And here’s a list of the new features http://i1.silverlight.net/content/downloads/silverlight_5_beta_features.pdf?cdn_id=1. A couple of the main features I took note of was the ability to do COM and pInvoking in or out of browser. Currently Silverlight4 allows out of browser trusted apps to do COM but this moves towards the ability to interact with software such as Office or physical devices such as medical etc within the browser itself and not have to install it as an out of browser application. Another great feature to take note of is the ability to put breakpoints in the XAML code where you are binding to a datasource. This is very handy for troubleshooting and debugging. There are tons more features to check out so have fun!

Let me start out by saying (for all the test driven devs out there who are going to pick this apart lol) that catching bugs through testing is far better than debugging and catching bugs through error logs. However, that does not mean that test driven development has brought Utopia to earth and that any software that implements proper testing doesn’t have bugs. They still have bugs,,, just a lot fewer bugs.

Scenario

So I’ve been working on a windows service as of late that does a lot of database calls, emails etc. So a lot of external things could happen to cause exceptions and I wanted to be able to quickly look up in a log file to see what errors were occuring. Here’s a quick little class to get an exception and ouput a formatted error message that points to where the problem originates:

class ExceptionFormatter
    {
        StringBuilder format = new StringBuilder();
        public ExceptionFormatter(Exception exception)
        {
            StackTrace stacktrace = new StackTrace(exception, true);
 
            var stackframes = stacktrace.GetFrames();
 
            format.Append("********* Error ************\r\n");
            format.Append("Message: " + exception.Message + "\r\n");
            format.Append("Inner Message: " + (exception.InnerException != null ? exception.InnerException.Message : "") + "\r\n");
 
            foreach (StackFrame frame in stackframes)
            {
                if (frame.GetFileLineNumber() != 0 && !string.IsNullOrEmpty(frame.GetFileName()))
                {
                    format.Append("File Name: " + frame.GetFileName() + "\r\n");
                    format.Append("Line Number: " + frame.GetFileLineNumber() + "\r\n");
                    format.Append("Column Number: " + frame.GetFileColumnNumber() + "\r\n");
                    format.Append("Method Name: " + frame.GetMethod() + "\r\n");
                }
            }
 
            format.Append("****************************");
        }
 
        public override string ToString()
        {
            return format.ToString();
        }
    }

This is really simple to use. Just pass the exception into the construct and then call the .ToString() method and you get your formatted error. This iterrates through the stackframe to get the location of the errors on top of what the errors are. Hope this helps!

So recently I’ve been playing around with keyloggers. A keylogger is a small application that typically is used for malicious purposes, but they run on your computer and record all key strokes coming in from your keyboard. This works by attaching to a win32 api ‘hook’ called the ‘low level keyboard’ hook. Most programmers have two sides, the ‘programmer’ side and the ‘hacker’ side. This can be very helpful in the long run as the two sides fight against each other and come up with methods to outsmart each other. So I started thinking ‘how can you defend against a keylogger?’. The first and most obvious choice is some kind of antivirus. However, most real hackers write their own unique keyloggers that antivirus doesn’t have in its database. Case in point, I wrote up a quick little key logger and ran it on my computer that has several antivirus programs and none of them picked up on it. Another option is that there are several small applications that have methods of ‘finding’ keyloggers. The method is usually monitoring the file system to see if a file is growing as the user is typing. This works sometimes but not always. Both of these methods are good but if you have an application that needs extra security going out to hundreds of users the risk becomes greater and greater.

A solution

One solution for this problem is to generate a random number of random keystrokes as a user types in each key into say, a password textbox. Now there are several requirements for this to work:
Requirement #1: The random key strokes must be detectable by the keylogger
Requirement #2: The characters must be backed out as they will end up in the textbox the user is typing in
Requirement #3: The backspace must not be detectable by the keylogger
For this solution I used a project called ‘Input Simulator’ (http://inputsimulator.codeplex.com/). This uses the windows api to generate keystrokes that are indistinguishable from a keystroke coming in from the keyboard. To back out the character I programatically fire an event on the password textbox that the user is typing in. Here’s the code:

public Login()
        {
            InitializeComponent();
 
            keycodes.Add(VirtualKeyCode.VK_0);
            keycodes.Add(VirtualKeyCode.VK_1);
            keycodes.Add(VirtualKeyCode.VK_2);
            keycodes.Add(VirtualKeyCode.VK_3);
            keycodes.Add(VirtualKeyCode.VK_4);
            keycodes.Add(VirtualKeyCode.VK_5);
            keycodes.Add(VirtualKeyCode.VK_6);
            keycodes.Add(VirtualKeyCode.VK_7);
            keycodes.Add(VirtualKeyCode.VK_8);
            keycodes.Add(VirtualKeyCode.VK_9);
            keycodes.Add(VirtualKeyCode.VK_A);
            keycodes.Add(VirtualKeyCode.VK_B);
            keycodes.Add(VirtualKeyCode.VK_C);
            keycodes.Add(VirtualKeyCode.VK_D);
            keycodes.Add(VirtualKeyCode.VK_E);
            keycodes.Add(VirtualKeyCode.VK_F);
            keycodes.Add(VirtualKeyCode.VK_G);
            keycodes.Add(VirtualKeyCode.VK_H);
            keycodes.Add(VirtualKeyCode.VK_I);
            keycodes.Add(VirtualKeyCode.VK_J);
            keycodes.Add(VirtualKeyCode.VK_K);
            keycodes.Add(VirtualKeyCode.VK_L);
            keycodes.Add(VirtualKeyCode.VK_M);
            keycodes.Add(VirtualKeyCode.VK_N);
            keycodes.Add(VirtualKeyCode.VK_O);
            keycodes.Add(VirtualKeyCode.VK_P);
            keycodes.Add(VirtualKeyCode.VK_Q);
            keycodes.Add(VirtualKeyCode.VK_R);
            keycodes.Add(VirtualKeyCode.VK_S);
            keycodes.Add(VirtualKeyCode.VK_T);
            keycodes.Add(VirtualKeyCode.VK_U);
            keycodes.Add(VirtualKeyCode.VK_V);
            keycodes.Add(VirtualKeyCode.VK_W);
            keycodes.Add(VirtualKeyCode.VK_X);
            keycodes.Add(VirtualKeyCode.VK_Y);
            keycodes.Add(VirtualKeyCode.VK_Z);
 
        }
 
private void PasswordTextBox_KeyUp(object sender, KeyEventArgs e)
        {
            Random RandNumber = new Random();
            int RandLength = RandNumber.Next(1, 5);
 
            int RandDigit;
            int RandShift;
 
            if (e.Key != System.Windows.Input.Key.Back)
            {
                for (int i = 0; i < RandLength; i++)
                {
                    RandShift = RandNumber.Next(0, 1);
 
                    if (RandShift == 1)
                    {
                        InputSimulator.SimulateKeyDown(VirtualKeyCode.SHIFT);
                    }
 
                    RandDigit = RandNumber.Next(0, 36);
                    InputSimulator.SimulateKeyDown(keycodes[RandDigit]);
                    var target = Keyboard.FocusedElement;
                    var routedEvent = Keyboard.KeyDownEvent;
 
                    KeyEventArgs ev = new KeyEventArgs(
                          InputManager.Current.PrimaryKeyboardDevice,
                          InputManager.Current.PrimaryKeyboardDevice.ActiveSource,
                          0,
                          Key.Back);
 
                    ev.RoutedEvent = routedEvent;
 
                    target.RaiseEvent(ev);
 
                    if (RandShift == 1)
                    {
                        InputSimulator.SimulateKeyUp(VirtualKeyCode.SHIFT);
                    }
                }
            }
        }

So this little bit of code runs on the keyup event of the password textbox. To make the amount of random characters larger simply change RandNumber.Next(1, 5) to RandNumber.Next(1, 10), but keep in mind that its going to have to back out more characters.

“Silver Diagram is a project that we started some months ago. The goal is to develop an easy to use, fast and extendable application for drawing and editing diagram, purely implemented with Silverlight.”

This is a great little app that shows off the power of the Silverlight platform. It looks and feels very similar to windows graphing apps but with the added feature that it runs in your web browser and you can run it without any installation (aside from Silverlight) on any Mac or PC.

This is a great video from Silverlight TV. One of the powerful things you can do with silverlight is more robust client side error handling than most web applications. Kyle McClellan walks us through some great techniques on how to do this. He also gives some useful tips on data binding for comboboxes as well as walking us through metadata and how it can be used in validation.

Zed Shaw – The ACL is Dead from CUSEC on Vimeo.

This is a great presentation by Zed Shaw (author of Mongrel Web Server). The first section of the presentation is about ACL and the limitations of ACL. The next half (the half I enjoyed the most) was basically how to survive and how to ‘keep your soul’ as a programmer. There are alot of struggles and obstacles to overcome when you exist as a programmer in the corporate world who does not understand what we do. Zed has alot of great suggestions as to how to communicate and work with the corporate culture and to make much needed progress. He also gives some great advice on how to save your inner creativity from being sucked away by the ‘factory line’.

I ran into an interesting problem today when trying to call a stored procedure from a linked server ‘Server not configured for RPC’. SQL 2000 uses RPC (Remote Procedural Calls) which is basically XML representing Objects on the server. The linked in server must be configured to handle this and by default SQL 2000 servers are not. It’s very simple to setup though all you need do is run the following:

exec sp_serveroption @server='servername/IP', @optname='rpc', @optvalue='true'
exec sp_serveroption @server='servername/IP', @optname='rpc out', @optvalue='true'

or you can go into your enterprise manager or SQL studio, right click on the Linked server and select ‘Server Options’ and select ‘True’ for ‘RPC’ and ‘RPC Out’.

Recently I’ve been working through some optimizations to some code and realized that there are alot of programmers who don’t know some programming best practices. There is alot to do with the performance of a program with how the programmer wrote it. Here are some things to concider:
(more…)

Yates Jarvis posted an interesting article on Google expanding their advertising on yahoo. Google adsense has been the gold standard for internet advertising for quite some time now and it just got better. It seems that these days everyone is trying to get a piece of Yahoo. Google has the most significant piece of the market share, but microsoft wants in. They have been trying to wiggle their way in with yahoo which hasn’t happened so far. Now it looks like Google has made headway with Yahoo and pushed Microsoft further away. Yahoo seems to (wisely) want to work both ends of the spectrum. Google has alot of technology and success, Microsoft has alot of money. Win win situation for them.