Category: Uncategorized

Dinis Cruz, UK Security Consultant/OWASP Chief Evangelist, has got a couple of UK based events coming up.  If you have saw Dinis present before, he has done DDD a couple of times and the Ed Gibson Roadshow, you will know what to expect, if you haven’t saw him before he is very passionate about security and knows lots of very cool stuff and gets it across in a very important way.  Have to say he is the one who got me into security.

Source Code Security Training
Ounce Labs on 12^th and 13^th of June in London at the Thistle Marble Arch and covers topics such as Performing Source Code Reviews, Identifying Vulnerabilities in Code and Writing Exploits.  Sounds like a very cool event.

More Information at http://www.ouncelabs.com/securityexperts/

Security Training For ASP.NET Developers

17/18^th July at Leamington Spa. I have heard a lot about this course, and its all good. He has held similar talks at Black Hat and covers some really in depth topics of ASP.net security.

More information at http://www.nxtgenug.net/Course.aspx?CourseID=4.  Review of a previous event can be found at http://www.nxtgenug.net/Article.aspx?ArticleID=166

I would love to attend one of the courses, sadly I have no employer to pay for it (at the moment…)

Yesterday I attended the Google developer day in London.  The event itself was cool, the event was held at The Brewery which was a very nice venue with open wifi for everyone,  this took a hammering but at least they offered it – unlike Microsoft UK.  When I arrived I was handed a Google swag bag, including T-Shirt, Goo (putty), sweets, bottle of water, promo stuff, mouse mat, and 256mb USB stick which was cool.  There was a ‘Bloggers Lounge’ which had loads of food, few PCs to use, cushions on the floor, tea, coffee, smoothies, everyone sitting around on there laptops and chatting. Very cool atmosphere. 

The keynote was very high level, gave a overview of what Google is doing for the developer and what they are doing in terms of mapping functionality. I then had the API workshop, which was to create a map mashup with Google guys on hand to help – was good but wish I had gone to talks instead. But the two talks I did go too, one of Google Gears and the other on mobile development where really really high level and didn’t provide me with enough depths. The sessions where short, 45 mins, but they opened the floor up to 15 minutes of questions which meant there wasn’t much in the way of content.  Would have been much better if anyone who wanted to ask questions grabbed the guys afterwards/in the bar as they where around. 

I do think Google missed an opportunity to demonstrate a lot of what they are currently offering and show how easy it is to integrate/use.  For example, the Google Gears presentation could have done ‘Intro (5 minutes). Here is my Ajax app wrote using Google Web Toolkit, quick tour of it/code (15 minutes). Now lets put it on Gears – show how easy it is (15 minutes), job done.  Demo it all working (5 minutes)’.  Unless it’s not that easy…

There was also an hour keynote streamed from the main Dev Day in the US, however we had all heard about this during the day and offered nothing new.  The code samples which where shown couldn’t be made out which was a shame.

Afterwards,  Google had hired out a bar across the road with a free tab and food.  I had a few beers with Chris DiBona who is the open source program manager at Google which was cool and managed to get in a few feature requests.  Again, great atmosphere and decision by Google and was a good end to the day.

It was Google’s first attempt at a large developer day.  The day/evening itself was great, and I hope they do one next year. Just a shame the sessions didn’t match.  Could have just been the ones I went too. Will be interesting to see what HackDay will be like.

This has been out for a while, however I just tried to reference it and forgot where it was located.  Microsoft should really make accessing this a lot easier – would have been nice for it to appear in the Add Reference dialog.  Anyway, its located at:

C:Program FilesMicrosoft CorporationAnti-Cross Site Scripting Library V1.5Library.Net 2.0AntiXssLibrary.dll

Then its

using Microsoft.Security.Application;

string pageTitle = AntiXss.HtmlEncode(Request.QueryString[“Page”]);

Remember: Always HtmlEncode untrusted text.

Download it from

http://www.microsoft.com/downloads/details.aspx?FamilyID=efb9c819-53ff-4f82-bfaf-e11625130c25&DisplayLang=en

While playing around with LINQ to SQL I decided it could be useful to have a cheat sheet for some common operations.  I think I might have to reorder/redesign for the next version to allow more, this will come as I learn more about Linq.  I hope you find it useful. Let me know what you think.

Download

PDF : LINQ To SQL Cheat Sheet Version 1.pdf

XPS : LINQ To SQL Cheat Sheet Version 1.xps

The agenda for DDD5 has been released. http://www.developerday.co.uk/ddd/agendaddd5lineup.asp

Some very interesting sessions, the ones I think I will be attending are:

An introduction to Unit Testing with Mock Objects or Evolutionary Algorithms and the Traveling Salesman

Being lazy is an art form (or: Making your computer work for you) or Team Foundation Server – the answer to all project management problems?

Making Phones Ring in One Line Of Code or An Appraisal of “Object Thinking”

An Introduction to Card Space or Do Design Patterns Make Sense in ASP.NET?

Next Generation Data Access with LINQ or Multithreading patterns or CSS 101 – Moving away from table based layout

Should be a good day.

I have been playing around with LINQ to SQL and I was receiving an odd error message when inserting a entity into a table. The error was:

Message: Can’t perform Create, Update or Delete operations on ‘Table(dbo.DocumentRevisions)’ because it is read-only.

Type: System.InvalidOperationException
Source: System.Data.Linq
TargetSite: Void Attach(T)
HelpLink: null
Stack: at System.Data.Linq.Table`1.Attach(T item)
at SqlServer.SqlContentProvider.SaveDocument(Document document) in E:My DocumentsVisual Studio Codename OrcasProjectsSqlServerSqlContentProvider.cs:line 53
at SimpleWiki.DAL.Tests.DocumentTests.TestInsertingDocument() in E:My DocumentsVisual Studio Codename OrcasProjectsTestsDocumentTests.cs:line 28

I thought I had everything correctly, however I forgot to set a primary key in the table, hence Linq was unable to do anything with the object.  So, lesson for the day Linq must have a Primary key for the table :).

DDD5 registration is now open for the event on Saturday 30 June 2007.

https://msevents.microsoft.com/cui/EventDetail.aspx?culture=en-GB&eventid=1032342589

One thing I find interesting is that it lists the rooms as “Chicago 1&2/Memphis/Everest 1&2”  Five tracks this year?? Would be cool. (NOTE: THIS MIGHT BE A MISTAKE, I DON’T KNOW FOR SURE).  The agenda is due soon.

Hope every knows what DDD is by now, if you are unsure visit http://www.developerday.co.uk/ddd/default.asp

In case you haven’t heard, on May 8th (2007) Sun announced a new framework called JavaFX Script and also JavaFX Mobile.  This is sun’s answer to Flex/Flash and Silverlight so I thought I would have a look around and see what it is actually about.  On the site, they say “a highly productive scripting language that enables content developers to leverage the enormous popularity of Java to create rich applications and services for deployment on the widest range of platforms”. While only Script and Mobile have been announced at the moment, other products are in the pipeline including maybe JavaFX Designer.  The timescale for this are planned for a release end of 2007/early 2008, it is currently in preview status.

So what is JavaFX?  Well, it has been split into two at the moment – Script and Mobile.  Script is built ontop of JRE (Java Runtime) and Swing, which allows it to be cross platform straight out of the box.  The code itself is not java, instead it is a declarative syntax allowing for more dynamic features and Sun have clearly stated it is mainly intended for UI development and not business workflow.  It can call/be called from Java classes.

JavaFX Mobile is “package aimed at mobile-handset markers designed to make java applications more portable across mobile phones” which was purchased from a 3rd party last year.  On the mobile, JavaFX Script applications run ontop of this.  This provides a level of abstraction to allow a developer for more cross platform support when developing mobile applications, confuses me a little as I thought the point of Java was to be cross platform so why is another layer required on a mobile?

 With this style of run anywhere, when you visit a JavaFX application, the most noticeable thing is that it doesn’t run in the browser, infact JavaFX applications are not supported for running in the browser, so no playing video’s inline with a website.  Instead, they are executed as a separate application which makes them feel more like desktop applications than RIAs which is interesting.  Sun are claiming the applications will work in an offline mode which Microsoft have stated isn’t in their plans for Silverlight.  On my mac, they where downloaded as separate files and saved on my harddrive and I could download them with my wifi disabled.

Once loaded, the applications have the same look and feel as the host OS by default which is really nice and much better than Swing used to be.  Now when an application has defined a menu bar (file, edit, help etc) on a Mac it will be in the correct place at the top of the screen by default, while on a Windows machine it will be within the application’s window.  However, I did notice that everytime I load an application (which has to be signed) I get a Don’t Trust / Trust dialog box. Even if I have told it to be trusted, it still asks me next time I load the application. Very annoying, it’s like UAC for every application, but this might be just the applications I am running, as they all seem to have a error regarding their certificate, so this might not be the case for all applications in the future.

When creating an application, there is currently no official designer tool which makes it difficult to produce anything advanced.  Sun have ported a few applications from Flash to JavaFX for demoing purposes so it can be done.  JFX Builder has been released by a 3rd party so tools are on the way.  Eclipse and Netbeans (5.5 + 6.0) have downloads available for running the applications, I have used NetBeans 5.5.  So lets have a look at some code. 

This is the classic Hello World sample.  Firstly, it creates a class which we use as our model. We create an instance of that class.  We then create a new Frame setting various properties, creating a label and binding it to our instance of the model to return the string.  This code displays a Window with the text Hello World and a title Hello World JavaFX (from tutorial on their site).

class HelloWorldModel {
  attribute saying: String;
}

var model = HelloWorldModel {
  saying: “Hello World”
};

var win = Frame {
  title: “Hello World JavaFX”
  width: 200
  content: Label {
    text: bind model.saying
  }
  visible: true
};

As you can see from this example, JavaFX are pushing the Model-View architecture, allowing the developer to create a model and then binding properties to the models implementation.  But the code is simple, short and kind of clean.  Moving to a more advanced example

import java.lang.System;

class ButtonClickModel {
  attribute numClicks: Number;
}

var model = new ButtonClickModel();

Frame {
  width: 200
  menubar: MenuBar {
    menus: Menu {
      text: “File”
      mnemonic: F
      items: MenuItem {
        text: “Exit”
        mnemonic: X
        accelerator: {
          modifier: ALT
          keyStroke: F4
        }
      action: operation() {
        System.exit(0);
      }
      }
    }
  }
  content: GridPanel {
    border: EmptyBorder {
      top: 30
      left: 30
      bottom: 30
      right: 30
    }
    rows: 2
    columns: 1
    vgap: 10
    cells:
    [Button {
      text: “I’m a button!”
      mnemonic: I
      action: operation() {
        model.numClicks++;
      }
    },
    Label {
      text: bind “Number of button clicks: {model.numClicks}”
    }]
  }
  visible: true
}

This example is starting to get a little bit more advanced.  Firstly, it defines a menu bar – which fits in with the style of the host OS – very nice.   Code such as action: operation() {} defines what happens on by default.  Not sure how this works when two events? But then I never got that with java buttons. The GridPanel contains all the information, with a button and a label. The mnemonic is the keyboard shortcut for the button.  I’m sure you will agree, this code is much better than the traditional Swing code, this provides a much simpler way to create GUIs.  It would be interesting to see how the code looks for a large application.

After looking at the Programming Language reference guide.  It does have a very dynamic feel as you would expect. Here are a few items which caught my eye

Modifying Arrays
var x = [1, 2, 3]
insert 12 into x; //[1, 2, 3,12]
insert 10 as first into x; //[10, 1, 2, 3,12]
insert [99,100] as last into x;  //[10, 1, 2, 3,12,99,100]

There is then code to insert it on a specific element in the array
insert 11 after x[10];

Querying Arrays
var nums = select y 
    from y in x
    where y <> 1; //returns all the numbers which do not equal 1

Java introducing in memory querying of objects.  Interesting how they have the select first…

Do Statement
The do statement allows you to execute a block of code in a background thread.  Only code within a do block is allowed to execute in another thread.

do { //read IO }

Thats it, very simple threading.  There is also do later {} which is asynchronous execution.  That is a cool way of handling threads.

Triggers
This allows code to be executed based on some event, such as creation, insert and delete. In the case of it picking up an event, is calls the defined method.

One thing which caught my eye is, “it is illegal to do anything with JavaFX at the moment” as Sun are still discussing licensing terms so at the moment it is only for preview.  But thats only like LINQ and Silverlight 1.1 as its not for commercial use.

In summary, It is still a very early preview. I’m sure Java people will be over the moon at this announcement, but for me it’s nothing special.  The Mobile aspect sounds interesting, as it would be a fix for Java’s core problems on mobile devices in the fact that they are not portable. Time will tell, and I will keep an eye on whats going on in the Java world like I do with everything but I’m not about to jump ships.   This is a much needed improvement for developing Java GUIs (something which I hate doing) but this just seems like a dynamic wrapper around the core JRE and Swing with a few additional language features.  Time will tell…

JavaFX Site: https://openjfx.dev.java.net/

Any posts which I find interesting are being tagged on del.icio.us – http://del.icio.us/ben2004uk/javaFX – this is one of the reason why I really like del.icio.us.

PS: I’ve noticed that my blog is becoming a bit messy since using the new code formatter.  I will try to make sure it looks OK before publishing and stop using line numbers. It just decided to die on me, which is why this post does not contain it. Sorry about this.

I’ve wanted to see if this works for a while but really haven’t had chance until this weekend. The short answer is Yes it works without a problem, longer answer is Yes but there are some problems (with solutions).  The main problem I had was with regard to debugging the Silverlight project, which I will discuss later in the post.

As I’m sure you are aware, a Sidebar gadget sits in the Vista Sidebar application docked at the side of your screen.  These are created using HTML, CSS and JavaScript, however I have included Silverlight into that combination.  The gadget I created is a Silverlight Video Player Gadget which displays thumbnails of all the videos in a selected folder, and allows you to play them in the sidebar and display them full screen.  Not anything overall interesting, but it did bring up a few interesting facts about Silverlight and Gadget development.

The project itself is just the standard template which is part of the SDK and what I discussed in my previous post.  If you want to know more about Silverlight, I suggest you give it a read.  The only additional item I had to included was the standard gadget.XML which is the manifest file for the gadgets, and must be included. 

Silverlight itself works out of the box within the sidebar however there is a problem.  By using the default Silverlight host in the sidebar, it will cause it not to be able to be removed from the sidebar, apart from uninstalling the gadget which forces the removal, and not being able to move the gadget around.  The fix is to tell the control to be windowLess when creating the host.

 1 Sys.Silverlight.createObjectEx({
 2   source: "Scene.xaml",
 3   parentElement: document.getElementById("SilverlightControlHost"),
 4   id: "SilverlightControl",
 5   properties: {
 6     width: "130",
 7     height: "100",
 8     version: "0.9",
 9     isWindowless: 'true'
10   }
11 })

The isWindowless property just says if the control should be contained within a window or not, if the control is in a window then it is self contained and the webpage’s style/look doesn’t affect it. However within it being windowless it is part of the webpage and allows it to be more part of the webpage.  Hard to explain (reason why I linked to MSDN).  In the case of Silverlight and sidebar, it means that the gadget can be removed and moved while still hosting the Silverlight gadget.

To make sure my control lined up correctly, I set the margins to 0px.  I also set the height and width of the gadget itself.  This just makes sure you have no white space around the edges and it looks like a normal gadget.

body
{
    margin: 0px;
    width: 130px;
    height: 95px;
    background: Black;
}

The XAML for the control is just the standard Silverlight, nothing had to be changed or modified for this to work.  The XAML had a MediaElement which is used to display and play the video.

1 <MediaElement x:Name="mediaPlayerControl" Width="130" Height="95" Stretch="Uniform" AutoPlay="False" />

I set this to AutoPlay=”False”, so when the Source property is set within the JavaScript, it doesn’t automatically start playing the video.  I had a internal canvas when held the controls for the video, play, stop, previous, next and full screen.  I used a storyboard animation to show/hide the canvas, by changing the opacity, which was started from the JavaScript.  To hook up the events of when I wanted the controls to appear and disappear, I handled the canvas events for MouseEnter and MouseLeave.  The rootElement is the root canvas so this worked well as it always captured the event.

1 this.rootElement.addEventListener("MouseLeave", Sys.Silverlight.createDelegate(this, this.hideControls));
2 this.rootElement.addEventListener("MouseEnter", Sys.Silverlight.createDelegate(this, this.showControls));        

The showControls event simply starts the showControls storyboard.  However, I didn’t want to show the controls when its full screen, as they are a bit small, so I included a check to make sure it was not in full screen mode.  The events still get fired when in full screen mode but nothing happens.  I could have included a different storyboard which showed a different set of controls – but I didn’t see the benefit for this example.

 1 showControls: function(sender, eventArgs) 
 2     {
 3         alert("Show Controls");
 4         if(sender.getHost().content.fullScreen != true)
 5         {
 6             this.control.content.findName("showControls").Begin(); 
 7         }
 8         else 
 9         {
10         }
11     },

When the full screen button is pressed, it simply calls a function which sets fullScreen = ‘true’ on the control.

1 mediaFullScreen: function(sender, eventArgs) 
2 {
3   alert("Media Full Screen");
4   this.control.content.fullScreen = 'true';
5 },

However, to have some more control over this, I hooked up to the onfullScreenChange event which is fired when entering and leaving full screen.

1 this.control.content.onfullScreenChange = "onFullScreenChanged";

This code changes the opacity of items which I do not want to be displayed when in full screen mode, and sets the width and height of the mediaPlayer to the full Screen size then starts playing the video.

 1 function onFullScreenChanged(sender, args)
 2 {
 3     var silverlightControl = sender.getHost();
 4     var controlsPanel = sender.findName("controls");
 5     var border = sender.findName("mainBorder");
 6     
 7     if (silverlightControl.content.fullScreen == true)
 8     {
 9         controlsPanel.opacity = 0;
10         border.opacity = 0;
11     }
12     else 
13     {
14         controlsPanel.opacity = 1;
15         border.opacity = 1;
16     }
17     
18     var mediaPlayer = sender.findName("mediaPlayerControl");
19     mediaPlayer.width = silverlightControl.content.actualWidth;
20     mediaPlayer.height = silverlightControl.content.actualHeight;
21     mediaPlayer.play();
22 }

As you can see, this is all standard Silverlight control, nothing special about it being hosted within the sidebar. 

Now lets move onto the code to which gets the videos and sets the source for the mediaPlayer.

 1 function LoadFiles(dir)
 2 {
 3     alert("LoadFiles Start: " + dir);
 4     
 5     var oShellItem = System.Shell.itemFromPath(dir).SHFolder.Items;
 6     for (var i = 0; i < oShellItem.count; i++)
 7     {
 8         //Check to see if it is a video file
 9         if(!oShellItem.item(i).isFolder)
10         {
11             files.push(oShellItem.item(i).path);
12         }
13         else
14         {
15             LoadFiles(oShellItem.item(i).path);
16         }    
17     }
18     alert("LoadFiles End with: " + oShellItem.count);
19 }
20 

This function takes in a directory path, and stores a list of the items (files and folders) in oShellItem. It then goes over each item, checks that it is not a folder, if it is is uses recursion to search that directory, and add it to an array Files. I should really have included a check to make sure that they where videos – nevermind.

 1 function StartRotator()
 2 {
 3     alert("StartRotator Start");
 4     var silverlight = document.getElementById("SilverlightControl");
 5     var media = silverlight.content.findName("mediaPlayerControl");
 6     alert(media.CurrentState);
 7     
 8     if(media.CurrentState != 'Playing')
 9     {
10         if(increment < files.length)
11         {
12             var item = files[increment];
13             media.Source = item
14             increment++;
15         }
16         else
17         {
18             increment = 0;
19             var item = files[increment];
20             media.Source = item
21         }
22     }
23     
24     waitTimer();
25 }
26 
27 function waitTimer()
28 {
29     alert("Waiting");
30     cancelID = setTimeout("StartRotator();", 15000);
31 } 

With this code, if the media is not currently playing, it gets an item from the array and sets it as the Source for the control.  It then sets a timeout for 15 seconds, once elapsed it will called the function again and display the next video in the array.  I save the cancelID for the timeout as when I select the next or previous video, I cancel the timeout before setting the source as otherwise it would call the method unexpectedly again.

 1 function Next()
 2 {
 3     clearTimeout(cancelID);
 4     
 5     if(increment == (files.length - 1))
 6     {
 7         increment = 0;
 8     }
 9     else
10     {
11         increment++;
12     }
13     var item = files[increment];
14     var media = document.getElementById("SilverlightControl").content.findName("mediaPlayerControl");
15     media.Source = item;
16     waitTimer();
17 }

As you can see, the code isn’t very complex and is nothing special, however the concepts are important.  The code simply uses parts from the Sidebar framework and interacts using JavaScript with the Silverlight control.  However, if there is a problem – debugging is a nightmare.

Silverlight hides all Javascript errors, so if there was a problem, the only way of knowing was nothing would display when loading the sidebar.  This is why I have alert statements everywhere.  However, Sidebar hides all alert dialogs so this doesn’t display the problem/state either.  What sidebar does offer however, is allow you to write to the debug pipeline.

function alert(msg)
{
    System.Debug.outputString(msg);
}

By overriding the alert statement in javascript, I could redirect all messages to System.Debug.outputString.  I then used DebugView (SysInternals/Microsoft) to read all the activity from here to find out what the gadget was actually doing – made it easy to debug. Note, DebugView needs to be run as Administrator under Vista.

One other note.  As the gadget always needed to be reloaded within the Sidebar to get the latest changes, but sometimes I had to uninstall it (like with windowLess problem) which would delete the files. I developed under my normal directory and used the publish feature of VS to save the files into the correct directory.  In my case
C:UsersBen HallAppDataLocalMicrosoftWindows SidebarGadgetsSilverLightVideoPlayer.gadget.  I could then just drag on the gadget.

In summary, I hope this post helps, it is easy to build Vista Gadgets using Silverlight, just need to be careful about debugging and use DebugView.

Download:
Code @ http://blog.benhall.me.uk/Code/Silverlight/VideoPlayerGadget/SilverlightVideoPlayerGadget.zip
Gadget @ http://blog.benhall.me.uk/Code/Silverlight/VideoPlayerGadget/SilverlightVideoPlayer.gadget
Uploaded onto Popfly @ http://popfly.ms/users/Ben2004uk
DebugView @ www.microsoft.com/technet/sysinternals/utilities/debugview.mspx

On Wednesday, I attended NxtGenUG’s Fest07 event at TVP.  In summary, It was a great event.

Rafal Lukawiecki was one of the main presenters, talking about Vista Security and Software Development Paradigms, which where some of the best talks I have saw before.  He has such passion, and is a great presenter. He makes listening to him really interesting and allows you to take everything in yet moves at a fast pace so its full of interesting content.  Even his laptop running out of battery didn’t put him off.  Great speaker, was cool that NxtGen managed to get him.

Daniel Moth and Mike Taulty’s talk was also very enlightening and assuming.  They split the roles of the presentation, Daniel did the slides while Mike did the demos – worked well.  I thought this talk pretty much summed up the whole day, laid back, funny, but also full of content with interesting discussions about various points. 

As you would expect from NxtGen, the day ended with a game show – Swaggily Fortunes – the Microsoft Family vs the NxtGenUG Members Family.  Nice concept, but more of a reason to though swag at us, it was a good way to end the day on a lighthearted note.  Everyone got to leave with a piece of swag, mainly either a book, VS2005 or Vista Home Premium I think – looked to be a lot there, plus a T-shirt or two.

Bad point, could have done with some drinks apart from Coke, tea and coffee.  There is only so much you can drink… 🙂