I just used the coolest feature in a while: VS2005's Call Browser.

I'm currently working on some firmware for IP phones and adapters. The chip is the Intel 8051, as used by Centrality Communications in the PA168. It's actually quite fun, programming for an 8-bit system. Apart from writing in C (instead of such high-level things like C#), writing for embedded systems like this adds its own interesting things, like having to decide where a variable will be stored (I think there is 3 different storage locations a variable can have with the 8051). Oh yea, and having to keep things really small, and really fast.

At any rate, I am not that familiar with the entire design of the system, and I just want to focus on adding features to the IAX2 implementation (cause SIP sucks!). A large part of my work is to figure out how things work. Having the Goto Definition (F12) is great for finding specific symbols, but doesn't help with the flow. Up until now, I've been Finding in Files for a specific method, then chasing things down by recursively Finding in Files until I figured out how things are called. This happens a lot, since these devices support 5 protocols and use #ifdefs and generic calls to interface with the different protocols. Add to that 8MB of source, and it's no small task.

This morning, I remembered I had seen a “Call Browser” window in Visual Studio 2005 a while ago. Edit: Apparently this isn't a new feature and has been around since VC6 (at least). Well, it's new to ME, and it's still very cool.

Here's an example. Let's say I want to add attended transfer (where you have a call, press transfer, dial a number, talk to the new call, then hangup to connect the two). I'm looking in the source I'm familar with (the IAX protocol area), and see iax2_hangup(). That's a packet-level call, so when someone physically hangs up, that, somehow, gets called. Where? Well... right click the function, Call Browser -> Show Calls To:


Click... click... click... bingo. Now I've got a complete grasp on the call flow that would send a IAX_COMMAND_HANGUP. My old way (which makes me feel stupid now) of browsing source doesn't even come close. A lot of programming these days is managing complexity. It's all about making the best use of our limited brainspace (some more limited than others). 17 lines/1 small diagram. That's all it takes for me to see this complete flow. How much mental capacity does that require versus browsing multiple locations in 4 different source code files?

Well, I didn't get reawarded this year, so today's my last day as an MVP. I didn't get reawarded this year because, lets see.... I didn't do anything to deserve the MVP award. I wholly agree with their decision, and I'm quite sure another way more qualified person is now in the program. I'm just really busy with this thing called “real life”. Growing up, I wasn't sure it existed :). Anyways, with a baby and some serious work issues coming up ahead, I doubt I'll be able to do much for the community for the next while anyways.

Anyways, it was a great ride, lots of fun. Thanks!

Apparently this was recently published: http://www.securityinnovation.com/resources/linux_windows.shtml

To summarize, RedHat Enterprise Linux 3 had 132 security issues (with a minimal configuration), whereas Windows 2003 had 52 for calendar year 2004, *when configured as web servers*. This includes a webserver (Apache/IIS), app platform (PHP/ASP.NET), and DB (MySQL/MSSQL). Only issues fixed in 2004 were counted.

A few points:
 - They took a default install of Windows 2003, stating that it's too hard to get rid of stuff like IE. Thus, any patches applying to Windows2003 were included, regardless of if they could be exploited or not. This of course affects Windows' rating.

 - Same for RHEL. RHEL installs a lot of stuff that might not be in use and not exploitable. I'm guessing that what accounts for the very high numbers on RHEL. Then again, it's a fair comparison for average users (like myself, who just installs RHEL/Windows out of the box and doesn't really screw around with a lot of stuff).

 - However, assuming super-competent admins on both platforms, I'd expect the exploitable vulnerabilities to be close to zero on both platforms. I.e., if admins took precautions to install patches quickly as well as lock down services/systems as soon as a vulnerability was discovered. However, that's not realistic at all, and that's why a study that just takes a standard install is needed.

 - They used MySQL on RHEL. While this might be correct since people use it... MySQL is junk. Seeing as how it could be barely considered a DB and how poor it is overall, I wouldn't be surprised if MySQL accounted for a large amounts of vulnerabilities.

I think the study should have broken down where the vulnerabilities were in the product. Not knowing what was the fault of IIS, or MySQL, etc. makes it hard for people to compare the products for their own usage.

The study also mentioned the “Days of Risk“, i.e., from when the vulnerability was first publically reported to when it was fixed. RHEL will always have an instrinsic disadvantage here. Since most issues are related to open source, it's harder to do private reporting.

Second, there are vulnerabilities in Microsoft software that are fixed, but never reported. For instance, IIRC, the “GIF Integer Overflow” problem that was found after some Windows source was leaked was fixed in newer versions of IE/Windows, but never reported (until the source was leaked). I also know that from personal experience, you can report a bug to MS, and if you don't go public with it, they'll roll it up in an SP or next release. These issues are just [almost] intrinsics of open vs. closed source.

Some might say, “Oh no, there are issues in Windows 2000 that aren't publically published!“, but the same exists for RHEL. The difference is that some of these “private“ issues can get fixed in newer versions without ever becoming public, while in open source, it is much harder to do so.

Now, some people are up in arms since it was not disclosed that the funding came from Microsoft. Bruce Schneier, for instance, is saying that people will just ignore the results and focus on this possible bias. That's BS. Since the methodology is published, it's not exceedingly difficult to recreate the results. People should do that instead of bitching about who funded the research. My guess is that people who are satisfied with the results don't care to go recreate them, and those who aren't are afraid that they'll find the same results and thus have no argument.

I just read that Visual Studio Express will be $49. This is what... $30 less than the usual “Standard” edition (which I can't imagine anyone can actually use :P)?

Why bother charging $49 for the product? $49 isn't much, but it's a huge jump from free. Why free? That way, to evangelise, you can just throw a bunch of free DVDs at people and let them use them. Say, for instance, academia.

With the standard line at $99, doesn't seem like there's much reason at all for an Express version...

I'm doing my own realtime support for Asterisk, in an attempt to make it scale. Asterisk is nice software, but straight out-of-CVS, the performance for high volume (say, over 20,000 clients) sucks. There are also other inconviences with using a file-based store to determine how to route calls. Mainly, it's inflexible and hard to achieve high-perf when everything is based on a large .conf file. Not to mention that Asterisk uses linked lists for everything so looking up any user is an O(N) op (and parsing the users file is O(N*N) by default!). So, I'm going to put my own logic as a replacement for some of the critical parts.

One of my concerns was performance. Since I'll have multiple Asterisk clusters banging on my .NET code (via SOAP), I wanted to ensure the whole end-to-end process was fast enough.

I used gSOAP to create the C code on Linux. gSOAP is seriously nice. At least an order of magnitude easier to use than I expected any SOAP library that works on Linux would be.

I created a simple test. I made a database with phone numbers and codecs. The idea is that when an incoming call comes in, Asterisk will use my code to SOAP over to my Windows machines, get the data, and then go on its merry way.

My Asterisk machine is a P4 2.4GHz, 512MB RAM (but, I have a Gnome session running on it). My Windows XP machine (I tested against my desktop) is a P4 3GHz HT, 1.5GB RAM. I'm running ASP.NET 2 Beta 1 and SQL Server 2000.

The test program consists of a loop (count 5000) that generates a random number, then uses gSOAP to ask for the codec for that number. Simple, tight.

The results on Linux are particularly impressive. Each instance of the test app only used a max of 4% processor, and under 1MB of RAM. The bottleneck was definately inside ASP.NET. To simulate more load from other machines in a cluster, I ran 1, 2, and 4 instances of the test program. Also note that background tasks on the XP machine used up about 10% of the CPU.

Results:
 Single process (5000 total requests): 
  Total time:                   18 seconds (0.0036s/request)
  Requests per second:   277
  ASP.NET/IIS CPU:          30%
  SQL Server CPU:            4%

 Dual process (10,000 total requests):
  Total time:                   23 seconds (0.0048s/request)
  Requests per second:   384
  ASP.NET/IIS CPU:          60%
  SQL Server CPU:            7%

 Quad process (20,000 total requests):
  Total time:                   42 seconds (0.0052s/request)
  Requests per second:   476
  ASP.NET/IIS CPU:          80%
  SQL Server CPU:           10%

These results are encouraging enough that I'm not worried of the performance impact of using SOAP with Asterisk. My target was to have a response in less than 0.1 seconds. Although, anything under 0.5s would be quite unnoticable to a client. Even in tests with more threads, my single request response time was always way under 0.1 seconds.

Also, as far as I know, Whidbey Beta 2 (the version I'll go live with) makes some performance improvements. And also, IIS6 on Windows 2003 is much faster than IIS5.1 on XP. At any rate, a single proc desktop machine serving 476 RPS? That's pretty damn good perf if you ask me!

[OK, this was brought on after a night of fighting with the latest VS2005 “Made For Mort(tm)“ features in VS2005 and after hearing even more about the silly “VB Unmanaged 4Ever Petition“. Yes, I know, there are professional, intelligent, etc. VB programmers who signed. I also started programming in BASIC. And yes, I know this suggestion is as bad as the actual petition.]

Sign by leaving a comment.

A PETITION TO END THE ATROCITIES OF VISUAL BASIC

We would like to suggest a path for the future development of VB6 and similar apps to put an end to the crimes against the world committed by worshipers of Microsoft's product, Visual Basic. This path will help anyone who should be working with computers on a technical level.

OBJECTIVES

We ask that Microsoft stop catering to low-end, “Mort” developers, especially those who cling to past glories achieved through VB6.

1. Preservation of Assets
    Microsoft should not:
        - Force customers to uninstall Visual Basic 6
        - Push a patch out through Windows Update that disables the VB6 runtime
        - In any way, magically make VB6 stop working at the end of March, 2005

2. Discontinued support for Visual Basic
        - Medical trials have shown strong correllation between Visual Basic usage and degration of the brain, notably the areas that deal with change and improvements.
        - Microsoft should take responsibility and make its products harder to use to raise the level of entry.

3. Ease migration of deprecated developers

        - Provide “Career Days” where developers can learn about and get jobs in exciting industries, such as textiles and hospitality
        - Promote local support groups and 12-step programs
        - Sponsor emigrant visas 
        - Provide a VB6-to-C++ reverse engineer tool.

SUGGESTED APPROACH

We believe the best way to meet these objectives is to drop support for VB.NET after Visual Studio 2005 (Codename “Whidbey”). For brevity, we’ll call this “natural selection”.

To quell proponents of “VB.COM”, we suggest explaining that “VB.COM” and “VB.NET” are so completely unlike C# and C++ that it sounds like a bad joke. We also suggest that Visual Studio team members personally make disparaging comments about how silly this is. While personal attacks and racial slurs shouldn’t be used, general stereotypes such as “…people who think architecture means making a wrapper for MsgBox” are fine.

CONCLUSION

With VB.NET out of the picture, less “Morts” will use Visual Studio. Microsoft can then focus on designing a strong framework and toolset that doesn’t worry about people who won’t understand why System.Windows.Forms.MessageBox.Show doesn’t work “as it should” in an ASP.NET page.

Overall, we feel this will enable a better environment, and more robust software being created in the industry today.

So, they're not only asking Microsoft to create a new version of old VB (i.e., not .NET), but they're also asking it to be integrated into the VS.NET v8+. Some have cited C#/C++ as an example of this. 

HAHAHA! Man, if this doesn't show how clueless some VB programmers are, nothing does. I mean, seriously, come on! They actually expect MS to say “ok, sure we'll make VB6.5 v2005 and go away from managed code”? And they think that integrating VB6 right into VS.NET will be a piece of cake? This proves that many VB devs really are clueless when it comes to designing apps and think that there's some magical power that just makes everything work. The sad part of this is that some of these people are MVPs... I thought that MVPs generally had a relatively high knowledge level and wouldn't come up with silliness like this...

Ran into this problem after uninstalling MS SQL Server 2005 beta and trying to open the Enterprise Manager: “SQLDMO has not been registered. Please re-install SQL Server and try again.”

Just go into C:\Program Files\Microsoft SQL Server\80\Tools\Binn\ and run “regsvr32 sqldmo.dll”. Things will work again.

In .NET 2, there's a new System.Transactions.TransactionScope class. It basically allows you to do implicit transactions just by creating a new TransactionScope. It's stored in TLS and things like SqlConnection check it and auto-enlist. A sample:

using (TransactionScope txScope = new TransactionScope)
{
insertSomethingIntoDB();
processCreditCard();
txScope.Complete();
}

I got tired of seeing, smug, designer people used in advertising VS. So I decided to modify the “professionals” you see here: http://lab.msdn.microsoft.com/express/, to something that perhaps more accurately represents the user base of those products:

Control Panel -> Add/Remove Programs
Remove VS.NET 2005, MSDN, J#, Device Emulator, etc., and .NET Framework 2.0.

Then delete VS8, 2.0 Framework folders and registry keys.

That seems to do it. Beta 1 installed, without rebooting, without complaining, right after that. Of course, maybe it'll blow up when I start working, so no guarantees. But it's sure a huge improvement than Beta 1's uninstall.

So, after about 6 hours of trying to install, I've gotten the VS 2005 December CTP installed. I can say that the December CTP has made a lot of progress. Some things are a lot faster (say, ASP.NET building). A lot of stuff feels unpolished (icons). Some things are silly: F7 (“View Code“) is broken... had to manually set it. At any rate, I'm gonna come out and look like a dumbass, since I'm now gonna spend n hours re-installing Beta 1 :P.

One kick ass thing is that the dialogs are FAST now. Before, it seemed like old Windows Forms: you could see things painting (the refactoring dialogs are a good example). Now, it seems like real Windows. There other code editor enhancements (I noticed some new error colours)

Some stuff is just unusable. Like, I don't know... say, building and viewing errors. For some reason, I had to build about 20 times to get through all the errors. And no, they were not errors that stopped a file from compiling that need to have a rebuild, nope. Just simple things dealing with ASP.NET.

I get obsolete warnings, saying I should move to other classes (ConfigurationManager)... but these classes don't exist. So there goes compiling with warnings as errors :). No big deal.

Typed Data Adapters got some changes. Typed data adapters now have Connection[String]? as a protected field (as far as I can tell), breaking my code, forcing me to do changes (subclass the adapter) for no reason, other than to annoy me. Yea, it's all one gigantic cosmic plan to screw up my project ;).

What the hell is the obession with naming a freaking connection when “designing“? Data adapters, web services, etc.: I wanna link all that up at runtime. But no, it insists on having me select a “connection“. Then it dumps it into an app.config (even for library projects). What ever happened to “the developer has some clue of what he's doing, so let him handle it“? I understand that script kiddies are customers too, and sometimes you just drag and drop and presto: a full data app. Hey, I write one-off code sometimes too.

ASP.NET is still in transition here. First, it bitches about having a bin and Application_Assemblies directory, forcing you to rename (since you can't delete the Application_Assemblies dir). Of course, they have now realised this was retarded and fixed it (called it bin) in future builds (Beta 2). They also went though another fit with the directives (CompilesWith, CodeFile, CodeBehind, Inherits, ClassName... wtf?). Fortunately, it looks like they're going a step in the right direction. Of course, since I had so much trouble even getting my project to build, I could be wrong. Even so, it tossed out my old project settings (since Web Projects aren't projects, they're just folders).

There's been a lot of work invested in making it more “Community” accessible. That's all fine and dandy, but I can't envision myself ever, ever, using any of those features. Perhaps for VS Express/Academic/I-learned-VBA-and-thus-am-an-Enterprise-dev versions it makes sense. Just not sure what place it has in “Enterprise Architect” version.

Of course, I was forewarned that the CTPs weren't good, and that Betas are real quality, etc. etc. But, hey, I like being hopeful. And it's a good glimpse of the future. Too bad I couldn't use it and file more reports against stuff. I'll have to wait until Beta 2. :(

Well, I'm upgrading from Beta 1 to the December CTP, since my friend (who works on VS) insists that it's 150% better than the Beta. We've run into some issues, and I hope that December CTP will solve them (since no Beta2 was released today, as far as I know :)).

I was getting an error: 1304 Access denied on SdmCompile.dll. It tells me to check the path, but doesn't provide a path. Searching the whole system didn't find it. So, I went into the DVD and tried to install the .NET 2.0 Framework by itself - aha! It said “A previous product is installed....”. Even though I had already uninstalled everything.

All help pointed to a tool called MSIINV.EXE. Well, that's not public, and I didn't feel like calling PSS (why it's such a dangerous tool is beyond me, since MSIZAP is available). Reading some blog posts, I see that the suggestion is to find the .NET Framework, J# redist, etc. etc. for .NET 2 using msiinv.exe, and then msiexec /x or msizap TWA them.

Well, as far as I can tell, it just looks at HKEY_CLASSES_ROOT\Installer\Products. Maybe I'm wrong. But that worked for me. Regedit, goto HKCR\Installer\Products, and then search for anything related to the 2.0 Framework and friend. Find the product code, then run MSIZAP TWA {XXXXXXXXX-XXXX-XXXX-XXXX-...}. The format is important! If you just copy from the registry, and don't do 8-4-4-4-rest, it won't work.

After I've cleaned everything, I think installing the .NET Framework 2.0 and the J# redist (arrrg) separately from the VS install helps.

Just my few bits on getting VS working. A lot of others have posted too, so doing this plus what everyone else suggests might work :).

This is probably gonna be a post where I end up looking like an idiot, but here goes...

I was playing around and wrote a small program to dump the video font table. I started at around 33 bytes, but want to get it as small as possible (to um, learn! :)). Here's what I have so far:

[BITS 16]
[ORG 100h]
[SECTION .text] 
start:
mov al,64   ; Init (but don't clear) video     
INT 10h      ; Need to call int10h to start NT's DOS video emulation I think... 
mov ax,VideoBuffer 
mov es,ax    ; Put video buffer segment into ES
mov ah,007h    ; White text (Attribute 7). AL is already zero from loading the video buffer
mov cl,255    ; All oem chars
charloop:
 stosw 
 inc ax ; Increase char, don't worry about the attribute; it's high
 loop charloop
ret
[SECTION .data] 
VideoBuffer EQU 0B800h

00000000  B040              mov al,0x40
00000002  CD10              int 0x10
00000004  B800B8            mov ax,0xb800
00000007  8EC0              mov es,ax
00000009  B407              mov ah,0x7
0000000B  B1FF              mov cl,0xff
0000000D  AB                stosw
0000000E  40                inc ax
0000000F  E2FC              loop 0xd
00000011  C3                ret