August 2005 - Posts

Another XBox dies, yet again.
Monday, August 29, 2005 11:35 PM

A little while back, I posted about my only slightly older than 1 year old XBox dying. I was a bit peeved, but I had faith in MS and the XBox, given I make my living from MSFT technology. So I bought a new XBox, and its been good.... until today.

Last night I was happily playing it. Turned it off. No dramas. Turned it on today. Service screen pops up showing error code 21, and the green eject button flashes red. Is it in warranty? Ofcourse not, not long out actually. The error code 21, as far as I can tell, means its in a bad way, I suspect the hard disk is somehow dead.

Now I love playing the games on the XBox, but I'll be stuffed if I am going to buy a 3rd XBox in as many years. I will try to fix it by combining my 2 dead XBox units, but I shouldn't have to (Note: Its not modded or anything like that. Its a plain vanilla XBox). I now feel embarassed that I have recommended these units to a number of friends and family. I have a large stockpile of games I am ready to now sell off. I have no doubt that the XBox 360 will contain a great number of technical advances, but I can't remain confident of its reliability, nor of the current Xbox's reliability. Unfortunately, I could no longer recommend them as a worthy purchase and even though I am a firm supporter of Microsoft in general, I could not remain condifent that the XBox is currently a good purchase due to reliability concerns, and that the XBox 360 will be any different. I would certainly not want to pay the larger XBox 360 price, to also have it die after a year.

Unfortunately, this previously staunch XBox supporter has left the building....

Ah well, such is life.

Note: I have a very old PS1 unit still happily playing games after being dropped, drooled on, discs scratched, hit and generally treated very badly. They dont make em like they used to...

TechEd on the Gold Coast
Monday, August 29, 2005 11:20 PM

Well TechEd is finally about to start here in Australia, on the sunny Gold Coast. There is a huge amount of sessions available this year, many more than last year. I'll be hosting a Web Dev discussion in Cabana Room B on Thursday at 3:45 along with Brad Millington, Philipo Beadle and Sam Spencer. Come along and join in this open forum about all things related to Web dev in ASP.NET.

I'll also be co presenting with Dave Glover, and many other notables such as Darren Neimke, Adam Cogan, Philip Beadle and Greg Low (I think thats the whole list!) about some of our favourite features in the .Net framework V2. Its the last session on the last day at 3:45pm. Dave will be doing some cool things with SMS interception and the V2 mobile framework, I'll be showing a full featured web server utilising the new HttpListener class in V2 with a nice code walkthrough, Darren will be showing some cool things with the portal framework, Greg will do some ADO.NET magic, and Adam and Phil, well I'l save that for the day. It should be great fun. Hope to see you there

by Glav | with no comments
ASP.NET Podcast - Show #13: Accessibility
Thursday, August 25, 2005 2:56 PM

Wally is back in the latest ASP.NET Podcast, show #13 which features :-

  • Erik Porter.
  • Polymorphic Podcast with Craig Shoemaker.
  • Scott Fletcher's PodCheck Review.
  • Listener emails
  • Accessibility discussion
  • Download from here

    Subscribe from here

     

    by Glav | with no comments
    ASP.NET Podcast - Show #12: Interview with Greg Low.
    Sunday, August 21, 2005 12:16 PM

    The latest ASP.NET Podcast is out. This one I do the whole introduction, as well as interview and give Wally a bit of a break. Hopefully you like it. As usual we welcome all feedback.

    Subscribe

    Download.

    • Me playing with sound effects
    • Greg Low Interview (Greg does the Sql DownUnder Podcast).
      • SQL Server from an ASP.NET perspective.
      • A little about the History of Greg Low and of SQL Server itself
      • CLR Hosting, the good and the bad.
      • SQLCacheInvalidation in SQL 2005 and in SQL 2000.
      • XML Support in SQL 2005 and its performance improvements
      • SQL Server 2005 Management Studio. Love it or hate it?
      • Mirroring support in SQL 2005
      • The future of SQL Server beyond 2005

     

    ASP.NET Podcast - Show #11: Wally's Intro to AJAX
    Monday, August 15, 2005 12:07 AM

    ASP.NET Podcast Show #11 is out.

    Wally does an Intro to AJAX talk with some code samples. Wally is currently on fire and is producing podcast content like its going out of fashion. Check out the whole show contents here (http://weblogs.asp.net/wallym/archive/2005/08/14/422523.aspx) or simply download it from here.

    Even better, subscribe. You know you want to....

    SecureString class in .Net V2 (Part 2)
    Monday, August 15, 2005 12:02 AM

    A couple of days ago I blogged about the SecureString class in .Net V2. I mentioned briefly about some of its features and why it exists, then proceeded to measure some of the cost of its functionality in terms of performance. I took some liberties with how I was accessing the SecureString contents to make it simple to measure performance.

    Eric Newton rightly posted a comment regarding that accessing the SecureString contents in this manner made it insecure and makes using it a waste of time. So this post is not about performance, and is an attempt to address that comment and is probably closer to how the SecureString is going to be used.

    Basically, the SecureString holds its contents encrypted. Anytime you place the contents into a regular string, it ceases to be secure as the runtime/GC then manages that unencrypted instance and will keep copies, in memory in plain text, or maybe the swap file and makes it easy to snoop on.

    So whats the point of the SecureString if you can't get its contents back for easy usage? Well, one way is to never marshall it back into a regular string, but instead compare/use a character at a time using the BSTR pointer, ensuring that you use the "marshalled" plain text contents of the string as quickly as possible, then clear out that section once you are done. A code example might look like :

    using System;
    using System.Collections.Generic;
    using System.Text;

    using System.Runtime.InteropServices;

    namespace junk1
    {
        class Program
        {
            static void Main(string[] args)
            {
                // Yes, this text is held insecurely in memory
                string TEXTDATA = "This is some sensitive info";

                using (System.Security.SecureString secretString = new System.Security.SecureString())
                {

                   // Add the text from our insecure string into our SecureString
                   // Normally, you WOULD NOT keep a string in memory for this purpose but it makes this
                   // Demo a little shorter and easier to read.

                   foreach (char c in TEXTDATA)
                       secretString.AppendChar(c);

                   Console.WriteLine("Marshalling...");
                   // Marshall the secure string to a BSTR pointer
                   IntPtr ptr = Marshal.SecureStringToBSTR(secretString);
                   try
                   {
                       byte b = 1;
                       int i = 0;

                       // Loop through until we hit the string terminator '\0'
                       while (((char)b) != '\0')
                       {
                           b = Marshal.ReadByte(ptr, i);
                           Console.Write((char)b);
                           i = i + 2;  // BSTR is unicode and occupies 2 bytes
                       }

                       Console.WriteLine("\nDone.");
                   }
                   finally
                   {
                       // Free AND ZERO OUT our marshalled BSTR pointer to our securetext
                       Marshal.ZeroFreeBSTR(ptr);
                   }
                }

                Console.ReadLine();
            }
        }
    }

    This little code snippet shows how we marshall a SecureString into a BSTR string pointer. From here we can iterate through the character contents, comparing them or in this case, writing them to the console. Once we are finished with it, we want to free the BSTR and zero out its contents to make sure no one or nothing can read those contents. This is why we wrap it in a try...finally to ensure it gets freed and zero'ed out.

    Granted, its not the nicest code but I hate making simple blog entries too long winded.

    Note: I am incrementing the pointer offset by 2 each time as its a unicode string and each character occupies 2 bytes.

    Update: No one picked it up initially, but the SecureString uses unmanaged resources, and like all good objects that do this, it implements the IDisoposable interface. I have modified the code above to utilise this interface via a 'using' statement.

    by Glav | with no comments
    Update to AsyncClientConnector control for ASP.NET V2
    Friday, August 12, 2005 6:40 PM

    A little while ago I released a control that makes it easier to use Asynchronous Client Script callbacks within ASP.NET V2. The original post is here ( http://weblogs.asp.net/pglavich/archive/2005/05/11/406348.aspx ).

    As you may or may not be aware, the ICallbackEventHandler interface that is used with this has now changed slightly. Originally, the interface contained only 1 method:

    string RaiseCallbackEvent(string arg);

    But now, there are 2 methods:

    void RaiseCallbackEvent(string arg);
    string GetCallbackResult();

    The reasons for this are primarily to support asynchronous data sources and are detailed in Betrand Leroys blog. I have updated this control to now use the latest incarnation of the ICallbackEventHandler interface and therefore make it compatible with the latest release of ASP.NET 2.0 and hopefully the RTM version.

    You can download it from my personal site or from the Project Distributor site. Hope you find it useful.

    by Glav | with no comments
    SecureString in .Net V2
    Friday, August 12, 2005 3:32 PM

    I have been playing with the SecureString class in .Net V2 lately (System.Security.SecureString). Its one of those incremental changes to the framework that is nice to have.

    Briefly, the SecureString holds a strings contents in memory in encrypted form (using DPAPI). A standard string is held in memory and is often used to contain sensitive data like connection strings, credit card details, whatever. The standard string is immutable meaning once allocated, you can't overwrite it so there is no easy way to clear it. The garbage collector can move this around (i.e. its not pinned), potentially keeping many copies of the string in memory at any one time. These memory contents can make their way into SWAP files, where its a lot easier to be found.

    So, the SecureString is 'pinned' so the GC cannot move it around, its contents are encrypted using DPAPI, so whether its in memory or the SWAP file, you cannot examine its contents easily. It is mutable, so it can also be 'cleared' or zero'ed out effectively erasing its contents from memory, not simply marking it for collection.

    Sounds ok, and you'd only use it in certain situations, but I was curious as to what the cost is.

    Ease of use is an obvious cost (although I am more concerned with performance right now). The SecureString requires you to add characters into it, rather than assigning a string, for obvious reasons. Once you construct a string object, its in memory, and the advantage of secure string is useless as its already in memory in plain text. So the code might be:

    SecureString secret = new SecureString();
    secret.AppendChar('H');
    secret.AppendChar('i');

    Also retrieving that string later involves some interop marshalling. The code below shows an example:

    IntPtr ptr = Marshal.SecureStringToBSTR(secret);
    string myRegularString = Marshal.PtrToStringUni(ptr));

    So the code is a little more, nothing too hairy though. I wondered about the performance cost of this though. Not that performance is going to be a real issue as I would not envision its use for a large number of string operations, but I was curious anyway. I wrote some code to add a standard string obejct to a StringBuilder 10000 times, and to add the contents of a SecureString (containing the same text as the standard string) to a StringBuilder the same amount of times (10000). The results are below:

    As you would expect, a pretty reasonable hit, given the encryption and marshalling that needs to occur.

     

    ASP.NET Podcast Show #10 - Interviews with Sahil Malik and Hilary Cotter
    Thursday, August 11, 2005 5:35 PM

    Show #10 of the ASP.NET Podcast is now available for your listening pleasure. This week is a double interview special with Sahil Malik and Hilary Cotter. Wally McClure does all the hard work with this show and he does it well.

    You can directly download the show from (http://libsyn.com/media/aspnet/ASPNETPodcast20050811.mp3) or you can subscribe to the show via our NEW LIBSYN Podcast account! (All of our download/bandwidth hassles should be fixed now). The subscription link is http://www.scalabledevelopment.com/ftp/ScalabilityWithDotNet.xml

    The show contains:

    by Glav | with no comments
    Asynchronous Client Script Callbacks Article
    Thursday, August 11, 2005 9:40 AM

    An article by on Asynchronous Client Script Callbacks in ASP.NET V2 and a starter on how to use them, with source code included, is available here (http://www.simple-talk.com/2005/08/10/asynchronous-client-script-callbacks/)

    by Glav | with no comments
    More Posts Next page »

    This Blog

    Syndication