Stefano Demiliani WeBlog

Java Architecture vs. .NET

In an interesting article on InformIT, Java architecture is compared to .NET architecture, and J# is accurately analized. The differences from these 2 architects can be resumed as follow: 

Interesting!

Windows XP - SP2 presents security dilemma

Users will have to balance their IT security requirements with potential Java and .NET performance problems if they are to take advantage of the features being introduced in Windows XP Service Pack 2.

XP SP2, which is due out in the first half of 2004, will be an important step in Microsoft's strategy to provide a secure IT environment. But the highest level of security offered through SP2 will require the use of "no execution" (NX) technology, which is currently only available on machines equipped with AMD's Athlon an Opteron 64-bit chips.

NX uses a feature of the processor to prevent a buffer overflow exploit, by stopping a hacker from running a Trojan horse program. Microsoft said NX should prevent worms such as MS Blaster from replicating.

Gartner research fellow Martin Reynolds said, "Buffer overflow will be a lot harder to exploit under SP2." But he pointed out that some applications might not be compatible with NX. "Some code may deliberately execute from the data area - for example, just-in-time compilers for Java - and require the NX feature to be disabled," he said.

Intel said its next Pentium 4 chip, Prescott, would not support NX. "There are compatibility concerns around NX. We would only introduce it once those are dealt with," an Intel spokesman told Computer Weekly.

Carla Arend, analyst on IDC's European security research team, said, "NX technology should be considered by companies as part of their upgrade plans." She said if NX processors are already available from AMD and if Intel is about to launch them, companies that can wait before immediately upgrading should do so to take advantage of the NX fix.

And now? What do you think about?

WinFS: Microsoft's Data Management Vision

An article on Tom's Hardware gives insight in to Windows Future Storage services, an indexing subsystem of sorts, contained in the next version of Windows dubbed Longhorn.

WinFS, which is based on a relational database, will refine file and data management for the Windows platform. In short, "WinFS mirrors folders and files, enabling it to speed up searches and retrieval of these data based on suitable XML parameters and, above all, according to variable criteria" {T's H: NTFS Holds ...}.

The article's headings are as follows:

• NTFS Holds On Into Longhorn
• Cross-Format File Administration
• XML Metadata Take On The Clipboard
• WinFS Inside
• Data Tags: XML Schemes
• WinFS Services
• Virtual Folders
   

The Andy retires

 Andy, the original C# mascot, has been retired... why this choice? It was so likeable... :(

Dynamic Imaging with GDI+

Download Setup (no source)
Download C# Source
View Live Demo

Check it!

.NET Bugs Registry: Update

An update to my .NET Bugs Registry:

Known .NET Bugs

ID	Description	Probability*	Severity*	Fixed
1	Form refuses to close If a form A contains control B that contains control C that contains control D, and D is removed while it has the focus, the user won't be able to close the form. Details.	High	High	1.1
2	SoapFormatter and BinaryFormatter don't serialize some object graphs properly If three or more classes have the same name but are in different namespaces, are part of the same hierarchy, and contain variables that have the same name, they will not be serialized properly. Details.	Low	High	1.1
3	Text in the Windows Forms combo box cannot be selected using the mouse Mouse selection simply does not work in a Windows Forms combo box. Details.	High	Low	1.1
4	Arrays of structures that implement ISerializable do not deserialize correctly Details.	High	High	1.1
5	Windows.Identity doesn't work under Windows 98 On Windows 98, You cannot use the Windows.Identity to retrieve the user login name, it returns a system level token and a null user name is returned when you access the .Name Property. Details.	Low	Medium	No
6	C# optimizer produces bad code when a try-finally block is inside if-else If a try-finally block is the last thing inside the if block of an if-else statement, the code inside the else block is always executed when compiling in Release mode. Details.	High	High	1.1
7	Structs within structs cannot be deserialized If you have a struct A inside struct B, and If a struct A is inside struct B which is inside object C, deserializing is going to throw a SerializationException.  Details.	Medium	Low	1.1
8	Problems removing an ActiveX control from its parent If an ActiveX control is removed from its parent, any action that makes the parent invisible, such as closing the form on which it is on, throws an exception.  Details.	Medium	High	1.1
9	Font.GdiCharSet hardcoded to 1 The property GdiCharSet of the font class is hard-coded to 1.  Details.	Low	Low	No
10	.NET Runtime leaks large chunks of memory If you allocate a block of memory larger than some treshold, the .NET garbage collector will never reclaim it. Details.	High	High	1.1
11	Instances of NumericUpDown and DomainUpDown are leaked It seems that the NumericUpDown and DomainUpDown controls forget to remove a listener to a global event, thus always staying locked in memory. Details.	High	High	No
12	SoapFormatter chokes on some strings It seems SoapFormatter cannot handle strings that contain characters in the range 0x01 - 0x1f. Details. Update  SOAP being XML based can't handle many characters in the 0x00 - 0x1f range because they are illegeal in the XML spec.	High	High	No Not a bug
13	FileStream becomes unusable when writing to a removable drive When writing to a FileStream on a removable drive, and the FileStream gets out of space, it sometimes gets in a state where no other method can be called on the stream, not even Dispose. Details.	Medium	Medium	No
14	Mixed-mode assemblies can deadlock C++ .NET apps can deadlock on startup. Details.	Low	High	No
15	ComboBox Data Binding Bug ComboBox doesn't update the data through data binding when its style is set to DropDownList. Details. Update  Can be fixed by binding a ComboBox to the SelectedItem property instead of the Text property. For example:  cboTest.DataBindings.Add("SelectedItem", dsTest, "MyTable.MyColumn");	Medium	Medium	No
16	Each Windows Form leaks two GDI handles Details.	High	High	No
17	Alocation fails for certain sizes If you try to allocate an array with a size range between 0x027fefbd and 0x027fffec, the framework throws exceptions. This range corresponds to memory block of little under 40MB. Details.	Medium	High	No
18	No way to access Environment.HasShutDownStarted This property is not static even though it should be.	Low	Low	1.1
19	Thread.Abort cannot abort suspended threads If a thread is suspended, trying to abort will not work and the CPU will be pegged to 100 percent. Details.	Low	High	No
20	Control.Width and Height are silently truncated to 32,767 If you attempt to set a control's Width or Height property to a number larger than 32,767 it will be truncated. Details.	Low	Low	No
21	ListView.Cursor set property has no effect. Details.	Low	Low	No
22	RegistryKey.SetValue does not store large integers as DWORD Call RegistryKey.SetValue with an integer over 2,147,483,647 will result in the value being stored as string, and not as a DWORD. Details.	Low	Medium	No

And other updates:

ID	Description	Probability*	Severity*	Fixed
23	TreeView control, node with bold text set in code is not visualized correctly. Update  Set the TreeView's default font to bold, then make each node you want to display non-bold have a bold = false setting. It could be a workaround.	High	High	No
24	XmlSerializer: can't handle cyclic references although this should work.	High	High (no alternatives for WebServices)	No
25	Textbox Validate event is not fired if you change focus with mouse by clicking in listview control.	High	High (there is no way you can determine a focus loss other than manually looping through all the controls which is a pain)	No
26	Right align bold text in label control (other outlining issues with lable exist too) is incorrect.	High	High	No
27	C# compiler doesn't find multiple occurences of the same error (multiple occurences of same typo will result in 1 or 2 error messages, the rest is found in another compiler run).	High	Medium (it's frustrating)	No
28	SqlParameter constructor/property: setting precision > 38 will cause an exception, while SqlServer's float precision is 53. THe limit of 38 is hardcoded, while it should be relative to the type set.	High	High (for code generators using schema-data this is bad, it requires custom code which caps the precision)	No
29	The MergeMenu method of the MenuItem object modifies both the source MenuItem objects and the target MenuItem objects. The result is that the same items are in both the source MenuItem objects and the target MenuItem objects.	High	Medium (solved with this TIP)	No
30	Enumerated properties in a custom server control cause a compiler error in ASP .NET.	High (for server control developers)	High (imposes a severe limitation on the user-friendliness of your control)	No

* Probability represents the probability that you will encounter this bug. Severity measures how much the bug hurts when it happens.

 Do you know other bugs? Please help me to collect...

BlogJet updated!

New versions for BlogJet, my favourite Blog editor (I'm writing with this now)... check it!

BlogJet 1.0.0.13 Release Notes
January 27, 2004

FEATURES
 * Added plain Blogger and MetaWeblog APIs.

BUG FIXES
 * Proxy error fixed.
 * Inserting lj-cut on image error message removed.
 * F1 shortcut now works properly.

---

BlogJet 1.0.0.12 Release Notes
January 27, 2004

FEATURES
 * Voice attachments. Wow!
 * Blogware weblogs support.
 * lj-cut tags for LiveJournal/DeadJournal.
 * Custom path for image uploading.
 * Paste Special: normal, plain text or HTML code.
 * Shortcuts for Save, Open, View Blog Page, etc.
 * ESC key closes Recent Posts window.


CHANGES
 * Menu: Post renamed to Post As Draft.
 * Menu: View Blog Page, Change Account, and Preferences
   moved to Tools menu.

BUG FIXES
 * Fixed minimizing to notification area on startup.
 * Fixed various issues with categories in .Text accounts.
 * Receiving of MovableType/TypePad categories corrected. 
 * MetaWeblog API (and .Text) problems fixed.
 * Fixed lots of bugs with Account Wizard.
 * Fixed problems with connection when using "http://" in
   host name.
 * New Post button now sets focus to Title.
 * Other fixes.

KNOWN ISSUES
 * Progress indicator for history is temporarily disabled.
 * There is no help available.
Download BlogJet 1.0.0.13 BETA

Displaying .NET Windows Forms from Java SWING

An interesting article that shows how an application in Java SWING can invoke and display a Windows Form, pass parameters to the form and wait for a return value when the form is closed. This type of technique shows how organizations can introduce new forms and controls based on Windows Forms into an existing Java SWING environment and helping them to rapidly deploy .NET applications without having to rip out existing infrastructure or wait until new replacement applications are written.

I think it's a cool article, because many applications (expecially in Linux Environment) are built with AWT and SWING, and this interoperability could be interesting for some applications.

New Updated Windows Security Guides

Microsoft has just released new updated Security Guides:

Windows XP Security Guide - Updated to Version 1.5 - The Microsoft Windows XP Security Guide provides several levels of security guidance for customers interested in hardening deployments of Windows XP for desktop and laptop clients in their environment.

Download: Windows XP Security Guide v1.5

Windows Server 2003 Security Guide - Updated to Version 1.3 - The Windows Server 2003 Security Guide provides guidance to assist in hardening Domain Controllers, Infrastructure servers, File servers, Print servers, IIS servers, IAS servers.Certificate Services, and bastion hosts.

Download: Windows Server 2003 Security Guide v1.3

Retrieve informations about files and DLL

This is a routine that I've written and used today for a simple task: retrieve informations about files and DLL for a certain path on a machine. It seems working good.

using System;

using System.Diagnostics;

using System.IO;

namespace InfoDLL

{

// Get information about a file on the local machine

class FileGetInfo

{

static void Main()

{

FileVersionInfo fversinfo;

FileInfo finfo;

string filepath;

//Declare an absolute path to a file to retrieve information about

//Ensure file exists

if (File.Exists(filepath))

{

//Get Version information

//Print file description

//Print full Path to file

//Print Major.Minor version info

//Cleanup

fversinfo = null;

//Get general file informations

finfo = new FileInfo(filepath);

//Get file attributes

//Get the size of the file

//Get the last time the file was written to

//Cleanup

finfo = null;

}

}

}

}

New Explorer Hole

A security hole in Microsoft Internet Explorer could prove devastating. Following the exposure of a vulnerability in Windows XP earlier this week, “http-equiv” of Malware has revealed that Explorer 6 users (and possibly users of earlier versions) could be fooled into downloading what look like safe files but are in fact whatever the author wishes them to be -- including executables.

A demonstration of the hole is currently on security company Secunia’s website and demonstrates that if you click on