Jon Galloway

My Boot-to-VHD experiment: found some tips, like it, but still haven’t found VM nirvana

Summary

• Windows 7’s Boot to VHD works as advertised – native speed, virtual machine flexibility.
• I came up with some tips and tricks which you might find useful
• Having to reboot without hibernate to switch to the VHD machine means it’s a lot less useful than I’d hoped.

Background

I’ve recently been running some early releases developer tools which came with the “install on VM’s if you don’t want your computer to catch fire” warning. That seemed like a good time to back off on my “VM’s are for sissies” stance and get my VHD on. After verifying that there wasn’t already a suitable VHD available for download, I decided to follow Scott Hanselman’s directions to set up a Boot To VHD instance.

Here’s a very high level overview:

1. Download the wim2vhd script from CodePlex
2. Install the Windows 7 Automated Installation Kit (AIK)
3. Copy ImageX.exe from the the AIK install into the same folder as the wim2vhd script
4. Run the script
5. Mount the VHD in the Windows 7 disk management screen
6. Run some funky commands to make the disk bootable

There's a little goofing around at the command line, but it's only a few minutes if you follow the directions. Then your new VHD shows up as an option on boot.

BUT WAIT! I have a few minor modifications. Rather than write a complete walkthrough of the process – since Scott and others have done such a good job there – I’m just going to list some footnotes to the process. I’ve very roughly outlined the steps above; I recommend you read through the following list of tips, then go and follow Scott’s walkthrough and use any of the below tips you think are helpful.

Mod #1: Getting ImageX.exe without installing the AIK

There are copies of ImageX.exe floating around on the internets. I normally wouldn’t recommending using them, I only mention that because the AIK is 1.5 GB. If you’re one of those irrational people that thinks downloading 1.5GB to get a 471KB program, you could search around for “download imagex.exe” If you do that, the CRC for my my 32 bit ImageX.exe – version 6.2.7600.16385 - is 54 BF FA D5. Not recommended, but it is an option.

Note: Dear Microsoft folks that make gigantic SDK’s, please stop. Those might have made sense before the internet, but… c’mon now. Here’s how utilities should be done: live.sysinternals.com. 

If you end up downloading the entire (1.5GB!!!) AIK ISO but hate installing a bunch of junk just to use one thing, you can open the ISO in 7-zip and find the find the ImageX.exe file, by looking for F1_imagex in Neutral.cab, like so:

Then you can just extract that file and rename it to ImageX.exe.

Mod #2: Changing the VHD size

The wim2vhd script defaults to a 40GB dynamic disk. Normally, I don’t really care much about the size of a dynamic disk, because the actual size of the VHD is only as big as the actual used space, and you can compact a disk to recover space as needed. However, when you mount a dynamic drive, the boot manager and host filesystem appear to reserve the maximum possible size of the of the disk – 40GB. In my case (on a laptop), that wasn’t going to work.

It’s not just a convenience thing, either – if you have a VHD whose maximum size exceeds the physical disk space available, you’ll get a blue screen of death:

(photo credit: Bart Lannoeye, see his post about the BSOD issue)

You can change the created VHD disk size using the /size parameter. For my Windows 7 + Visual Studio 2010 testing purposes, a 16GB disk seemed to work well. To do that, you’d call wim2vhd with this command:

cscript wim2vhd.wsf /wim:e:\sources\install.wim /sku:ultimate /size:16384

The size is calculated in MB, so you calculate it as 1024 * number of GB. A 20GB would use /size:20480

Mod #3: Rearming Windows to extend the evaluation time

If you’re using a virtual machine installation of Windows for temporary testing, you can use it without activation for 30 days. However, you can extend that evaluation period 3 times, giving you a total of 4 months, which is plenty of time for most evaluation purposes. It’s really simple:

Run "slmgr -rearm" from a command prompt with admin rights

This isn’t a hack – it uses a command that’s been shipped with Windows since Vista first came out. It’s not really news – Jeff Atwood wrote about it a while ago, and Ed Bott followed up with a cool tip on scripting that command to run every 30 days so you don’t forget. But it’s a really handy note, and it bears repeating.

Note: Apparently you can use the SkipRearm registry setting to extend that even further, but I don’t know if that’s covered by the EULA. I haven’t had the need to use a VM that long, so I’ve never run into that.

Mod #4 (untested): EasyBDC

You can apparently skip the rigmarole with BCDEDIT by using EasyBCD, because beta builds of EasyBCD 2.0 support the Windows 7’s VHD features.

Note: I haven’t done this. I’ve used previous releases of EasyBCD and haven’t had a problem, but I haven’t used EasyBCD 2.0 as it wasn’t out when I set up my VHD.

Mod #5 (untested): Disk2vhd

The SysInternals team recently released Disk2vhd, which can capture a disk image (while running) and create a VHD. I believe that in order to use the created VHD on the same machine it was created from, you’d first need to sysprep it, since otherwise you’re essentially trying to run two identical copies of the same operating system on the same computer, and you run into problems with drive paths. I haven’t tried this yet.

Gotcha #1: Go with Windows 7 Ultimate

Boot to VHD only works in Windows 7 Ultimate or Enterprise, not Windows 7 Professional. But you can’t use the Windows Activation re-arm trick we just talked about in Enterprise (since it uses a different licensing model). So I recommend that you go with Windows 7 Ultimate Edition.

Gotcha #2: Dual Boot means no hibernation

I use hibernation quite a bit, and only do a full reboot when I have to. So, for me, dual booting was inconvenient. It meant shutting everything down – including saving any tabs I happened to have open in IE8 (since tab saving in IE8 has been pretty unreliable for me) – in order to use the VHD partition, then shutting everything in the VHD partition down to switch back to the main one. That’s a lot of friction, and it ended up that I don’t use it as often as I thought I would.

As I write this, I’m setting up a VHD which I’ll just run under Virtual PC, because I can start it up without shutting everything else down. I still feel like it’s a great feature, just one that I’ll use less often than I thought.

Side note: Fast switching between boot instances would be a killer feature for Windows. I’d settle for multiple hibernation instances. I’ve read that it’s not enabled because of concerns over invalidating one hibernation instance while running the second machine instance, but I disagree – let me make that decision. At least give me a registry setting or something to enable it.

Did you know about protocol-relative hyperlinks?

Summary:

1. (For normal humans) IE and Firefox show perplexing messages on some pages due to a potential security vulnerability in the site you’re visiting. I’ll talk about what it means and how you can get it to go away.
2. (For web developers) Don’t perplex your users with mixed content warnings. Use protocol-specific hyperlinks to deliver your page resources (images, CSS, Javascript) using the same protocol (HTTP/HTTPS) as the page.

Do you want to only read about this puzzling webpage prompt?

If you use IE8, you’ve probably puzzled over this dialog dozens of times:

It’s kind of an odd question: “Do you want to view only the webpage content that was delivered securely?” Yes, of course! I mean, no. Well, what’s that “only” bit mean?

Fortunately, that dialog is explained in more detail in a post on Eric Law’s IE Internals blog. It’s a warning about a webpage which displays mixed content, meaning both HTTP and HTTPS. Eric explains the weird wording a bit, too: the old dialog said “This page contains both secure and non-secure items. Do you want to display the nonsecure items? That’s almost a variant of the classic dancing bunnies problem – I clicked on the page and it’s asking me if I want to see it. Of course I do. The new prompt kind of guides you towards only viewing the secure content.

In general, the warning is a good thing. Mixed content pages allow passing content between zones. That’s bad.

If added to the DOM, insecurely-delivered content can read or alter the rest of the page even if the bulk of the page was delivered over a secure connection.  These types of vulnerabilities are becoming increasingly dangerous as more users browse using untrusted networks (e.g. at coffee shops), and as attackers improve upon DNS-poisoning techniques and weaponize exploits against unsecure traffic.

Tampering with your HTTPS web page doesn’t just mean via Javascript. An insecure, tampered CSS file could do just about anything it wanted to with how the user views the page.

But this prompt is annoying!

It is annoying, yes. If it’s a site you use frequently, you’ve got some options.

1. You can disable the prompt (Tools / Internet Options / Security / Custom / Misc / Display Mixed Content / Disable). This would generally be a bad idea since the mixed content warning is trying to help you.
2. You can trust the non-secure domain (if you do trust it) and then only disable the mixed content prompt from the trusted zone. Remember that this is still a security risk, since HTTP content can be read and modified anywhere between your browser and the server.
3. If it’s a site that’s under your control, you can fix it.

Fixing the real problem with protocol-relative hyperlinks

The real way to fix the problem is for web dev's to use protocol-relative hyperlinks, such as <img src="//www.google.com/intl/en_ALL/images/logo.gif" /> - that will use HTTPS if the page is HTTPS an HTTP if the page is HTTP, preventing both the security vulnerability and the security prompt. Rather than trying to fix the links in code, we’re relying on a specified and supported HTML feature (RFC 1808, Section 2.4.3, circa 1995)

As Eric points out, you can find out which content is causing the problem with an HTTP monitoring program like Fiddler.

Adding users to a TFS project when you’re not on the domain

Visual Studio Team System was obviously designed for user groups who are all members of a Windows Active Directory domain, all working in the same local network. I’m able to work remotely (without VPN, even) as long as I’m just checking files in and out, but the Visual Studio / TFS UI won’t let me grant users permission to contribute to my projects. I messed around with TFS Power Tools, but that didn’t work either.

I ended up running TFSSecurity.exe /g+ from the command line – you can find it in (by default for Visual Studio 2008) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE. Here’s the command I ran (substituting the correct server/projectname/domain/username, of course):
TFSSecurity.exe /server:servername.domain.com /g+ "[PROJECTNAME]\Contributors" n:"DOMAIN\username"

C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE>TFSSecurity.exe /server:servername.domain.com /g+ "[PROJECTNAME]\Contributors" n:"DOMAIN\username" 
TFSSecurity - Team Foundation Server Security Tool 
Copyright (c) Microsoft Corporation.  All rights reserved.

The target Team Foundation Server is SERVERNAME.DOMAIN.COM. 
Resolving identity "[PROJECTNAME]\Contributors"... 
  [A] [PROJECTNAME]\Contributors 
Resolving identity "n:DOMAIN\username"... 
  [U] USERNAME\username (User Name) 
Adding User Name to Contributors... 
Verifying...

SID: S-1-9-1233567890-1233567890-1233567890-1233567890-1-1233567890-1233567890-1233567890-1233567890

DN:

Identity type: Team Foundation Server application group 
   Group type: Generic 
Project scope: PROJECTNAME 
Display name: Contributors 
  Description: A group for those with general read/write permissions across the project

6 member(s): 
  [U] DOMAIN\username (User Name) 
  [U] DOMAIN\username2 (User Name 2) 
  [U] DOMAIN\username3 (User Name 3) 
  [U] DOMAIN\username4 (User Name 4) 
  [U] DOMAIN\username5 (User Name 5) 
  [U] DOMAIN\jong (Jon Galloway) 
Member of 1 group(s): 
e [A] [SERVER]\Team Foundation Valid Users

Done.

Done and done.

The Designer/Developer Workflow Crisis (That Everyone’s Ignoring)

Let’s take an honest look at what passes for developer/designer workflow these days:

Why are we okay with this?

Sure, designers are fond using the programs they’ve used for years, and developers are busy debating DI vs. IOC, but we’re missing a bigger point. We’re ignoring how ridiculous the entire workflow has become.

I argued with some folks on Twitter about this a while ago, here’s the short version:

• I think it's time for designers and developers to step up on skills and care about integration.
• A designer who only knows Photoshop and Illustrator isn't going to cut it much longer (outside of print design).
• ...and some level of UI integration is going to be a minimum competency for developers.
• I think designers who deliver bitmaps are going the way of the village blacksmith. May take a few years, but inevitable.

Here’s a bit more detail on what I was thinking.

Approaching design and development separately is horribly inefficient

I’ve been privileged to work with a lot of very talented web designers over the past decade. Most of them spoke Photoshop. To quote Scott Koon, these folks see developers as compilers who turn Photoshop into websites. I’ve also had frustrating conversations with developers over the years who just didn’t see the point in this annoying standards stuff and were perfectly happy to just give up and use tables. And it all works, in the very very short term. But it only works because the people who pay the bills don’t know how ridiculously inefficient it is.

The flowchart above is funny because it’s true, the more you experience how true it is, the less funny it becomes.

Production workers need to understand - deeply understand - what they’re producing

There’s a continual flow of developer products and frameworks which all purport to sell one product: we let you write code in languages you like, so you don’t have to mess with that yucky web plumbing, cross-browser testing, and other yucky stuff – just write code all day! And many designers prefer to work at the purely visually level, preferring to live in a world of hip fonts, color schemes, and favorite Photoshop filters. At the micro level, it all makes sense.

And yet, it’s all so wrong. As members of web development teams, our jobs exist to deliver HTML. And some images, too, but really the information’s in the HTML, so that should be the focus, right? The longer I work in web development, the more appalled I come at how little professional web developers know about the core technologies of their craft: HTML and CSS. HTML and CSS should be the lingua franca of web development teams. Designers and developers should huddle around a CSS rule, both feeling at home. Instead, I hear lip service – “Of course I know HTML! And I know enough CSS to get by…”

One of the top reasons developers and designers need to be better informed about their core technologies is that they define the natural laws of the world we inhabit. For example, architects don’t ignore physical limitations when they design buildings, leaving it to engineers to make it work, and (good) engineers don’t product ugly buildings, hoping someone else can fix it with a paint job. No, beautiful and functional buildings are built by teams that have a deep understanding of what the available materials can support, and they push them to the limit. So, too, with most other professions. Why is web development is an exception to this rule?

A comp is just another word for a specification. Why are professional web developers writing specifications, when they should be designing user experiences for the web?

Server code is of no concern or value to a website user, outside of the effect that it creates in their browser. Why, then, do so few experienced web coders care about things like CSS techniques and semantic markup?

We’re doing this today

A good designer/developer workflow is standard practice where I work (Vertigo), and I’m certain it makes a huge difference in both the efficiency and quality of the end result. It requires investments (hiring, training, educating clients, etc.), but I know they pay off many times over. For instance, we’ve been able to respond to changing requirements under very short timeframes in ways that just wouldn’t have been possible if we had designers and developers working in different silos.

So when people tell me that this whole developer/designer workflow thing is just a marketing strategy, I have to disagree. I think it works in places that have tried it, and can be developed in places that haven’t.

Today, tomorrow

One great thing about developing this skill in the traditional (HTML based) world is that it’s very transferrable to RIA technologies, like Silverlight. Designers who really get HTML+CSS can pretty quickly tear into Silverlight, often finding it easier because they can substitute vectors for images.

And I really believe that the HTML story is headed that way, too. We can already approximate things by using Canvas or SVG in all leading browsers, then shimming it into IE with things like VML. Eventually I expect IE will (finally) support SVG, and we’ll see the vision of image-less pages fully realized. And then what? Well, at that point, Photoshop comps will be more obviously pointless. It’ll be clear that they’re no more than specifications, and not even very efficient in that job.

My point: an investment the whole “designer/developer workflow” is, I think, a good short term and long term bet.

And it’s an excellent career bet, too. I’m seeing a very clear trend: integrators – those who don’t limit themselves to just designing or developing – are in high demand.

Windows 7 RTM – Faster Download, Better Upgrade

Here are some quick tips now that Windows 7 is up on MSDN:

Faster download

Download via the MSDN Top Downloads link instead of the MSDN File Transfer Manager. The MSDN Top Downloads are delivered via Akamai, and my download speeds jumped from 200KB/s to 2MB/s when I switched to it. (thanks to Greg Duncan for the pointer)

UPDATE: There’s also an Akamai link for Technet Subscribers.

Upgrade from previous Windows 7 installs

Contrary to popular opinion, you can upgrade from Beta or RC to RTM. It’s not officially supported, but it’s not a hack, either. There’s a single INI file you need to edit, and it put there for just that purpose. The Windows 7 team wrote about this on the Engineering Windows 7 Blog, and Lifehacker explained the steps a little more clearly:

1. Download the RC ISO and burn to a DVD.
2. Copy that burnt image to an external drive or a spare partition. [note – I just copied to a folder on the desktop of the computer I’m upgrading]
3. Find the sources directory, and open the file cversion.ini in your favorite text editor
4. To quote directly from Microsoft: “Modify the MinClient build number to a value lower than the down-level build. For example, change 7100 to 7000.”
5. Save the file, and then run setup as normal to start installation.

This sounds more complicated than it is – download DVD, copy files to the computer you’re upgrading, edit one line of a text file, and run the setup.exe. That’s it.

I’ve upgraded a machine from Beta to RC to RTM and it worked just fine.

Note that it's not officially supported, so if you have time to do a fresh install, I'd recommend it. The Beta->RC->RTM comes only with the Jon Galloway - Works On My Machine seal. 

Pick the right version

I like the Windows 7 Edition comparison chart on Wikipedia – it’s does a good job of showing exactly what changes between versions.

Uninstall Visual Studio 2010 Beta1 (if installed) before upgrading

This would be a bit of an edge case, but since we’re talking about downloading from MSDN then it’s very possible that some folks have Visual Studio 2010 Beta 1 installed on a Vista machine and want to upgrade to Windows 7. See Scott Hanselman’s post: Vista Users - Uninstall Visual Studio 2010 Beta 1 before upgrading to Windows 7

This applies to Windows 7 RC as well, unfortunately. Scott's post points that out:

* You might be running Windows 7 RC and thinking to do an unsupported upgrade to Windows 7 RTM. If so, remember, it's not supported, but you'll have this problem upgrading too, so uninstall Dev10b1/.NET4 first.

About Upgrades

I’ve heard generally good things about the Vista –> Windows 7 upgrade. It didn’t work on my 2 year-old Vista install. Admittedly, that box is jam packed with random alpha software and I’d have been shocked if it worked. On the bright side, though, it cleanly rolled back and left me with my old Vista install.

I have upgraded two machines from Windows 7 Beta –> RC with absolutely no problems, and am getting set to upgrade them to RTM now.

Know what your license covers

The Beta test license covered pretty wide use, but the MSDN licenses are more strict. Technically, an MSDN licensed operating system can only be used for development, not “mixed-use” like games or e-mail:

Many MSDN subscribers use a computer for mixed use—both design, development, testing, and demonstration of your programs (the use allowed under the MSDN Subscription license) and some other use.  Using the software in any other way, such as for doing email, playing games, or editing a document is another use and is not covered by the MSDN Subscription license.  When this happens, the underlying operating system must also be licensed normally by purchasing a regular copy of Windows such as the one that came with a new OEM PC.

Note that the MSDN licenses does allow for “one copy of certain desktop applications on one device for any purpose”, those applications being mostly Office applications. But, as I read it, you’d need to install those Office apps on a non-MSDN licensed operating system.

I will be conducting random searches to verify that you are complying with this.

Got any more Windows 7 download/install tips to share?

Troubleshooting an Intermittent .NET High CPU problem

We’d been getting sporadic reports of high CPU usage in Witty (a WPF Twitter client). I’d tried running the application in debug mode for a while and could never get it to occur, but finally I saw it happening while I was running a release build (keep in mind that 53% is indicating that one of my two CPU cores was saturated):

Great, let’s attach a debugger to see what’s going on:

Troubleshooting high CPU use often leads to chasing heisenbugs, since the CPU usage of course drops when you break into the code. But, I could at least step through the current code a bit to get an idea of the current state. Doing that showed a lot of time at System.Threading.WaitHandle.WaitOne, which made me suspect at threading issue.

On the other hand, breaking into a multithreaded app could have caused that, too. We need more information – let’s take a look at the current threads:

Note to self: should have named the threads so I’d have a better idea of what they’re all doing. I’ll talk more about that in a little bit.

Now, there are probably two ways to go from here:

• Smart, systematic debugging
• Brute force hacking

In this case case, since we don’t have that many threads to deal with, I think starting with some brute force interrogation is a good way to get started. If we don’t find anything, we’ll cool off and do the whole Sherlock Holmes contemplation thing, complete with pipe and violin.

First Guess: The Red Herring

This is not the real problem, it’s a wrong guess. I’m including this for two reasons:

1. It’s the truth. It’s what I really did. I’m not going to edit out my stupidity… this time.
2. It shows a little interesting information on loading symbols from the Microsoft symbol servers to step into and debug .NET framework code

That said, if you want to skip over this bit, I won’t be offended in the least.

So at this point, I started just looking through the thread list. When we activate a thread, even in disassembly, we can get a pretty good idea of what it’s doing. There’s a current call stack, and the disassembly view shows us the current executing method:

Well, our current hunch is that the System.Threading.WaitHandle.WaitOne call has to do with the problem, and it’s showing up as the current executing method, so it’s worth looking at for a bit. But that disassembly is over my head. We need to get the actual source… fortunately, that’s not tough. We can load the source from the Microsoft Symbol Servers:

And a few seconds later, we’re interactively debugging framework code. Paging Dr. Awesome…

Note: If you’re not able to see the framework code in the call stack, you’ll need to turn off the “Just My Code” debugger option:

I’ll spare you the embarrassment of watching me wander around the WPF code which pulls down databound images from internet addresses. It’s interesting code, but after poking around for a bit I convinced myself that this wasn’t the source of the high CPU issues.

Wising Up: Freezing Threads To Find The Culprit

At this point, I realized that I needed to get a little smarter. Instead of just browsing through all these threads just hoping to find the problem, I needed a smarter way to determine which one was actually the problem. Well, how about this?

1. Break into the debugger
2. Freeze one of the threads
3. Resume the app
4. See if the CPU usage has dropped – if so, we’ve found the bad thread, so we can debug it
5. If not, repeat

Simple enough. You can right click any of the threads in the list and freeze it:

Now, this is still kind of voodoo troubleshooting at this point, since there’s a possibility that the problem’s caused by the interaction of two different threads, or something else that’s going to be masked by a one-at-a-time approach. I’m playing another hunch here – I know enough about this application to assume that most of the threads are independent.

Intermission: Play Along At Home with this Simple Runaway Thread Demo

This may be a little tough to follow since there are a lot of moving parts. Let’s step back and look at a very simple application with one runaway thread. Create a new console application and add the following code:

using System.Threading;

namespace RunawayThreadSample
{
    class Program
    {
        static void Main(string[] args)
        {
            for (int niceThreads = 1; niceThreads <= 10; niceThreads++)
                new Thread(() =>
                   {
                       while (true)
                           Thread.Sleep(500);
                   }) { Name = "Thread " + niceThreads }.Start();

            new Thread(() =>
               {
                   while (true)
                   { }
               }) { Name = "Evil Thread" }.Start();
        }
    }
}

A few things to notice here:

1. We’re naming our threads this time. With .NET 3.5’s object initializer syntax, we can set the name when it’s created.
2. We’re using lambda syntax to define the anonymous thread delegates – that’s the “() => {…}” stuff. Karl Seguin covered that pretty well in his Back To Basics series.

Start up Task Manager (or run ProcMon), then run the application. You should see your CPU use pegged at around 100%, as the “Evil Thread” spins in a tight loop. Now break into the debugger – you should see your CPU usage drop as all the threads are suspended. Freeze the Evil Thread (right-click, freeze):

Then resume the application (by hitting F5) and you should see your CPU usage stays low.

Returning To Our Regularly Scheduled Program…

Sure enough, freezing and thawing threads in turn points me to a single thread which is causing the high CPU usage – one that’s spending a lot of time in Witty.SingleInstanceManager.WaitForSignal(). Interesting… a little searching lets me know that this class came from a CodeProject article about how to enforce a single instance for an application. So that explains why this bug was hard to reproduce – it only happened when the application was already running and you tried to start a second instance. That’s not something you’d normally do on purpose, so the bug just appeared to happen randomly.

But why didn’t we ever see it in debug mode? Let’s look at the code that sets up the single instance manager:

/// <summary>
/// Enforce single instance for release mode
/// </summary>
private void SetupSingleInstance()
{
#if !DEBUG
    Application.Current.Exit += new ExitEventHandler(Current_Exit);
    _instanceManager = new SingleInstanceManager(this, ShowApplication);
#endif
}

And there we go – the single instance manager only runs in release mode. Heisenbug magnet! Removing the #if pragma command lets us debug the single instance manager, so now it’s time to take a look at that WaitForSignal() method:

// thread method will wait on the event, which will signal
// if another instance tries to start
private void WaitForSignal()
{
    while (true)
    {
        uint result = WaitForSingleObject(m_EventHandle, INFINITE);

        if (result == 0)
        {
            m_Instance.Dispatcher.Invoke(System.Windows.Threading.DispatcherPriority.Normal, m_callback);
        }
        else
        {
            return;
        }
    }
}

There’s the bug - if you know the answer, just keep quiet so you don’t spoil it for the rest of the class.

Let’s take a look at how that WaitForSingleObject thing is working. First, when the application starts, we’re grabbing an Event Handle with OpenEvent, then spinning off a thread that calls WaitForSignal (code above):

public SingleInstanceManager(Window instance, ShowApplicationCallback callback)
{
    m_Instance = instance;
    m_callback = callback;

    //try to our event
    m_EventHandle = OpenEvent(EVENT_MODIFY_STATE | SYNCHRONIZE, false, EVENT_NAME);
    if (m_EventHandle == IntPtr.Zero) //if it doesn't exist
    {
        //create our event
        m_EventHandle = CreateEvent(IntPtr.Zero, true, false, EVENT_NAME);
        if (m_EventHandle != IntPtr.Zero) //if successfull
        {
            Thread thread = new Thread(new ThreadStart(WaitForSignal));
            thread.Start();
        }
    }
    else
    {
        SetEvent(m_EventHandle);
        MessageBox.Show("There is already an instance of Witty");
        Environment.Exit(0);
    }
}

So, here’s how it’s working – the OpenEvent is getting a handle, and the WaitForSignal method calls WaitForSingleObject, which will return 0 when signaled (that is, when another instance of the same handle is detected). Note – it looks like we’re running a tight loop with while(true), but when WaitForSingleObject is called with an INFINITE timeout, it won’t return until the object is signaled, meaning that the loop will never complete a single run unless a second instance is run.

But what happens when a second instance is started? Well, WaitForSingleObject returns 0, and we invoke the callback method, which just shows the application. No problem…

Except that now we’re in a tight loop. We’ll complete the loop, call WaitForSingleInstance, which will now immediately return 0 because it’s been signaled. There’s our high CPU bug. The solution is to call ResetEvent once we’ve shown the application, so that WaitForSingleObject won’t fire off again the next time through:

// thread method will wait on the event, which will signal
// if another instance tries to start
private void WaitForSignal()
{
    while (true)
    {
        uint result = WaitForSingleObject(m_EventHandle, INFINITE);

        if (result == 0)
        {
            m_Instance.Dispatcher.Invoke(System.Windows.Threading.DispatcherPriority.Normal, m_callback);
            ResetEvent(m_EventHandle);
        }
        else
        {
            return;
        }
    }
}

Now that we’re calling ResetEvent, we stay out of that tight invocation loop and we’ve licked this CPU bug. To be honest, unnecessary loops are a common source of bugs, and this one still kind of freaks me out even if the timeout on WaitForSingleObject is infinite. Given given time I’d like to look at some other single-instance solutions, but there’s no real performance driver for that.

Just Hacking Here

This has pretty much been “Git ‘R Done” debugging. It’s hacking. Hopefully it’s helpful to you, but I know that there are folks out there with some real skill at diagnosing application performance issues, and there are better debugging tools available, too. How would you go about diagnosing something like this?

Windows 7 Betta

I’ve been running Windows 7 Beta 1 for a week now and really like it. But I’d been looking at desktop for a few days before someone pointed out the little “desktop Easter egg”.

Here’s the desktop:

See it? Kirstin Juhl pointed it out on Twitter:

OK.... I just "got" the fish on Windows 7... it's a beta fish. I never would have put it together.... my 5year-old saw the screen and asked, "Is that a beta fish mom?" I looked and said "Ohhhh!!!"

Technically, it’s a betta fish, but I’m not going to quibble about that. So, enjoy the betta!

Time released content in ASP.NET

While working on the PDC2008 website, we had several time-critical updates. There were some announcements that needed to go live on the website at specific times to coincide with other marketing, there were updates to the list of of software being given to attendees that needed to go live right after the keynotes in which they were announced, etc. While some of the site ran on RSS feeds, on some pages we needed the flexibility of static HTML and CSS. While there were plenty of times where I made that sort of deployment by hitting upload in Filezilla at just the right time, there were other times where that wasn’t possible.

The first time that hit was in August, several months before the conference, when we needed a site update to go live while I was scheduled to be in the middle of a flight. Clearly, a technological solution was needed.

Extending The ASP:Placeholder Control

Yes, all you ASP.NET MVC hipsters can wander off now – this is an ASP.NET Webforms solution, since the site initially went live when ASP.NET MVC was at Preview 3 (5 months before hitting Beta). But – wait – please leave a comment on how you’d approach this with ASP.NET MVC, would you?

The ASP.NET Placeholder control is a simple control that renders no markup of its own, it just holds content. It’s great for holding blocks of content which is either displayed or hidden, among other things. So in this case, I inherited from Placeholder and created TimedContentPlaceholder, adding a Start and End property. That let me do this kind of thing:

<PDC:TimedContentPlaceholder runat="server" Start="10/28/2008 10:30 AM">
<% /* 
    Phase 3 (to go live Monday, October 28 – following Keynote 2) : Please add 
    as a block at the top of the page under a heading reading, "BITS UPDATE 02"
*/ %>
<h2>BITS UPDATE 02</h2>
    <b>Windows 7 Ultimate ISO</b></h3>
<p>
    Burn your own Windows 7 Ultimate DVD using these 32bit &amp; 64bit ISO files.</p>
<PDC:TimedContentPlaceholder>

So that content needed to be prestaged, but shouldn’t go live until the specified date and time. Here’s the control which handled that:

public class TimedContentPlaceholder : System.Web.UI.WebControls.PlaceHolder
{
    public DateTime? Start { get; set; }
    public DateTime? End { get; set; }
    public Uri Redirect { get; set; }

    public override bool Visible
    {
        get
        { return base.Visible && isInTimeRange(); }
        set
        { base.Visible = value; }
    }

    protected override void OnInit(EventArgs e)
    {
        if (Redirect != null)
            if (isInTimeRange())
                Page.Response.Redirect(Redirect.AbsoluteUri);
    }

    private bool isInTimeRange()
    {
        if (Start != null && Utility.GetCurrentDateTime() < Start)
            return false;
        if (End != null && Utility.GetCurrentDateTime() >= End)
            return false;
        return true;
    }
}

Redirection

Most of that’s pretty straightforward, but there are a few extra things there. First of all, there’s the Redirect property. That’s useful when you’ve got a basic page in place which will later redirect to an application or even another server later. For instance, we used that to redirect to the server hosting the session information on the cutover date using something like this:

<PDC:TimedContentPlaceholder runat="server" Redirect="https://sessions.microsoftpdc.com/" Start="8/15/2008 12:00 AM" />

Time Machine

The second thing is a bigger deal – we weren’t just using DateTime.Now in our time checks, we called out to a function. There were two reasons for that – the simple reason was to provide a central place to handle the timezone conversion between the conference location and the server location. But the main reason was to allow specifying a test time, which allowed us to see how the site would look at any time by passing in querystring arguments. Here’s how Utility.GetCurrentDateTime() worked:

public static DateTime GetCurrentDateTime()
{
    //Compensate for server being on the east coast
    if (IsProduction())
        return DateTime.Now.Subtract(new TimeSpan(3, 0, 0));

    DateTime testDate;
    if (HttpContext.Current.Session["date"] == null)
        return DateTime.Now;
    if (DateTime.TryParse(HttpContext.Current.Session["date"].ToString(), out testDate))
        return testDate;
    return DateTime.Now;
}

There was separate code in the masterpage which took a querystring variable and set a session variable with the test date. We also pulled that session variable in Silverlight elements as well, so we could step through the site evolution as the conference approached, each keynote completed, and the conference ended.

Not rocket science, but it worked for us. How would you have solved this?

Silverlight Crossdomain Access Workarounds

I was testing out some typography with Silverlight and figured I’d try grab some text from Wikipedia. I started with the naive approach:

private void GetText()
{
    WebClient webClient = new WebClient();
    webClient.DownloadStringCompleted += new DownloadStringCompletedEventHandler(webClient_DownloadStringCompleted);
    webClient.DownloadStringAsync(new Uri("http://en.wikipedia.org/wiki/george_washington/"));
}

void webClient_DownloadStringCompleted(object sender, DownloadStringCompletedEventArgs e)
{

    //This next line throws an exception 
    string fullText = e.Result;

    //Do some neat stuff...
}

That throws a pretty ambiguous exception: 'e.Result' threw an exception of type 'System.Reflection.TargetInvocationException'. The InnerException just shows “Security Error.” The source of the Security Error is that Wikipedia doesn’t have a Crossdomain ( crossdomain.xml) policy file.

Best Case: Site supports crossdomain.xml or clientaccesspolicy.xml

A lot’s been written about the Site Of Origin policy for both browsers and RIA clients like Silverlight and Flash, so I won’t rehash them in too much detail. The idea is that, for security reasons, code running in a webpage (Javascript, Silverlight, or Flash) should generally only be able to access the domain that hosts the webpage. Silverlight followed Flash’s lead and allows for cross-domain calls if the site it’s accessing has a crossdomain.xml file which permits it. This doesn’t really protect against cross-site scripting (XSS) attacks, since – as Rick Strahl noted – any malicious site can post a crossdomain.xml file (e.g. http://evilsite.com/crossdomain.xml) and RIA’s will then be allowed to pass information home. Rather, this is a safeguard against cross-site request forgery (XSRF) attacks. I think Steve Sanderson’s comment sums this up pretty well:

What you're missing is the CRSF scenario. Current browsers prohibit me, from www.pirate.com, using script to cause a GET or POST request to www.bank.com and actually reading the response data back in my script that I host onwww.pirate.com. This is important because requests sent to www.bank.com will include the cookies for that domain and may therefore be treated as authenticated requests, for which the server will return sensitive information. You don't want that sensitive information to be retrievable by the script running in www.pirate.com.

This […] allows cross-domain requests to read data across domains *only* if the target domain opts-in on a *per-request* basis. Obviously, www.bank.com isn't going to opt in for any sensitive URLs, but it might choose to do so for some kind of non-sensitive API (stock quotes or whatever).

So, crossdomain protection means that I can use a potentially evil Silverlight application without worrying that it’s going to use my browser context to try to access my bank or e-mail or other trusted data, because my bank isn’t going to allow cross-domain access. So evilsite.com can “phone home” with any cookies it has access to, but it can’t use my authenticated status to make requests to my bank.

Tim Heuer has written several good posts on cross-domain issues. I especially recommend his crossdomain.xml helpers for Visual Studio if you need to write your own crossdomain.xml file to expose your own services.

The Silverlight Web Services Team blog has some good troubleshooting tips in case you’re having trouble connecting to a site which has a crossdomain.xml file, and you can use this simple Silverlight Cross Domain Policy File Checker to quickly check sites. My top recommendations:

1. Make sure you’re not testing from a file:// URL, since websites running under file:// can’t make cross-domain calls. You need to test with an http:// page – for instance, using a test ASPX page running in the Visual Studio WebDev.exe test server.
2. Browse to the crossdomain.xml file (e.g. http://twitter.com/crossdomain.xml) to make sure that it’s there.
3. Test in Fiddler, Firebug, or the IE Web Developer Toolbar to watch network traffic and verify your Silverlight app is trying to connect to the right URL for crossdomain.xml.
4. Build a very simple test Silverlight app which does nothing but make the cross-domain call.

Note: clientaccesspolicy.xml vs. crossdomain.xml

Silverlight supports a subset of Flash’s crossdomain.xml file format, but doesn’t allow for fine grained control. If you’re exposing your own services to Silverlight, you’ll want to look at clientaccesspolicy.xml; if you’re supporting Flash and Silverlight you should ideally have both. However, in this post I’m concentrating on accessing external resources, which at this point are more likely to have crossdomain.xml due to the fact that it works on Flash as well.

Second Best: JSON Requests

JSON requests get a free ride – they can connect to any any site, regardless of whether they have a crossdomain.xml file. That’s probably because JSON is just an object notation (name/value pairs and ordered lists), rather than direct script. While it can be used for evil (via the evil eval()), it’s more of a serialization format than a script. Regardless of the reasons, it’s allowed to cross domains when other calls can’t.

Joshua Allen recently wrote about making JSON requests from Silverlight. His method depends on some Javascript methods being included in the host webpage, but it’s possible to append the Javascript to your DOM from Silverlight if you’re writing an embeddable widget (say, for instance, for the MIX09 10K Challenge).

Read Joshua’s post for the full details, but the basic idea is that you have an injection script in your page, like this:

function injectScript(url) { 
   var head = document.getElementsByTagName(‘head’)[0]; 
   var script = document.createElement(’script’); 
   script.type = ‘text/javascript’; 
   script.src = url; 
   head.appendChild(script); 
}; 

Then we invoke the injection script from our Silverlight application:

HtmlPage.Window.Invoke("injectScript", url);

The script source needs to point to a URL that returns JSON, and preferably wrapped in a callback function call, like this:

callback({"info": "important info here"}

Then (continuing to quote Joshua Allen’s example), the Javascript callback calls into a scriptable method in our Silverlight application:

function callback(obj) { 
   var silverlight = document.getElementById("silverlight"); 
   if (silverlight) { 
        silverlight.Content.Page.PassData(JSON.stringify(obj)); 
   } 
};

Note 1: About that JSON object

The call to JSON.stringify() is natively supported in IE8, Firefox 3.1, and is slowly working its way into Webkit (Safari, Chrome). But it’s easy to add JSON for other browsers by using the parser distributed on json.org: http://www.json.org/json2.js

Note 2: About that Callback

By convention, most API’s that return JSON will take a parameter for the name of the callback function. For instance, here we’re telling the html-whitelist service to call mySuperFunction with the results:

http://html-whitelist.appspot.com/whitelist?content=%3Cscript%3Escary+html%3C/script%3E&json=1&callback=mySuperFunction

Flickr defaults to jsonFlickrApi, but allows you to override the callback name with &jsoncallback=muSuperFunction

http://api.flickr.com/services/feeds/photos_public.gne?tags=silverlight&lang=en-us&format=json&jsoncallback=mySuperFunction

returns this (only showing the first image):

mySuperFunction({    
        "title": "Recent Uploads tagged silverlight",
        "link": "http://www.flickr.com/photos/tags/silverlight/",
        "description": "",
        "modified": "2008-12-11T19:22:44Z",
        "generator": "http://www.flickr.com/",
        "items": [
       {
            "title": "NEC Biglobe album viewer",
            "link": "http://www.flickr.com/photos/adamkinney/3100209567/",
            "media": {"m":"http://farm4.static.flickr.com/3294/3100209567_43d738e294_m.jpg"},
            "date_taken": "2008-12-11T11:22:44-08:00",
            "description": "description here…",
            "published": "2008-12-11T19:22:44Z",
            "author": "nobody@flickr.com (adKinn)",
            "author_id": "83775906@N00",
            "tags": "album silverlight deepzoom necbiglobe"
       }
        ]
}) 

Note 3: What to do with that JSON data?

In this sample I’m just passing the JSON data back to my Silverlight application as a string. You’re not on your own dealing with parsing that string, though – the System.Runtime.Serialization.Json namespace can handle that for you. Corey Schuman’s written a nice walkthrough on how to consume a JSON object in Silverlight.

No JSON? Don’t waste your time on IFRAME / JSONP hacks

I spent some time looking into ways to pull data from a URL that doesn’t supply data in JSON format. My conclusion is that it’s a bad idea. While you may be able to sneak something by an older browser, you’re essentially hacking at this point, and newer browsers will block it.

For instance, let’s try to create an IFRAME and load the content:

public Page() 
{ 
    InitializeComponent(); 

    HtmlPage.RegisterScriptableObject("Page", this);   

    iframe = HtmlPage.Document.CreateElement("iframe"); 
    iframe.Id = "invisibleIframe"; 
    iframe.SetProperty("src", url); 
    iframe.SetStyleAttribute("display", "none"); 
    iframe.SetAttribute("onload", "contentLoaded"); // call a function which calls silverlight.Content.Page.Loaded() 
    HtmlElement body = (HtmlElement)HtmlPage.Document.GetElementsByTagName("body")[0]; 
    body.AppendChild(iframe); 
} 

[ScriptableMember] 
public void Loaded() 
{ 
    HtmlWindow content = (HtmlWindow)iframe.GetProperty("contentWindow"); 
    HtmlElement doc = (HtmlElement)content.GetProperty("document"); 
    HtmlElement body = (HtmlElement)doc.GetProperty("body"); 
    string innerHTML = (string)body.GetProperty("innerHTML"); 
    Output.Text = innerHTML; 
}

While that will cause an IFRAME to be created and load the document, the IFRAME content isn’t accessible to Silverlight (or to Javascript functions running in the page, for that matter). Makes sense, the Single Origin Policy is being enforced.

Also a no-go: using the JSON approach on a URL that’s not returning JSON. Two problems:

1. Script tags with an external source are evaluated when loaded, and if they’re not valid Javascript you’ll get an error message. For example:
   <script src=”http://google.com></script>
   will try to execute the HTML code of the Google home page as HTML and will throw Javascript errors (depending on the user’s browser settings).
2. We won’t be able to access the content that the script tag contains from Silverlight or Javascript – it’s blocked by the the Site Of Origin policy.

Are there ways to hack around this? Probably. But, I’m convinced that it’s a losing battle – if you get it to work, you’re taking advantage of a bug. Browsers are enforcing a rule, and if you find a way around the rule, you should expect that it’ll stop working at some point, or won’t work on all the browsers you want to support.

Crossdomain.xml and JSON Friendly Proxies

So, what do you do if you want access to a web resource, but the site doesn’t provide a crossdomain.xml policy or expose data in JSON format?

The answer is to use a proxy who does allow access. You can write your own, of course. I wrote some posts about that back in the Silverlight 1.1 days, but of course that showoff Tim Heuer’s gone and upstaged me with a super-nice post on how to call Amazon S3 Services from Silverlight 2 with a custom webservice proxy. And to add insult to injury, he topped it off with another post on reading data and RSS with Silverlight and no cross-domain policy. He points out Yahoo Pipes, which is a workable solution for many cases, with some important caveats:

Note on usage: The module will only fetch HTML pages under 200k and the page must also be indexable (I.E. allowed by the site's robots.txt file.) If you do not want your page made available to this module, please add it to your robots.txt file, or add the following tag into the page's <head> element:

<META NAME="ROBOTS" CONTENT="NOINDEX">

For example, I created a simple pipe which grabs the HTML from a page and returns it in any of the formats Pipes supports (including JSON):

So, we can use it to scrape the HTML from the Silverlight page on Wikipedia and get access to the HTML content from our Silverlight application like this:

http://pipes.yahoo.com/jongalloway/url2json?URL=http://en.wikipedia.com/wiki/Silverlight&_render=json

That Pipe is published and is freely accessible, so you can either use it or clone it for your own use if you’d like. So if you’re after HTML content, that approach works provided the page is indexable and is <200KB. If not, you can see if the content’s in the Wayback Machine, since archive.org has a crossdomain policy file. To get the latest version of a page from the Wayback Machine, just use this format: http://web.archive.org/URL, e.g. http://web.archive.org/http://microsoft.com. They don’t provide the content in JSON format, but you can get it via a WebClient request.

If you want access to data that’s got an RSS feed, you’ve got a lot more options. Feedburner supports crossdomain, and there are piles of Feed To JSON pipes on Yahoo Pipes, such as jsonifier. For instance, StackOverflow doesn’t (yet) support crossdomain access, but we can get a JSON feed of questions tagged with Silverlight (http://stackoverflow.com/feeds/tag/silverlight) with that jsonifier pipe:

http://pipes.yahoo.com/pipes/pipe.run?_id=NFpLzYbC2xGoZ8blE2_cUw&feed_url=http://stackoverflow.com/feeds/tag/silverlight&show=400&url_filt=__nomatch___&_render=json

and if we wanted it in XML format, we could just change the _render action:

http://pipes.yahoo.com/pipes/pipe.run?_id=NFpLzYbC2xGoZ8blE2_cUw&feed_url=http://stackoverflow.com/feeds/tag/silverlight&show=400&url_filt=__nomatch___&_render=xml

Calls To Action

1. Lobby sites which provide external data to support crossdomain.xml. Be sure to let them know that it will enable both Flash and Silverlight to access their data.
2. I’ve started a community wiki at Stack Overflow to list sites which do support crossdomain.xml. Please add to the list if you know of some I missed.
3. Write some cool mashups!

Epilogue

Oh, and wikipedia? The thing that got me started on this quest? It turns out that they do have an API that returns JSON.

Looking back at MicrosoftPDC.com (from the inside)

I had the privilege of working on the MicrosoftPDC.com website as lead developer for the past several months. The process hasn’t been kind to my blogging schedule lately, but the experience definitely taught me quite a bit: working with the top-notch Microsoft developer evangelism team, setting up a site for maximum flexibility, setting up the Silverlight experience, and troubleshooting some interesting issues during the conference. I’m going to run through several of these at a high level and may dig into some of these in more detail later (so comment if you want to hear more about something).

As I’m describing some of these, remember that while I was the lead developer, these sites were built by a team. The project and UI experience were managed by the Microsoft Developer Evangelism team, the visual design was based on the overall conference visual design concept. I lead the development team which included some of our super-awesome developers and designers here at Vertigo¹. So I’ll take some of the credit for what went well and most of the blame for what went wrong. Also, while the experiences were kept in sync, we didn’t do any of the work for the the registration and live conference session information (including video links, evals, etc.). register.microsoftpdc.com and sessions.microsoftpdc.com didn’t even live on the same server as the rest of the micorosoftpdc.com site.

This site used ASP.NET Webforms rather than ASP.NET MVC. We built the first release of the PDC2008 site in April - May 2008, and ASP.NET MVC was at a Preview 2 release stage back then. I love new and shiny, but I couldn’t in good conscience recommend that we launch the PDC site on MVC so early on. As I worked on it, though, I continually asked myself, “Will this be the last ASP.NET Webforms site I’ll deploy?”

Reuse Through Simplicity

We originally built a single site – microsoftpdc.com – but it’s turned into quite a bit more than that. The original microsoftpdc.com site was a pretty simple “brochure” site, designed to give people the information they needed to get to the PDC conference. The week before the conference, we shifted to a “live experience” mode that included a re-skin and changes to the sitemap to present information that was relevant to people attending the conference or keeping up with it online. That same week, we launched two other sites: m.microsoftpdc.com (a mobile site for PDC attendees) and 2009.visitmix.com, an information site for the MIX09 conference. While all these these sites looked pretty different, they all ran on the same code base. As I look back at things that went well, I think this is one thing we got right - we struck a good balance on the design so that we were able to heavily reuse the site code without having to tell the client that simple changes would take days because our system was too complicated.

Here are some of the things that helped keep us flexible:

• CSS based design
• Resisting the urge to premature generalization
• A great client – we were able to be involved in the user experience planning at a level which allowed us to define some consistency across the site
• Feed-based content as an ultra-lightweight CMS
• Master pages used on all pages in the site except the home page – for a while, the same site would display in “PDC Classic”, “PDC Live”, and “MIX” modes with a querystring switch (disabled in production)

The master-page / CSS switching worked surprisingly well – for instance, here’s the same agenda page shown before and after the theme switch:

We didn’t use the built-in theme system for ASP.NET, as it unfortunately doesn’t play that well with CSS based design and conditional stylesheets.

Look, Ma! No database!

One interesting thing about these sites is that they pulled their dynamic content from a variety of feeds. I built out a control which basically piped an RSS feed through an HTML cleaner to a ListView control. The ListView control just output the content in unstyled HTML, so it was reused all over the place. The HTML cleaner did a few things – stripped ugly HTML (including Word HTML markup) and did a “smart truncation” of the HTML content so we’d a desired character length with adjustments so we split at word boundaries and didn’t leave unclosed tags. I used the Html Agility Pack to handle the HTML parsing so I could focus on the logic.

The Mobile Site – m.microsoftpdc.com

While I set the technical direction and took care of some polish areas here, I really can’t take too much credit for what I consider to be one of the best features of the microsoftpdc.com site. David Shadle, the (awesome) creative director for the PDC online experience, designed a mobile experience exactly how I’ve always thought they should be done – as a focused mini-site specifically created for attendees at the conference. Then Jim Lin built it. I helped with some polish by following Scott Hanselman’s iPhone webdev tips (adding the iPhone home screen icon and adjusting the viewport), but mostly I just got out of the way and let it happen.

Here’s that fancy iPhone home screen icon. Phear my graphics skillz!!!

The Silverlight Live Experience

I put a lot of work into this, and it was probably one of my favorite features despite the fact that it was only live for 4 hours or so (during the webcast keynotes). We thought about how we watched conference keynotes – frantically switching between the video and Twitter – and we tried to set up an experience that would make people like us – geeks who love keynotes - really happy. We built a tiny Twitter client in Silverlight which pulled directly from search.twitter.com, and fortunately everything (Twitter included) held up well during the keynotes.

You know what took way more time than you’d expect? Styling the scrollbar in the Twitter area.

Hovering over the event photo thumbnails expanded to a Silverlight Deep Zoom photo explorer thing…

… and clicking on the thumbnails or spinning your mouse’s scroll-wheel would of course zoom you in on the photos, in all their Flickr medium-resolution glory! Of course, there were some dangers – if you zoomed in on the wrong photos, you could get stuck in a Deep Zoom recursion situation which has been known to collapse the very fabric of spacetime:

We leveraged a system Vertigo has  developed to enhance and manage Deep Zoom experiences. It’s called Big Picture, and it powers some other cool Deep Zoom projects like the Mojave Experiment site and this page which displays all the newspaper headlines with the news of the Obama’s recent election victory. In addition to handling UI details like laying out the photos in a nice justified rectangle, there’s a server piece running behind the scenes that builds the photo collections. We used the Big Picture server’s Flickr integration system, which ran a scheduled build process against the latest Flickr photos with the PDC2008 tag. That task took some management as the collection grew during the conference, but fortunately Jay Walters (the developer who did most of the work implemented the PDC / Deep Zoom experience) was on the ball, scaling our build times to match the photo collection size.

What did you think? What did we get right? What did we do wrong?

¹ I mentioned that I work at Vertigo, I love my job, and we’re hiring, didn’t I? Yes? Great!