and B have methods that accept a Foo as a parameter, but A has been compiled against Foo v1, and B has been compiled against Foo v2. The client has been updated to work with the latest Foo v2.
Here's the picture that shows what everyone is built against
Now, the terrible part comes when the client creates a Foo and passes it to A. A thinks it's getting a Foo v1, but it's really getting a Foo v2. And the truly awful bit is, it acts as if it were a Foo v1, right down to going after the wrong bits of memory and calling the wrong methods.
Click here to download some code that demonstrates this. Simply extract the files into some directory, run nmake to build everything, and then run client. Observe the output, and tell me if you think that's what you'd expect based on looking at client.cs.
Here's another variation that actually crashes the process. That's usually (incorrectly) thought to be impossible without writing unsafe or unmanaged code.
The sort-of good news is that the code won't verify. This doesn't help when you run it with full trust (since fully trusted code gets to skip verification) but at least someone can't exploit this issue for mobile code.
The reason this happens is that C# (and VB.NET, and others) give you no way to specify which version of something you'd like to build against at a language level. This totally sucks - there are times when you really, really care what winds up in the metadata, even with config files. We can, of course, fix this particular problem by using interfaces that we don't version, but I would argue that being forced into a design decision to avoid a language limitation is sub-optimal.
Tuesday, February 25, 2003
Sunday, February 23, 2003
I'm very pleased to announce the release of NewsGator 1.0!
At the same time comes the public debut of NewsGator's new home, http://www.newsgator.com. There you'll find lots of information about NewsGator, news, downloads, a RSS feed search system, support resources (including a knowledge base and discussion forums), and of course the NewsGator store.
This has been an interesting development cycle...all the way from the first concept screen shot right here on my weblog, to where we are today with version 1.0. I'd like to publicly thank all of those who have been working with the 0.x versions, and especially those folks who volunteered to thoroughly test the RC1 release. Thanks to all of your efforts, I think NewsGator 1.0 is a great product!
There are numerous changes since the last release. I encourage you to download version 1.0 and try it...and if you like it, spread the word!
Greg Reinacker has released NewsGator 1.0. Congratulations Greg! I've already downloaded and installed it, and I have to say it looks very nice. I was going to stick with (freeware) Syndirella since Greg is going to be charging now, but it's just tooooo nice for me to have news in my Outlook inbox. I'm going to give the release version a try for a few days, but I highly suspect I'll be coughing up the $29 he's asking very shortly. Heck, if I paid $40 for Radio....
Saturday, February 22, 2003
From the Early and Adopter Weblog
In our Services Without Components article, we mentioned that it's only supported on W2K3, even though XP also contains COM+ 1.5.
Here's some good information on why.
These guys usually have very good information, but the thing that really amused me was this line:
But you didn?t have ServiceDomain so that you could easily get to COM+ Services Without Components from managed code.
I always knew only about three people read my MSDN article about how to do exactly this well over a year ago. :) Of course, they're obviously playing around with it under the 1.1 SDK and Windows server 2003 - things may have changed since I was messing with the technology. It certainly seems like forever since December 2001 when Tim and I wrote it.
What's funny is that I ran into a situation at work yesterday where this would have solved the problem very nicely. Unfortunately, the fact that it's not available on W2K made it not an option.
Thursday, February 20, 2003
Jason Whittington reports (via Managed Space)
Fellow DM Instructor Pierre Nallet has been working on a compiler project for quite awhile now. Whenever I would ask him what it was he mumbled something about "adding some stuff to C#" and wouldn't say much more.
Today I got an email that "eXtensible C#" shipped. Wow! XC# lets you say things like this:
[Requires ("o != null")]
void SomeMethod (object o)
I'm too busy making the donuts this week to really sit down with it but it looks like a pretty slick product. Perhaps the most amazing thing of all is that it's free. Very nice stuff...
Wednesday, February 19, 2003
I'm sure someone, somewhere has already written this, but I figured it out on my own today, and it's just too cool not to share. Basically, it's a bit of code that lets me store objects in my application of web configuration file, and all I have to do is write the type that holds the values.
Tuesday, February 18, 2003
A while back, I realized that you can break down the requirements for writing a large-scale system into five areas: scalability, availability, security, managability, and everything else. I often use this breakdown when consulting, and you'd be surprised to see how obvious it makes what people are missing.
I wrote up my results in a little whitepaper a while back, which I've since updated with some refinements around security. I've converted it to HTML and put it here.
Monday, February 17, 2003
I just downloaded this last night, and only played with it for a few minutes this morning, but it looks like a relatively full-featured 3D editor...and it's free! I'll have to take some time to dive into the program before I can really judge it, but so far I'm impressed. While it doesn't exactly run as non-administrator, it actually told me that it couldn't write to a file in Program Files, rather than just crashing. Maybe there's an option somewhere to change the location of user files, but at any rate that sort of attention to detail bodes well for the rest of the product.
I'm just excited to have a modeller so I can create some objects for my continuing Direct3D research.
Sunday, February 16, 2003
Saturday, February 15, 2003
Aha! That's where that darn slider was hiding (Display Properties->Settings->Advanced->Troublehoot)! I must have looked for it for half an hour, and finally got help from the Windows Technical Off Topic Mailing List.
Graphics acceleration is turned almost all the way off in the Windows 2003 server products to increase the stability of the platform. Of course, since I want to be able to do DirectX work, this was not acceptable. Not to mention my screen redraws were visibly slower than what I'm used to. Cranking the slider all the way over to the right means I can play Worms Blast again.
Can't say I thought "Troubleshoot" was a terribly obvious place for it, although it makes sense in retrospect.
I'm a little slow to the party with this one, but:
Early next week, I'll send out the first issue of my free "Distributed .NET Newsletter".
This bi-weekly newsletter contains real world tips and tricks about .NET Remoting, Web Services and EnterpriseServices, and design guidance for distributed applications. You'll also find the occasional pointers to other free resources like white papers, patterns&practices documents or other great samples on the web.
You can subscribe to the newsletter in HTML or plaintext format at http://www.ingorammer.com/contact/Newsletter.aspx.
Ingo's a good guy and first-rate with the Remoting APIs, so I'm definitely signing up.
Friday, February 14, 2003
I've been taking the plunge lately and trying to do development as a non-administrator. It's been...interesting. I'm starting to get used to it now, but what has been most interesting is the list of applications that don't work, or only work with modifications. I've posted this list, which contains all the apps I've tried to set up so far, and whether or not they run in my new non-admin lifestyle.
Thursday, February 13, 2003
It's been a very scary day. Heather got very sick and we had to take her to the hospital where she has been admitted. At only three weeks old it got very scary fast. We weren't sure what she had. The doctors have figured out RSV, a virus. Thankfully they didn't have to do the spinal tap. Since they don't let both parents stay I have been sent home to "rest" which is hard. Sue is there with her. It looks like she will be ok.
Wednesday, February 12, 2003
Minor updates from the wise Ed Stegman and the sagacious Matthew Adams added.
Several of the most important questions of cosmology have been answered in what looks like a conclusive way. Recent microwave pictures from a space probe show that the universe is 13.7 billion years old, that it consists of 4 percent "normal" matter, 23 percent "dark" matter, and 73 percent "dark energy", and that it will continue to expand forever.
From CNN's coverage:
Bahcall's analogy of the process: If the current universe is a 50-year-old man, what WMAP scientists have been able to do is accurately measure the his weight when he was just 12 hours old.
This should, IMO, be the lead story pretty much everywhere, but I think we all know how likely that is.
Tuesday, February 11, 2003
Several readers have pointed to an Israeli company's claim of achieving unbreakable encryption. The linked article reports this claim uncritically. Do you think there's such a thing as unbreakable encryption? This isn't the first time someone's made this claim, or second, or third ...
I think what they probably mean is "unbreakable within the lifespan of the solar system given exponential growth in computer power and no new cryptanalytic techniques being developed". But I think we've already got that with existing algorithms for large enough key lengths.
Fundamentally, though, it's probably a non-issue either way. Even mediocre crytpography is probably the strongest link in most systems. My friend Rob Engberg used to liken most security systems to a giant castle with a moat and huge walls...whose drawbridge is made out of Nerf.
I found it fascinating to read John Lam's discussion of where CLAW is at. I don't claim to know much more than the very basics about aspect-oriented programming, but I have to say I've been skeptical of it all along. Tim Ewald taught me (through our discussions about MTS/COM+) that services do not in general compose orthogonally. That is, it's mostly impossible to sort of "slap on" a service to an existing piece of code without side effects. For example, turning on transactions in MTS/COM+ meant redesigning your code, not to mention requring you to turn on about six other services.
What AOP seems to offer is that exact same chimera: Hey! Just create an aspect and apply it to any piece of code! No worries, mate! What John seems to be coming to is that while that seems really cool, it only works well for a fairly limited set of things. He mentions security specifically, which I find interesting, since this was one of the only really useful services that MTS/COM+ offered.
Frankly, I still have yet to be convinced that plain ol' structures and functions aren't the answer to about 90% of the programming problems out there. People keep searching for the one true technology, but objects aren't it, CORBA's not it, aspects aren't it, relational mapping tools aren't it...maybe we had it mostly right from the start: here is a function foo that takes a structure blah and produces a structure quux. After all, it's hard to find a programmer that doesn't get BASIC, but even those with years of experience still stumble on objects. KISS.
But blah blah blah - what do I know?
Sunday, February 9, 2003
I started writing the VertexBuffer story, and realized that it's actually two pieces: how to create them and how to render with them. So here's the other half: how to render in Managed Direct3D with a VertexBuffer.
We're getting there: soon we'll know enough to make some moving, 3D scenes!
Friday, February 7, 2003
There's been a fair amount of discussion lately on the mailing lists I hang out on around security, encryption, and cryptography. This article does a pretty good job of talking about how to store secret data. It's very succinct.
You can also check out my brief introduction to cryptography for some background.
Thursday, February 6, 2003
So I took Keith Brown's advice and decided to change my lifestyle.I'm reinstalling my machine, and I'm going to try to live without running as Administrator all the time.
Oh. My. God.
Almost nothing I've tried to do so far has worked. Office probably will, but WinKey, one of my favorite tools, looks like it might not ever. Radio, in particular, took some gymnastics to set up. Particularly galling is the fact that it wants to write to its install directory. Strike 19, Radio!
Anyway, it's an absolutely fascinating study in how software shouldn't be written. I highly recommend it if you have an extra couple of hours to add to the install process - it is guaranteed to change the way you write software.
Wednesday, February 5, 2003
Am I the only person that finds the leaked screenshots of Longhorn totally boring? Maybe I'm exposing my own ignorance (although I suspect that's hardly classified information) but all I see is XP with an extra task bar. Frankly, I always shut off the the XP UI features when I install - I like having lots of screen real estate, and the supposedly "friendly" features of XP/Longhorn just use up space. Not to mention make me take my hands off the keyboard, which slows me waaay down.
But then again I still use emacs, so maybe I'm just a caveman.
Sam Gentile is one of the many recent Radio defectors. His new blog is at http://dotnetweblogs.com/sgentile/Default.aspx. I think I'm one of the few left using Radio - I'm starting to think I might not be cool any more!
Anyway, I'll probably migrate to something else once I can find something that integrates site management with blogging. I want to be able to keep all the stuff I already have on my site in addition to flopping my random thoughts down on the digital page. Unfortunately, planning my upcoming wedding is eating into my play time. :)
Anyway, check out Sam's new page. He's been a good guy, sending people to my DirectX series even though until now I didn't even have him listed on my blogroll. What a bastard I am! No, actually it was just an oversight on my part. Of course, I'm still a bastard.