rwandering.net
The blogged wandering of Robert W. Anderson
Archive for February, 2008
February 28, 2008 at 7:39 am · Filed under .NET
Last week, Bart de Smet wrote about calling the Task Scheduler in Windows Vista (and Windows Server 2008) from managed code. In his usual style, he does a great job diving into the topic.
It reminded me of something I did last year for Windows Server 2008 Certification: write code to start an unprivileged task in Windows 6 specifically written for installers.
If you are familiar with UAC, you know that applications identify their least required privilege level in their manifest. Applications that don’t require elevation identify themselves with the level="asInvoker" tag (the value may be confusing, but makes sense).
This creates a bit of complexity for installations that launch applications when they finish. If your installation required elevation, but the launched application does not, what should you do? Windows UAC guidelines say that you should launch them unprivileged. This makes sense: you don’t want an application to run elevated as a side-effect of the installation.
And you do this by starting the task in the Windows 6 task scheduler.
The UAC guidelines contain some C++ code for this, and Bart has a managed version, but for reasons of maintainability and consistency, we wanted VB Script. I was able to find some pieces of this online, but the following code is basically a port of the UAC Guidelines version with a check for Windows version too.
' Arguments
set args = WScript.Arguments
if args.Count >= 1 then
strCommand = args(0)
end if
if args.Count >= 2 then
strArguments = args(1)
end if
' Determine the version of Windows
set objWMI = GetObject("winmgmts:\\.\root\cimv2")
set colOS = objWMI.InstancesOf("Win32_OperatingSystem")
for each objOS in colOS
version = split(CStr(objOS.Version), ".", 2)
next
if CInt(version(0)) < 7 then
' pre Vista / Server 2008. Just run the task directly
set objShell = CreateObject("Wscript.Shell")
set objProc = objShell.Exec(strCommand & " " & strArguments)
else
' Vista / Server 2008 or later. Schedule it for immediate execution
scheduleTask strCommand, strArguments
end if
' Schedule a task for immediate execution; requires Windows 6 or later
private sub ScheduleTask(strCommand, strArguments)
' Some constants we need
TASK_TRIGGER_REGISTRATION = 7
TASK_ACTION_EXEC = 0
TASK_CREATE = 2
TASK_LOGON_GROUP = 4
on error goto 0
' Get the TaskService class
set pService = CreateObject("Schedule.Service")
' Connect to the task service.
pService.Connect
' Get pointer to root task folder.
set pRootFolder = pService.GetFolder("\")
Randomize(20000)
taskName = "MyBackgroundTask " & CStr(Rnd(1000))
' See if task exists, delete it if it does.
on error resume next
pRootFolder.DeleteTask taskName, 0
on error goto 0
' Create task
set pTask = pService.NewTask(0)
set pSettings = pTask.Settings
pSettings.StopIfGoingOnBatteries = false
pSettings.DisallowStartIfOnBatteries = false
' Create trigger
set triggerCollection = pTask.Triggers
set trigger = triggerCollection.Create(TASK_TRIGGER_REGISTRATION)
' Create a new action
set actionCollection = pTask.Actions
set action = actionCollection.Create(TASK_ACTION_EXEC)
action.Path = strCommand
action.Arguments = strArguments
' Register the task using users group
set registeredTask = pRootFolder.RegisterTaskDefinition(taskName, pTask, TASK_CREATE, "S-1-5-32-545", null, TASK_LOGON_GROUP, "")
' give 10 seconds for the task to start
for i = 0 to 100
state = registeredTask.State
if state = TASK_STATE_RUNNING then
break
end if
WScript.Sleep 100
next
' delete the task
pRootFolder.DeleteTask taskName, 0
end sub
You can see it takes arguments for the application and an argument to pass to the application. Also note that the VBS must be run elevated in Windows 6, otherwise tasks cannot be scheduled.
Ah, VB Script. You gotta love it. Or not, but I wish someone else had posted this!
Note to Microsoft: you would have saved a lot of people time if you had included a VBS version in your guidelines document.
[tags]VBS, UAC, Server 2008, Vista, Windows 6, Task Scheduler[/tags]
Tags: Server 2008, Task Scheduler, UAC, VBS, Vista, Windows 6
February 27, 2008 at 12:31 pm · Filed under Web 2.0
OpenDNS is a cool service. I use it. It basically provides two kinds of services:
- Better DNS Servers: to get this service, you just switch your DNS settings to their servers.
- Extended services: various typo-correction features, domain shortcuts, domain blocking and anti-phishing, and domain usage tracking. To get these services, you create an OpenDNS account.
I use their servers, and while I do have an OpenDNS account, I don’t use any of the extended services.
At least, I don’t intentionally use them.
The problem is that the services are applied based on the IP source address used in DNS queries. IP addresses change. IP addresses are not secure. For most people they are dynamic.
This impacts the reliability of the service . . .
- For example, User A defines OpenDNS extended services associated with their IP address.
- IP address changes.
- User A either doesn’t have the services they are relying on, or gets services they never signed up for.
. . . and has privacy implications . . .
- User A changes their DNS settings, signs up for the additional services, and starts tracking domain queries.
- User B never signs up, but just changes their DNS settings to the OpenDNS servers.
- At some point (before or after A signs up), B gets A’s old IP address.
- A is tracking B’s queries.
Unlikely? Maybe. Possible to exploit? Definitely. Expected by users? I doubt it. In fact, User B probably didn’t think this was possible.
This is such an obvious issue that I went looking on the OpenDNS site for answers. I expected a big warning like this:
Warning: Using OpenDNS with dynamic IPs is an advanced use case. To use OpenDNS with dynamic IPs, you must sign up for an OpenDNS account and reliably update us with your IP address when it changes. If you do not, other users may track your DNS queries and extended services may get applied even though you did not sign up for them.
Expecting I must just be missing something, I posted on the community, and got an unconvincing . . .
not a major issue…and we won’t let it become one
Sounds like stonewalling to me.
So, why do I care? User contracts 101 says if you don’t like the service, don’t use it. OK. I might just quit the sevice. That is fine.
But, the user contract of “just use our DNS servers and everything is better” does not include these major caveats. I think it is misleading.
What do I think they should do about this? I dunno, but here is an idea:
- Split their DNS servers into 2 (Primary / Secondary) pairs. This eliminates the problem for the users who use the OpenDNS servers without signing up for an account.
- First pair doesn’t enable any extended services (except for the OpenDNS Guide).
- Second pair is required for the extended services. This pair is provided to users only after sign-up.
- Promote a warning like the one I give above.
These solutions don’t make the problem go away, but they make sure users are informed about what is actually going on. And they make for a sensible user contract.
[tags]OpenDNS, Exploits, Dynamic IPs, DNS, User Contracts[/tags]
trackback
Tags: DNS, Dynamic IPs, Exploits, OpenDNS, User Contracts
February 26, 2008 at 12:42 pm · Filed under .NET, Grid Computing
Heroes who happen by our booth at the Server 2008, Visual Studio 2008, and SQL Server 2008 launch will get a chance to win an XBOX-360. OK, you don’t have to be hero, but you do have to be spotted wearing a Digipede sticker sporting our mascot, Deatle.
Come on by and see us.
BTW: I won’t be at this event, but I’ll be at the one in SF on March 13th. No Digipede booth or give-away there.
[tags]Server 2008, Microsoft, Launch, Digipede, XBOX, Deatle[/tags]
Tags: Deatle, Digipede, Launch, Microsoft, Server 2008, XBOX
February 20, 2008 at 6:39 pm · Filed under .NET, Grid Computing
Last week, PowerShell Architect Jeffrey Snover wrote an excellent post titled the Semantic Gap. He writes about the gap as . . .
. . . 2 worlds:
- The world as we think about it.
- The world as we can manipulate it.
The difference between these two is what is called the semantic gap.
This is a great working definition.
Jeff writes about this specifically regarding PowerShell and instrumentation providers and asks the question,
So why do instrumentation providers close or not close the semantic gap?
Yes, some do, and some don’t. This isn’t just about hierarchy of needs, but also about prioritization. How important to the provider is a narrow semantic gap for product X when used through interface Y?
In the case of X := Digipede Network and Y:= PowerShell, we thought it pretty important.
But how do you decide if narrowing the gap is worth it? Engineering costs aside, understanding what your interface could look like in PowerShell can help you decide. Internally, we answered these questions:
- What would a PowerShell script look like just using your .NET or COM APIs?
- What could it look like with Cmdlets?
- Would these Cmdlets support how we think about the Digipede Network (i.e., small gap?).
I already said the answer to #3 turned out to be yes and in a previous post, I gave an example of the gap in Why a SnapIn for the Command-Line? This example highlights the gap for a common operation on the Digipede Network: get the description of a pool of resources.
If you are thinking about supporting PowerShell in your product, take a look at my post.
I hope this helps you decide.
[tags]NET, c#, Cmdlet, Digipede, PowerShell[/tags]
Tags: .NET, c#, Cmdlet, Digipede, PowerShell
February 19, 2008 at 9:51 am · Filed under .NET, Miscellaneous
Mary Jo Foley writes there’s no Windows Server 2008 SP1 in the works.
Why? Because the first RTM of Server 2008 is called Windows Server 2008 SP1. This is due to Server 2008 and Vista sharing the same core code and components.
Hmm.
This makes only marginal sense, and then only if Microsoft commits to keeping the service packs synchronized across the Windows 6 product family. I think this will be less confusing to customers. We’ll see if this synchronization happens.
Regardless of Microsoft’s plans, the SP1 designation on Server 2008 is misleading. Most of the server components of Windows 6 will remain without a service pack until SP2.
Customers who like to wait for initial service packs still will — unless they are duped into thinking they’ve already got it.
[tags]Microsoft, Server 2008, Vista, Windows, SP1[/tags]
Tags: Microsoft, Server 2008, SP1, Vista, Windows
February 17, 2008 at 8:16 pm · Filed under .NET
Last Thurday, Dan posted Worst .NET Bug I’ve Ever Seen. This post was the result of a Digipede customer support incident resulting from this .NET behavior. We had some trouble tracking it down. The unexpected exceptions were bad enough — and the deceptive exception message text made it worse.
He posted code to reproduce the problem on a single thread (a tight loop of open, write, close). The actual code in question included no looping, but multiple threads following a fairly common pattern (i.e., open temp file, write, close, delete, rename). The code was properly synchronized, but it still threw exceptions. To keep this simple, I’ll stick with Dan’s simple version:
while (true) {
using (Stream sw = File.Open(strFileName, FileMode.Create)) {
using (BinaryWriter bw = new BinaryWriter(sw)) {
BinaryFormatter bf = new BinaryFormatter();
bf.Serialize(bw.BaseStream, this);
}
}
}
Loop this code on one or more threads and you may eventually get a System.IO.IOException. I say may because I can’t reproduce it, but Dan can and so can one of our customers.
Given many caveats (e.g., the paths are valid, the proper permissions exist, the file is not opened elsewhere, etc.), this code should never throw an exception. The unmanaged resources should be released when the Stream.Dispose method is called. The file should be closed. The types of exceptions that our customer (and Dan) got all follow from the fact that sometimes the file isn’t closed. Add a Thread.Sleep(1000) after the using block and the problem goes away.
So, is this a .NET bug or a Windows bug, or just expected behavior?
The first thing I did was take Dan’s simple loop and write it using the Windows Platform SDK (i.e., using the Windows API, not .NET). I left out the delete/rename part of the pattern to make it like Dan’s tight loop. The code looks like this:
while (true) {
HANDLE hFile = CreateFile(fileName, GENERIC_READ | GENERIC_WRITE,
0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if (hFile == INVALID_HANDLE_VALUE) {
printf("Could not open file (error %d)\n", GetLastError());
break;;
}
byte buffer[1024];
DWORD writtenBytes;
if (!WriteFile(hFile, buffer, sizeof(buffer), &writtenBytes, NULL)) {
printf("Could not write file (error %d)\n", GetLastError());
break;
}
if (!CloseHandle(hFile)) {
printf("Could not close file (error %d)\n", GetLastError());
break;
}
}
This code works fine on Dan’s machine (i.e., never exits).
Next steps
So, yes, this appears to be a problem in .NET. My next steps are to . . .
- Check the .NET versions / are they somehow different between our machines?
- See if this is a known bug. Connect.microsoft.com, here I come.
- Question my assumptions.
To this last point, does .NET (or Windows) not guarantee that a file is closed when the last handle is released? If this is somehow true . . . how much code have you written that assumes that it does? Me, a lot. OK, not a huge amount, but enough that I’m really surprised this hasn’t come up before.
I’ll follow up on this post when I get to the bottom of it. I also have some complaints about the content of some of the exceptions. In the meantime, any reader want to try to reproduce this?
[tags].NET, .NET3.5, .NET2.0, CLR, BCL, Bug, Microsoft, Connect[/tags]
Tags: .NET, .NET2.0, .NET3.5, BCL, Bug, clr, Connect, Microsoft
February 8, 2008 at 2:16 pm · Filed under .NET, Web 2.0
Had a good talk on the Gang today. Mostly we talked about Microsoft / Yahoo, if Microsoft can beat Google at openness. A small part of the discussion was whether or not Microsoft can credibly move into an open Services space with their S+S strategy.
Perception is that the Software in the S+S strategy is the Windows desktop & Office. Of course, there is truth in that, but I maintain that Microsoft is also driving to enable their developer ecosystem to build rich S+S applications outside of the Windows desktop and Office.
But maybe Gianpaolo Carraro, Director of SaaS Architecture at Microsoft, disagrees with me. In his post, S+S- Real or have I drunk too much Kool-Aid- -), he shows a feature of Office that can open and save Office Live files. He asks if this example shows that S+S is real or if he has “drunk too much (of the Microsoft) Kool-Aid”.
Short answer, yes.
I seem to have stepped into the middle of an argument between Gianpaolo and Phil Waineright of ZDNet. What are they arguing about? Not that software is required on the front-end — I think we can all just get past that one. Not that deployment isn’t an issue. It seems they are arguing about whether Office + the Cloud is better than free on-demand office productivity “in the cloud”. Fair enough, but I think the root of the issue is the term “S+S”.
Gianpaolo, is essentially saying,
Look at this nifty integration between Windows desktop & Office + Office Live. This proves S+S is real.
Real? Maybe. But it that is S+S, then it just isn’t a useful term.
If it is about more than that, then let’s stop talking about little integration features between Office and Office Live. Instead, let’s see some good examples of what it means outside of the Windows desktop, outside of Office / Office Live, even outside of Microsoft.
And this is what S+S being real and, more importantly, being relevant is going to come down to. Regardless of how much Kool-Aid you consume.
[tags]Microsoft, SaaS, S+S, Gang[/tags]
Tags: Gang, Microsoft, S+S, SaaS
February 7, 2008 at 3:49 pm · Filed under Miscellaneous
According to Mary Jo Foley, Some won’t have to wait until March for Vista SP1. Cool. I’m installing it now.
[tags]Microsoft, Windows, Vista, SP1[/tags]
Tags: Microsoft, SP1, Vista, Windows
February 7, 2008 at 11:11 am · Filed under .NET
Of course there is APL (A Programming Language), B (boiled down from BCPL), C et al., and T (a dialect of Scheme which is a dialect of Lisp).
And, while there are several languages called ‘D’, Microsoft seems to be building a new one. At least it has the code name ‘D’. This is apparently not the same as the “D Programming Language”, but appears to be a declarative language relying heavily on XML (or XAML).
Please Microsoft, if you are going to stick with the letter ‘D’, disambiguate it. Call it
- D#; or
- Visual-D; or
- D.NET; or
- DEE; or
- MSD; or
- something else. I hope this last one is the leading contender.
But whatever you do, make it searchable. The only thing making it easy to find useful information about .NET on the Web is that most .NET bloggers use C#. C# is searchable. .NET is not. Nor, by the way, was COM (and I hope you aren’t getting any ideas about using the word ORG or MIL for new technology names).
So, Microsoft and .NET community, please join in me in the refrain:
A, B, C, T, please don’t call your language D,
E, F, G, H, I, J, disambiguate.
All Together Now.
Apologies for the extra syllable.
[tags]Microsoft, .NET, D, D.NET, XAML[/tags]
Tags: .NET, D, D.NET, Microsoft, XAML
February 5, 2008 at 10:02 am · Filed under .NET
Last week I posted on some things I like about VS2008. Here are some things that I don’t particularly like, or at least things that I wish had been updated. Consider these feature requests for VS.NEXT (or TFS power toys) or a service pack.
- First of all, a bug. It has a habit of closing itself. I’m usually in the middle of a build when this happens. It just goes “poof”. Sometimes more than once a day. Sometimes it does not repeat for days.
The rest of these are really just suggestions. The Visual Studio Team will probably just roll their eyes and say “yeah, we know” or “why didn’t you suggest this before?” Yeah. Better late than never?
- While targeting older versions of .NET 2.0 is great, I wish there was read-only support for VS2005 projects without conversion. The driver for down-level support must have been to remove barriers-to-sale for existing VS2005 customers, but read-only support would have been better. Why?
- So teams with a lot of projects can “convert as they go” and not need to do a wholesale conversion of everything.
- To make it easier to maintain older versions of their product without having to keep VS2005 around.
- The source control diff tool needs to be updated. My major annoyances?
- It doesn’t use the same keyboard shortcuts as Visual Studio (or Office for that matter). Alt-F3 for Find?
- It can’t be minimized. It can be resized, but why not minimized?
- I would love to be able to diff with horizontal panes. Since the code is so often wider than the pane, I have to scroll around. This slows down changeset code audits.
- While I love the Excel view of TFS work items, we still cannot edit the entire item from Excel. I really hoped this would have been added.
- And on the subject of TFS, there should be a quick find feature built into the IDE. Writing a query to do a find is too many steps. We shouldn’t have to rely on outside tools for this (e.g., TFS Quick Search which hasn’t been updated yet).
Will there be more? Certainly. I haven’t spent much time with the new features of the IDE. But I’m sure there will be a lot more that I like too — I’m very happy to be using the new IDE.
[tags].NET, Microsoft, TFS, VS2008[/tags]
Tags: .NET, Microsoft, TFS, VS2008
Next entries »
About me
Main feed
Email subscriptions