Friday, 18 August 2006
Published 08/18/2006 13:42:54 (Eastern Daylight Time, UTC-04:00)
In: .NET
There is a great feature in .NET 2.0 that vastly simplifies multithreading or asynchronous tasks...the BackgroundWorker object.

It is pretty straightforward, and for a lot of developers, not nearly as scary as creating Threads (though honestly, .NET has made that very easy as well).  All you have to do is instantiate a BackgroundWorker, create a DoWork delegate, and call RunWorkerAsync().  The code in your DoWork delegate gets run asynchronously in its own thread.

One thing a lot of Windows Forms developers still don't understand, though, is that when dealing with Windows Forms controls, you have to be sure to only touch them from the same thread they were created in.  This is why all Windows Forms controls have the InvokeRequired property, and the Invoke method.  If InvokeRequired comes back as true, then you need to use the Invoke method to marshal your call to the correct thread.

So...if you are using BackgroundWorker, and have code in your DoWork delegate that touches controls, you need to be using InvokeRequired.

Now, there is another aspect of BackgroundWorker that simplifies this issue a bit.  If you set WorkerReportsProgress to true, and create a ProgressChanged delegate, and only touch Windows Forms controls in that code - and not in your DoWork code - then you can safely ignore the whole InvokeRequired/Invoke methodology.

Here is a pretty decent article on the subject or BackgroundWorker.

Published 08/18/2006 00:56:30 (Eastern Daylight Time, UTC-04:00)
In: Misc
I have been immersing myself in the SQL Server 2005 Business Intelligence tools (Analysis Services, Integration Services, Reporting Services) and it is all very very cool stuff.  I have been cramming for the last few weeks preparing to kickoff a 2 week Data Warehousing proof of concept session at the MTC (Microsoft Technology Center) in Reston.  I am heading up there this Sunday, and won't be back for 2 weeks.

Anyways, learning about OLAP is very enlightening - now that I know what it is, I can see that in several past projects I have actually attempted to implement my own kind of it is one of those times when you realize that in the past you have re-invented the wheel due to ignorance.

I have been working on a couple of other things as well:

Working on a web application vulnerability assessment.  It is simultaneously lots of fun and frustrating.  It is fun because, well, trying to break into things is fun.  It is a little frustrating because this particular application seems to have been well designed and implemented, so apart from a couple potential XSS (Cross Site Scripting) vulnerabilities, I have not had much luck breaking into it.  At this point, I am pretty much just hoping to run accross an implementation error - because their design seems solid.  I will try to post a bit more about later on.

I am also setting up a website to sell photos.  I am going to try my hat at being a sport shooter.  I took some pictures at a flyball show a month ago, and several of the people from the event that saw my pictures said I should sell them.  It actually takes a lot of effort to sell photos online (if you want to do it right, have decent quality, and not get ripped off by the service you use).  I will try and expound on this later on as well.

 Friday, 30 June 2006
Published 06/30/2006 13:19:23 (Eastern Daylight Time, UTC-04:00)
In: Misc
So, my friend Charles and I got to hang out the other day, and he showed me something pretty cool:  PRTG.  If you know what MRTG is, then this is its highly polished commercial cousin.  All I had to do was enable SNMP on my router, change the public/private community strings, and point PRTG to my router (WRT54GS).

With the free version, you get 3 sensors, but I only saw a point in monitoring the WiFi interface and the WAN interface.  Here is an example of the kind of graph it produces:


That is my WAN link (everything going in/out of my cable modem).  I have a lot of BitTorrent stuff running at the moment - mostly seeding since 8AM (red is IN, green is OUT).

If you happen to have a WRT54G/GS, the default interface names are kind of non-sensical, so here is a description of what they are, so you can pick what you want to monitor:

vlan0 is the wired ports (4 LAN ports)
vlan1 is the WAN interface
br0 is the whole network switch (vlan0 + eth1)
ppp0 is the PPPoE interface (if enabled)
eth1 is the Wireless device
eth0 is the hardware device the VLAN's are created from.

Published 06/30/2006 13:02:02 (Eastern Daylight Time, UTC-04:00)
In: Misc
I know, the technology has been around for a while...but, I never thought I had reason to set it up on my router until I got a VoIP phone (and only then did I set it up after a call got messed up my other traffic) - but QoS (Quality of Service) really rocks.  I should have set it up long ago, before I ever got a VoIP phone.

If you don't know what QoS is - it is a technology that allows you to prioritize traffic going through your router.  My setup is like this:  VoIP packets get the highest priority, followed by HTTP/HTTPS, followed by everything else, with lowest priority going to BitTorrent and POP3.  My reasoning is simple - I prioritized by my expectation of interactivity and responsiveness.  I will really notice if my VoIP calls get interefed with, followed closely by web pages loading slowly.  I won't notice AT ALL if BitTorrent or POP3 traffic gets slowed down occaisionally.

The end result is that I can have my BitTorrent client MAXed out running full throttle, and web pages still load quickly.  Before, I would have to throttle BT down to something like 40-60K/sec to make sure the web was still responsive.

 Friday, 16 June 2006
Published 06/16/2006 19:48:03 (Eastern Daylight Time, UTC-04:00)
In: .NET | USBWiSec
So apparently had a special not too long ago where you could buy a pack of 2 Wireless Defenders - which are another brand of the "Wireless PC Lock" devices that I wrote UsbWiSec for.

Many of the wooters were unhappy with the OEM software (as to be expected), and some of them found UsbWiSec and told the others.  Well, apparently the Wireless Defender brand of devices use a different hardware ID from the "Wireless PC Lock" brand, so UsbWiSec didn't work out of the box for them.

So, one of them setup a website,, and they have been helping each other out and hacking on the code.

Anyways, I thought that was very cool.

Published 06/16/2006 19:42:28 (Eastern Daylight Time, UTC-04:00)
In: Misc
I must be watching too much Mind of Mencia, because today when I was doing some testing, I ran across the port of BEANR, and I laughed.

 Saturday, 20 May 2006
Published 05/20/2006 20:23:32 (Eastern Daylight Time, UTC-04:00)
In: Misc
I don't usually watch the show numb3rs, but my parents told me that last weeks episode dealt with Container Security, so I had to download it and watch it.  I know that any time a movie or a TV show attempts to portray a specific niche that the people who really are experts in that niche find the portrayal humorous, if not aggravating.  This portrayal of Custom's Automated Targeting System is no different.  :)

I have cut together a small video montage of all the juicy bits (fair use, yo!).

 Monday, 27 February 2006
Published 02/27/2006 11:53:44 (Eastern Standard Time, UTC-05:00)
In: Misc
There is a very cool article in CIO magazine that partially discusses the project I am working on.  Customs Rattles the Supply Chain.  If you scroll a little more than halfway down, to the part titled "Customs ACE in the Hole", that is where they talk about the Advance Trade Data Initiative.

I love this particular quote:
It would take 20 supercomputers chained together just to go through the data from Target, Wal-Mart and Sears," says Laden, who left Target last May to start the consulting firm Trade Innovations. (Bush says the system will work but declined to discuss specifics, citing national security.)

 Monday, 20 February 2006
Published 02/20/2006 19:19:31 (Eastern Standard Time, UTC-05:00)
In: .NET
So, this is a tool that was born at the Microsoft Research Center over two years ago, by Michael Barnett.  It allows you to collapse multiple assemblies down to one assembly.  It was just recently updated (february 7th) and placed on the Microsoft Download Center.

Anyways, this is a pretty cool little tool - one that I honestly had never heard of before.

I am about to use it to collapse a winform client I wrote into a single executable, rather than 1 EXE, and 2 DLLs.

 Saturday, 11 February 2006
Published 02/11/2006 18:08:56 (Eastern Standard Time, UTC-05:00)
In: Misc
Wow, Novell has apparently been doing some cool stuff with Linux.  Here are some demo movies showing off some enhancements they have made to the linux desktop, using XGL and a composition manager called compiz.

Very very cool looking.  They pull off multiple desktops as a 3d-cube, with each desktop as a surface of the cube.  They show something like expose.  Really nice composited opacity.  Interesting animations for minimizing and maximizing.  And some "wobbly window" effect when you drag a window around.

 Thursday, 09 February 2006
Published 02/09/2006 14:21:32 (Eastern Standard Time, UTC-05:00)
You can get a free (after rebate) USB Wireless Security Lock from TigerDirect.  The rebate is good until 2/28/2006.  With tax and ground shipping, you are looking at only paying about $7 for the device.

Thanks to Scott for instant messaging me "duuuude!" about this :)

Of course, once you get the hardware, go get the software Scott and I wrote that makes it worth owning in the first place.

 Monday, 06 February 2006
Published 02/06/2006 23:43:05 (Eastern Standard Time, UTC-05:00)
In: .NET
So, Vault is a really great product.  I won a 5-user license copy at a .NET user group meeting over two years ago.  I started using it immediately and have been an evangelist for the product ever since.  There are a handful of companies using the product now because of me.

It does have some maddening drawbacks - like side-by-side installation.  If you happen to need to connect to several different Vault servers - they had all better be running the same version, as you can only install one instance of the client.

For this reason, I am stuck at the last version of the 2.x series - 2.0.6.  It seems there is a bug in Vault 2.0.6 relating to .NET 2.0 and VS2005.  Eventually your local cache is going to get messed up due to changes in serialization from 1.1 to 2.0.  See, when the Vault libraries get run by VS2005, they are run inside the 2.0 framework - so when the cache files are messed with, they are serialized using the 2.0 serialization mechanism.  When you run the Vault client standalone, it is run using the 1.1 framework, and it barfs trying to deserialize the cache files written by the Vault libraries executed under 2.0.

So, my workaround is to modify the VaultGUIClient.exe.config, and tell it to load up using the 2.0 framework.  You can do this by adding the following to the config file.

    <requiredRuntime version="v2.0.50727" />

So now, the Vault 2.0.6 standalone client will execute under the 2.0 framework, and can read the cache files that are written when Vault is being run under VS2005.

Obviously this is somewhat risky, and surely an unsupported configuration.  But it seems to work fine.

Thanks to Scott Hanselman for giving me the idea to try this after reading his blog entry about the Logitech IO2Pen having issues after installing the 2.0 framework - even though I did the exact opposite of what he did in that article.

Published 02/06/2006 11:34:12 (Eastern Standard Time, UTC-05:00)
In: .NET | Misc

I suspected this was the case due to the increase in volume of recruiter email and calls I have gotten recently - even without having recently updated my resume.

From CNN Money:

"Two tech jobs in high demand these days are .NET (dot net) developers and quality assurance analysts.

Developers who are expert users of Microsoft's software programming language .NET can make between $75,000 and $85,000 a year in major cities when they're starting out. If they pursue a job at a company that seeks someone with a background in a given field (say, a firm looking for a .NET developer experienced in using software related to derivatives) they might snag a salary hike of 15 percent or more when they switch jobs.

Those who work in software quality management, meanwhile, might make $65,000 to $75,000 a year and be able to negotiate a 10 percent to 15 percent jump in pay if they switch jobs."

 Sunday, 05 February 2006
Published 02/05/2006 12:19:22 (Eastern Standard Time, UTC-05:00)
In: Misc
So, watching TV the other night, I saw an advert for RoadRunner that mentions you can get 10Mbps for an extra $10, or 15Mbps for an extra $15 - assuming you are a "Digital Combo Plus" subscriber - which means you get RoadRunner, Phone, and Digital Cable.

So, I decided to try it out - all I had to do was call them up, and they flipped a switch - didn't have to get a new cable modem or even really wait longer than about 30 seconds for it to take effect.  There was a little bit of confusion since my HOA pays for the phone and basic cable - so they didn't think I was a "Digital Combo Plus" subscriber at first - but they quickly figured it out.

So far I am very happy.  Various speed tests indicate a massive improvement in bandwidth.  The nicest speed test I found is hosted by speakeasy.

13,970/1,529 (in kbps)
13.68/1.5 (in Mbps)
1.71/0.187 (in MB/sec)

So, if you have RoadRunner, I suggest you check this out.  As far as I am concerned Verizon FIOS can go get bent.  They have been taunting my neighborhood about FIOS for the last year, but every couple of months I call and they say service will be available soon.  As far as I am concerned, RoadRunner just pwned Verizon.

Now, the new RoadRunner package is about $10/mo more expensive than the equivalent FIOS package...but I am pretty sure that to get FIOS you have to have a verizon phone line - and I am not sure how the overall package of Internet + Phone compares between the two companies.  Now, for the price of a small monthly car payment, you could get 30Mbps/5Mbps FIOS...

 Thursday, 02 February 2006
Published 02/02/2006 19:24:53 (Eastern Standard Time, UTC-05:00)
In: Misc

If you like Scrubs you have no doubt seen at least one episode involving the acapella sounds of "Ted's Band".  Well, they are a real group - called The Blanks.  They have a website.  They have a CD coming out.  And they do an acapella cover of the shows themesong Superman.

Equally excellent is their rendition of Charles in Charge.
 Wednesday, 01 February 2006
Published 02/01/2006 20:00:56 (Eastern Standard Time, UTC-05:00)
In: .NET
I am new to NUnit and Test Driven Development, in fact, today was my first time using it.  So, imagine how much head-banging ensued when I could get the NUnit samples to work, but as soon as I tried to make my own simple ones, NUnit could not find any of my tests!

Well, you see, the new default in VS2005 is to not automatically define as class as public.  NUnit was not able to find the non-public tests.

So, anyways, hopefully that helps someone.  It wasted about 15 minutes of my time.

 Sunday, 29 January 2006
Published 01/29/2006 11:47:18 (Eastern Standard Time, UTC-05:00)
In: Misc
Ask a Ninja is perhaps the funniest Ninja-related comedy to hit the Internet since the Real Ultimate Power website was published.  It is some guy, nay, NINJA, which produces a video blog answering people's questions about Ninjas.

 Thursday, 26 January 2006
Published 01/26/2006 17:54:55 (Eastern Standard Time, UTC-05:00)
In: Misc
I have been busier in the last 4 weeks than I ever have in my life.  The primary thing I have been working on is new geospatial functionality for the Greenline application - showing vessel routes and schedules, and displaying the visual route of a given shipment and its container(s).  Very cool, and complex stuff.  We examined everything from ESRI, to Google Earth, to Virtual Earth.  Right now we are using ESRI ArcIMS.

I am also starting work on Operation Safe Commerce 3.

I may be writing some whitepapers about network security data fusion for the DoD.

Our horse, Mandi, is due to foal anytime now.  And we just sold the last baby, Twiggy, to someone that will be showing her a lot, and at some large shows.  If she does well, then this baby could be worth significantly more.

Mike Metzger wrote a plugin for USBWiSec that will allow it to control the DND feature of your Asterisk phone system.  That is just so very cool.  Greenline is getting some packet8 voip phones for everyone, so I will have to see if I can do the same thing - except maybe have it FWD calls to my cell between business hours if I am not at my desk.

And now I am getting ready to go to DC for a week.  :)