Matevž Gačnik's Weblog

This post puts shame to a new level.

There is no excuse for having Microsoft Access database serving any kind of content in an online banking solution.

The funny thing is, that even the comment excuses seem fragile. They obviously just don't get it. The bank should not defend their position, but focus on changing it immediately.

So, they should fix this ASAP, then fire PR, then apologize.

Well-done David, for exposing what should never reach a production environment.

Never. Ever.

This is why one should buy best of both worlds. Mac rules on a client. Dell is quite competitive on the (home) server market.

We don't care about cables around servers. Yet.

So? 'nuff said.

These have been brewing for a couple of months. They're out today.

They contain a number of patches that improve fix Vista. You can get them here:

Windows Vista Performance Update:

• x86 Download
• x64 Download

Windows Vista Reliability Update:

• x86 Download
• x64 Download

Go get them. Now.

Since it's summer here in Europe, and thus roughly middle of the year, here comes your, Dear Reader, profile.

Mind you, only last years data (June 2006 - June 2007) is included, according to Google Analytics.

Browser Versions:

Operating Systems:

Browser Versions and Operating Systems:

Screen Resolutions:

Adobe Flash Support:

And finally, most strangely, Java Support:

The last one surprised me.

Based on my previous post, I managed to get distributed transaction scenario working using WCF, MTOM and WS-AtomicTransactions.

This means that you have the option to transport arbitrary files, using transactional ACID semantics, from the client, over HTTP and MTOM.

The idea is to integrate a distributed transaction with TxF, or NTFS file system transaction. This only works on Windows Server 2008 (Longhorn Server) and Windows Vista.

Download: Sample code

If the client starts a transaction then all files within it should be stored on the server. If something fails or client does not commit, no harm is done. The beauty of this is that it's all seamlessly integrated into the current communication/OS stack.

This is shipping technology; you just have to dive a little deeper to use it.

Here's the scenario:

There are a couple of issues that need to be addressed before we move to the implementation:

• You should use the managed wrapper included here
  There is support for TransactedFile and TransactedDirectory built it. Next version of VistaBridge samples will include an updated version of this wrapper.
  
  
• Limited distributed transactions support on a system drive
  There is no way to get DTC a superior access coordinator role for TxF on the system drive (think c:\ system drive). This is a major downside in the current implementation of TxF, since I would prefer that system/boot files would be transaction-locked anyway. You have two options if you want to run the following sample:
  
  
  • Define secondary resource manager for your directory
    This allows system drive resource manager to still protect system files, but creates a secondary resource manager for the specified directory. Do this:
    • fsutil resource create c:\txf
    • fsutil resource start c:\txf
      You can query your new secondary resource manager by fsutil resource info c:\txf.
      
      
  • Use another partition
    Any partition outside the system partition is ok. You cannot use network shares, but USB keys will work. Plug it in and change the paths as defined at the end of this post.

OK, here we go.

Here's the service contract:

[ServiceContract(SessionMode = SessionMode.Allowed)]
interface ITransportFiles
{
   [OperationContract]
   [TransactionFlow(TransactionFlowOption.Allowed)]
   byte[] GetFile(string name);

   [OperationContract]
   [TransactionFlow(TransactionFlowOption.Allowed)]
   void PutFile(byte[] data, string name);
} 

We allow the sessionful binding (it's not required, though) and allow transactions to flow from the client side. Again, transactions are not mandatory, since client may opt-out of using them and just transport files without a transaction.

The provided transport mechanism uses MTOM, since the contract's parameter model is appropriate for it and because it's much more effective transferring binary data.

So here's the service config:

<system.serviceModel>
  <bindings>
    <wsHttpBinding>
      <binding name="MTOMBinding"
          transactionFlow="true"
          messageEncoding="Mtom"
          maxReceivedMessageSize="10485760">
        <readerQuotas maxArrayLength="10485760"/>
      </binding>
    </wsHttpBinding>
  </bindings>
  <services>
    <service name="WCFService.TransportService">
      <host>
        <baseAddresses>
          <add baseAddress="http://localhost:555/transportservice">
        </baseAddresses>
      </host>
      <endpoint address=""
          binding="wsHttpBinding"
          bindingConfiguration="MTOMBinding"
          contract="WCFService.ITransportFiles"/>
    </service>
  </services>
</system.serviceModel>

Here, MTOMBinding is being used to specify MTOM wire encoding. Also, quotas and maxReceivedMessageSize attribute is being adjusted to 10 MB, since we are probably transferring larger binary files.

Service implementation is straight forward:

[ServiceBehavior(InstanceContextMode = InstanceContextMode.PerCall)]
class TransportService : ITransportFiles
{
    [OperationBehavior(TransactionScopeRequired = true)]
    public byte[] GetFile(string name)
    {
        Console.WriteLine("GetFile: {0}", name);
        Console.WriteLine("Distributed Tx ID: {0}",
          Transaction.Current.TransactionInformation.DistributedIdentifier);
        return ReadFully(TransactedFile.Open(@"C:\TxF\Service\" + name,
          FileMode.Open, FileAccess.Read, FileShare.Read), 0);
    }

    [OperationBehavior(TransactionScopeRequired = true)]
    public void PutFile(byte[] data, string filename)
    {
        Console.WriteLine("PutFile: {0}", filename);
        Console.WriteLine("Distributed Tx ID: {0}",
          Transaction.Current.TransactionInformation.DistributedIdentifier);

        using (BinaryWriter bw = new BinaryWriter(
            TransactedFile.Open(@"C:\TxF\Service\" + filename,
              FileMode.Create, FileAccess.Write, FileShare.Write)))
        {
            bw.Write(data, 0, data.Length);
           
            // clean up
            bw.Flush();
        }
    }
}

Client does four things:

1. Sends three files (client - server) - no transaction
2. Gets three files (server - client) - no transaction
3. Sends three files (client - server) - distributed transaction, all or nothing
4. Gets three files (server - client) - distributed transaction, all or nothing

Before you run:

• Decide on the secondary resource manager option (system drive, enable it using fsutil.exe) or use another partition (USB key)
• Change the paths to your scenario. The sample uses C:\TxF, C:\TxF\Service and C:\TxF\Client and a secondary resource manager. Create these directories before running the sample.

Download: Sample code

This sample is provided without any warranty. It's a sample, so don't use it in production environments.

I dived into WS-Management support in Vista / Longhorn Server Windows Server 2008 this weekend. There are a couple of caveats if you want to enable remote WS-Management based access to these machines. Support for remote management is also built into Windows Server 2003 R2.

WS-Management specification allows remote access to any resource that implements the specification. Everything accessed in a WS-Management world is a resource, which is identifiable by a URI. The spec uses WS-Eventing, WS-Enumeration, WS-Transfer and SOAP 1.2 via HTTP.

Since remote management implementation in Windows acknowledges all the work done in the WMI space, you can simply issue commands in terms of URIs that incorporate WMI namespaces.

For example, the WMI class or action (method) is identified by a URI, just as any other WS-Management based resource. You can construct access to any WMI class / action using the following semantics:

• http://schemas.microsoft.com/wbem/wsman/1/wmi denotes a default WMI namespace accessible via WS-Management
• http://schemas.microsoft.com/wbem/wsman/1/wmi/root/default denotes access to root/default namespace

Since the majority of WMI classes are in root/cimv2 namespace, you should use the following URI to access those:

http://schemas.microsoft.com/wbem/wsman/1/wmi/root/cimv2

OK, back to WS-Management and its implementation in Vista / Windows Server 2008.

First, Windows Server 2008 has the Windows Remote Management service started up by default. Vista doesn't. So start it up, if you're on a Vista box.

Second, depending on your network configuration, if you're in a workgroup environment (not joined to a domain) you should tell your client to trust the server side.

Trusting the server side involves executing a command on a client. Remote management tools included in Windows Server 2008 / Windows Vista are capable of configuring the local machine and issuing commands to remote machine. There are basically two tools which allow you to setup the infrastructure and issue remote commands to the destination. They are:

• winrm.cmd (uses winrm.vbs), defines configuration of local machine
• winrs.exe (winrscmd.dll and friends), Windows Remote Shell client, issues commands to a remote machine

As said, WS-Management support is enabled by default in Windows Server 2008. This means that the appropriate service is running, but one should still define basic configuration on it. Nothing is enabled by default; you have to opt-in.

Since Microsoft is progressing to a more admin friendly environment, this is done by issuing the following command (server command):

winrm quickconfig (or winrm qc)

This enables the obvious:

• Starts the Windows Remote Management service (if not stared; in Windows Vista case)
• Enables autostart on the Windows Remote Management service
• Starts up a listener for all machine's IP addresses
• Configures appropriate firewall exceptions

You should get the following output:

[c:\windows\system32]winrm quickconfig

WinRM is not set up to allow remote access to this machine for management.
The following changes must be made:

Create a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine.
Enable the WinRM firewall exception.

Make these changes [y/n]? y

WinRM has been updated for remote management.
Created a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine.
WinRM firewall exception enabled.

There are options in winrm.cmd to fine tune anything, including the listening ports and / or SSL (HTTPS) support. In a trusted environment you probably don't want to issue commands using HTTP based mechanism, since you are located behind the trust boundary and have complete control over available (allowed) TCP ports.

You can now issue remote management commands against the configured server, but only if the communication is trusted. So in case you are in a workgroup environment (client and server in a workgroup), this should get you started (client command):

winrm set winrm/config/client @{TrustedHosts="<server ip or hostname>"}

You can specify multiple trusted servers using a comma:

winrm set winrm/config/client @{TrustedHosts="10.10.10.108, 10.10.10.109"}

This trusts the server(s) no matter what. Even over HTTP only.

Enumerating the configured listeners - remember, listener is located on the destination side - is done via:

winrm enumerate winrm/config/listener

OK, now we're able to issue commands to the remote side using WS-Management infrastructure. You can, for example, try this (client command):

winrs -r:http://<server ip> -u:<username> -p:<password> <shell command>, ie.
winrs -r:http://10.10.10.108 -u:administrator -p:p$38E0jjW! dir -s

or

winrs -r:http://10.10.10.108 -u:administrator -p:p$38E0jjW! hostname

You can even explose HTTP based approach through your firewall if you're crazy enough. But using HTTPS would be the smart way out. What you need is a valid certificate with server authentication capability and a matching CN. Self-signed certs won't work.

Simple and effective.

If you happen to be on a Windows Vista or Windows Server 2008 box, there is some goodness going your way.

There is a basic managed TxF (Transactional NTFS) wrapper available (unveiled by Jason Olson).

What this thing gives you is this:

try
{
   using (TransactionScope tsFiles = new TransactionScope
      TransactionScopeOption.RequiresNew))
   {
      WriteFile("TxFile1.txt");
      throw new FileNotFoundException();
      WriteFile("TxFile2.txt");
      tsFiles.Complete();
   }
}
catch (Exception ex)
{
   Console.WriteLine(ex.Message);
}

WriteFile method that does, well, file writing, is here:

using (TransactionScope tsFile = new TransactionScope
      (TransactionScopeOption.Required))
{
   Console.WriteLine("Creating transacted file '{0}'.", filename);

   using (StreamWriter tFile = new StreamWriter(TransactedFile.Open(filename, 
          FileMode.Create,
          FileAccess.Write,
          FileShare.None)))
   {
      tFile.Write(String.Format("Random data. My filename is '{0}'.",
          filename));
   }

   tsFile.Complete();
   Console.WriteLine("File '{0}' written.", filename);
}

So we have a nested TransactionScope with a curious type - TransactedFile. Mind you, there is support for TransactedDirectory built in.

What's happening underneath is awesome. The wrapper talks to unmanaged implementation of TxF, which is built in on every Vista / Longhorn Server box.

What you get is transactional file system support with System.Transactions. And it's going to go far beyond that.

I wrote some sample code, go get it. Oh, BTW, remove the exception line to see the real benefit.

Download: Sample code

This sample is provided without any warranty. It's a sample, so don't use it in production environments.

There is some serious pain going on when you need to add a simple custom document property into multiple Word 2007 text areas.

Say you have a version property that you would need to update using the document property mechanics. And say you use it in four different locations inside your document.

• There is no ribbon command for it. There was a menu option in Word 2003 days.
• There is no simple way of adding to The Ribbon. You have to customize the Quick Access Toolbar and stick with ugly, limited use icons forever or so.
• You need to choose All commands in Customize Quick Access Toolbar to find Insert Field option.
• This is not the only limiting option for a power user. The number of simplifications for the casual user is equal to the number of limitations for the power user. And yes, I know, casual users win the number battle.

So:

1. Right click The Ribbon and select Customize Quick Access Toolbar
2. Select All Commands and Insert Field
3. Add it to Custom Quick Access Toolbar
4. Click the new icon
5. In Field names select DocProperty
6. Select your value, in this example Version

Yes. Ease of use.

Please, give me an option to get my menus and keyboard shortcuts back.

Pretty please.

There's some serious iPhone hacking going on during the last week or so.

Here's the wiki page, that has lots of information on the project. Main devs, working on the unlock problem are from US and Hungary as it seems.

The forum is here. Deliverables here.

The progress is steady. There is a now a way to issue commands to the system, including moving of files, activation (which was achieved in three days) and directory listing inside the sandboxed filesystem.

I'm following the progress (with Hana - she's cheering along), because it's fun to know the internals of a locked down Apple device.

WS-RM 1.1 is finished. GoodTimes^tm.

OASIS published two specs:

• WS-ReliableMessaging 1.1
• WS-ReliableMessaging Policy Assertions 1.1

WCF, as it turns out, will have support for WS-RM 1.1 implementation in Orcas. On this note, there is a new CTP out this week.

Microsoft Windows Vista Ultimate, $499.

Apple iPhone, $599.

Jobs and Gates sitting together. Priceless.

Nick is continuing my discussion on durable messaging support in modern WS-* based stacks, especially WCF.

I agree that having a simple channel configuration support to direct messages into permanent information source (like SQL) would be beneficial.

A simple idea that begs for an alternative implementation of a WCF extensibility point, has some questions:

• What happens when messages are (or should be) exchanged in terms of a transaction context?
• How can we demand transaction support from the underlying datastore, if we don't want to put limitations onto anything residing beind the service boundary?
• What about security contexts? How can we acknowledge a secure, durable sessionful channel after two weeks of service hibernation down time? Should security keys still be valid just because service was down and not responding all this time?
• Is durability limited to client/service recycling or non-memory message storage? What about both?

Is [DurableService]enough?

Having posted a disturbing post last year, I have a moral obligation to repost my current state of mind.

This year's NT conference was way better, especially regarding fun-activating activities. It's not my cup of tea, when things are being cut, but I was impressed by the plethora of activities that were not present this year.

Yeah, I know. When you've got activities that are not present, you're in it deep.

Clarifying it, here it goes.

I like it when things are not there (regarding fun during the NT conference).

• I like the fact that sponsors and partners were not given a carte blache.
• I like the fact that there were no naked ladies running around. Doh!
• I like the fact that I like the fact that there were no naked ladies running around.
• I like the fact that there was not enough free beer.
• I like the fact that parties were not too 'lomaniac.
• I like the fact that we, speakers, were pressured again.
• I like the fact that, above all, this was a step forward.

What I don't I like (in 2007 incarnation):

• I don't like keynotes that have (almost, sorry) no content.
• I don't like keynotes that have no cues, allowing people to leave with no impression.
• I especially don't like keynotes that, having a plethora of technology to show, don't make attendees drool their asses off.
• I don't like 30 minute breaks. Sorry, too long.
• I don't like that attendees have no free evenings. It's just to reflect on what they've heard.

And, as stated previously (and again) I don't like parties happening every evening on a technical conference. But that might just be the rule I have.

If NTK continues in this year's fashion, we all did a good job. If only next year, they would get some pre/post conference options (hint) for the technical savvy.

Luke, Kamenko, this is a major contribution to being on the right track again. Kudos.

[This post can and probably will, position me into the nerd crowd. It is not my intention. For you, who know me personally, you know what I'm talking about. At a certain point of fun, everybody has enough.]

Jamie Cansdale of TestDriven.NET fame just posted an intro post describing the hosting of Silverlight's CLR - CoreCLR.

Having the ability to host the runtime inside a Win32/.NET process brings up new possibilities, especially running Silverlight apps outside the browser or developing test harnesses/unit tests for Silverlight intended object models.

Silverlight 1.1 alpha and CoreCLR currently expose a very trimmed down version of the Framework's BCL. This will change by RTM, but be aware that its sweet spot is still the browser.

I can imagine a world where Silverlight apps will not only be media/presentation related. Currently, the competing platform, though having a strong install base, has not reached into that space.

You could arm Flash developers with rocket launchers, but they would still lose a battle war against .NET developers armed with chopsticks. Every day of the week and twice on Sunday. I believe the number of souls will significantly influence the outcome in this case.

Today, Microsoft.com put a Silverlight enabled video of XBox 360 Elite on the site front page.

This must be one of the earliest technology adoptions for Microsoft.com. They host a 1.0 beta version of the Silverlight app and it got me thinking why would a high traffic site want to do this.

My conclusion?

Answer this: What's the quickest way to install the Silverlight runtime to a broad user base without using a ship vehicle?

Admittedly, installing the runtime is quick, painless and benign for your machine. As it should be.

Try it out. Then visit some sample galleries.

It's the time of the year again when the biggest local show gets going.

This year, I'm going to deliver three talks:

Tuesday, 15.5.2007, 18:00, Room D, WCF+Workflow: Et tu, Orcas?

Drilldown of: WCF support for syndication, POX, JSON, WCF + WF integration and WF instance correlation support.

Wednesday, 16.5.2007, 09:00, Emerald 1, MythBusters: Fat Clients and Thin Servers (with Dušan)

Drilldown of: Will not disclose. Stop by (if you dare). :)

Wednesday, 16.5.2007, 15:00, Emerald 2, WCF: About Messaging Sessions

Drilldown of: WCF messaging sessions, what they are, how to handle them, what's the underlying story.

Also, if you are a journalist, stop by for a press conference on Tuesday, 15.5.2007 at 12⁰⁰ in the Press Center. Together with a client, we have a discussion on digital document archives, legislature and best practices.

Well, it took me awhile to figure out, but here's a way to bring back the dialog which allows you to resize image attachments you send in Outlook 2007.

It's hidden the behind right arrow of the Include box. Right here:

I knew it must be there somewhere. And it is, it's just a click away.

It must be me, but I was looking for this option for a couple of months. It was one of my beloved features in Outlook 2003, since sending snapshots of something allowed me to get them down from 5MB to 100kb by just clicking an option.

There is a special checkbox called 'Show when attaching files' there.

Turn it on. Now.

Who decided it's a good thing to leave this thing off by default?

I noticed an awkwardness on my IIS6 server installation today.

All my sites were running with a US locale, thus invalidating the currency/date time/decimal calculations by an order of magnitude.

The problem was that the server was installed using the default settings, and also applied those to the Network Service account under which most of my sites work.

How do you fix this?

1. Login (RDP is OK)
2. Change the locale to your preference on the logged in account, use Control Panel's Regional Settings UI, you may need to reboot
3. Go to HKEY_CURRENT_USER\Control Panel\International
4. Right click, choose Export
5. Open the file in Notepad, replace "HKEY_CURRENT_USER" with "HKEY_USERS\S-1-5-20", this is the Network Service account
6. Save the .reg file
7. Double click the .reg file and import the settings
8. Restart IIS

You should have your locale set.

Oh, on the other side, while investigating this, here's a scoop on how to get to clear text passwords of IUSR_MACHINENAME and IWAM_MACHINENAME accounts:

1. Go to C:\InetPub\AdminScripts and open adsutil.vbs script in Notepad
2. Change the only occurrence of "IsSecureProperty = True" to "IsSecureProperty = False". Save.
3. Run "cscript adsutil.vbs get w3svc/anonymoususerpass" in command prompt
4. Run "cscript adsutil.vbs get w3svc/wamuserpass" in command prompt
5. Don't forget to revert to "IsSecureProperty = True" in adsutil.vbs
6. Don't forget to save the file again

You should have both passwords now. This comes handy when you need to fine tune the settings of both built-in accounts.

Just came back from today's talk on WCF session support.

Deliverables:

• PPT
• Code

Remember: proxy.Close() is your friend.

Our gift came yesterday evening. Baby girl. Hana Re.

As perfect as possible, mom included.

0.003255 tons, 0.00052 kilometers