September 2008 Blog Posts

This is mostly a bookmark for me because this isn’t something I need right now but is definitely something I can see needing in the future. According to the fine members of the win_tech_off_topic group, SWIG is a good tool for building the interop layer between C/C++ code and another runtime, be it Java, Python, or .NET.

Technorati Tags: ,,

I’ve recently been writing some scripts to automate a test harness. The test harness takes in an XML file as it’s input. It turns out that most of the tests we want a slight variations of the same scenario and this means small tweaks to the XML file. When I started, I ended up with a new XML file for each scenario. This was okay for 2 variations of 3 scenarios (6 files) but as the test space grew so did the number of XML files. I wanted to find an easier way of keeping all the files in sync but I didn’t want a heavyweight solution such as some kind of database or input file that I would somehow have to find a way to parse.

I ran across XMLStarlet, which is “...a set of command line utilities (tools) which can be used to transform, query, validate, and edit XML documents and files using simple set of shell commands in similar way it is done for plain text files using UNIX grep, sed, awk, diff, patch, join, etc commands.”

There is a pre-built Win32 binary distribution so I can just copy the xml.exe program into the same folder as my test harness. This allows me to take my template input file and update it and the output squirts out of stdout. For example, take the following file:

<?xml version="1.0" encoding="utf-8" ?>
<Data> 
    <Transaction ID="Step1"> 
        <Action Name="Navigate" Url="URL" /> 
    </Transaction>
</Data>

I want to update the URL based on my test case. So I can use the following command:

xml ed -u "/Data/Transaction[@ID='Step1']/Action[@Name='Navigate']/@Url" -v "http://adrianba.net" input.xml

This command says, edit (ed) the xml file (input.xml) and update the node specified in the XPath (-u) and replace its value (-v). Obviously for such a simple input file I wouldn’t need such a complex XPath but you can see how it ensures I only select the node I am interested in even if the file was larger.

The following output is what you’d expect and it’s sent to stdout so you can pipe it into another command or redirect to a file.

<?xml version="1.0" encoding="utf-8"?>
<Data>
  <Transaction ID="Step1">
    <Action Name="Navigate" Url="http://adrianba.net"/>
  </Transaction>
</Data>

There are other flags that can influence how the formatting of the output is handled.

Technorati Tags: ,,

Back in early July, I had to head off to the US Embassy in London for the interview for my work visa to come and live out in Seattle. While there was lots of official information about what you needed to do, I didn’t find much discussion of the experience and so I thought I’d share mine here. First of all, nothing here is secret or security related information. You can find all the details on the US Embassy web site, here and here for example.

Microsoft retains a law firm to help prepare all the paperwork for international work visas. This is the norm and most companies would do this. At a certain point once the initial checks are complete, they ask you to contact the embassy to make an appointment for a visa interview. When I applied, the wait time was about 6 weeks and this gives the lawyers a deadline to work with to ensure you have all the documentation you need by then and everything has been checked.

In the UK, you can have an interview either at the embassy in London or at the consulate in Belfast. With hindsight, Belfast might have been more convenient for me and I could have flown from Birmingham instead of getting a train down to London. As it turned out, I was working in Reading the same week as my interview so things worked out okay. It’s just worth considering Belfast since it’s not too hard to get to and some of the low cost carriers offer cheaper flights to Belfast than the cost of a train ticket to London.

One thing to note is that when you call the embassy to make the appointment you have to ring a premium rate phone number at £1.20/minute. The call takes 6 or 7 minutes and it seems infuriatingly expensive at the time as they repeat everything back to you and spell everything twice but then again this isn’t something you want to get wrong because it’ll probably mean starting again if it is. This offered only a small problem in that the phones in the office wouldn’t dial premium rate numbers nor would the Microsoft issued mobile phone so I had to wait until I was at home during the day to make the call. You need your passport to hand (sort of obvious) and a credit card to pay the application fee (maybe less obvious) while on the call. It costs US$131 to make the appointment.

When you ring they will let you know the first available appointment and probably offer a couple of appointment times. My recommendation is that you get the earliest time they offer. I made the mistake of going a little later and getting a 10.30am appointment which meant the process ran into lunchtime and so took a little longer (they don’t stop completely for lunch but half the people go to lunch and then the other half so it does cause a delay while fewer people are serving). I’d recommend 9am or 9.30am if they offer it.

The Embassy is probably about 10 minutes walk from Bond Street tube or 15 minutes from Oxford Circus. There are some important rules with visiting the Embassy because of the security. You can’t take _any_ electronic devices with you. This includes mobile phones, MP3 players, or even the electronic key fob for locking your car. This is pretty inconvenient and the embassy web site does have links to left luggage places where you can leave these things.

You are told to arrive at the embassy 30 minutes before your appointment but no earlier. You queue up outside and if it happens to be raining you’re going to get wet so go prepared. I was lucky – it started raining (hard) just as I got inside but a few people came in soaked after me. You queue up to show the people outside that you have the required basic documentation. You need to show your passport and again to the embassy security guard who checks your passport against the appointment confirmation. You then wait to go into the security lodge for your belongings to be x-rayed and to go through the airport-style metal detector. Once through here, you walk around the corner and into the embassy.

Inside, speak to the receptionist and show the appointment receipt. She scans it and gives you a number and invites you to go and sit and wait to be called. It took about half an hour from arriving to get to this point so you get inside roughly at the time of your appointment. You wait until your number is called (I had to wait for about half an hour) and you go to a booth to give the official all your paperwork and your passport. Rather than just giving him or her a big pile of documents, give him each document and any copies as he asks for each one. He will check to ensure it is all filled out correctly. They also take your fingerprints on an electronic scanner. Once this process is done, they will ask you to take a seat until you are called for your interview.

This is the part where you have to wait around while they are doing all the checks on you and processing the application. After about 2 hours I was called to a different area for the interview and to pay another visa fee. Finally, you have to queue up to pay the courier who will be returning your passport to you. Of note here is that while the embassy say they take Amex to pay the visa fee (and they do), the courier firm don’t and so you need a different way to pay them.

It was a long process and I spent 4 hours or so in the embassy but in the end you are asking for permission to go and live and work in someone else’s country so it only pays to be patient and understanding. After all, if you don’t like it you can always stay at home!

Fortunately, everything went to plan and my passport was returned within a week so that I could confirm my travel plans.

Technorati Tags:

Since the launch of .NET all those years ago now, one issue keeps coming up for me. You create a quick proof-of-concept and stick it on a network share so that you can either run it on another PC (or get someone to try it for you) so that you can avoid those “well, it runs on my PC” conversations. Unfortunately, running a managed .EXE from a network share puts it in the Intranet zone and suddenly imposes a host of CAS policies that you probably forgot about (again). You have to copy the file locally to make it run. This has always seemed like a chore especially since the same doesn’t apply to unmanaged programs.

Well, this is no longer the case as of .NET 3.5 SP1. Vance Morrison posted about this a couple of weeks ago. In the comments, Vance explains the rationale for the change:

The simple answer is that we made a mistake.  In 2001 we believed we are the avant-guard in making things 'secure by default' and thus biased our decisions believing that we would eventually 'plug' the hole of unmanaged code running from a network share.   We also did not appreciate the pain this decision would cause.

However over time, we realized that we were naive.    The cost/benefit of changing the behavior of unmanaged code is simply too high.   Moreover it also become clear that for security to work, it must be simple, which means treating cases uniformly.   Thus if you want to disallow launching exes off the network you should not have one way of doing it for managed code, and a completely different way for unmanage code. 

In fact there IS a way of locking down exe launch uniformly (see Security Policies above), so really it became abundantly clear that really the 'right' approach is to treat security wholisitically (not just the managed case) and make managed code and unmanaged code as simmilar as possible (after all from an end user's perspective, who cares if code is managed or not?)

So to sum up, we made a mistake (frankly we make lots of them), and sadly it is VERY difficult to fix mistakes when you have millions of users to break, and even more so when security is involved.   Thankfully, in this case we were able to convince ourselves that we could  fix this one after the fact.

The change is important and useful but I think what is more significant is the honesty with which it is published. Sure, we made a mistake, everyone makes mistakes, we learned from it and (though it sometimes takes a while) we fixed it. The naysayers will always disagree but it’s my experience that this is the culture at Microsoft. We admit our mistakes, put them right and learn from then, and then move on (and hope not to make the same ones again).

Technorati Tags: ,

I followed the last few changes to Subtext 2.0 through the Subtext mailing list over the last couple of months and fully intended to upgrade to the pre-release version and then to the version as soon as it was released but somehow never found the time.

Finally today I went through and updated the engine and made the few small changes to my skin files and config to be able to put the site live on the new version. There’s some good stuff here but I think my favourite feature might be the support for future posting which, when combined with Live Writer, makes planned posting much easier.

I also took this opportunity to make sure I had configured image uploading correctly. If this has been successful then the image of my shiny new Sequoia will be included below.

sequoia 

Technorati Tags: ,,