Rethinking the Nature of Files

    Two recent papers, one from Microsoft Research and one from University of Wisconsin (PDF), are providing a refreshing take on rethinking 'what a file is.' This could have major implications for the next-gen file system design, and will probably cause a stir among Slashdotters, given that it will affect the programmatic interface. The first paper has some hints as to what went wrong with the previous WinFS approach. Quoting the first paper: 'For over 40 years the notion of the file, as devised by pioneers in the field of computing, has proved robust and has remained unchallenged. Yet this concept is not a given, but serves as a boundary object between users and engineers. In the current landscape, this boundary is showing signs of slippage, and we propose the boundary object be reconstituted. New abstractions of file are needed, which reflect what users seek to do with their digital data, and which allow engineers to solve the networking, storage and data management problems that ensue when files move from the PC on to the networked world of today. We suggest that one aspect of this adaptation is to encompass metadata within a file abstraction; another has to do what such a shift would mean for enduring user actions such as "copy" and "delete" applicable to the deriving file types. We finish by arguing that there is an especial need to support the notion of "ownership" that adequately serves both users and engineers as they engage with the world of networked sociality.

Read more: Slashdot
QR:

Posted via email from Jasper-net

Sliderdock

SliderDock is an application launcher that will allow you to easily drag and drop icons to access them later on by double clicking on them.
It is a unique dock where you won't have to chase behind you icons to run an application.
Just rotate your mouse wheel and let the icons come to you.
It will be a nice customization that will add some life to your desktop.

Read more: Sliderdock
QR:

Posted via email from Jasper-net

5 Tips and Techniques for Avoiding Automatic GC Collections

    The .NET garbage collector is, in general, a wonderful thing. It has freed countless programmers from the drudgery both of writing allocation and de-allocation code, and also of tracking down heap corruption and memory leaks (due to bad pointers or de-allocation errors). It allows programmers to simply write code and focus on function without normally needing to care about how memory is actually managed. This tends to make it much easier for junior programmers to write correct (or at least functional) code, thereby reducing training costs and the time necessary to do things like code reviews.

However, for all that the garbage collector is a brilliant piece of software engineering, sometimes collections still occur at inconvenient times. If you need to write high performance, real-time code, in addition to measuring performance using tools like ANTS Performance Profiler, you generally want to try to avoid GC collections during times where execution speed is critical. For example: in an XNA game, you want to avoid collections during gameplay to prevent visual glitches in your animations; in a real time financial analysis and trading application, you want to avoid collections between when you begin analyzing incoming data and when you finish executing an algorithmically-controlled trading decision based on that data. Of course, sometimes GC collections at inconvenient times are unavoidable, and in those situations it is best to instead try to minimize the duration of individual collections (See: http://blogs.msdn.com/b/shawnhar/archive/2007/07/02/twin-paths-to-garbage-collector-nirvana.aspx). This article focuses mainly on avoiding collections, and while there is some overlap between optimizing to minimize GC frequency and optimizing to minimize GC latency, the two goals can also collide. This is certainly the case with object pooling, which can be very helpful with reducing frequency, but is almost guaranteed to increase latency (especially with non-generational GCs).

As you’re no doubt already aware, the GC runs automatically when certain defined conditions are met, and the specific conditions vary depending on the common language runtime in which the program is running. The .NET 4.0 Framework CLR has different conditions than the .NET 3.5 Compact Framework CLR, for instance. Nonetheless, the GCs of every CLR that I am familiar with all run a collection when a certain number of bytes have been allocated since the previous collection, and it’s this triggered collection that we will consider.

Read more: Simple-talk
QR:

Posted via email from Jasper-net

Carmack: Doom 3's engine ready for open-sourcing, awaiting 'OK' from legal

Read more: Engadget
QR:

Posted via email from Jasper-net

Four CAs Have Been Compromised Since June

     The EFF, through the use of its SSL Observatory, has taken a look at the data from certificate revocation lists for SSL certificates in recent months, and found that there were four separate CAs compromised in the last four months. The only widely known CA compromise since June is the attack on DigiNotar this summer that completely compromised that company's CA infrastructure and eventually led to it being shut down. All of the major browser vendors were forced to revoke their trust in the DigiNotar root certificates and the attacker who claimed credit for the attack said that he also had compromised several other CAs. There are apparently three other CAs that have discovered compromises since June, but have not made them public.

Read more: Slashdot
QR:

Posted via email from Jasper-net

Introducing Android WebDriver

[This post is by Dounia Berrada, an engineer on the EngTools team. — Tim Bray]

Selenium WebDriver is a browser automation tool which provides a lightweight and elegant way for testing web apps. Selenium WebDriver is now available as an SDK extra in the Android SDK, and supports 2.3 (Gingerbread) and onwards!

Whether or not your site is optimized for mobile browsers, you can be sure that users will be accessing it from their phones and tablets. WebDriver makes it easy to write automated tests that ensure your site works correctly when viewed from the Android browser. We’ll walk you through some basics about WebDriver and look at it in action.

WebDriver Basics

WebDriver tests are end-to-end tests that exercise the web application just like a real user would. WebDriver models user interactions with a web page such as finger flicks, finger scrolls and long presses. It can rotate the display and interact with HTML5 features such as local storage, session storage and the application cache. Those tests run as part of an Android tests project and are based on Junit. They can be launched from Eclipse or the command line. WebDriver tests can be wired with a continuous integration system and can run on phone and tablet emulators or real devices. Once the test starts, WebDriver opens a WebView configured like the Android browser and runs the tests against it.

WebDriver is an Android SDK extra and can be installed following these instructions. Once you’ve done that you’ll be ready to write tests! There is a comprehensive WebDriver user guide on the Selenium site, but let’s start with a basic example using www.google.com to give you a taste of what’s possible.

Getting Started

First, create an Android project containing an empty activity with no layout.

public class SimpleAppActivity extends Activity {
    @Override
    public void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
    }
}

Then create the Android test project that will contain the tests. WebDriver will create the WebView and set the layout automatically in the main Activity.

Let’s write a test that opens the Google home page on Android and issues a query for “weather in San Francisco”. The test will verify that Google returns search results, and that the first result returned is giving the weather in San Francisco.

public class SimpleGoogleTest extends ActivityInstrumentationTestCase2<SimpleAppActivity> {

    public void testGoogleShouldWork() {
      // Create a WebDriver instance with the activity in which we want the test to run
      WebDriver driver = new AndroidDriver(getActivity());
      // Let’s open a web page
      driver.get("http://www.google.com");

      // Lookup for the search box by its name
      WebElement searchBox = driver.findElement(By.name("q"));

Read more: Android developers
QR:

Posted via email from Jasper-net

Starlight Live Wallpaper For Android Adds A “Dreamy” Landscape To Your Home Screen (Video)

As one who is always on the lookout for the next awesome Live Wallpaper, it was clear that Starlight Live Wallpaper for Android was the next wallpaper to hit my device.  Offering wispy clouds that drift across a soft purple’ish start lit landscape, you’re bound to be thrusted into a serene mood regardless of what kind of day you’re having.

    Hand-painted starlight vista by Anne Paetzke. Wispy clouds drift dreamily across a distant landscape while the silver moon glows in the twilight.

Read more: Talk Android
QR:

Posted via email from Jasper-net

Ice Cream Sandwich Ported to the Samsung Galaxy S

   Ice Cream Sandwich is taking the limelight in development. Recently ported to the Nexus S, many are curious and excited to know which device is next. ASUS said their “aim is to bring the latest Android update to the Eee Pad Series.”  Motorola’s Droid RAZR, Droid Bionic, and XOOM are definitely getting the update, and they will announce more “devices for ICS 6 weeks after Google releases the final version of it.” If you’re looking to get a new device soon, it’ll likely come stocked with Ice Cream Sandwich.

For those who haven’t upgraded in a while, the Samsung Galaxy S is now on the list of devices with successful Ice Cream Sandwich ports. When I say it’s successful, I mean it’s not released, in alpha, and facing a lot of work before decently working.  But it’s there and still worth mentioning.

Read more: XDA developers
QR:

Posted via email from Jasper-net

Microspeak: Bug jail

Bug jail is not a place where bugs are sent as punishment for their crimes. Rather, it's a (virtual) place that developers are sent when they have too many bugs.

Project management establishes some maximum number of bugs (known as a bug cap) each developer is permitted to have on his or her plate, and developers whose bug count exceeds the specified maximum are placed in bug jail. The precise triggers for bug jail vary from team to team, and it may vary based on the nature of the bug. For example, one trigger might be that any Priority 0 bugs more than 24 hours old will land you in bug jail.

Once you land in bug jail, you are not allowed to do feature work, be it coding, writing specifications, whatever. The precise triggers for getting out of bug jail also vary from team to team, but one rule might be that you need to get your bug count back down to 50% of the bug jail trigger level before you are allowed to exit.

Staying on top of your bug count is an important part of the software development process, and the primary motivation behind bug jail is not to punish developers, although I'm sure that's how most developers perceive it. Rather, it serves as an early-warning system to highlight things that are not going smoothly. There may be a bug farm developing in that feature area. Or the team needs to revise its idea of what it means to be "done" with the feature. And it's a signal to project management that they may need to scale back their plans so as not to compromise quality and the ship schedule.

Read more: The old new thing
QR:

Posted via email from Jasper-net

WineHQ database compromise

Hi,

I am sad to say that there was a compromise of the WineHQ database system.

What we know at this point that someone was able to obtain unauthorized access to the phpmyadmin utility.  We do not exactly how they obtained access; it was either by compromising an admins credentials, or by exploiting an unpatched vulnerability in phpmyadmin.

We had reluctantly provided access to phpmyadmin to the appdb developers (it is a very handy tool, and something they very much wanted).  But it is a prime target for hackers, and apparently our best efforts at obscuring it and patching it were not sufficient.

So we have removed all access to phpmyadmin from the outside world.

We do not believe the attackers obtained any other form of access to the system.

On the one hand, we saw no evidence of harm to any database. We saw no evidence of any attempt to change the database (and candidly, using the real appdb or bugzilla is the easy way to change the database).

Unfortunately, the attackers were able to download the full login database for both the appdb and bugzilla.  This means that they have all of those emails, as well as the passwords.  The passwords are stored encrypted, but with enough effort and depending on the quality of the password, they can be cracked.

This, I'm afraid, is a serious threat; it means that anyone who uses the same email / password on other systems is now vulnerable to a malicious attacker using that information to access their account.

We are going to be resetting every password and sending a private email to every affected user.

This is again another reminder to never use a common username / password pair.  This web site provides further advice as well:
http://asiknews.wordpress.com/2011/03/02/best-practice-password-management-for-internet-web-sites/

Read more: WineHQ list
QR:

Posted via email from Jasper-net

Authorization in Silverlight, part 1: Authorized navigation

Introduction

As we know, Silverlight is very capable platform for building Line of Business applications today, both in and out of the browser. It’s come to the point that – at least in my experience – a lot of desktop applications are now built with Silverlight instead of WinForms, skipping over WPF completely.

With that in mind, it’s pretty weird that there’s an essential part that seems to be missing: authentication & authorization. When you look at the Silverlight Core CLR, there’s not much there concerning this – although it’s a no-brainer for business and enterprise applications: you need to make sure certain parts of your application are only available to users that are authenticated or have a specific role. Sure, you can use the hosting web page & ASP .NET authentication to ensure only authenticated persons can reach your Silverlight application, but there’s no out of the box way to enable or block a user from navigating to a specific view in your application.

 

Luckily, it only requires a little bit of coding and all in all: it’s quite easy to enable authenticated & authorized navigation in your Silverlight applications, mainly thanks to the introduction of a new class in Silverlight 4: the custom content loader.

In this article, we’ll look into enabling scenarios to enable/disable certain parts of your application for authenticated users, and to automatically ask the user for his credentials if he’s trying to access a part of the application that requires him to be authenticated or to have a specific role. But let’s start with the beginning: the custom content loader.

The accompanying source code for this article can be downloaded here.

This is the first of a two-part article series on authorization in Silverlight.  In the second part, we’ll look into automatically manipulating (disabling, hiding) UI elements depending on the credentials of the authorized user.

Introducing: the Custom Content Loader.

In Silverlight 4, a new interface was introduced: the INavigationContentLoader interface. Together with that, a Navigation Frame was given a ContentLoader property, which can be set to any class implementing said INavigationContentLoader. As the name implies, the content loader is responsible for (asynchronously) loading the content that’s associated with the target Uri. This opens up a whole load of possibilities (I’ve seen the content loader being used for, for example, loading content from a different XAP), one of which is authorized navigation.

This is how this interface looks:

public interface INavigationContentLoader
{
        IAsyncResult BeginLoad(Uri targetUri, Uri currentUri, AsyncCallback userCallback, object asyncState);

        void CancelLoad(IAsyncResult asyncResult);

        bool CanLoad(Uri targetUri, Uri currentUri);

        LoadResult EndLoad(IAsyncResult asyncResult);
}

As you can see, one of the methods is named CanLoad: this is the perfect method for what we’re trying to do: we can test if a user has the rights to navigate to a specific view, returning true or false to the CanLoad method of a custom content loader.

Read more: SilverlightShow
QR:

Posted via email from Jasper-net

MonoGame Goes Multi-platform: MonoGame 2.0 Announced

Hello everyone

I am pleased to be the one, on behalf of the MonoGame team, to announce to the world that MonoGame 2.0 has been released today. Here is the official release announcement below:

    MonoGame is an open source implementation of the XNA APIs that allows developers to build 2D games that run on Android, iPhone, iPad, Mac, Linux and Windows using the same code base, or reusing existing XNA code that runs on Xbox 360 or Windows Phone 7.

    MonoGame 2.0 release is a major evolution of the platform. We went from only supporting the iPhone to becoming a cross-platform stack that now also runs on Android, Mac, Linux and Windows. To help developers get started, more than twenty individual samples and more than five complete starter kits are shipped with this release.

    On the iOS platform, MonoGame runs on top of MonoTouch and there are at least eighteen games published on Apple’s AppStore built using the technology. This new release opens the doors for developers to publish games to the Mac AppStore using MonoMac, to Android Market using Mono for Android, and also to Windows and Linux systems using Mono.

    This major advance in the MonoGame platform was made possible by an exponential growth in the number of contributors to the project in the last seven months.   New contributors took over major components of the stack, tuned the performance, added new platforms, tuned the engine and fixed hundreds of bugs to turn MonoGame into a solid 2D gaming platform.

Read more: Cocoa-mono
QR:

Posted via email from Jasper-net

The Dart Hello World

Via @qrush, a nice analysis of the compiled JavaScript code from a small Dart Hello World gist. Basically, this Dart code:

// Copyright (c) 2011, the Dart project authors.  Please see the AUTHORS file
// for details. All rights reserved. Use of this source code is governed by a
// BSD-style license that can be found in the LICENSE file.
// Simple test program invoked with an option to eagerly
// compile all code that is loaded in the isolate.
// VMOptions=--compile_all

class HelloDartTest {
  static testMain() {
    print("Hello, Darter!");
  }
}

main() {
  HelloDartTest.testMain();
}

Compiles to 17259 lines of JavaScript code. Now, most of it is just the library core, but it shows what you have to do to bolt static typing on top of a prototype-based, dynamic, truly object-oriented language.

I don’t really understand the point of Dart personally, it seems like all that’s left is some 100K line XML file to drive behavior, and now we’ve built Java executing in the browser.

Read more: LosTechies
QR:

Posted via email from Jasper-net

Top 100 Utilities & Addins for Visual Studio 2010 & TFS 2010

Since the release of Visual Studio 2010 and Team Foundation Server 2010, many tools & utilities have been released by the Open Source Community, Partners and Microsoft. The best place to discover these is via the Visual Studio Extensions Gallery, but others like CodePlex and the MSDN site also will serve you well. In the hope it accelerates your project or adoption of Visual Studio & TFS, I've jotted down my Top 100 or so that have risen to the top for me:

If you'd like to check out the additional info & links to each, here's the full Excel spreadsheet.

Read more: davidbaliles | Developer Platform Evangelism
QR:

Posted via email from Jasper-net

VSTalk

Project Description
Instant Messaging within Visual Studio 2010.
Extension is working via XMPP/Jabber protocol.

Read more: Codeplex
QR:

Posted via email from Jasper-net

The Security of SSL

EFF reports on the security of SSL:

    The most interesting entry in that table is the "CA compromise" one, because those are incidents that could affect any or every secure web or email server on the Internet. In at least 248 cases, a CA chose to indicate that it had been compromised as a reason for revoking a cert. Such statements have been issued by 15 distinct CA organizations.

Read more: Bruce Schneier
QR:

Posted via email from Jasper-net

Mysql – Resetting root password

Once in a while you want to reset your mysql root password, here is how you can do it.

Stop the MySql service

    sudo /etc/init.d/mysql stop

Restart MySql in safe mode and skip grant table so that you can login with root without any password.

    sudo mysqld_safe --skip-grant-tables &

Login with root

    mysql -u root

Connect to MySql database

    use mysql;

Reset the password to a new password

    update user set password=PASSWORD("password") where User='root';

Read more: Hussain Anjarwala
QR:

Posted via email from Jasper-net

Subversion Best Practices: Repository Structure

Maintaining a Subversion repository can become a complex task, and implementing the right project layout from the very beginning is crucial. As Subversion doesn’t impose a strict file structure, users are free to tailor Subversion repositories to their project’s needs. Users can organize Subversion on a ‘one project per repository’ basis or create multiple projects within the same repository; and have considerable freedom when it comes to how they use Subversion’s trunk and branches. In this post, we’ll look at some guidelines and best practices on how to keep Subversion files, for users who are embarking on a new project in Subversion.

Multiple Projects: Single Repository vs. Multiple Repositories

In modern software development, it’s normal for teams to be working on multiple projects simultaneously. If this sounds like your organization, the first question you’ll need to answer is: should I set up a single repository for multiple projects, or create one repository per project? Although the experience will be slightly different for each project, there are some general benefits and drawbacks to each approach.

Single Repository

Single repositories are typically suited to organizations managing multiple, small projects that require cross references, cross tracking, etc.

Positives:

    there is a single location where all the code is stored, even for projects you aren’t directly involved in.
    ability to reuse common libraries.
    lack of duplicated maintenance (e.g only one repository needs to be backed up.)
    the ability to move data between projects more easily, and without losing any versioning information.
    all projects share the same repository history.
    typically less administration – new projects can be created without creating a new repository, and without the help of sysadmin.
    you can delete entire projects without losing the record from Subversion.

Read more: Blogging from Disco
QR:

Posted via email from Jasper-net

Adding full Coded UI support to third party WinForm components that don't already have it...

Here is how one can add FULL Coded UI Test support for a 3rd party control based on Windows Forms technology.

Implementation Method – Accessibility

Accessibility means having equal access to web-based information and services regardless of physical or developmental abilities or impairments. Once implemented, it helps developers make their programs more compatible with accessibility aids (help users with impairment to use programs more effectively).

Microsoft has developed two accessibility standards - Microsoft Active Accessibility (MSAA) and Microsoft UI Automation (UIA)

MSAA is designed to help Assistive Technology (AT) products interact with standard and custom user interface (UI) elements of an application (or the operating system), as well as to access, identify, and manipulate an application's UI elements including enabling automation testing.

UIA is a newer technology that provides a much richer object model than MSAA, and is compatible with both Win32 and the .NET Framework. It is designed so that it can be supported across platforms other than Microsoft Windows.

We recommend MSAA for Windows Forms because Windows Forms natively supports MSAA and not UIA. Although there is MSAA to UIA & vice-versa conversion available via built-in proxy\bridge but the results in an extra layer of dependency which could eat into performance, hence MSAA.

Why Accessibility for Coded UI Test?

1. Implementing accessibility is simpler because one needs to follow established guidelines that serve the purpose of developing testable as well as accessible controls in one go

Read more: Greg's Cool [Insert Clever Name] of the Day
Read more: Coded UI Test Extension for 3rd party Windows Forms controls–How to?
QR:

Posted via email from Jasper-net

Introducing Managed Bootstrapper Applications

Now that WiX v3.6 has been released, I introduce the managed bootstrapper application (MBA) interoperability layer. It’s been available for a while actually, and if you’ve installed any builds of WiX v3.6, or the Microsoft Visual Studio 11.0 Developer Preview you’ve seen it in action.

While Burn – the WiX bootstrapper engine – and the core bootstrapper application interfaces are native and allow you to develop completely native bootstrapper applications, MBA allows managed code developers to utilize their skills to develop rich interactive setups. WPF designers can also utilize their skills to make the setup UI look great. In fact, both of the setup applications mentioned above are written for WPF and running atop the MBA interop layer.

The MBA interop layer leverages COM interoperability features of the CLR, but without requiring previous registration of the assemblies as COM servers as in previous examples. The MBA interop layer is composed of both a native CLR host and the managed framework. It’s in this native CLR host that the managed framework assembly is loaded and COM interfaces marshaled as in-process pointers. Message passing is not required since the Burn engine is written as a free-threaded component. Once the managed framework assembly is loaded, a class factory will create the actual managed bootstrapper application authored in the configuration file and pass its IBootstrapperApplication interface pointers back to the engine.

Because MBA is managed, the .NET Framework is of course required. A simple native bootstrapper application (BA) written atop wixstdba is used to bootstrap the .NET Framework. When you use the WixBalExtension to author your MBA you define the WixMbaPrereqPackageId WixVariable to reference the package ID of the .NET Framework you want to install.

In the following example the .NET Framework 4.0 will be installed if required.

<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi"
     xmlns:util="http://schemas.microsoft.com/wix/UtilExtension">
    <Bundle
        Name="Test"
        Version="1.0.0.0"
        IconSourceFile="Setup.ico">
        <BootstrapperApplicationRef
            Id="ManagedBootstrapperApplicationHost">
            <Payload
                Name="BootstrapperCore.config"
                SourceFile="$(var.TestUX.TargetDir)\TestUX.BootstrapperCore.config"/>
            <Payload
                SourceFile="$(var.TestUX.TargetPath)"/>
            <Payload
                SourceFile="NetfxLicense.rtf"/>

Read more: Heath Stewart's Blog
QR:

Posted via email from Jasper-net

VS11DP Microsoft Parallel Visualization Pack

The Visual Studio 11 Developer Preview brings some excellent additions to the experience of debugging parallel computing applications for both multi-core CPUs and GPUs. One of the key new areas is the Parallel Watch Window, allowing you to set up watches on variables across many threads and contexts. When the contexts get as high as thousands, you can use data visualizers in the window to more easily sort, arrange, and view the values, helping you identify issues and outliers very quickly.

This is a pack of 4 visualizers for the parallel data, created by a brilliant team of interns who came up with some very useful and attractive ways to display this information.

    Histogram bucketizes the thread values, making it easy to identify and flag outliers in the data distribution.
    Scatterplot graphs 1 or 2 dimensions of values, and is another great way to spot outliers.
    Heatmap is an attractive visualizer that’s useful for spotting strange distributions of data.
    Object Expander helps drill into all of the members and classes of specific objects, find errors, and minimum and maximum values.

Read more: Greg's Cool [Insert Clever Name] of the Day
Read more: Microsoft Parallel Visualization Pack
QR:

Posted via email from Jasper-net