Matevz Gacnik's Weblog

P != NP Proof Failing

2010-08-19T22:31:28.877+02:00

One of the most important steps needed for computer science to get itself to the next level seems to be fading away.

Actually, its proof from is playing hard to catch again. This question (whether P=NP or P!=NP) does not want to be answered. It could be, that the problem of proving it is also NP-complete.

The (scientific) community ~~wants~~ needs closure. If P != NP would be proven, a lot of orthodox legislature in PKI, cryptography and signature/timestamp validity would probably become looser. If P=NP is true, well, s*!t hits the fan.

Visual Studio 2010 Beta 2: Why this Lack of Pureness Again?

2009-10-24T13:50:47.564+02:00

Developer pureness is what we should all strive for.

This is not it:

Conflicting with this:

[c:\NetFx4\versiontester\bin\debug]corflags VersionTester.exe
Microsoft (R) .NET Framework CorFlags Conversion Tool. Version 3.5.21022.8
Copyright (c) Microsoft Corporation. All rights reserved.

Version   : v4.0.21006
CLR Header: 2.5
PE        : PE32
CorFlags : 1
ILONLY    : 1
32BIT     : 0
Signed    : 0

Visual Studio must display version number of 4.0 instead of 4 in RTM. It needs to display major and minor number of the new framework coherently with 2.0, 3.0, 3.5.

Otherwise my compulsive disorder kicks in.

ServiceModel: Assembly Size in .NET 4.0

2009-10-24T13:39:05.114+02:00

I'm just poking around the new framework, dealing with corflags and CLR Header versions (more on that later), but what I found is the following.

Do a dir *.dll /o:-s in the framework directory. You get this on .NET FX 4.0 beta 2 box:

[c:\windows\microsoft.net\framework64\v4.0.21006]dir *.dll /o:-s

Volume in drive C is 7 Serial number is 1ED5:8CA5
Directory of C:\Windows\Microsoft.NET\Framework64\v4.0.21006\*.dll

7.10.2009 3:44 9.833.784 clr.dll
7.10.2009 2:44 6.072.664 System.ServiceModel.dll
7.10.2009 2:44 5.251.928 System.Windows.Forms.dll
7.10.2009 6:04 5.088.584 System.Web.dll
7.10.2009 5:31 5.086.024 System.Design.dll
7.10.2009 3:44 4.927.808 mscorlib.dll
7.10.2009 3:44 3.529.608 Microsoft.VB.Activities.Compiler.dll
7.10.2009 2:44 3.501.376 System.dll
7.10.2009 2:44 3.335.000 System.Data.Entity.dll
7.10.2009 3:44 3.244.360 System.Data.dll
7.10.2009 2:44 2.145.096 System.XML.dll
7.10.2009 5:31 1.784.664 System.Web.Extensions.dll
7.10.2009 2:44 1.711.488 System.Windows.Forms.DataVis.dll
7.10.2009 5:31 1.697.128 System.Web.DataVis.dll
7.10.2009 5:31 1.578.352 System.Workflow.ComponentModel.dll
7.10.2009 3:44 1.540.928 clrjit.dll
7.10.2009 3:44 1.511.752 mscordacwks.dll
7.10.2009 3:44 1.454.400 mscordbi.dll
7.10.2009 2:44 1.339.248 System.Activities.Presentation.dll
7.10.2009 5:31 1.277.776 Microsoft.Build.dll
7.10.2009 2:44 1.257.800 System.Core.dll
7.10.2009 2:44   1.178.448 System.Activities.dll
7.10.2009 5:31 1.071.464 System.Workflow.Activities.dll
7.10.2009 5:31   1.041.256 Microsoft.Build.Tasks.v4.0.dll
7.10.2009 2:44   1.026.920 System.Runtime.Serialization.dll

Funny how many engineer dollars are/were spent on middle tier technologies I love.

Proof: System.ServiceModel.dll is bigger then System.dll, System.Windows.Forms.dll, mscorlib.dll, and System.Data.dll.

We only bow to clr.dll, a new .NET 4.0 Common Language Runtime implementation.

Talk at Interoperability Day 2009

2009-06-03T15:23:45.224+02:00

Interoperability day is focused on, well, interoperability. Especially between major vendors in government space.

We talked about major issues in long term document preservation formats and the penetration of Office serialization in real world...

.. and the lack of support from legislature covering long term electronic document formats and their use.

Here's the PPT [Slovenian].

Speaking at Document Interop Initiative

2009-05-16T20:21:51.331+02:00

On Monday, 05/18/2009 I'm speaking at Document Interop Initiative in London, England.

Title of the talk is: High Fidelity Programmatic Access to Document Content, which will cover the following topics:

Importance of OOXML as a standards based format, especially in technical issues of long term storage for document content preservation
Importance of legal long term storage for document formats
Signature and timestamp benefits of long term XML formats
Performance and actual cost analysis of using publicly-parsable formats
Benefits of having a high fidelity programmatic access to document content, backed with standardization

The event is held at Microsoft Limited, Cardinal Place, 100 Victoria Street SW1E 5JL, London.

Update: Here's the presentation.

Designing Clean Object Models with SvcUtil.exe

2009-04-10T23:06:43.37+02:00

There are a couple situations where one might use svcutil.exe in command prompt vs. Add Service Reference in Visual Studio.

At least a couple.

I don't know who (or why) made a decision not to support namespace-less proxy generation in Visual Studio. It's a fact that if you make a service reference, you have to specify a nested namespace.

On the other end, there is an option to make the proxy class either public or internal, which enables one to hide it from the outside world.

That's a design flaw. There are numerous cases, where you would not want to create another [1] namespace, because you are designing an object model that needs to be clean.

[1] This is only limited to local type system namespace declarations - it does not matter what you are sending over the wire.

Consider the following namespace and class hierarchy that uses a service proxy (MyNamespace.Service class uses it):

Suppose that the Service class uses a WCF service, which synchronizes articles and comments with another system. If you use Add Web Reference, there is no way to hide the generated service namespace. One would probably define MyNamespace.MyServiceProxy as a namespace and declared a using statement in MyNamespace.MyService scope with:

using MyNamespace.MyServiceProxy;

This results in a dirty object model - your clients will see your internals and that shouldn't be an option.

Your class hierarchy now has another namespace, called MyNamespace.ServiceProxy, which is actually only used inside the MyNamespace.Service class.

What one can do is insist that the generated classes are marked internal, hiding the classes from the outside world, but still leaving an empty namespace visible for instantiating assemblies.

Leaving only the namespace visible, with no public classes in it is pure cowardness.

Not good.

Since there is no internal namespace modifier in .NET, you have no other way of hiding your namespace, even if you demand internal classes to be generated by the Add Service Reference dialog.

So, svcutil.exe to the rescue:

svcutil.exe
   /namespace:*, MyNamespace
   /internal
   /out:ServiceProxyClass.cs

The /namespace option allows you to map between XML and CLR namespace declarations. The preceding examples maps all (therefore *) existing XML namespaces in service metadata to MyNamespace CLR namespace.

The example will generate a service proxy class, mark it internal and put it into the desired namespace.

Your object model will look like this:

Currently, this is the only way to hide the internals of service communication with a proxy and still being able to keep your object model clean.

Note that this is useful when you want to wrap an existing service proxy or hide a certain already supported service implementation detail in your object model. Since your client code does not need to have access to complete service proxy (or you want to enhance it), it shouldn't be a problem to hide it completely.

Considering options during proxy generation, per method access modifiers would be beneficial too.

Bug in XmlSerializer, XmlSerializerNamespaces

2009-04-06T14:22:33.315+02:00

XmlSerializer is a great peace of technology. Combined with xsd.exe and friends (XmlSerializerNamespaces, et al.) it's a powerful tool for one to get around XML instance serialization/deserialization.

But, there is a potentially serious bug present, even in 3.5 SP1 version of the .NET Framework.

Suppose we have the following XML structure:

xmlns:B="NamespaceB">

This tells you that Envelope, and Body elements are in the same namespace (namely 'NamespaceA'), while Header is qualified with 'NamespaceB'.

Now suppose we need to programmatically insert element into an empty, core, document.

Core document:

xmlns:B="NamespaceB">

Now do an XmlNode.InsertNode() of the following:

...

We should get:

xmlns:B="NamespaceB">
...

To get the to be inserted part one would serialize (using XmlSerializer) the following Header document:

...

To do this, a simple XmlSerializer magic will do the trick:

XmlSerializerNamespaces xsn = new XmlSerializerNamespaces();
xsn.Add("B", "NamespaceB");

XmlSerializer xSer = new XmlSerializer(typeof(Header));
XmlTextWriter tw = new XmlTextWriter(ms, null);
xSer.Serialize(tw, h, xsn);

ms.Seek(0, SeekOrigin.Begin);

XmlDocument doc = new XmlDocument()
doc.Load(ms);
ms.Close();

This would generate exactly what we wanted. A prefixed namespace based XML document, with the B prefix bound to 'NamespaceB'.

Now, if we would import this document fragment into our core document using XmlNode.ImportNode(), we would get:

xmlns:B="NamespaceB">
xmlns:B="NamespaceB">...

Which is valid and actually, from an XML Infoset view, an isomorphic document to the original. So what if it's got the same namespace declared twice, right?

Right - until you involve digital signatures. I have described a specific problem with ambient namespaces in length in this blog entry: XmlSerializer, Ambient XML Namespaces and Digital Signatures.

When importing a node from another context, XmlNode and friends do a resolve against all namespace declarations in scope. So, when importing such a header, we shouldn't get a duplicate namespace declaration.

The problem is, we don't get a duplicate namespace declaration, since XmlSerializer actually inserts a normal XML attribute into the Header element. That's why we seem to get another namespace declaration. It's actually not a declaration but a plain old attribute. It's even visible (in this case in XmlElement.Attributes), and it definitely shouldn't be there.

So if you hit this special case, remove all attributes before importing the node into your core document. Like this:

XmlSerializerNamespaces xsn = new XmlSerializerNamespaces();
xsn.Add("B", "NamespaceB");

XmlSerializer xSer = new XmlSerializer(typeof(Header));
XmlTextWriter tw = new XmlTextWriter(ms, null);
xSer.Serialize(tw, h, xsn);

ms.Seek(0, SeekOrigin.Begin);

XmlDocument doc = new XmlDocument()
doc.Load(ms);
ms.Close();
doc.DocumentElement.Attributes.RemoveAll();

Note that the serialized document representation will not change, since an ambient namespace declaration (B linked to 'NamespaceB') still exists in the XML Infoset of doc XML document.

DOW(n)

2008-10-09T22:29:37.728+02:00

DOW is down almost 700, again. And...

... I just have to post this. Especially when almost everything (besides devaluation of the safe currency) has already been done.

If you had bought $1,000.00 of Nortel stock one year ago, it would now be worth $49.00.

With Enron , you would have $16.50 of the original $1,000.00.

With MCI/Worldcom , you would have less than $5.00 left.

If you had bought $1,000.00 worth of Miller Genuine Draft (the beer, not the stock) one year ago, drunk all the beer then turned in the cans for the 10-cent deposit, you would have $214.00.

Based on the above, 401KegPlan.com's current investment advice is to take that $5.00 you have left over and drink lots and lots of beer and recycle.

Via: http://401kegplan.com/keg/

We are going over the edge. We as a world economy.

And yea, I opened a keg of Guinness.

Bleeding Edge 2008: Postback

2008-10-09T21:42:02.568+02:00

I'm sorry it took a week, but here we go.

This is my exit content from Bleeding Edge 2008. I'm also posting complete conference contents, just in case.

Thanks go out to Dušan, Dejan, Miha, Miha and Miha.

Downloads:

Middle Tier Design Unleashed: PPT & Code
Complete Conference: PPT & Code

Remark: PPT in Slovene only. Code international.

Thank you for attending. Hope to see you next year!

XmlSerializer: Serialized Syntax and How to Override It

2008-08-29T20:38:07.673+02:00

Recently I needed to specify exactly how I would like a specific class serialized. Suppose we have the following simple schema:

http://my.favourite.ns/person.xsd "
   elementFormDefault="qualified"
   xmlns:xs=" http://www.w3.org/2001/XMLSchema "
   xmlns=" http://my.favourite.ns/person.xsd" >

Let's call this schema President.xsd.

A valid XML instance against this schema would be, for example:

   Barrack
   Obama
   47

Since we are serializing against a specific XML schema (XSD), we have an option of schema compilation:

xsd /c President.xsd

This, obviously, yields a programmatic type system result in a form of a C# class. All well and done.

Now.

If we serialize the filled up class instance back to XML, we get a valid XML instance. It's valid against President.xsd.

There is a case where your schema changes ever so slightly - read, the namespaces change, and you don't want to recompile the entire solution to support this, but you still want to use XML serialization. Who doesn't - what do you do?

Suppose we want to get the following back, when serializing:

http://schemas.gama-system.com/
      president.xsd" >
   Barrack
   Obama
   47

There is an option to override the default serialization technique of XmlSerializer. Enter the world of XmlAttributes and XmlAttributeOverrides:

private XmlSerializer GetOverridedSerializer()
{
   // set overrides for person element
   XmlAttributes attrsPerson = new XmlAttributes();
   XmlRootAttribute rootPerson =
      new XmlRootAttribute("PresidentPerson");
   rootPerson.Namespace = " http://schemas.gama-system.com/
      president.xsd ";
   attrsPerson.XmlRoot = rootPerson;

   // create overrider
   XmlAttributeOverrides xOver = new XmlAttributeOverrides();
   xOver.Add(typeof(Person), attrsPerson);

XmlSerializer xSer = new XmlSerializer(typeof(Person), xOver);
return xSer;
}

Now serialize normally:

Stream ms = new MemoryStream();
XmlTextWriter tw = new XmlTextWriter(ms, null);
xSer.Serialize(tw, person);

This will work even if you only have a compiled version of your object graph, and you don't have any sources. System.Xml.Serialization.XmlAttributeOverrides class allows you to adorn any XML serializable class with your own XML syntax - element names, attribute names, namespaces and types.

Remember - you can override them all and still serialize your angle brackets.

Bleeding Edge 2008

2008-07-17T15:50:06.688+02:00

I'm happy to announce our organization work is coming to fruition.

Bleeding Edge 2008 is taking the stage for the autumn season.

Portorož, Slovenia, October 1^st, 9:00

Official site, Registration, Sponsors

Go for the early bird registration (till September 12^th). The time is now.

Potential sponsor? Here's the offering.

Accreditus: Gama System eArchive

2008-07-05T14:18:06.428+02:00

One of our core products, Gama System eArchive was accredited last week.

This is the first accreditation of a domestic product and the first one covering long term electronic document storage in a SOA based system.

Every document stored inside the Gama System eArchive product is now legally legal. No questions asked.

Accreditation is done by a national body and represents the last step in a formal acknowledgement to holiness.

That means a lot to me, even more to our company.

The following blog entries were (in)directly inspired by the development of this product:

We've made a lot of effort to get this thing developed and accredited. The certificate is here.

This, this, this, this, this, this, this, this, this and t h o s e are direct approvals of our correct decisions.

Sysinternals Live

2008-06-19T19:52:52.954+02:00

This is brilliant.

Sysinternals tools are now (actually were already when I left for vacation) available live via a web (http and WebDAV) based resource on http://live.sysinternals.comand \\live.sysinternals.com.

This means I can do the following:

[c:\]dir \\live.sysinternals.com\tools

Directory of \\live.sysinternals.com\tools\ *

2.06.2008   1:16
    .
2.06.2008   1:16             ..
2.06.2008   1:16             WindowsInternals
30.05.2008 17:55             668 About_This_Site.txt
13.05.2008 19:00         225.320 accesschk.exe
1.11.2006 15:06         174.968 AccessEnum.exe
1.11.2006 23:05         121.712 accvio.EXE
12.07.2007   7:26          50.379 AdExplorer.chm
26.11.2007 14:21         422.952 ADExplorer.exe
7.11.2007 11:13         401.616 ADInsight.chm
20.11.2007 14:25       1.049.640 ADInsight.exe
1.11.2006 15:05         150.328 adrestore.exe
1.11.2006 15:06         154.424 Autologon.exe
8.05.2008 10:20          48.476 autoruns.chm
12.05.2008 17:31         622.632 autoruns.exe 1.11.2006
...
1.11.2006 15:06         207.672 Winobj.exe
30.12.1999 12:26           7.653 WINOBJ.HLP
27.05.2008 16:21         142.376 ZoomIt.exe
     24.185.901 bytes in 103 files and 3 dirs
109.442.727.936 bytes free

Or, I can fire up a Windows Explorer window (or press the start key, then type) and just type: \\live.sysinternals.com\tools.

Or:

[c:\]copy \\live.sysinternals.com\tools\Procmon.exe
        C:\Windows\System32
\\live.sysinternals.com\tools\Procmon.exe =>
        C:\Windows\System32\Procmon.exe
     1 file copied

Brilliant and useful.

Demos from the NT Conference 2008

2008-05-15T17:24:19.828+02:00

As promised, here are the sources from my NTK 2008 sessions [1].

Talk: Document Style Service Interfaces

Read the following blog entry, I tried to describe the concept in detail. Also, this blog post discusses issues when using large document parameters with reliable transport (WS-RM) channels.

Demo: Document Style Service Interfaces [Download]

This demo defines a service interface with the document parameter model, ie. Guid CreatePerson(XmlDocument person). It shows three different approaches to creation of the passed document:

Raw XML creation
XML Serialization of the (attribute annotated) object graph
XML Serialization using the client object model

Also, versioned schemas for the Person document are shown, including the support for document validation and version independence.

Talk: Windows Server 2008 and Transactional NTFS

This blog entry describes the concept.

Demo 1: Logging using CLFS (Common Log File System) [Download]
Demo 2: NTFS Transactions using the File System, SQL, WCF [Download]
Demo 3: NTFS Transactions using the WCF, MTOM Transport [Download] [2]

[1] All sources are in VS 2008 solution file format.
[2] This transaction spans from the client, through the service boundary, to the server.

Laws and Digital Signatures

2008-04-16T19:32:29.84+02:00

Suppose we have a document like this:

    value1
    value2

ttp://www.w3.org/2000/09/xmldsig #">

              Algorithm=" http://www.w3.org/TR/2001/REC-xml-c14n-20010315 " />
              Algorithm=" http://www.w3.org/2000/09/xmldsig#rsa-sha1 " />


                      Algorithm=" http://www.w3.org/2000/09/
              xmldsig#enveloped-signature "/>

                  Algorithm=" http://www.w3.org/2000/09/xmldsig#sha1 " />
        1Xp...EOko=


    nls...cH0k=



          9f3W...fxG0E=
          AQAB



        MIIEi...ktYgN

This document represents data and an enveloped digital signature over the complete XML document. The digital signature completeness is defined in the Reference element, which has URI attribute set to empty string (Reference Uri="").

Checking the Signature

The following should always be applied during signature validation:

Validating the digital signature
Validating the certificate(s) used to create the signature
Validating the certificate(s) chain(s)

Note: In most situations this is the optimal validation sequence. Why? Signatures are broken far more frequently then certificates are revoked/expired. And certificates are revoked/expired far more frequently then their chains.

1. Validating the digital signature

First, get it out of there:

XmlNamespaceManager xmlns = new XmlNamespaceManager(xdkDocument.NameTable); [1]
xmlns.AddNamespace("ds", " http://www.w3.org/2000/09/xmldsig #");
XmlNodeList nodeList = xdkDocument.SelectNodes("//ds:Signature", xmlns);

[1] xdkDocument should be an XmlDocument instance representing your document.

Second, construct a SignedXml instance:

foreach (XmlNode xmlNode in nodeList)
{
// create signed xml object
SignedXml signedXml = new SignedXml(xdkDocument); [2]

// verify signature
signedXml.LoadXml((XmlElement)xmlNode);
}

[2] Note that we are constructing the SignedXml instance from a complete document, not only the signature. Read this.

Third, validate:

bool booSigValid = signedXml.CheckSignature();

If booSigValid is true, proceed.

2. Validating the certificate(s) used to create the signature

First, get it out of there:

XmlNode xndCert = xmlNode.SelectSingleNode(".//ds:X509Certificate", xmlns); [3]

[3] There can be multiple X509Certificate elements qualified with h ttp://www.w3.org/2000/09/xmldsig # namespace in there. Xml Digital Signature specification is allowing the serialization of a complete certificate chain of the certificate used to sign the document. Normally, the signing certificate should be the first to be serialized.

Second, get the X509Certificate2 instance:

byte[] bytCert = Convert.FromBase64String(xndCert.InnerText);
X509Certificate2 x509cert = new X509Certificate2(bytCert);

Third, validate:

bool booCertValid = x509cert.Verify();

If booCertValid is true, proceed.

3. Validating the certificate(s) chain(s)

Building and validating the chain:

X509Chain certChain = new X509Chain();
bool booChainValid = certChain.Build(x509cert);
int intChainLength = certChain.ChainElements.Count; [4]

If booChainValid is true, your signature is valid.

Some Rules and Some Laws

We have three booleans:

booSigValid - signature validity
booCertValid - certificate validity
booChainValid - certificate's chain validity

If booSigValid evaluates to false, there is no discussion. Someone changed the document.

What happens if one of the following two expressions evaluates to true:

1. ((booSigValid) && (!booCertValid) && (!booChainValid))
2. ((booSigValid) && (booCertValid) && (!booChainValid))

This normally means that either the certificate is not valid (CRLed or expired) [4], or one of the chain's certificate is not valid/expired.

[4] The premise is that one checked the signature according to 1, 2, 3 schema described above.

The Question

Is digital signature valid even if CA revoked the certificate after the signature has already been done? Is it valid even after the certificate expires? If signature is valid and certificate has been revoked, what is the legal validity of the signature?

In legal terms, the signature would be invalid on both upper assertions, 1 and 2.

This means, that once the generator of the signature is dead, or one of his predecessors is dead, all his children die too.

Timestamps to the Rescue

According to most country's digital signature laws the signature is valid only during the validity of the signing certificate and validity of the signing certificate's chain, both being checked for revocation and expiry date ... if you don't timestamp it.

If the source document has another signature from a trusted authority, and that authority is a timestamp authority, it would look like this:

    value1
    value2

http://www.w3.org/2000/09/xmldsig #">
    ...

    xmlns:dsig=" http://www.w3.org/2000/09/xmldsig #">

              Algorithm=" http://www.w3.org/TR/2001/REC-xml-c14n-20010315 " />
              Algorithm=" http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
              URI="#TimeStampInfo-113D2EEB158BBB2D7CC000000000004DF65">
                  Algorithm=" http://www.w3.org/2000/09/xmldsig#sha1" />
          y+xw...scKg=


                  Algorithm=" http://www.w3.org/2000/09/xmldsig#sha1" />
        KhFIr...Sv4=


    R4m...k3aQ==


        MII...Osmg==


          Id="TimeStampInfo-113D2EEB158BBB2D7CC000000000004DF65">
               xmlns:ts=" http://www.provider.com/schemas
           /timestamp-protocol-20020207 "
         xmlns:ds=" http://www.w3.org/2000/09/xmldsig #">
        http://provider.tsa.com/documents" />

            http://www.w3.org/2000/
              09/xmldsig#sha1" />
            V7+bH...Kmsec=

          938...045
          2008-04-13T11:31:42.004Z
          121...780

The second signature would be performed by an out-of-band authority, normally a TSA authority. It would only sign a hash value (in this case SHA1 hash) which was constructed by hashing the original document and the included digital signature.

This (second) signature should be checked using the same 1, 2, 3 steps. For the purpose of this mind experiment, let's say it would generate a booTimestampValid boolean.

Now, let's reexamine the booleans:

((booSigValid) && (!booCertValid) && (!booChainValid) && (booTimestampValid))
((booSigValid) && (booCertValid) && (!booChainValid) && (booTimestampValid))

In this case, even though the signature's certificate (or its chain) is invalid, the signature would pass legal validity if the timesamp's signature is valid, together with its certificate and certificate chain. Note that the TSA signature is generated with a different set of keys than the original digital signature.

Actually booTimestampValid is defined as ((booSigValid) && (booCertValid) && (booChainValid)) for the timestamp signature/certificate/certificate chain [5].

[5] Legal validity is guaranteed only in cases where 1 or 2 are true.

WCF: Reliable Messaging and Retry Timeouts

2008-04-09T00:33:13.159+02:00

There is a serious limitation present in the RTM version of WCF 3.0/3.5 regarding control of WS-RM retry messages during a reliable session saga.

Let me try to explain the concept.

We have a sender (communication initiator) and a receiver (service). When a reliable session is constructed between the two, every message needs to come to the other side. In a request-reply world, the sender would be a client during the request phase. Then roles would switch during the response phase.

The problem arises when one of the sides does not get the message acknowledgement in time. WCF reliable messaging implementation retries the sending process and hopes for the acknowledgement. All is well.

The problem is that there is no way for the sending application to specify how long the retry timeout should be. There is a way to specify channel opening and closing timeouts, acknowledgement interval and more, but nothing will define how long should the initiator wait for message acks.

Let's talk about how WCF acknowledges messages.

During a request-reply exchange every request message is acknowledged in a response message. WS-RM SOAP headers regarding sequence definition (request) and acknowledgements (response) look like this:

a1
a2 urn:uuid:6c9d...ca90
a3 1
a4

b1
b2    urn:uuid:6c99...ca290
b3
b4    b5       xmlns:netrm=" http://schemas.microsoft.com/ws/2006/05/rm" >
b6
b7

Request phase defines a sequence and sends the first message (a3). In response, there is the appropriate acknowledgement present, which acks the first message (b3) with Lower and Upper attributes. Lines b4-b6 define a benign and super useful WCF implementation of flow control, which allows the sender to limit the rate of sent messages if service side becomes congested.

When the session is setup, WCF will have a really small time waiting window for acks. Therefore, if ack is not received during this period, the infrastructure will retry the message.

Duplex contracts work slightly differently. There, the acknowledgement interval can be set. This configuration option (config attribute is called acknowledgementInterval) is named inappropriately, since it controls the service and not the client side.

It does not define the time limit on received acknowledgements, but the necessary time to send the acknowledgments back. It allows grouping of sent acks, so that multiple incoming messages can be acked together. Also, the infrastructure will not necessarily honor the specified value.

Now consider the following scenario:

The client is on a reliable network
Network bandwidth is so thin that the sending message takes 20s to come through [1]
Service instancing is set to Multiple
The solution uses a request-reply semantics

[1] It does not matter whether the initiator is on a dial up, or the message is huge.

What happens?

Service initiator sets up a reliable session, then:

First message is being sent
Since the retry interval is really small [2], the message will not get to the other end and the acknowledgement will not bounce back in time
First message is retried, now two messages are being transported
No acks received yet
First message is retried again
Network bandwidth is even thinner
First message is acknowledged
First message retry is discarded on the service side
Second message retry is discarded on the service side

[2] Under 3s.

The number of retry messages depends on the bandwidth and message size. It can happen that tens of messages will be sent before first acknowledgement will be received.

Adaptability algorithms

A good thing is that there are undocumented algorithms implemented for retry timeout. The implementation increases the reply timeout exponentially when the infrastructure detects that the network conditions demand more time (slow throughput) and allows reliable delivery (no losses). If loses are present the reply timeout decreases.

Retry timeout is actually calculated when establishing an RM session. It is based on the roundtrip time and is bigger if the roundtrip time is long.

So, when first messages in a session are exchanged, don't be too surprised to see a couple of message retries.

Calculating Outsourcing Project Cost

2008-02-18T23:01:39.53125+01:00

Wow, Stephen.

This is one of the best ideas I've heard of hedging against the dollar in terms if IT outsourcing cost. And I mean it.

I'm not in a position of valueing the description made, but I am willing to take the pill, no matter what.

What everybody needs is only to get to one million sterling project, taking half a year.

That's it, hedging done or not.

Happy Birthday XML

2008-02-13T20:36:09.046875+01:00

This week XML is ten years old. The core XML 1.0 specification was released in February 1998.

It's a nice anniversary to have.

The XML + Namespaces specification has a built in namespace declaration of http://www.w3.org/XML/1998/namespace. That's an implicit namespace declaration, a special one, governing all other. One namespace declaration to rule them all. Bound to xml: prefix.

XML was born and published as a W3C Recommendation on 10^th of February 1998.

So, well done XML. You did a lot for IT industry in the past decade.

European Silverlight Challenge

2008-01-04T10:33:22.60225+01:00

If you're into Silverlight, and you should be, check out http://www.silverlightchallenge.eu, and especially sign up on http://slovenia.silverlightchallenge.eu and join one of our many developers who will participate in this competition.

More here.

Mr. Larry Lessig

2007-11-09T23:59:24.083+01:00

Mr. Lawrence Lessig is a founder of Stanford Center for Internet and Society. He's also a chairman for the Creative Commons organization.

Lessig is one of the most effective speakers in the world, a professor at Stanford, who tries to make this world a better place from a standpoint of stupidity in terms of the copyright law.

The following is published on the CC's site:

We use private rights to create public goods: creative works set free for certain uses. ... We work to offer creators a best-of-both-worlds way to protect their works while encouraging certain uses of them — to declare “some rights reserved.”

Being a libertarian myself, I cannot oppose these stands. Balance and compromise are good things for content and intellectual products, such as software.

Watch his masterpiece, delivered at TED.

On Instance and Static Method Signatures

2007-11-03T22:04:38.531+01:00

We talked today, with Miha, a C# Yoda. Via IM, everything seemed pointless. Couldn't find a good case for the cause of the following mind experiment:

using System;
class Tubo
{
public static void Test() {}
private void Test() {}
}

Note: I'm using Miha's syntax in this post.

We have a static method called Test and an instance method, also called Test. Parameter models of both methods are the same, empty.

Would this compile?

It does not.

The question is why and who/what causes this. There is actually no rationale behind not allowing this thing to compile since both, the compiler and the runtime know the method info upfront.

Since the runtime has all the information it needs, it is strange that this would not be allowed at compile time. However, a (C#) compiler has to determine whether you, the programmer meant to access a static or an instance method.

Here lie the dragons.

It is illegal in most virtual machine based languages to have the same method name and signature for a static/instance method.

The following is an excerpt from a Java specification:

8.4.2 Method Signature

Two methods have the same signature if they have the same name and argument types.

Two method or constructor declarations M and N have the same argument types if all of the following conditions hold:

They have the same number of formal parameters (possibly zero)

They have the same number of type parameters (possibly zero)

Let 1,...,A_n> be the formal type parameters of M and let 1,...,B_n> be the formal type parameters of N. After renaming each occurrence of a B_i in N's type to A_i the bounds of corresponding type variables and the argument types of M and N are the same.

Java (and also C#) does not allow two methods with the same name and parameter model no matter what the access modifier is (public, private, internal, protected ...) and whether the method is static or instance based.

Why?

Simple. Programmer ambiguity. There is no technical reason not to allow it.

Consider the following:

using System;
class Tubo
{
public static void Test();
private void Test();
public void AmbiguousCaller() { Test(); }
}

What would method AmbiguousCaller call? A static Test or instance Test method?

Can't decide?

That's why this is not allowed.

And yes, it would call the instance method if this would be allowed, since statics in C# should be called using a class name, as in Test.Test(). Note that the preceding example does not compile. Also note, that it is legal to have a AmbiguousCaller body as Test() or Tubo.Test().

There is another ambiguous reason. Local variables in C# cannot be named the same as the enclosing class. Therefore, this is illegal:

using System;
class Tubo
{
private int Tubo;
}

It is. Do a csc /t:library on it.

Since you confirmed this fact, consider the following:

using System;
public class Tubo
{
public static void StaticMethod() {}
public void InstanceMethod() {}
}

public class RunMe
{
public static void Main()
{
    Tubo Tubo = new Tubo();
    Tubo.InstanceMethod();
    Tubo.StaticMethod();
}
}

Focus on the Main method body. In Tubo.InstanceMethod() an instance method is called and a reference (namely Tubo) is used. In Tubo.StaticMethod() a static method is called and Tubo is not an instance reference, but class name.

It all comes down to programmer ambiguity. Given a chance, I would support this design decision too.

WCF: Passing Collections Through Service Boundaries, Why and How

2007-09-27T23:04:47.328+02:00

In WCF, collection data that is passed through the service boundary goes through a type filter - meaning you will not necessarily get the intrinsic service side type on the client, even if you're expecting it.

No matter if you throw back an int[] or List, you will get the int[] by default on the client.

The main reason is that there is no representation for System.Collections.Generic.List or System.Collection.Generic.LinkedList in service metadata. The concept of System.Collection.Generic.List for example, actually does not have a different semantic meaning from an integer array - it's still a list of ints - but will allow you to program against it with ease.

Though, if one asks nicely, it is possible to guarantee the preferred collection type on the client proxy in certain scenarios.

Unidimensional collections, like List, LinkedList or SortedList are always exposed as T arrays in the client proxy. Dictionary, though, is regened on the client via an annotation hint in WSDL (XSD if we are precise). More on that later.

Let's look into it.

WCF infrastructure bends over backwards to simplify client development. If the service side contains a really serializable collection (marked with [Serializable], not [DataContract]) that is also concrete (not an interface), and has an Add method with the following signatures...

public void Add(object obj);
public void Add(T item);

... then WCF will serialize the data to an array of the collections type.

Too complicated? Consider the following:

[ServiceContract]
interface ICollect
{
[OperationContract]
public void AddCoin(Coin coin);

[OperationContract]
public List GetCoins();
}

Since the List supports a void Add method and is marked with [Serializable], the following wire representation will be passed to the client:

[ServiceContract]
interface ICollect
{
[OperationContract]
void AddCoin(Coin coin);

[OperationContract]
Coin[] GetCoins();
}

Note: Coin class should be marked either with a [DataContract] or [Serializable] in this case.

So what happens if one wants the same contract on the client proxy and the service? There is an option in the WCF proxy generator, svcutil.exe to force generation of class definitions with a specific collection type.

Use the following for List:

svcutil.exe http://service/metadata/address
/collectionType:System.Collections.Generic.List`1

Note: List`1 uses back quote, not normal single quote character.

What the /collectionType (short /ct) does, is forces generation of strongly typed collection types. It will generate the holy grail on the client:

[ServiceContract]
interface ICollect
{
[OperationContract]
void AddCoin(Coin coin);

[OperationContract]
List GetCoins();
}

In Visual Studio 2008, you will even have an option to specify which types you want to use as collection types and dictionary collection types, as in the following picture:

On the other hand, dictionary collections, as in System.Collections.Generic.Dictionary collections, will go through to the client no matter what you specify as a /ct parameter (or don't at all).

If you define the following on the service side...

[OperationContract]
Dictionary GetFoo();

... this will get generated on the client:

[OperationContract]
Dictionary GetFoo();

Why?

Because using System.Collections.Generic.Dictionary probably means you know there is no guarantee that client side representation will be possible if you are using an alternative platform. There is no way to meaningfully convey the semantics of a .NET dictionary class using WSDL/XSD.

So, how does the client know?

In fact, the values are serialized as joined name value pair elements as the following schema says:

              xmlns=" http://schemas.microsoft.com/2003/10/Serialization/ ">
        true



          name="KeyValueOfstringint">








nillable="true" type="tns:ArrayOfKeyValueOfstringint" />

Note: You can find this schema under types definition of the metadata endpoint. Usually ?xsd=xsd2, instead of ?wsdl will suffice.

As in:

one
1

two
2

N
N

The meaningful part of type service-to-client-transportation resides in element, specifically in /xs:annotation/xs:appinfo/IsDictionary element, which defines that this complex type represents a System.Collections.Generic.Dictionary class. Annotation elements in XML Schema are parser specific and do not convey any structure/data type semantics, but are there for the receiver to interpret.

This must be one of the most excellent school cases of using XML Schema annotations. It allows the well-informed client (as in .NET client, VS 2008 or svcutil.exe) to utilize the semantic meaning if it understands it. If not, no harm is done since the best possible representation, in a form of joined name value pairs still goes through to the client.

Approaches to Document Style Parameter Models

2007-09-24T12:19:10.09375+02:00

I'm a huge fan of document style parameter models when implementing a public, programmatic façade to a business functionality that often changes.

public interface IDocumentParameterModel
{
   [OperationContract]
   [FaultContract(typeof(XmlInvalidException))]
   XmlDocument Process(XmlDocument doc);
}

This contract defines a simple method, called Process, which processes the input document. The idea is to define the document schema and validate inbound XML documents, while throwing exceptions on validation errors. The processing semantics is arbitrary and can support any kind of action, depending on the defined invoke document schema.

A simple instance document which validates against a version 1.0 processing schema could look like this:

   Add
   10
   21

Another processing instruction, supported in version 1.1 of the processing schema, with different semantics could be:

Store
77u/PEFwcGxpY2F0aW9uIHhtbG5zPSJod...mdVcCI

Note that the default XML namespace changed, but that is not a norm. It only allows you to automate schema retrieval using the schema repository (think System.Xml.Schema.XmlSchemaSet), load all supported schemas and validate automatically.

public class ProcessService : IDocumentParameterModel
{
   public XmlDocument Process(XmlDocument doc)
   {
      XmlReaderSettings sett = new XmlReaderSettings();

      sett.Schemas.Add(, );
      ...
      sett.Schemas.Add(, );

      sett.ValidationType = ValidationType.Schema;
      sett.ValidationEventHandler += new
         ValidationEventHandler(XmlInvalidHandler);
      XmlReader books = XmlReader.Create(doc.OuterXml, sett);
      while (books.Read()) { }

      // processing goes here
      ...
   }

   static void XmlInvalidHandler(object sender, ValidationEventArgs e)
   {
      if (e.Severity == XmlSeverityType.Error)
         throw new XmlInvalidException(e.Message);
   }
}

The main benefit of this approach is decoupling the parameter model and method processing version from the communication contract. A service maintainer has an option to change the terms of processing over time, while supporting older version-aware document instances.

This notion is of course most beneficial in situations where your processing syntax changes frequently and has complex validation schemas. A simple case presented here is informational only.

So, how do we validate?

We need to check the instance document version first. This is especially true in cases where the document is not qualified with a different namespace when the version changes.
We grab the appropriate schema or schema set
We validate the inbound XML document, throw a typed XmlInvalidException if invalid
We process the call

The service side is quite straightforward.

Let's look at the client and what are the options for painless generation of service calls using this mechanism.

Generally, one can always produce an instance invoke document by hand on the client. By hand meaning using System.Xml classes and DOM concepts. Since this is higly error prone and gets tedious with increasing complexity, there is a notion of a schema compiler, which automatically translates your XML Schema into the CLR type system. Xsd.exe and XmlSerializer are your friends.

If your schema requires parts of the instance document to be digitally signed or encrypted, you will need to adorn the serializer output with some manual DOM work. This might also be a reason to use the third option.

The third, and easiest option for the general developer, is to provide a local object model, which serializes the requests on the client. This is an example:

ProcessInstruction pi = new ProcessInstruction();
pi.Instruction = "Add";
pi.Parameter1 = 10;
pi.Parameter2 = 21;
pi.Sign(cert); // pi.Encrypt(cert);
pi.Serialize();
proxy.Process(pi.SerializedForm);

The main benefit of this approach comes down to having an option on the server and the client. Client developers have three different levels of complexity for generating service calls. The model allows them to be as close to the wire as they see fit. Or they can be abstracted completely from the wire representation if you provide a local object model to access your services.

XmlSerializer, Ambient XML Namespaces and Digital Signatures

2007-09-19T22:57:57.468+02:00

If you use XmlSerializer type to perform serialization of documents which are digitally signed later on, you should be careful.

XML namespaces which are included in the serialized form could cause trouble for anyone signing the document after serialization, especially in the case of normalized signature checks.

Let's go step by step.

Suppose we have this simple schema, let's call it problem.xsd:

http://www.gama-system.com/problems.xsd "
           elementFormDefault="qualified"
           xmlns=" http://www.gama-system.com/problems.xsd "
           xmlns:xs=" http://www.w3.org/2001/XMLSchema ">

ProblemType">







DefinitionType">






GUIDType">

This schema describes a problem, which is defined by a name (typed as string), severity (typed as integer), definition (typed as byte array) and description (typed as string). The schema also says that the definition of a problem has an Id attribute, which we will use when digitally signing a specific problem definition. This Id attribute is defined as GUID, as the simple type GUIDType defines.

Instance documents validating against this schema would look like this:

http://www.gama-system.com/problems.xsd ">
Specific problem
4
MD1sDQ8=
This is a specific problem.

Or this:

XML DigSig Problem
5
CgsMDQ8=
Ambient namespaces break digsigs.

Mark this one as exhibit A.

Only a few of you out there are still generating XML documents by hand, since there exists a notion of schema compilers. In the .NET Framework world, there is xsd.exe, which bridges the gap between the XML type system and the CLR type system.

xsd.exe /c problem.xsd

The tool compiles problem.xsd schema into the CLR type system. This allows you to use in-schema defined classes and serialize them later on with the XmlSerializer class. The second instance document (exhibit A) serialization program would look like this:

// generate problem
ProblemType problem = new ProblemType();
problem.Name = "XML DigSig Problem";
problem.Severity = 5;
DefinitionType dt = new DefinitionType();
dt.Id = Guid.NewGuid().ToString();
dt.Value = new byte[] { 0xa, 0xb, 0xc, 0xd, 0xf };
problem.Definition = dt;
problem.Description = "Ambient namespaces break digsigs.";

// serialize problem
XmlSerializer ser = new XmlSerializer(typeof(ProblemType));
FileStream stream = new FileStream("Problem.xml", FileMode.Create, FileAccess.Write);
ser.Serialize(stream, problem);
stream.Close();

Here lie the dragons.

XmlSerializer class default serialization mechanism would output this:

Mark this one as exhibit B.

If you look closely, you will notice two additional prefix namespace declarations in exhibit B bound to xsi and xsd prefixes, against exhibit A.

The fact is, that both documents (exhibit B, and exhibit A) are valid against the problem.xsd schema.

Prefixed namespaces are part of the XML Infoset. All XML processing is done on XML Infoset level. Since only declarations (look at prefixes xsi and xsd) are made in exhibit B, the document itself is not semantically different from exhibit A. That stated, instance documents are equivalent and should validate against the same schema.

What happens if we sign the Definition element of exhibit B (XmlSerializer generated, prefixed namespaces present)?

We get this:

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:xsd="http://www.w3.org/2001/XMLSchema"
         xmlns="http://www.gama-system.com/problems.xsd">
XML DigSig Problem
5
Id="b01cb152-cf93-48df-b07e-97ea7f2ec2e9">CgsMDQ8=
Ambient namespaces break digsigs.




      URI="#Id-b01cb152-cf93-48df-b07e-97ea7f2ec2e9">

        k3gbdFVJEpv4LWJAvvHUZZo/VUQ=


    K8f...p14=



          eVs...rL4=
          AQAB



        MIIF...Bw==

Let's call this document exhibit D.

This document is the same as exhibit B, but has the Definition element digitally signed. Note the /Problem/Signature/SingedInfo/Reference[@URI] value. Digital signature is performed only on the Definition element and not the complete document.

Now, if one would validate the same document without the prefixed namespace declarations, as in:

XML DigSig Problem
5
Id="b01cb152-cf93-48df-b07e-97ea7f2ec2e9">CgsMDQ8=
Ambient namespaces break digsigs.

...

... the signature verification would fail. Let's call this document exhibit C.

As said earlier, all XML processing is done on the XML Infoset level. Since ambient prefixed namespace declarations are visible in all child elements of the declaring element, exhibits C and D are different. Explicitly, element contexts are different for element Definition, since exhibit C does not have ambient declarations present and exhibit D does. The signature verification fails.

Solution?

Much simpler than what's written above. Force XmlSerializer class to serialize what should be serialized in the first place. We need to declare the namespace definition of the serialized document and prevent XmlSerializer to be too smart. The .NET Framework serialization mechanism contains a XmlSerializerNamespaces class which can be specified during serialization process.

Since we know the only (and by the way, default) namespace of the serialized document, this makes things work out OK:

// serialize problem
XmlSerializerNamespaces xsn = new XmlSerializerNamespaces();
xsn.Add(String.Empty, "http://www.gama-system.com/problem.xsd");

XmlSerializer ser = new XmlSerializer(typeof(ProblemType));
FileStream stream = new FileStream("Problem.xml", FileMode.Create, FileAccess.Write);
ser.Serialize(stream, problem, xsn);
stream.Close();

This will force XmlSerializer to produce a valid document - with valid XML element contexts, without any ambient namespaces.

The question is, why does XmlSerialzer produce this namespaces by default? That should be a topic for another post.

Oh my God: 1.1

2007-08-29T18:40:16.15625+02:00

Shame? Nokia?

Same sentence, as in Shame and Nokia?

There is just no pride in IT anymore. Backbones are long gone too.

Oh my God: 1.0

2007-08-29T18:35:38.90625+02:00

This post puts shame to a new level.

There is no excuse for having Microsoft Access database serving any kind of content in an online banking solution.

The funny thing is, that even the comment excuses seem fragile. They obviously just don't get it. The bank should not defend their position, but focus on changing it immediately.

So, they should fix this ASAP, then fire PR, then apologize.

Well-done David, for exposing what should never reach a production environment.

Never. Ever.

Apple vs. Dell

2007-08-08T20:37:18.97+02:00

This is why one should buy best of both worlds. Mac rules on a client. Dell is quite competitive on the (home) server market.

We don't care about cables around servers. Yet.

So? 'nuff said.

Windows Vista Performance and Reliability Updates

2007-08-08T08:13:20.455+02:00

These have been brewing for a couple of months. They're out today.

They contain a number of patches that ~~improve~~ fix Vista. You can get them here:

Windows Vista Performance Update:

Windows Vista Reliability Update:

Go get them. Now.

Midyear Reader Profile

2007-07-26T22:58:25.203125+02:00

Since it's summer here in Europe, and thus roughly middle of the year, here comes your, Dear Reader, profile.

Mind you, only last years data (June 2006 - June 2007) is included, according to Google Analytics.

Browser Versions:

Operating Systems:

Browser Versions and Operating Systems:

Screen Resolutions:

Adobe Flash Support:

And finally, most strangely, Java Support:

The last one surprised me.

Managed TxF: Distributed Transactions and Transactional NTFS

2007-07-23T22:54:13.156+02:00

Based on my previous post, I managed to get distributed transaction scenario working using WCF, MTOM and WS-AtomicTransactions.

This means that you have the option to transport arbitrary files, using transactional ACID semantics, from the client, over HTTP and MTOM.

The idea is to integrate a distributed transaction with TxF, or NTFS file system transaction. This only works on Windows Server 2008 (Longhorn Server) and Windows Vista.

Download: Sample code

If the client starts a transaction then all files within it should be stored on the server. If something fails or client does not commit, no harm is done. The beauty of this is that it's all seamlessly integrated into the current communication/OS stack.

This is shipping technology; you just have to dive a little deeper to use it.

Here's the scenario:

There are a couple of issues that need to be addressed before we move to the implementation:

You should use the managed wrapper included here
There is support for TransactedFile and TransactedDirectory built it. Next version of VistaBridge samples will include an updated version of this wrapper.
Limited distributed transactions support on a system drive
There is no way to get DTC a superior access coordinatorrole for TxF on the system drive (think c:\ system drive). This is a major downside in the current implementation of TxF, since I would prefer that system/boot files would be transaction-locked anyway. You have two options if you want to run the following sample:
- Define secondary resource manager for your directory
  This allows system drive resource manager to still protect system files, but creates a secondary resource manager for the specified directory. Do this:
  - fsutil resource create c:\txf
  - fsutil resource start c:\txf
    You can query your new secondary resource manager by fsutil resource info c:\txf.
- Use another partition
  Any partition outside the system partition is ok. You cannot use network shares, but USB keys will work. Plug it in and change the paths as defined at the end of this post.

OK, here we go.

Here's the service contract:

[ServiceContract(SessionMode = SessionMode.Allowed)]
interface ITransportFiles
{
   [OperationContract]
   [TransactionFlow(TransactionFlowOption.Allowed)]
   byte[] GetFile(string name);

   [OperationContract]
   [TransactionFlow(TransactionFlowOption.Allowed)]
   void PutFile(byte[] data, string name);
}

We allow the sessionful binding (it's not required, though) and allow transactions to flow from the client side. Again, transactions are not mandatory, since client may opt-out of using them and just transport files without a transaction.

The provided transport mechanism uses MTOM, since the contract's parameter model is appropriate for it and because it's much more effective transferring binary data.

So here's the service config:

                transactionFlow="true"
          messageEncoding="Mtom"
          maxReceivedMessageSize="10485760">







          http://localhost:555/transportservice" >


                binding="wsHttpBinding"
          bindingConfiguration="MTOMBinding"
          contract="WCFService.ITransportFiles"/>

Here, MTOMBinding is being used to specify MTOM wire encoding. Also, quotas and maxReceivedMessageSize attribute is being adjusted to 10 MB, since we are probably transferring larger binary files.

Service implementation is straight forward:

[ServiceBehavior(InstanceContextMode = InstanceContextMode.PerCall)]
class TransportService : ITransportFiles
{
    [OperationBehavior(TransactionScopeRequired = true)]
    public byte[] GetFile(string name)
    {
        Console.WriteLine("GetFile: {0}", name);
        Console.WriteLine("Distributed Tx ID: {0}",
          Transaction.Current.TransactionInformation.DistributedIdentifier);
        return ReadFully(TransactedFile.Open(@"C:\TxF\Service\" + name,
          FileMode.Open, FileAccess.Read, FileShare.Read), 0);
    }

    [OperationBehavior(TransactionScopeRequired = true)]
    public void PutFile(byte[] data, string filename)
    {
        Console.WriteLine("PutFile: {0}", filename);
        Console.WriteLine("Distributed Tx ID: {0}",
          Transaction.Current.TransactionInformation.DistributedIdentifier);

        using (BinaryWriter bw = new BinaryWriter(
            TransactedFile.Open(@"C:\TxF\Service\" + filename,
              FileMode.Create, FileAccess.Write, FileShare.Write)))
        {
            bw.Write(data, 0, data.Length);

            // clean up
            bw.Flush();
        }
    }
}

Client does four things:

Sends three files (client - server) - no transaction
Gets three files (server - client) - no transaction
Sends three files (client - server) - distributed transaction, all or nothing
Gets three files (server - client) - distributed transaction, all or nothing

Before you run:

Decide on the secondary resource manager option (system drive, enable it using fsutil.exe) or use another partition (USB key)
Change the paths to your scenario. The sample uses C:\TxF, C:\TxF\Service and C:\TxF\Client and a secondary resource manager. Create these directories before running the sample.

Download: Sample code

This sample is provided without any warranty. It's a sample, so don't use it in production environments.

WS-Management: Windows Vista and Windows Server 2008

2007-07-22T20:48:22.421+02:00

I dived into WS-Management support in Vista / ~~Longhorn Server~~ Windows Server 2008 this weekend. There are a couple of caveats if you want to enable remote WS-Management based access to these machines. Support for remote management is also built into Windows Server 2003 R2.

WS-Management specification allows remote access to any resource that implements the specification. Everything accessed in a WS-Management world is a resource, which is identifiable by a URI. The spec uses WS-Eventing, WS-Enumeration, WS-Transfer and SOAP 1.2 via HTTP.

Since remote management implementation in Windows acknowledges all the work done in the WMI space, you can simply issue commands in terms of URIs that incorporate WMI namespaces.

For example, the WMI class or action (method) is identified by a URI, just as any other WS-Management based resource. You can construct access to any WMI class / action using the following semantics:

http://schemas.microsoft.com/wbem/wsman/1/wmi denotes a default WMI namespace accessible via WS-Management
http://schemas.microsoft.com/wbem/wsman/1/wmi/root/default denotes access to root/default namespace

Since the majority of WMI classes are in root/cimv2 namespace, you should use the following URI to access those:

http://schemas.microsoft.com/wbem/wsman/1/wmi/root/cimv2

OK, back to WS-Management and its implementation in Vista / Windows Server 2008.

First, Windows Server 2008 has the Windows Remote Management service started up by default. Vista doesn't. So start it up, if you're on a Vista box.

Second, depending on your network configuration, if you're in a workgroup environment (not joined to a domain) you should tell your client to trust the server side.

Trusting the server side involves executing a command on a client. Remote management tools included in Windows Server 2008 / Windows Vista are capable of configuring the local machine and issuing commands to remote machine. There are basically two tools which allow you to setup the infrastructure and issue remote commands to the destination. They are:

winrm.cmd (uses winrm.vbs), defines configuration of local machine
winrs.exe (winrscmd.dll and friends), Windows Remote Shell client, issues commands to a remote machine

As said, WS-Management support is enabled by default in Windows Server 2008. This means that the appropriate service is running, but one should still define basic configuration on it. Nothing is enabled by default; you have to opt-in.

Since Microsoft is progressing to a more admin friendly environment, this is done by issuing the following command (server command):

winrm quickconfig (or winrm qc)

This enables the obvious:

Starts the Windows Remote Management service (if not stared; in Windows Vista case)
Enables autostart on the Windows Remote Management service
Starts up a listener for all machine's IP addresses
Configures appropriate firewall exceptions

You should get the following output:

[c:\windows\system32]winrm quickconfig

WinRM is not set up to allow remote access to this machine for management.
The following changes must be made:

Create a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine.
Enable the WinRM firewall exception.

Make these changes [y/n]? y

WinRM has been updated for remote management.
Created a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine.
WinRM firewall exception enabled.

There are options in winrm.cmd to fine tune anything, including the listening ports and / or SSL (HTTPS) support. In a trusted environment you probably don't want to issue commands using HTTP based mechanism, since you are located behind the trust boundary and have complete control over available (allowed) TCP ports.

You can now issue remote management commands against the configured server, but only if the communication is trusted. So in case you are in a workgroup environment (client and server in a workgroup), this should get you started (client command):

winrm set winrm/config/client @{TrustedHosts=""}

You can specify multiple trusted servers using a comma:

winrm set winrm/config/client @{TrustedHosts="10.10.10.108, 10.10.10.109"}

This trusts the server(s) no matter what. Even over HTTP only.

Enumerating the configured listeners - remember, listener is located on the destination side - is done via:

winrm enumerate winrm/config/listener

OK, now we're able to issue commands to the remote side using WS-Management infrastructure. You can, for example, try this (client command):

winrs -r:http:// -u: -p: , ie.
winrs -r:http://10.10.10.108 -u:administrator -p:p$38E0jjW! dir -s

winrs -r:http://10.10.10.108 -u:administrator -p:p$38E0jjW! hostname

You can even explose HTTP based approach through your firewall if you're crazy enough. But using HTTPS would be the smart way out. What you need is a valid certificate with server authentication capability and a matching CN. Self-signed certs won't work.

Simple and effective.

Managed TxF: Support in Windows Vista and Windows Server 2008

2007-07-20T16:59:16.281+02:00

If you happen to be on a Windows Vista or Windows Server 2008 box, there is some goodness going your way.

There is a basic managed TxF (Transactional NTFS) wrapper available (unveiled by Jason Olson).

What this thing gives you is this:

try
{
   using (TransactionScope tsFiles = new TransactionScope
      TransactionScopeOption.RequiresNew))
   {
      WriteFile("TxFile1.txt");
      throw new FileNotFoundException();
      WriteFile("TxFile2.txt");
      tsFiles.Complete();
   }
}
catch (Exception ex)
{
   Console.WriteLine(ex.Message);
}

WriteFile method that does, well, file writing, is here:

using (TransactionScope tsFile = new TransactionScope
(TransactionScopeOption.Required))
{
Console.WriteLine("Creating transacted file '{0}'.", filename);

   using (StreamWriter tFile = new StreamWriter(TransactedFile.Open(filename,
          FileMode.Create,
          FileAccess.Write,
          FileShare.None)))
   {
      tFile.Write(String.Format("Random data. My filename is '{0}'.",
          filename));
   }

tsFile.Complete();
Console.WriteLine("File '{0}' written.", filename);
}

So we have a nested TransactionScope with a curious type - TransactedFile. Mind you, there is support for TransactedDirectory built in.

What's happening underneath is awesome. The wrapper talks to unmanaged implementation of TxF, which is built in on every Vista / Longhorn Server box.

What you get is transactional file system support with System.Transactions. And it's going to go far beyond that.

I wrote some sample code, go get it. Oh, BTW, remove the exception line to see the real benefit.

Download: Sample code

This sample is provided without any warranty. It's a sample, so don't use it in production environments.

Problem: Adding custom properties to document text in Word 2007

2007-07-09T22:44:50.53125+02:00

There is some serious pain going on when you need to add a simple custom document property into multiple Word 2007 text areas.

Say you have a version property that you would need to update using the document property mechanics. And say you use it in four different locations inside your document.

There is no ribbon command for it. There was a menu option in Word 2003 days.
There is no simple way of adding to The Ribbon. You have to customize the Quick Access Toolbar and stick with ugly, limited use icons forever or so.

You need to choose All commands in Customize Quick Access Toolbar to find Insert Field option.

This is not the only limiting option for a power user. The number of simplifications for the casual user is equal to the number of limitations for the power user. And yes, I know, casual users win the number battle.

So:

Right click The Ribbon and select Customize Quick Access Toolbar
Select All Commands and Insert Field
Add it to Custom Quick Access Toolbar
Click the new icon
In Field names select DocProperty
Select your value, in this example Version

Yes. Ease of use.

Please, give me an option to get my menus and keyboard shortcuts back.

Pretty please.

Apple iPhone Hacking

2007-07-08T15:20:10.953+02:00

There's some serious iPhone hacking going on during the last week or so.

Here's the wiki page, that has lots of information on the project. Main devs, working on the unlock problem are from US and Hungary as it seems.

The forum is here. Deliverables here.

The progress is steady. There is a now a way to issue commands to the system, including moving of files, activation (which was achieved in three days) and directory listing inside the sandboxed filesystem.

I'm following the progress (with Hana - she's cheering along), because it's fun to know the internals of a locked down Apple device.

Out the Door: WS-ReliableMessaging 1.1

2007-07-03T16:58:29.796875+02:00

WS-RM 1.1 is finished. GoodTimes^tm.

OASIS published two specs:

WCF, as it turns out, will have support for WS-RM 1.1 implementation in Orcas. On this note, there is a new CTP out this week.

All Things Digital: Jobs + Gates

2007-05-31T14:14:25.348+02:00

Microsoft Windows Vista Ultimate, $499.

Apple iPhone, $599.

Jobs and Gates sitting together. Priceless.

Durable Messaging Continues

2007-05-30T22:46:14.77+02:00

Nick is continuing my discussion on durable messaging support in modern WS-* based stacks, especially WCF.

I agree that having a simple channel configuration support to direct messages into permanent information source (like SQL) would be beneficial.

A simple idea that begs for an alternative implementation of a WCF extensibility point, has some questions:

What happens when messages are (or should be) exchanged in terms of a transaction context?
How can we demand transaction support from the underlying datastore, if we don't want to put limitations onto anything residing beind the service boundary?
What about security contexts? How can we acknowledge a secure, durable sessionful channel after two weeks of service ~~hibernation~~ down time? Should security keys still be valid just because service was down and not responding all this time?
Is durability limited to client/service recycling or non-memory message storage? What about both?

Is [DurableService]enough?

NTK 2007: About Being Better

2007-05-22T00:13:24.281+02:00

Having posted a disturbing post last year, I have a moral obligation to repost my current state of mind.

This year's NT conference was way better, especially regarding fun-activating activities. It's not my cup of tea, when things are being cut, but I was impressed by the plethora of activities that were not present this year.

Yeah, I know. When you've got activities that are not present, you're in it deep.

Clarifying it, here it goes.

I like it when things are not there (regarding fun during the NT conference).

I like the fact that sponsors and partners were not given a carte blache.
I like the fact that there were no naked ladies running around. Doh!
I like the fact that I like the fact that there were no naked ladies running around.
I like the fact that there was not enough free beer.
I like the fact that parties were not too 'lomaniac.
I like the fact that we, speakers, were pressured again.
I like the fact that, above all, this was a step forward.

What I don't I like (in 2007 incarnation):

I don't like keynotes that have (almost, sorry) no content.
I don't like keynotes that have no cues, allowing people to leave with no impression.
I especially don't like keynotes that, having a plethora of technology to show, don't make attendees drool their asses off.
I don't like 30 minute breaks. Sorry, too long.
I don't like that attendees have no free evenings. It's just to reflect on what they've heard.

And, as stated previously (and again) I don't like parties happening every evening on a technical conference. But that might just be the rule I have.

If NTK continues in this year's fashion, we all did a good job. If only next year, they would get some pre/post conference options (hint) for the technical savvy.

Luke, Kamenko, this is a major contribution to being on the right track again. Kudos.

[This post can and probably will, position me into the nerd crowd. It is not my intention. For you, who know me personally, you know what I'm talking about. At a certain point of fun, everybody has enough.]

CoreCLR Exposed

2007-05-12T22:42:30.5+02:00

Jamie Cansdale of TestDriven.NET fame just posted an intro post describing the hosting of Silverlight's CLR - CoreCLR.

Having the ability to host the runtime inside a Win32/.NET process brings up new possibilities, especially running Silverlight apps outside the browser or developing test harnesses/unit tests for Silverlight intended object models.

Silverlight 1.1 alpha and CoreCLR currently expose a very trimmed down version of the Framework's BCL. This will change by RTM, but be aware that its sweet spot is still the browser.

I can imagine a world where Silverlight apps will not only be media/presentation related. Currently, the competing platform, though having a strong install base, has not reached into that space.

You could arm Flash developers with rocket launchers, but they would still lose a ~~battle~~ war against .NET developers armed with chopsticks. Every day of the week and twice on Sunday. I believe the number of souls will significantly influence the outcome in this case.

Silverlight Already on Microsoft.com

2007-05-12T22:05:11.59375+02:00

Today, Microsoft.com put a Silverlight enabled video of XBox 360 Elite on the site front page.

This must be one of the earliest technology adoptions for Microsoft.com. They host a 1.0 beta version of the Silverlight app and it got me thinking why would a high traffic site want to do this.

My conclusion?

Answer this: What's the quickest way to install the Silverlight runtime to a broad user base without using a ship vehicle?

Admittedly, installing the runtime is quick, painless and benign for your machine. As it should be.

Try it out. Then visit some sample galleries.

Microsoft NT Conference 2007: Talks

2007-05-12T21:20:38.531+02:00

It's the time of the year again when the biggest local show gets going.

This year, I'm going to deliver three talks:

Tuesday, 15.5.2007, 18:00, Room D, WCF+Workflow: Et tu, Orcas?

Drilldown of: WCF support for syndication, POX, JSON, WCF + WF integration and WF instance correlation support.

Wednesday, 16.5.2007, 09:00, Emerald 1, MythBusters: Fat Clients and Thin Servers (with Dušan)

Drilldown of: Will not disclose. Stop by (if you dare). :)

Wednesday, 16.5.2007, 15:00, Emerald 2, WCF: About Messaging Sessions

Drilldown of: WCF messaging sessions, what they are, how to handle them, what's the underlying story.

Also, if you are a journalist, stop by for a press conference on Tuesday, 15.5.2007 at 12⁰⁰ in the Press Center. Together with a client, we have a discussion on digital document archives, legislature and best practices.

Resizing Image Attachments in Outlook 2007

2007-05-05T23:59:10.465+02:00

Well, it took me awhile to figure out, but here's a way to bring back the dialog which allows you to resize image attachments you send in Outlook 2007.

It's hidden the behind right arrow of the Include box. Right here:

I knew it must be there somewhere. And it is, it's just a click away.

It must be me, but I was looking for this option for a couple of months. It was one of my beloved features in Outlook 2003, since sending snapshots of something allowed me to get them down from 5MB to 100kb by just clicking an option.

There is a special checkbox called 'Show when attaching files' there.

Turn it on. Now.

Who decided it's a good thing to leave this thing off by default?

IIS6: Changing the Locale ID when Regional Settings Won't Work

2007-04-18T13:04:31.593+02:00

I noticed an awkwardness on my IIS6 server installation today.

All my sites were running with a US locale, thus invalidating the currency/date time/decimal calculations by an order of magnitude.

The problem was that the server was installed using the default settings, and also applied those to the Network Service account under which most of my sites work.

How do you fix this?

Login (RDP is OK)
Change the locale to your preference on the logged in account, use Control Panel's Regional Settings UI, you may need to reboot
Go to HKEY_CURRENT_USER\Control Panel\International
Right click, choose Export
Open the file in Notepad, replace "HKEY_CURRENT_USER" with "HKEY_USERS\S-1-5-20", this is the Network Service account
Save the .reg file
Double click the .reg file and import the settings
Restart IIS

You should have your locale set.

Oh, on the other side, while investigating this, here's a scoop on how to get to clear text passwords of IUSR_MACHINENAME and IWAM_MACHINENAME accounts:

Go to C:\InetPub\AdminScripts and open adsutil.vbs script in Notepad
Change the only occurrence of "IsSecureProperty = True" to "IsSecureProperty = False". Save.
Run "cscript adsutil.vbs get w3svc/anonymoususerpass" in command prompt
Run "cscript adsutil.vbs get w3svc/wamuserpass" in command prompt
Don't forget to revert to "IsSecureProperty = True" in adsutil.vbs
Don't forget to save the file again

You should have both passwords now. This comes handy when you need to fine tune the settings of both built-in accounts.

INETA Talk: About WCF Messaging Sessions

2007-03-27T20:39:27.7465+02:00

Just came back from today's talk on WCF session support.

Deliverables:

PPT
Code

Remember: proxy.Close() is your friend.

Hana Re

2007-03-16T09:05:36.905+01:00

Our gift came yesterday evening. Baby girl. Hana Re.

As perfect as possible, mom included.

0.003255 tons, 0.00052 kilometers

Using Dark Room

2007-03-11T22:19:35.233+01:00

If you need a distraction free writing environment, grab a copy of Dark Room. I found it after a few years of using WriteRoom, the original, on a Mac.

I write most of my draft documents in it. Then I move them to Word and apply formatting. I write all blog entries - exclusively in Dark Room - every post.

It does what every text editor should be doing first. It makes you concentrate on the subject.

And, best of all - it's small footprint, single .exe app. Xcopy it to your path. Bam.

Hassle Free Setups and Market Penetration

2007-03-11T21:37:09.717+01:00

Harry Pierson is discussing the correlation between market penetration and hassle free installation experience and hits the nail on its head.

Big market success of Adobe Flash, its omnipresence and high install base can definitely be traced back to flawless install experience. In fact, it's so perfect, that most users don't even know which version they're running. They don't care (me included). And they shouldn't care.

The first thing any platform needs to achieve is simple and effective installation experience. I don't want to manually download platform installers to use certain web services. It has to auto-install and has to be safe. This is what Flash does perfectly.

All current virtual machine based platforms can be installed independently. Or they can be flawlessly smuggled in by a host application setup program. The problem is, that we can't compare CLR (or JVM) based platforms to Windows (as a platform), since the user can't run five of the latter at the same time.

Flash 9 market penetration is currently at ~40%. Flash 8 penetration is ~90%, while Flash 6 penetration is ~96%.

WPF/E will have the same install experience. Bet on it. If it wants to succeed, it will also have to allow multiple versions to coexist gracefully.

Orcas: POX Service Support

2007-03-10T21:55:49.077+01:00

POX (Plain Old XML) support in Orcas is brilliant.

Consider the following service contract:

[ServiceContract(Namespace = "")]
interface IPOXService
{
   [OperationContract]
   [HttpTransferContract(Path = "Echo", Method = "GET")]
   string Echo(string strString1, ref string strString2, out string strString3);
}

And the following service (or, better Echo method) implementation:

public class POXService : IPOXService
{
   public string Echo(string strString1,
      ref string strString2, out string strString3)
   {
      strString2 = "strString2: " + strString2;
      strString3 = "strString3";
      return "Echo: " + strString1;
   }
}

Host it using this:

ServiceMetadataBehavior smb = new ServiceMetadataBehavior();
smb.HttpGetEnabled = true;

ServiceHost sh = new ServiceHost(typeof(POXService), new Uri
("http://localhost:666 "));
ServiceEndpoint ep = sh.AddServiceEndpoint(typeof(IPOXService),
new WebHttpBinding(), "POX");
ep.Behaviors.Add(new HttpTransferEndpointBehavior());
sh.Description.Behaviors.Add(smb);

sh.Open();
Console.WriteLine("POX Service Running...");
Console.ReadLine();
sh.Close();

If you open IE and hit the service endpoint (http://localhost:666/POX/Echo) without URL encoded parameters, you get the following XML back:

   Echo:
   strString2:
   strString3

Now, drop some parameters in (http://localhost:666/POX/Echo?strString1=boo&strString2=foo&strString3=bar), this is returned:

   Echo: boo
   strString2: foo
   strString3

Nice. I especially like the fact that ref and out parameters are serialized with the metod return value.

Reach in with //EchoResponse/strString2 for ref parameter and //EchoResponse/strString3 for out parameter. Return value is available on //EchoResponse/EchoResult. Simple and effective.

Rebuilding Success

2007-03-05T21:59:12.1875+01:00

Well, my site was down a couple of times during the weekend. Had to buy a new server, since my old machine's power supply tanked and took the motherboard with it.

So, this week started on some serious hardware, a Dell PowerEdge 2900. The migration took a couple of tries, but it was mostly due to reconfiguration of RAID arrays. This beast has 10 SAS drive bays, so I opted for two RAID 5 arrays, mostly due to expandability.

Kudos go out to Alldea guys who suggested, tested, configured and helped me get the server in time (actually, I got it in 12 hours). Their service is flawless and if you are buying a Dell in Slovenia, give them a call.

We configured the machine with a quad core Xeon and left another processor slot empty. There are still two hard drive bays unattended and 8 RAM slots available. And since my old machine faulted because its power supply tanked, this one has two. Redundant ones.

It should give at least 5 years of service, me thinks.

WCF: Security Sessions and Service Throttling

2007-02-27T17:04:52.774+01:00

WCF includes support for establishing a security session through a simple configuration attribute. The primary reason of a security session is a shared security context which enables clients and services to use a faster, symmetric cryptographic exchange.

WCF sessions should not be thought of in terms of HTTP based sessions, since the former are initiated by clients and the latter by the servers. In other terms, WCF sessions are there to support some kind of shared context between a particular client and a service. This context can be anything, and is not limited to security contexts.

The attribute that establishes a security session and shared context is called, well, establishSecurityContext and is present in binding configuration. An example of such a binding would be:

This binding allows HTTP based communication, demands message based security (think WS-Security) and uses certificates to sign/encrypt the message content. The attribute establishSecurityContext is set to true, which actually enforces a WS-SecureConversation session between the client and the service.

The following is a simplified version of what is going on under the covers:

Client instantiates the service proxy
No message exchange is taking place yet.
Client requests a SCT (Secure Context Token)
This is done by the infrastructure, when the first service method is called. SCT (again simplified) represents a secure context, which includes the symmetric key. The message which demands it is (per WS-SecureConversation spec) called RST (Request Secure Token).
Service responds with RSTR (Request Secure Token Response) message
Session bootstraps and is ready to piggyback all further message exchanges.

What is not well known is that there is a very low limit on the number of sessions a service is willing to accept. The default is set to 10 sessions and this was changed (from 64) late in the WCF development cycle (summer 2006). So RTM ships with this default.

Service session count is greatly influenced by the instancing scheme the service is using. Since instancing is a completely different beast, let's leave this for another post (uhm, I already wrote something here). Let's just say that hitting the session problem is a non-issue when using singleton instancing (InstanceContextMode = InstanceContextMode.Single).

The main issue is, that most developers think of ~~Indigo~~ WCF services in terms of simple request-response semantics and forget that such sessions get queued up on the service side if you do not terminate them appropriately.

This is the default service throttling behavior in the shipping version of WCF:

                               maxConcurrentSessions="10"
                         maxConcurrentInstances="" />

Every service is throttled, even if you don't specify it. You can, of course, override all three throttling parameters.

Sessions can only be initiated by the client. They can be explicitly terminated only by the client. There are three ways a session can get terminated:

Explicitly by the client
Implicitly by a timeout
Implicitly by errors

Timeout can pass on a client or a service and, if the timeout happens, the transport channel that ensured communication gets faulted (Channel.State = CommunicationState.Faulted). Session is also terminated if an error is detected, thus invalidating the possibility to continue.

Remember that every service proxy you use will demand a new session on the service side (when using
sessionful services). If you spawn 11 threads and use a non-singleton proxy you will cause 10 sessions on the service side. The 11^th will not get setup and will block the client thread until the timeout expires. In this case, the WCF infrastructure on the service side will issue a warning in the trace log, but nothing will be returned to the client. It seems as if the service would stop working. Nada.

There is a method on every service proxy and it's there for a reason. The method is called Close(). It closes the transport channel graciously and terminates the security session, thus freeing up service resources. The same happens for reliable messaging session or a combination of both.

Note: Another message (pair) is exchanged on Close(). This message is saying "We are done." to the service. Thus, one should be cautious when calling Close() for any exceptions, like CommunicationObjectFaultedException.

The best practice is to catch any CommunicationException exceptions when closing the channel.

To illustrate this, consider the following. You call a single method on a sessionful service. Then hang on to the service proxy instance for an hour. The inactivity timeout (attribute inactivityTimeout on a RM binding) is set to 10 minutes. So, ten minutes after the first call the channel gets faulted. Then you call Close(). This call will fail and throw an exception.

The following is the expected way of communication with sessionful services:

ServiceClient proxy = new ServiceClient("");
try
{
// call service methods
int intSum = proxy.Add(1, 2);

// ... call all other methods ...

// call service methods
int intSum = proxy.Subtract(1, 2);

// close session
proxy.Close();
}
catch (TimeoutException ex)
{
// handle timeout exceptions
proxy.Abort();
}
catch (FaultException ex)
{
// handle typed exception T1
proxy.Close();
}
...
catch (FaultException ex)
{
// handle typed exception Tn
proxy.Close();
}
catch (FaultException ex)
{
// handle all other typed exceptions
proxy.Close();
}
catch (CommunicationException ex)
{
// handle communication exceptions
proxy.Abort();
}

Note that using the using statement is not recommended. The problem of using statement in this case is that CLR automatically calls Dispose() method on the using variable when exiting the statement. Since Close() can fail (remember, another message is exchanged), you can miss this important exception.

Everything in this post is true for all kinds of WCF sessions. It is not limited to security or RM sessions only.