Everyday I pull into work I see this sign. The sign is of the type you typically see over an interstate highway, but this one sits at the end of a road, behind a government office building that leases space to private companies. I’ve often wondered why the sign was here - at the end of a road with nowhere to go but a parking lot. I’ve never seen a message appear on the sign. I don’t know who controls it. I’ve concluded someone in the government needed to spend some end of the year money in order to pad next year’s budget.

The other day as I was leaving, the sign spoke to me in a clear voice.

“Hack me”, the sign said.

“Huh?” I replied.

“Make me display something funny. I want to make people laugh”, the sign said in a firm but pleasant tone. “Hack me”, it repeated.

It took me a moment to gather my thoughts. I’ve amused co-workers with printer tricks, but this was a tall order. About 35 feet tall.

“You’re nuts”, I replied to the sign. “Most of the people around here are government bureaucrats – they have no sense of humor. I could get into big trouble”.

The sign spoke in a soothing, almost hypnotic voice. “You know you want to do it. You want to find out how to light me up. It’s been a long time for me…”. The voice faded, then returned in the kind of soft, neutral voice that only a talking sign could have. “Hack me in the old-school sense of the word, you know you want to do it”.

I paused to think again and began to feel uneasy. What if someone saw me talking to this sign? Not everything in Columbia, Maryland is as it appears. Why, just around the corner behind a second tree line is a large, unnamed brick building with few windows, two layers of barbed wire fence, and cameras every 200 feet. The NSA moved in, some say, but no one really knows. Someone could be watching.

I moved to my car and tried to ease the sign’s voice out of my head with talk radio. As I pulled out of the parking lot and headed towards the highway, I began to feel I was driving suspiciously slow. I decided I needed to blend in. On the entrance ramp, I slammed the accelerator to the floor and veered hard to the far left lane, all the while gesturing rudely at the faceless cars around me. I felt more inconspicuous with this behavior, which is typical among the breed of commuters in the Baltimore / Washington DC corridor.

My thoughts returned to the sign on the drive home. If the opportunity presents itself, I thought, I should at least have some idea of the message I’d put up. Typically, these signs display something obvious and completely unhelpful. Like when you can see nothing but the brake lights of stopped cars in the distance, these signs will display “CAUTION : CONGESTION NEXT 2 MILES”.

A message like “CAUTION : TREES AHEAD” would be exactly the type of message people would expect to see on a highway sign in front of a forest on a dead end road. It might be so obvious and so un-helpful (in other words, so sign-like), that nobody would ever notice. Nobody except me, of course, and the lonely sign. Not that I'm ever going to touch the sign. Never. Ever.

If you had a giant sign outside of your office, what would you make it say?

FINAL UPDATE:

This problem is now addressed in the following knowledge base article:

You may receive error messages from Reporting Services after you install the ASP.NET ValidatePath Module.

--

If you’ve installed the Validate Path Module because of the vulnerability in ASP.NET on a machine with SQL Server Reporting Services, then you’ve got troubles. Here is the exception I'm seeing:

Request for the permission of type System.Web.AspNetHostingPermission, System,
Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed. 

I dumped the PublicKeyBlob of the new assembly with the Caspol.exe utility and granted the module Full Trust (as the other GAC'ed assemblies signed by Microsoft have been given). Place the following into both the rssrvpolicy.config and rsmgrpolicy.config files. I placed the entry just underneath the Microsoft_Strong_Name CodeGroup.

I hope this gets everyone up and running again. If I see any official configuration information from MS, I'll update this post to pass it along

UPDATE Oct 11: No official word yet. If you are getting the following exception after updating both policy files, than restart the web server (IISRESET from the command line will work). Thanks to Adam Creeger for the tip.

Assembly microsoft.web.validatepathmodule.dll security 
permission grant set is incompatible between appdomains.

Some of these questions keep me thinking during moments of idle processing….

Q: What happens when we use partial page caching and VaryByControl in ASP.NET?

A: I don’t know.
The documentation says “set the VaryByControls parameter to the ID property value of the ASP.NET server control in the user control that you want to vary the user control output by”. OK … but what exactly does the runtime do with the server control you point to? Does it examine a specific property on the control? Does it examine every property on the control? What does it examine, exactly, to determine if this version is different than the cached version?

Q: Why, when I need just 10 minutes of complete silence to finish an idea, do I never get 10 minutes of silence?

A: I don’t know.
At 2 AM in the morning (typically a quiet time), I am finally on the verge of a mental breakthrough and suddenly the sound of squealing tires outside breaks the silence. The sound wouldn’t be all that distracting except the squeal turns into the noise of a drunken teenager carrening his car through the well manicured shrubbery of my neighbor's front lawn. The next noise is the crunchy thump of car meeting ditch. Then come the fire engine sirens, the state police sirens, and the ambulance sirens. Everyone walks away from the accident without physical injury, but I’ve lost my train of thought.

Q: Why do my Outlook 2003 menus no longer drop down when I hit a shortcut key?

A: I don’t know.
I used to hit Alt+E and the Edit menu would drop down. Then I could hit C, for example, and the Copy command would execute. Now I hit Alt+E and the Edit menu just highlights. Hitting an accelerator key like C then doesn’t do anything at all. Aggravating!

Q: What does it take to get some link love from Rory Blyth?

A: I don’t know.
However, Rory is having a contest, and you can win a nice prize.

Q: Why does Virtual PC give misleading numbers in the task manager?

A: I don’t know.
With the VPC beta you could launch VPC and look in task manager and see a reasonable approximation of how much RAM the virtual machines were using. Since the release I look at Virtual PC while I am running a machine with 512MB of RAM and VirtualPC.exe is only using 17MB of RAM. Weird.

Q: What is the deal with my PocketPC and Secure Digital Memory Cards?

A: I have no idea.
Sometimes the contents of my SD cards simply disappear - all the files are gone. Sometimes the cards fill up with directories named ‘.’. I’ve tried two different cards in two different Pocket PCs – it happens on every combination. I use the cards to carry MP3 files around – nothing important – and I used to play the MP3s with Windows Media player. I thought it might be WMP wiping out the storage cards – so I tried Pocket Music, but the same thing happens. I’ve tried utilities to reformat the cards. I’ve tried utilities to scan for defects – none. I don’t know anyone else with this problem, so I’m beginning to wonder –

Q: Do I attract more cosmic rays than the average human?

A: I don't know.

[Currently listening to: NOTHING! And it's nice and quiet that way (0:10)]

Here are some questions I received after last night’s presentation on the Community Starter Kit.

Q: Where does the WYSIWYG editor come from?

A: The WYSIWYG editor is an HTML component (HTC). In the CSK, you can find a file named HtmlTextBox.htc that implements the HTML editor component. The HTC file uses a mixture of HTML, JavaScript, styles, and object tags to implement the editor.

It looks as if Paul Abraham has broken out the HtmlTextBox.htc file from the CSK and repackaged the component into a standalone assembly. I haven’t tried this but it looks interesting. Another editor I've seen in applications is the control from from FreeTextBox.com. There is also an assortment of editors and other controls in the ASP.NET content management control gallery.

Q: Can we port the CSK to Oracle?

A: Backend portability was not in the design goals for the CSK. It is possible, but requires some work. First, there is a total of about 200 stored procedures and user defined functions (UDFs) in the SQL Server database you’ll need to port over to Oracle. Each class representing a content type in the domain model architecture of the CSK will also need to be modified – as they are using the SQL Server specific SQL provider classes of ADO.NET. The good news is, once you get all that done – it’s all downhill!

Q: Why do the ASCX files have no code-behind?

A: Unfortunately, I tried to cover too much in this presentation and didn’t get to address this issue properly. Usually when we build ASCX files, we drop controls in the ASCX and in the code behind the ASCX we tell the controls what to display. The CSK works a little differently. We still put controls into the ASCX but the controls themselves are highly customized and already know what they need to display.

The ASCX files then strictly serve as skins. They are simply there to layout where the controls will appear. There is no logic associated with the ASCX file – no code. Each control is customized to do a specific duty. For example, when you plop a community:Author control on the page, the Author control knows it has to display the author’s name for a piece of content. All of the logic is inside this web control - the skin file determines where the control will display.

Q: Are there any sites supporting fixes and customizations of the CSK?

A:  Three I know of, there could be more…

Stephen Redd’s Site (full of CSK Articles, Mods, and Fixes)
Dave Rank’s Personal Web Site
Matthew Roche’s CSK Resources

Q: What is the ASP.NET vulnerability you were rambling about?

A: This is not related to the CSK – it’s a bug in the ASP.NET runtime and is very serious. You need to view the following Microsoft documents and implement the suggested fix as soon as possible until a patch can be provided.

What You Should Know About a Reported Vulnerability in Microsoft ASP.NET
Programmatically check for canonicalization issues with ASP.NET

 

Someone sent me an email today describing a problem when downloading a binary file with the WebRequest class. There are plenty of articles (including some of mine) with screen scraping code like the following:

WebRequest request = WebRequest.Create(someUrl);        
using(WebResponse response = request.GetResponse())
{
   using(StreamReader reader = new StreamReader(response.GetResponseStream()))
   {
      string result = reader.ReadToEnd();
   }         
}

Unfortunately, StreamReader is only good for reading text. When it comes to binary data the result has a good chance of being incomplete. The approach for binary data is to stick to the basic Stream type and read raw bytes.

byte[] result;
byte[] buffer = new byte[4096];
 
WebRequest wr = WebRequest.Create(someUrl);
 
using(WebResponse response = wr.GetResponse())
{
   using(Stream responseStream = response.GetResponseStream())
   {
      using(MemoryStream memoryStream = new MemoryStream())
      {
         int count = 0;
         do
         {
            count = responseStream.Read(buffer, 0, buffer.Length);
            memoryStream.Write(buffer, 0, count);
 
         } while(count != 0);
 
         result = memoryStream.ToArray();
 
      }
   }
}

P.S. IDisposable lurks everywhere!. It’s a shame some classes use an explicit interface implementation and hide the Dispose method from Intellisense.

P.P.S. Commercials are the best things going on Monday Night Football these days. Except the commercials for other ABC shows. I don't know why I turn on television.

I got word this week from Tony Elias, development editor for MSDN Magazine, that I'll be in the January issue with my article “Living The Static Life”. The article will cover all the deep, dark secrets you ever wanted to know about shared and static members of a class. Visual Basic.NET and C# code included!

I’ve been looking for a Linux distro to run under Virtual PC so I can get the latest build of mono running again. Previous attempts at installing the most recent Linux distros all ended with kernel panics - apparently, there is a problem on VPCs with P4 Prescott processors.

After reading Jerry Pournelle’s column (Chaos Manor) in last month’s Dr. Dobb’s Journal, I decided to give Xandros a try. A hard-core Linux distribution this is not. Any unix software which creates a “My Documents” directory is sure to make a true Linux fan sputter obscenities. I’m not a hard core Linux fan, and I think Xandros is nice and clean. What would really irritate me about RedHat and the others is all of the garbage they install by default. Do I really need 4 different web browsers on my desktop?

I now have mono up and running again. It took some work. Xandros is supposed to be for the relative compute newbie. As such, the free version doesn’t come with a cvs client or any other development tools (except a C++ compiler). However, I think starting clean and adding what I needed actually enabled everything to work for me on the first try, unlike previous attempts at getting mono built from source, which only resulted in google-ing for obscure error messages and coming up empty.

I had to install the following to get mono running on Xandros:

pkgconfig-0.8.0
glib-2.0.6
gc6.alpha5
autoconf-2.59
automake-1.9
bison-1.875
icu (note: change CFLAGS from -O2 to -O3 in icudefs.mk to work around a GCC optimization bug, argh).
libtool-1.5.10
mono-1.0.2
mcs-1.0.2

Each piece of software is installed using the typical ./configure, make, make install process. I had to add /usr/local/lib to ld.so.conf (then run ldconfig to reconfigure the bindings), and wow, it finally all works!