Compare this 

I've always wanted an Aibo. There are two reasons:

  • I wanted to play with it, and see what turns up
  • I wanted my dog to play with it, and see what turns up

Now, Genibo is around the corner. I thing I should buy at least one robot dog, considering we have this sleeping besides us.

Compare this:

With this hunger-stricken dog:

Picture:

What would happen?

I wonder what Lupus (with his ~150 pounds/70 kilos) would do with a plastic, whining and moving monster?

Categories:  Personal
Thursday, April 27, 2006 8:46:49 PM (Central Europe Standard Time, UTC+01:00)  #    Comments

 

 WCF: certificateValidationMode and revocationMode 

Having spent a lot of time reasoning about WCF and certificate based authentication, here's a scoop.

This forces WCF to expect a client side certificate for message based security:

<behavior name="DefaultBehavior" returnUnknownExceptionsAsFaults="false" >
  <serviceCredentials>
    <serviceCertificate
      x509FindType="FindBySubjectName"
      findValue="MyCertificate"
      storeLocation="LocalMachine"
      storeName="My"/>
    <clientCertificate>
      <authentication certificateValidationMode="ChainTrust" revocationMode="Online"/>
    </clientCertificate>
  </serviceCredentials>
  <metadataPublishing enableGetWsdl="true" enableMetadataExchange="true" enableHelpPage="true"/>
</behavior>

What it says is that the client certificate must validate according to the complete certificate chain. In broader terms it forces the caller to use the certificate that is 'validatable' on the service side. This means the following:

  1. The certificate must be present at the time of request generation (client side)
  2. The certificate must be valid according to expiration period and certificate generation (checking done on server side)
  3. The certificate chain (issuing CAs path) must be valid (certificateValidationMode="ChainTrust")
  4. The certificate must not be obsolete and/or revoked (revocationMode="Online")

Other authentication options of certificateValidationMode and revocationMode include:

  • certificateValidationMode can take a velue of ChainTrust, PeerTrust, ChainOrPeerTrust, None or Custom. None means that no certificate checking is done, Custom allows one to plug in a custom X509CertificateValidator (new, System.IdentityModel.Selectors namespace), PeerTrust forces a public key of the client certificate to be present in the 'Trusted People' certificate store on the service side and ChainTrust requests that the client cert can be validated against the root certificates on the server side. ChainOrPeerTrust just executes the OR operator on the last two.
    Remark: PeerTrust and ChainOrPeerTrust are also subjected to another attribute called trustedStoreLocation. If peer trust is demanded, one can specify where the public keys are present, meaning either in LocalMachine or CurrentUser store.
  • revocationMode takes the following value list: None, Online or Cached. None is saying that CRL (Certificate Revocation List) is not checked. Online demands that service checks (at every request) whether the certificate is still valid and thus not revoked. Offline says that the certificate should only be checked against the cached CRL.
    Remark: Online does not mean that CRL will be downloaded from the CA CRL endpoint at every request. It means it will check a local copy of it at every request. Every CRL has a validity period, when it expires, it is downloaded again.

The <metadataPublishing> element is there just to allow WSDL/MetadataExchange endpoints to exist. It also allows the familiar service HTML page to pop up if you hit the endpoint (courtesy of enableHelpPage="true").

Another remark: Current February 2006 WCF CTP bits do not reflect the naming used in this post. For example revocationMode="Cached" was renamed from revocationMode=Offline", but don't be afraid of using it, nevertheless.

Categories:  .NET 3.0 - WCF
Thursday, April 27, 2006 8:33:59 PM (Central Europe Standard Time, UTC+01:00)  #    Comments

 

 On Windows compared to 'other' OSs 

Having an option is always a good thing, right? But there comes a time when we all have to face the truth of the free (economic) world. There are things that just do not fit in common line-of-though agenda.

Like this one (Rob Enderle, link):

Windows is free to the OEMs. In fact, not only is it free, but Microsoft, in effect, pays them to take it. Regardless of the cost, Windows is a logical choice, and a straight pass. Dell (Nasdaq: DELL) pays about $80 for it and typically charges about $80 for it. There is rarely much of a mark up. If Microsoft were to lower its price that lowered price would be reflected in virtually all desktop hardware immediately.

Microsoft provides a number of services which include development support, service support, marketing support, technicians, classes, databases and support materials, and it picks up a lot of the service load as well. In addition, it provides marketing co-op dollars, incentives for early adoption of new products, and ensures a somewhat level playing field (which could be good or bad) for the vendors.

This is the world we all live in. Market share is made by a conglomerate of superiorities. Not necessarily just technical ones. We do need to acknowledge that sometimes market can be gained by offering better business environment for the complete food chain. One needs to respect the box movers too, they need those extra dollars. They need the extra revenue.

Now, here's the question. What if RedHat/Apple/Ubuntu had Microsoft's position? What would happen then?

Short term? Lower prices - better quality of life.

Long term? The same thing.

If Apple had an opportunity to excell at Microsoft's position, I bet they would exercise it! Actually, they are doing it already.

That's why I (mostly) agree with the quoted article.

Categories:  Other | Personal
Thursday, April 27, 2006 7:47:07 PM (Central Europe Standard Time, UTC+01:00)  #    Comments

 

 Apple finally did it 

It happened today.

One of the best PC hardware makers is allowing one of the best software makers to run natively on its machines.

The world is uniting, which is a GoodThing(tm).

Soon there will be time, when we're gonna boot The Windows Beast on The Beautiful Machine.

Categories:  Apple
Wednesday, April 05, 2006 7:44:28 PM (Central Europe Standard Time, UTC+01:00)  #    Comments

 

 Eagle View 

Now this is interesting.

Live bald eagle nest, streamed to your house.

Let's hope the parents are not disturbed too much.

Categories:  Other
Tuesday, April 04, 2006 4:22:27 PM (Central Europe Standard Time, UTC+01:00)  #    Comments

 

Copyright © 2003-2014 , Matevž Gačnik
Recent Posts
RD / MVP
Feeds
RSS: Atom:
Archives
Categories
Blogroll
Legal

The opinions expressed herein are my own personal opinions and do not represent my company's view in any way.

My views often change.

This blog is just a collection of bytes.

Copyright © 2003-2014
Matevž Gačnik

Send mail to the author(s) E-mail