Friday, 25 November 2005

Old blog - 25 Nov 2005

I met Robert Scoble! I also had a real vote for an RSS feed! I would like to say I've been inspired to create a proper blog and update it regularly but I don't rate my chances.

A quick word about Scoble though - He's one of those people who manages to make friends and talk to people wherever he goes. For example, we were walking along the Newport high street when there was a cheery "excuse me mate" from a couple of girls cycling on the pavement. The normal course of events in Newport is one of the following:

  • Total and painful collision followed by mouthfuls of abuse
  • The swerve and curse manoeuvre followed by mouthfuls of abuse
  • The old lady in a disability scooter death stare (you must know the one - "I'm old. I'm hurtling along in a motorised vehicle. You're young. The young are all foul mouth louts. It's payback.")

So well done the Scoble charisma! (Did you know that the Google toolbar wants to change Scoble to suckable when you check spelling? That's how much charisma the man has.)

I didn't get a picture though. When your phone is a two year old brick on the three network with the word phone scratched on it you try not to get it out in front of anyone.

Thanks for the 0-30s of your time (according to my web stats). For something really funny to read try this. Bye bye.

Monday, 8 August 2005

Old blog - Flaws in the architecture of Windows Vista (formerly Windows Codename Longhorn) could allow user driven code execution

Following hot on the heels of the news that the first viruses that target Vista have(n't) been discovered comes news that the fledgling OS is vulnerable to an even more basic attack. Microsoft have architected the system in such a way that it's possible (in fact it's down right child's play) for a user to download an application, install it and run it.

The implications of this are staggering. With just one or two mouse clicks users could be launching applications that have full and unrestricted access to their computer. It's all very well them not releasing MONAD (some kind of black window, a bit like DOS) as part of Vista but what is to stop a user visiting http://www.fuckyourpc.com, downloading something and then watching helplessly as their machine is destroyed?

Microsoft have to pull this shoddy beta right now. And then they need to come back with a version of Vista that doesn't have such obvious flaws.

As a precaution I recommend finding any .exe on your machine, and renaming it to .idontthinkso. In fact, just delete any exe you find. You may have to power down, stick your hard drive into another PC and do the delete from there, but it's worth it.

For more news on Vista vulnerabilities see the F-Secure blog.

Next week: Doors and windows in your house? You're just inviting the thieves in.

Monday, 1 August 2005

Old blog - breaking news

Disturbing reports are emerging of a serious flaw in the very foundations of the internet. Top scientist people have discovered that it is in fact possible to fabricate emails. But unlike other forms of attack this needs no special skills or equipment. All that is required is a computer and a few kilobytes of web space.

Dr Alfred Epstein at the University of Pilsbury was the first to spot the problem. He returned home to find his 13 year old son reading Playboy and smoking cigars. His son showed him the following email:

Subject: RE: Permission
Date: Thu, 28 Jul 2005 17:31:42 -0700

From: "Alfred Epstein"

To: Freddy34343234_3434@hotmail.com

Sure thing son.

From: Freddy34343234_3434@hotmail.com
Sent: 28 July 2005 16:45 -0700
To: aepstein@pilsbury.ac.uk
Subject: Permission

Dad

Can I read your playboys and smoke cigars in the house?

Freddy

Epstein says that he never sent that email. When questioned further little Freddy said that he'd accidentally deleted the original mail, but that didn't matter because he'd the contents on his home page.

"I couldn't get anything else out of him," said Epstein, "so I reviewed the web logs. I found this page in his history. When confronted with this page he admitted he'd made the whole thing up. It was lucky he tried the scam on me and not his mother."

Concerned by the incident Epstein posted his finding to various newsgroups in the hope of warning the rest of the online community.

It was a shocking miscalculation.

Within minutes the whole internet was brought to its knees as hordes of people rushed to post their own fake emails online.

"People started off small. Your boss promising you a day off work or your Dad promising you a puppy. But then they got carried away. It's the victims that I feel sorry for. The innocent internet users who don't know any better."

One such user is Jenny. Her only crime? To be a bit tasty and live in the same building as several teenage Java programmers.

"They turned up and told me what they were there for. I didn't believe them at first, but then the showed me the page with the email. I just can't believe I'd send an email like that. I mean the sex was one thing, but in time to the Dark Side of the Moon being played in time to the Wizard of Oz? That's just weird. But it's in that mail and its on his website, so I mean I must have sent it."

There are other victims too, people you wouldn't expect to have gotten hurt by the scam.

Jeremy, a 24 year old player of an online Star Wars game, is now the proud owner of an Imperial Super Star Destroyer. He used the scam to con a fellow player out of it. But where once it would have left him the envy of all his friends (online), it now marks him out as different.

"I was going to blow the guys on the forums away. And then I get online and it's deader than when Episode III came out. I found out later that they were all getting lucky with a Princess Leia look-alike. I'm the last virgin in the Galactic Empire. I would take out their home systems with my Death Star but they're not online any more for some reason."

An unnamed source speaking on behalf of an unknown corporation had this to say:

"How the hell this wasn't picked up in testing I don't know. It's bound to be Microsoft's fault. To think that someone is able to post any old crap on a web page and that people believe it? It's crazy."

Related stories

IE7 nukes Google, Yahoo! search

If you ever get an email from someone who says it's from me...

Thursday, 28 July 2005

old blog - 28 Jul 2005

So I went to the Tate modern not so long ago. I might be no great art lover, but come on, a glass of water (representing an oak tree), a pile of bricks and a fake air conditioning unit don't make art.

The only way I survived the visit was by discovering that the bin I very carefully disposed of my rubbish in was part of an exhibit.

I got over the natural trough that occurs when you return to work after some time off by finding this comment in some of my own code:

'EXCEPTION IN THE FINAL EXCEPTION HANDLER - if we get this far then we are royally screwed

Monday, 27 June 2005

Old blog - Application.ThreadException not firing in debug mode

Obligatory entry to avoid a whole month with no updates :-)

I've always used Application.ThreadException in windows forms apps to provide a last gasp exception handler (or in a lot of cases the only exception handler).

Simply do

AddHandler Application.ThreadException, AddressOf Me.HandleException

in the form load.

Then you provide a method such as

Public Sub HandleException(byval sender as object, byval args as System.Threading.ThreadExceptionEventArgs)

MessageBox.Show (args.Exception.ToString)

End Sub

The most annoying thing I always found about it was when debugging it never seemed to get invoked and VS.NET would show its unhandled exception dialog.

Turns out I've actually been doing it wrong for years. Instead of sticking it in form load put it in the constructor BEFORE the call to InitializeComponent. If you do that then HandleException gets invoked even when debugging.


Friday, 29 April 2005

Old blog - Ever needed to install more than one instance of the same .NET service on the same machine?

What I needed was a way to install more than one instance of my service on a single machine (to support different test environments using a single box). Using the .NET project installer approach there's a pretty simple way to do this. At runtime the Context property of the project installer contains an assemblyName parameter that points to the service exe being installed. From this you can work out the name of the config file, load it up and pull out information such as the service name. You can then simply set the ServiceName property of your service installer and away you go. Simply running installutil against an instance of your service (with its own config file) means you can install more than one instance.

To support more than one service instance your service should set its ServiceName property to match the name you've set during installation. Whilst failing to do this doesn't make your machine melt it can cause issues e.g. an event source is created at install time based on the service name. If your service has a different name then at run time it will fall over if it doesn't have permission to create a new event source when it tries to log that it's started.

Below is the minimum amount of code you need in your project installer class (assumes you've added one using the Add Installer option on the properties window)


Public Overrides Sub Install(ByVal stateSaver As System.Collections.IDictionary)

Dim document As New Xml.XmlDocument
document.Load(Me.Context.Parameters("assemblyPath") & ".config")

Dim node As Xml.XmlNode = document.SelectSingleNode("/configuration/appSettings/add[@key='ServiceName']/@value")

Me.ServiceInstaller1.ServiceName = node.Value
Me.ServiceInstaller1.DisplayName = node.Value

stateSaver.Add("ServiceName", node.Value)

MyBase.Install(stateSaver)

End Sub

Public Overrides Sub Uninstall(ByVal savedState As System.Collections.IDictionary)
Me.ServiceInstaller1.ServiceName = savedState("ServiceName")
MyBase.Uninstall(savedState)

End Sub

Wanting to make things a little bit more user friendly I created a application that would wrap up the whole process of creating a new directory, copying over the service exe and required local files, add in the config file and then call install the service.

A little digging through the installutil code using Anakrino revealed that all the work is done by the System.Configuration.Install.ManagedInstallerClass class. You simply call the InstallHelper method, passing an array containing the same command line arguments you would pass to installutil.

Ignoring the "Do not use from your own code" MSDN warning I plugged this into my application and merrily started creating service instances. Unfortunately it didn't work all of the time. It turns out that this ManagedInstallerClass remembers the exe you first installed and then only ever works with this one until you restart your application. This doesn't bother installutil because it quits once it has done one installation.

It turns out though that it's pretty easy to create your own replacement for the ManagedInstallerClass.

Installing a service

To install a service you can create an instance of ServiceInstaller, set a few properties and call the Install method.

Public Sub Install(ByVal ServicePath As String, ByVal ServiceName As String)

Dim context As New System.Configuration.Install.InstallContext("c:\install.log", Nothing)
context.Parameters.Add("assemblyPath", ServicePath)

Dim serviceProcessInstaller As New System.ServiceProcess.ServiceProcessInstaller
serviceProcessInstaller.Account = ServiceProcess.ServiceAccount.LocalSystem

Dim serviceInstaller As New System.ServiceProcess.ServiceInstaller

With serviceInstaller
.Context = context
.ServiceName = ServiceName
.DisplayName = ServiceName
.Parent = serviceProcessInstaller
End With

serviceInstaller.Install(New Hashtable)
End Sub

Removing the service is even easier, all you need is the service name.


Public Sub Uninstall(ByVal ServiceName As String)

Dim context As New System.Configuration.Install.InstallContext("c:\uninstall.log", Nothing)

Dim serviceInstaller As New System.ServiceProcess.ServiceInstaller

With serviceInstaller
.Context = context
.ServiceName = ServiceName
End With

serviceInstaller.Uninstall(Nothing)

End Sub

Installing performance counters

If your service uses performance counters you can take a similar approach except this time you'd use an instance of System.Diagnostics.PerformanceCounterInstaller. Set its Context property, PerformanceCounterCategoryName and then add the counters you wish to install to its Counters collection. Then call Install.

Capturing installation output

As well as writing to the log file you supply with the Context object the installers write information to the Console.

To capture this output assign your own TextWriter to the standard output stream using Console.setOut. I created a TextWriter that wrote everything to a text box.

Wednesday, 27 April 2005

Old blog - 27 Apr 2005

Why is it that my lovely Logitech wireless keyboard (with 17, yes, that's right - 17 extra silver buttons along the top) doesn't have a caps lock light? Or a num lock light. Or a scroll lock one (though who cares about that one).

Sunday, 17 April 2005

Old blog - When is an XmlValidatingReader not an XmlValidatingReader?

It's a pretty common thing to want to do - someone gives you an XML document and you want to check it matches your schema. In the .NET world you'd use the XmlValidatingReader and some code like this:

Private Sub validate()

Dim doc As New Xml.XmlDocument

Dim reader As New Xml.XmlTextReader("c:\input.xml")

Dim validatingReader As New Xml.XmlValidatingReader(reader)

validatingReader.Schemas.Add("my namespace", "c:\myschema.xsd")

AddHandler validatingReader.ValidationEventHandler, AddressOf Me.ValidationEventHandler

doc.Load(validatingReader)


End Sub


Private Sub ValidationEventHandler(ByVal sender As Object, ByVal Arguments As Xml.Schema.ValidationEventArgs)

'do something with the errors

End Sub

Unfortunately if someone has sent you a document that's part of a completely different namespace to your schema the XmlValidatingReader simply loads merrily away and doesn't throw any errors at all.

The validation engine says to itself "hmm, can't find a schema for namespace A, therefore I can't do any validation'. Once you think about this it makes perfect sense - you've given it the schemas to use, it's not its fault if the schema it needs isn't in there.

A very simple work around is just to do something like the following:

If doc.DocumentElement.NamespaceURI <> "my target namespace" Then
Throw New ApplicationException("Target namespace of the document was crap")

End If

This very simple gotcha passed me by for a long time till one of our apps started to fall over because the XML didn't look like what it was expecting even though it had validated it successfully.

Thursday, 31 March 2005

Old blog - 31 March 2005!

For a fair while now I've been contemplating starting a blog. Part of the blogging process obviously involves having something to blog about. One idle thought was to pack it with weird and wonderful links - such as the guy who shows people his cock











Since that's my only slightly funny image and the world of weird and wonderful blogging is already adequately covered by a A Welsh View I dumped that idea.

Another approach was to pack a blog with all my opinions on things tech. I started writing down why I haven't made the switch to Firefox in what I hoped was a witty and informative manner (mainly because I'm too lazy and tabbed browsing sucks) before realising that:

  1. Most people were unlikely to give a damn about what I thought of Firefox and
  2. Anyone who is sad enough to start crying that I don't like tabbed browsing should really get out more and I don't really want to hear off them.

A third avenue was to blog about coding and what a super talented code monkey I was. I quickly realised that I didn't work for Microsoft and was therefore unable to come out with interesting windows titbits.

So with all that in mind, welcome to my non-blog. It's called that because basically it's just a static web page that I might up date from time to time.