comments edit

In response to Ian’s post on thread.abort, Richard Blewett points out a situation when the thread you are attempting to cancel can’t check the volatile book flag to determine whether it should cancel itself or not.

An example he presents is when the thread is waiting on a synchronization primitive. The solution given is to call Thread.Interrupt.

This is a handy technique when you have a reference to the thread you wish to cancel, but this is not often the case when dealing with asynchronous method calls such as spawned by calling BeginInvoke. You won’t have a reference to the thread that an asynchronous method call is operating on.

So what is the would be thread terminator to do? Rather than go back in time and stop the thread from being spawned in the first place (my apologies for the poor cinema reference), avoid having indefinite waits on synchronization primitives in the first place. With a ManualResetEvent for example, you can specify a timeout for the WaitOne method. I recommend that you do so.

comments edit

Ian Griffiths (one of my favorite tech bloggers) wrote this fine piece on why Thread.Abort is a representation of all that is evil and threatens the American (and British) way of life.

The problem with Thread.Abort is that it can interrupt the progress of the target thread at any point. It does so by raising an ’asynchronous’ exception, an exception that could emerge at more or less any point in your program. (This has nothing to do with the .NET async pattern by the way - that’s about doing work without hogging the thread that started the work.)

If you’re interested in how Thread.Abort raises an exception in another thread, read Chris Sells’ (another favorite blogger) investigative report here.

I’ve taken this to heart in the design of my Socket server class (which I will release to the public some day) and in any situation where I have a service running that spawns asynchronous operations. Ian’s appoach to cancelling an asynchronous operation is the similar to mine:

The approach I always recommend is dead simple. Have a volatile bool field that is visible both to your worker thread and your UI thread. If the user clicks cancel, set this flag. Meanwhile, on your worker thread, test the flag from time to time. If you see it get set, stop what you’re doing.

One difference is that I chose not to use a volatile bool field. My reasoning was that if my asynchronous operation only reads the value (and never writes it) and just happened to be reading it while my main thread was changing it to false (in response to a user cancellation effort), I’m not so concerned that asynchronous operation might read true even though it’s being set to false. Why not? Well it’ll stay false by the time I check it again and the chance of that small synchronization flaw is very minute and has a low cost even if it does occur.

The question is, am I missing something more important by not using a volatile field in this instance?

comments edit

So now that I have a second Windows box (and third computer in the house), I’m soliciting recommendations for good synchronization software. Ideally I’d like something where I could configure which directories and files get synchronized and it happens seamlessly any time the Tablet connects to the home network.

comments edit

Using NDoc I’ve generated an update version of the CHM code documentation for RSS Bandit. As you’ll see (if you take a look) this documentation is by no means complete. Many of the public methods need better documentation. Also, there are no Namespace summaries yet. I plan to spend some time adding these summaries and some higher level API documentation.

This documentation is intended for interested developers and is meant to supplement the existing documentation at the RSS Bandit documentation website.

Included in the documentation are three main components: RSSBandit.exe, NewsComponents.dll, and RSSBandit.UnitTests.dll.

RSSBandit.exe is the main application code. The documentation here covers all the Forms in use etc.

NewsComponents.dll contains all the classes used to fetch and parse RSS feeds as well as NNTP. Much of core logic is contained in this assembly.

RssBandit.UnitTest.dll I included the documentation of this assembly so that you can read what unit tests we currently have (and thus infer the many we are missing). The great thing about unit tests is that many of them are demonstrations of how to use the API (when correctly written which I can’t yet vouch for my own) ;)

comments edit

Toshiba Portege M205 Wohoo! And it is a thing of beauty. Unfortunately I’ve been crazy busy lately so I don’t have any pictures so you’ll have to settle for this stock photo.

Acquiring a new computer is a laborious affair. Step one is to download and install Windows SP2 and all other critical updates etc… Second is to install RSS Bandit Then its the process of installing all the rest of the software, tools, and tweaks I’ve grown reliant on.

I’d like to backup all my photos and music on there, but that wouldn’t leave me much room for anything else. I’ll have to carefully cull a selection of music worthy to carry around.

Anybody have software recommendations for the Tablet PC? In what ways do you use it differently than you do a laptop in your day to day operations?

UPDATE: I forgot to mention, it’s a Toshiba Portege M205 with 60GB hard drive, 512MB RAM, and 1.5? MHZ Intel Celeron.

comments edit

Parade of the
AthletesWhen the Olympics occurred, one of my favorite DJs spun for the opening ceremonies. Unfortunately I missed it, but I had heard good buzz about his performance. Now he’s come out with a CD called “Parade of the Athletes”. I have a feeling that if you liked the music he played for the Olympics, you’ll like this cd.

comments edit

I received an email in response to my post How To Avoid ClearText Passwords With UsernameToken that asks the following question:

…Thus if a hacker steals the hashed password from your database, he will be able to write an application that gives the hash to WSE and he will authenticate successfully - which is exactly what we are trying to avoid by storing the hashed passwords in the first place. \ \ …\ \ The bottom line: this approach won’t really solve the real problem - if I steal the hash from the database, I will be able to uthenticate successfully. I’d love this to work the way you describe but as a security-conscious developer I’m still losing sleep.

Although this is a true scenario, the author makes an assumption that is false. The purpose of storing a hashed password is NOT to stop a hacker who obtains the hash from being able to authenticate as that user.

Think of it this way, if I’m a hacker and I am able to compromise your user database and obtain a user’s hashed password, why would I ever try to authenticate as that user? Since I already have my grubby hands in the cookie jar, I might as well grab all the data directly from your compromised database.

Rather, the purpose of hashing a password with a salt value is to provide security to the user of the system that rogue employees of the company and hackers who compromise the database cannot use my password to log into other sites I frequent.

Ideally your database isn’t compromised very often, otherwise you have bigger problems than whether or not passwords are hashed.

That’s why a security minded developer doesn’t stop at hashing passwords. Code security is never enough and is only a small part of the equation. The IT staff have to make sure the database itself is secure and not likely to be compromised. Staff with access to the system must be trained to deal with social engineering attacks. What good is a hashed password if I can call up tech support and get any information I need by posing as an executive?

So to the author of this email, I suggest you don’t lose sleep over the hashed password scenario. As a security conscious developer, you have a huge number of other attack scenarios to lose sleep over. ;-)

comments edit

I picked up Twiggy from the vet after work and she’s been such a trooper. Check out the sassy hot pink cast that’s bigger than she is.

Twiggy with her cast \ I’m ready to whack some fools with this thing.

We took her for a really short walk so she could do her thing outside and she looked so sad limping along like a tiny little gimp. However, when I tried to take a video of her walking, she decided to show some pride(avi 1.07 MB).

comments edit

Twiggy Twiggy was at a newly opened small dog park when a group of other small dogs suddenly ganged up on her. Of course they couldn’t catch her because she’s a speed demon, but she must have caught her foot in a grate on the ground (extremely bad idea for a small dog park to have a grate on the ground) and broke her leg just above her ankle.

She’s at the vet now and is doing fine. If you have a pet that you care for, I recommend getting pet insurance. I hear it’s not too expensive and could save you a pretty dime in a situation like this. We were planning to purchase it but just hadn’t gotten around to it. Now we have a significant vet bill to pay.

Hopefully we can pick her up today or tomorrow.

code, tdd comments edit

One of the holy grails for unit testing is to get 100% code coverage from your tests. However, you can’t sit back and smoke a cigar when you reach that point and assume your code is invulnerable. Code coverage just is not enough.

One obvious reason is that Code Coverage cannot help you find errors of omission. That is, even if you had 100% code coverage from your tests, if you forget to implement a feature (and a test for that feature), then you’re shit out of luck.

However, apart from errors of omission, there’s the case presented here. Imagine you have the following simple class (I’m sure your real world class is much more complicated and interesting, but bear with me).

using System;
using System.Collections;

public class MyClass
{
    Dictionary<string, int> _values = new Dictionary<string, int>();

    public MyClass()
    {
        _values.Add("keyOne", "1");
        _values.Add("keyTwo", "7");
        _values.Add("keyThree", "10");

        // ...
    }

    public int SumIt(string[] keys)
    {
        int total = 0;
        
		foreach(string key in keys)
        {
            total += _values[key];
            _values[key] = total;

            //Maybe we do some other
            //interesting things here.
        }

        return total;
    }
}

Now imagine you test this class with the following NUnit fixture.

using System;
using XUnit;

public class MyClassTest
{
    [Fact]
    public void TestSumIt()
    {
        var mine = new MyClass();
        string[] keys = {"keyOne", "keyTwo"};
        Assert.Equal(8, mine.SumIt(keys));
    }
}

Voila! 100% code coverage. But does this satisfy the little QA tester inside? I would hope not and suggest that it shouldn’t. Code coverage is worthy goal, but often unnattainable in large systems (hence the need for prioritization) and doesn’t provide all the benefits it would seem.

To handle situations like this, unit tests need to go beyond concentrating on code coverage and also consider data coverage. Of course, that’s not always practical. In the above example, if I only have 10 keys, testing the possible permutations of SumIt becomes a huge burden. Often the best you can do is to test a small sample and the boundary cases.

comments edit

Colin shows how to configure CopySourceAsHtml for any source file that VS.NET provides syntax highlighting. In my case, I’ve mapped the shortcut CTRL+C CTRL+S to the Copy command and CTRL+C CTRL+N to CopyNow command.

<?xml version=”1.0” encoding=”utf-8” ?>

<root>

    <wow id=”1”>This is neat</wow>

</root>

<%@ Page language=”c#” Codebehind=”WebForm1.aspx.cs” AutoEventWireup=”false” Inherits=”EmailIntegrationWeb.WebForm1” %>

<!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.0 Transitional//EN” >

 

<html>

  <head>

    <title>WebForm1</title>

    <meta name=”GENERATOR” Content=”Microsoft Visual Studio .NET 7.1”>

    <meta name=”CODE_LANGUAGE” Content=”C#”>

    <meta name=vs_defaultClientScript content=”JavaScript”>

    <meta name=vs_targetSchema content=”http://schemas.microsoft.com/intellisense/ie5”>

  </head>

  <body MS_POSITIONING=”GridLayout”>

   

    <form id=”Form1” method=”post” runat=”server”>

 

     </form>

   

  </body>

</html>

comments edit

My main man Colin is on fire with his latest version of CopySourceAsHtml add-in.

As this utility catches on, I think you’ll see a huge proportion of .NET bloggers using it to post source code snippets on their blogs. It now uses VS.NET’s own syntax highlighting to highlight the code. Thus whatever settings you have in VS.NET are used by the add-in. It’s also much more configurable with word-wrapping, ability to add extra styling options, etc… Here’s a couple of snippets as a demonstration.

According to the example’s on Colin’s site, it even works with aspx and css files. Unfortunately, that’s not working for me right now as I don’t see the context menu on those pages.

Nice job Colin!

    9 ///

   10 /// This just rocks my world!

   11 ///

   12 public class HtmlSourceTest

   13 {

   14     public void ThisMethodKicksButt()

   15     {

   16         //Yep. It does.

   17         Console.Write(“Hello World”);

   18     }

   19 }

///

/// This just rocks my world!

///

public class HtmlSourceTest

{

    public void ThisMethodKicksButt()

    {

        //Yep. It does.

        Console.Write(“Hello World”);

    }

}

comments edit

There is now a plug-in to use BlogJet to blog items from RSS Bandit. I haven’t tested it yet, but if the plug-in doesn’t do anything specific to RSS Bandit, it should be usable by any aggregator that supports the IBlogExtension interface. Want to write your own plug-in? Read my guide here.

Finally, I did it – a plugin to integrate RSS Bandit and BlogJet. If you’re using RSS Bandit to read feeds and BlogJet to post to your blog, this plugin is a must-have. It adds a new item to Bandit’s right-click menu – “BlogJet This!”. Click it and it will lanch BlogJet with the content of selected item.

Installation instructions and download.

[Via BlogJet weblog]

comments edit

When building an installer for a Windows Service in VS.NET 2003, conspicuously missing is the ability to specify a description for the service that is displayed in the Services applet.

I’ve written a base installer class that inherits from System.Configuration.Install.Installer for this purpose, but I’ll just present to you the source listings for the methods to add and remove a service description.

Check it out here. I hope you find it useful.

comments edit

So after much deliberation, I’ve decided on the M205 with a 60GB hard-drive, 512MB Ram, and a DVD-CD ROM drive etc… etc..

This is my first laptop ever so I’m pretty excited. Anyone have recommendations on synchronization software etc?

Thanks to people like Scott and Iggy for their input.

comments edit

Soccer Ball Today the soccer team I started playing with had their last game of the season. This was only my second game with them and we were playing the first place team in the league. This team was much slower than our last opponent and not as skillful, but were known for playing very dirty.

Fortunately on this day, the ref ran a tight ship and a nice game of soccer ensued. At least nice for the other team who proceeded to pound us for five goals to our two. We started off strong, but with no subs to speak of, the second half found us weary and unable to keep up.

The highlight for me was putting the ball in the back of the net in my second game with this team. The play involved flicking the ball over the defender and taking a shot off the bounce. They invited me to join them when the season starts in January. Hopefully by then I’ll have some fitness to contribute.