jrwren – Page 36 – Jay R. Wren

Super fun Windows Security Stuff

“The one security demo you should watch…” links to an awesome awesome security presentation. This video is a must watch.

It is very awesome to see him (Jesper Johansson) actually hack completely patched Windows Servers starting from a SQL Injection attack in a web application. That one weak link allowed him to take over an entire network methodically. Did I mention it was cool. Some unix and linux heads out there may disagree a few times when he says that many of the things are the same on linux and unix. Disagree all you want, but from a very realistic point of view, it is true. I find that having used both Windows and Linux very extensively for over 10 years, I find more things in common between them than I do find things which set them apart.

Today’s “The Daily WTF” on Seth, Amanda, and Greorge and Day Of Dot Net Awesomeness

http://thedailywtf.com/forums/thread/73098.aspx

Seth, Amanda and George bugs sure are a pain in the rear.

Yes Awesomeness for Saturday, May 13th was Day Of Dot Net.

The .NET Rockstar has a great summary.

Jason F. says “no hiccups”.

Michael Eaton says “What a great time!”

Darrell Hawley says “Mission Accomplished”.

Bill Wagner says “What pleased me the most are the comments from some of the attendees that the content rivaled or even exceeded the bigger conferences.” I’d have to agree with those comments!

Jim Holmes chose to comment on our location and the awesomeness that is Ann Arbor, MI rather than directly on the Awesomeness that is day of dot net.

Gerg Huber says “The Ann Arbor Day of .NET TOTALLY rocked.” Of course those are my sentiments.

I just wanted to echo their sentiments. The only thing missing from the conference for a crazy left wing hacker like myself was content on Mono, NHibernate or Castle Project’s ActiveRecord. But those may be good topics for next year.

Barely related, on June 8th, I’ll be presenting many things related to Mono at SemiSlug. Since SemiSlug is a “unix” group, I’ll probably focus on using it like any other unix utility: command line. I won’t focus on the really interesting things like MWF, GTK# and ASP.NET. So that will give me lots of time to go deeper into some general usage topics.

Xorg (Xgl) and Vista

I was reading over lunch today and I stumbled across this:

Redirecting GDI, DirectX, and WPF applications – http://blogs.msdn.com/greg_schechter/archive/2006/05/02/588934.aspx

A couple of weeks ago I was at Microsoft and upon seeing a demo of Vista, some guy in the audience said “how do they do that?” and I said “I know exactly how they do that.” Of course I don’t know the code behind it, but since Apple is doing it and Linux is doing it, I figured I had a good idea of the abstract. The concepts are all the same.

At the break I proceeded to discuss it with a small group of people and I mentioned that this is nothing new and that OSX and even Linux has it. Specifically I told them to check out the Brainshare keynote to see a demo that is just as impressive, if not more so.

The above post I find interesting because it is the first time I’ve seen the challenges of this from MS point of view listed out. They look exactly like many of the X11 performance issues of the past. Specifically the section named “Drawing To and Reading From the Screen — Baaaad!” reminds me exactly of some very terse emails sent by a certain programmer of the enlightenment window manager 7 or so years ago now.

At the time uninformed people were always complaining about X. They said it was too slow and we should abandon it in favor of something else. With things like Xgl right around the corner in mainstream distributions, I think time has proven these people wrong. It is interesting to see that MS had to deal with some of the same performance issues.

There is no math in my crypto talk!

WildBill!!! I like math. You can’t have crypto without math.

I understand your desire to keep it out of a general level presentation. This comic made me think of you, and maybe how you could sneak math into a general level talk.

http://www.codinghorror.com/blog/archives/000569.html

Penguicon 4

Penguicon is rocking.

My demos went poorly on Friday regarding Mono and ASP.NET.

http://home.comcast.net/~jrwren04/Penguicon4.0/ASPNETMonoIntro/Presentation.html

But I think the overall message of the presentation was well recieved. I tend to NOT put all the points I make on slides. The ASP.NET presentation is indicative of this. It is only 5 slides. There is a title, 2 pictures, an analogy and a list of references.

Saturday’s Mono GUI apps panel went awesome. There were times where I could hear the audience awe when I showed the GTK# app I built using MonoDevelop on Dapper was copied to windows and executed. I did the same for a trivial Windows Forms app built using Visual Studio 2005 and the executable ran fine in Mono on Dapper. Thank you Ubuntu. Thank you Mono.

I wanted to simply demo some GTK# apps on Ubuntu, but my VMWare image doesn’t have any interesting photos for f-spot or music for Banshee. I thought I would remote X run my app from home, but I stumbled upon Xorg on Dapper lacking LBX support. I think the deps have changed in 7.0. I filled a bug and I’m working to fixing it.

I love my friends

They say that pictures speak a thousand words. What does this picture speak to you?

I haven’t seen many of these guys in a while. I miss you all. If I were awesome at webstuff I’d make this webpage play Carol King’s “So Far Away” because that is how I fell, but also to give you fuel to make fun of me when next I see you.

Microsoftie praises MySQL?

Ok, maybe it is not praise, but CodeBetter.com is usually a very .NET and Microsoft centric site/blog. These types typically won’t even mention a product if it isn’t made by MS or support an MS product (Studio plugins).

It was nice to see Karl post on Paging Data – MySQL > Microsoft. It was nice, and I agree the LIMIT clause of MySQL is VERY nice, short, and sweet. PostgreSQL achieves the same thing using LIMIT and OFFSET. On our SQL 2000 Server Databases we sometimes use a stored procedure which I found on the internet somewhere a few months ago. (I think from http://www.vbdotnetheaven.com/Code/Sept2003/2173.asp)

CREATE PROC dbo.GetPagedData


@pageSize int,

@tablename varchar(100) ,

@PrimaryKey varchar(50) ,

@CurrentPage int ,

@WhereClause varchar(250)  
AS
if(@WhereClause IS NULL or @WhereClause='') Set @WhereClause=' 1=1 '

Declare @sql nvarchar(4000)

declare @numrecs int
Set @numrecs=@pageSize*@currentPage
set @sql='SELECT TOP ' + cast(@pageSize as varchar(5))+' * FROM ' +@tablename

Set @sql =@sql + ' WHERE '+cast(@PrimaryKey as varchar(50))+ ' NOT IN (SELECT TOP '

set @sql=@sql+ cast(@numrecs as varchar(5))

set @sql=@Sql+ ' ' +@primarykey +' FROM ' +@tableName + ' WHERE '+@whereClause +

' ORDER BY ' +cast(@primarykey as varchar(50)) +' ) '

set @Sql=@sql + ' AND '+ @whereClause

Set @Sql=@Sql + ' ORDER BY '+cast(@primarykey as varchar(50))

--print @sql
EXEC  sp_executeSql @sql 
Set @sql='Select count(*)  FROM ' +@tablename + ' WHERE ' +@whereclause

EXEC sp_executeSql @sql

You can see that this generates SQL in the form of
SELECT TOP ${pagesize} * FROM table WHERE somekey NOT IN ( SELECT TOP ${pagesize times currentpage} somekey FROM table WHERE query ORDER BY somekey ) AND query ORDER BY somekey

I find that VERY readable. Not as readable as the MySQL and PostgreSQL options, but it is more readable than the SQL2005 method Maybe it doesn’t work or doesn’t perform well, but we use it without issues.

Spongy? It Is Called JavaSpaces!

Hi David L!

David proposes something called Blanket.NET and “Spongy” Interfaces. This is a great idea and I welcome it as an addition to the dotnet framework, however I think we already have it. A little time with IKVM and JavaSpaces and the same functionality and more should already exist. I’ve been meaning to try the Glitz JavaSpaces implmentation and IKVM, but I have not found time.

David, if you get some time, try out JavaSpaces and IKVM to make it work with .NET.

Linux, Windows, Microsoft, OMG TERRAR!!!

From TheFreeDictionary.com:
Noun 1. terrorism – the calculated use of violence (or threat of violence) against civilians in order to attain goals that are political or religious or ideological in nature; this is done through intimindation or coercion or instilling fear

FOSS Community Should Not Negotiate With Microsoft On Port 25 are you frakking kidding me???

Awesome reading

I think the last week or so has yielded some of the best software writing I’ve read since I read the book by the same name pieced together by Joel

Most of these are from the blogs at CodeBetter.com.

James Shore writes an interesting aricle on QWAN, Quality With[out] a Name. Which is an intersting response to the c2 article.

Joel wrote a great article on Development Abstraction.

Jeremy Miller wrote an excellent intro to Six Design Patterns

James Bach destroys Best Practices.

On the more meat and potatoes side of things (code not words?)

Jay Kimble gives a great introduction to XSLT called XSLT for the Uninitiated. I really could have used this a few month ago.
Beginning Xpath and Beginning XSLT are the first two of what will hopefully be a continuing series.

Karl Seguin gives great reasons why not to use string concatenation and why to use string.format instead. I’ve taken what he said to heart and I’ll chastize myself when I type + in C# or & in VB.NET.

John Papa wrote about SCOPE_IDENTITY() and @@IDENTITY. It was very timely information for me because I recently had need to use these, and I rarely do SQL work.

Last night at AADND Tim Landgrave shows us the design of a smart client application which uses the CAB. It was very interesting. He mentioned that they converted/upgrade some 30+ “legacy” applications to use their framework, built on top of the CAB. They did so in a very short period of time, saving the company much time and money.

Overall it has been a great week with much thanks to those bloggers and AADND for keeping me fueled.