jo.se/f pfleger

ForceCORS Workaround

Mon, 02 Jun 2014 17:49:56 +0200

The latest Firefox no longer has an add-on bar which also caused the ForceCORS button to disappear. Github user lissyx was quick to fork it and rewrite the extension to fit the new Mozilla SDK but as we tried to submit the update to the Mozilla add-on site it got rejected due to security considerations. I'll now try to find a way to bring it back to the official add-on site by making a few changes requested by Mozilla but until then, here's a workaround:

Download the Addon Bar addon

Since a lot of people miss the add-on bar, a new add-on called the addon bar (restored) brings back the add-on bar : ) If you add this add-on, the ForceCORS button becomes visible again without configuration. You can use the customize menu to move the button elsewhere but you need to keep this addon installed to keep it there.

Install ForceCORS manually

If you've lost the ForceCORS extension after it was removed from the Mozilla add-on site, you can re-install it manually by downloading the XPI-file here and then opening it in Firefox.

Thanks everyone for reporting and discussing the issues - please continue to do so here. I'll try to get it back to an official add-on as soon as I can.

Expanding My Horizon

Sat, 18 May 2013 18:57:32 +0200

It's been a while since I last blogged on my blog. One of the many things I've been up to recently is learning how to fly. As a member of a local aeroclub I can now take an airplane to the sky and literally expand my horizon!

To find out exactly how much expandin' is really possible, I hacked together some Javascript that allows me to enter different cruise speeds (in knots) and endurances (in hours) and overlays it on Google Maps. Here's a screenshot:

Needless to say this is a very rough estimate as it doesn't take any air space restrictions, terrain, weather, climbs or descents into consideration, but it's still fun to enter different aircraft's performance characteristics and imagine where they would take me :)

Try it out!

This was the first time I used the Google Maps API and I have to say that it is really simple and easy to use. It works well and the documentation is good.

Taking Notes

Sat, 17 Dec 2011 21:05:30 +0100

Something I never did as a student was taking notes. I just didn't think it was cool. But things change and I now take a lot of notes. Most of them I take at work during meetings, interviews, trainings etc but my notebook is also full of spontaneous ideas, scribbles, numbers, code snippets, stack traces, quotes and other things.

Obviously I don't carry around a pen and something made out of paper all day long. I type fast enough to protect the trees and read and write my notes digitally. When I started digital note-taking, I looked at evernote and its type of software and was shocked by the feature overload in some of these tools.

Here's what I need from a note-taking application:

a (big) plaintextbox to enter my note
store a timestamp for each note
tags
search

That's it. No video, no Facebook, no Foursquare, no Twitter. Google Notebook called tags 'labels' and had richtext but was otherwise exactly what I wanted. It also worked on every device that supported HTML and I used it every single day. And then this happened:

This sucked. I guess when a Google application gets less than five million users they say "noone is using this" and just turn it off. And sure enough it was in read-only mode a few days later. Coming back from #gdd11, I decided to give the Google App Engine a try and implemented my own notebook within a few hours:

Nothing fancy but it does everything Google Notebook did for me. It works and I've used it every day since. Feel free to use it with your own Google account:

https://notebook-ocactus.appspot.com/

Also, the codez are on github, in case you need another GAE sample :)

https://github.com/jo5ef/notebook

A Memory Leak brought to you by XmlSerializer

Wed, 26 Oct 2011 18:16:57 +0200

We ran into an interesting memory leak the other day. When one of my colleagues analyzed the memory dump from production, he saw an unusual amount of types in *.GeneratedAssembly.* namespaces, one instance each:

0:007> !dumpheap -stat
Statistics:
              MT    Count    TotalSize Class Name
000007ff0024da98        1           24 System.Xml.Serialization.TempAssemblyCache
000007ff002474f8        1           24 System.Xml.Serialization.Configuration.RootedPathValidator
...
000007ff00441d98        1           40 Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializerContract
000007ff004412c8        1           40 Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializerContract
000007ff004407f8        1           40 Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializerContract
000007ff003ef9b0        1           40 Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializerContract
000007ff003eeee0        1           40 Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializerContract
... and more

He also found the method XmlSerializer.GenerateTempAssembly in call stacks and soon thereafter the explanation online:

To increase performance, the XML serialization infrastructure dynamically generates assemblies to serialize and deserialize specified types. The infrastructure finds and reuses those assemblies. This behavior occurs only when using the following constructors:

XmlSerializer.XmlSerializer(Type)

XmlSerializer.XmlSerializer(Type, String)

If you use any of the other constructors, multiple versions of the same assembly are generated and never unloaded, which results in a memory leak and poor performance. The easiest solution is to use one of the previously mentioned two constructors. Otherwise, you must cache the assemblies in a Hashtable, as shown in the following example.

from MSDN

Turned out we were (indirectly) using one of the XmlSerializer constructors that cause this documented memory leak. This also popped up in many other places online and can be easily reproduced with a few lines of code:

public class Brick { }

while(true)
{
    var s = new XmlSerializer(typeof(Brick), new Type[] {});
    s.Serialize(Stream.Null, new Brick { });
}

Isn't that some very fine memory leaking code? Not only is it eating up memory, it is also generating, loading (and deleting) *.dll files in your temp-path (e.g. C:\Users\josef\AppData\Local\Temp) and is therefore incredibly slow. The Hanselman already taught us how we can make the generated code visible:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
   <system.diagnostics>
      <switches>
         <add name="XmlSerialization.Compilation" value="1" />
      </switches>
   </system.diagnostics>
</configuration>

With this switch set to 1, the C# code for each generated assembly will be written into *.cs files so if you run the code above, your temp-dir will be flooded:

C:\Users\josef\AppData\Local\Temp>dir *.cs
 Volume in drive C has no label.
 Volume Serial Number is ####-####

 Directory of C:\Users\josef\AppData\Local\Temp

10/26/2011  05:11 PM             9,260 0r2upaee.0.cs
10/26/2011  05:11 PM             9,260 0wvlt0sz.0.cs
10/26/2011  05:11 PM             9,260 12x20ris.0.cs
10/26/2011  05:11 PM             9,260 1bsq04ge.0.cs
10/26/2011  05:11 PM             9,260 1wvkuolg.0.cs
10/26/2011  05:11 PM             9,260 1y4yyetd.0.cs
10/26/2011  05:11 PM             9,260 20yixjrc.0.cs
10/26/2011  05:11 PM             9,243 23qz4yru.0.cs
10/26/2011  05:11 PM             9,260 2vt3hznp.0.cs
...
         101 File(s)        926,038 bytes
           0 Dir(s)  91,353,591,808 bytes free

The recommended way to get around this issue is to use one of the two safe constructors (see above) if you can, or cache the XmlSerializer instances by yourself. We went for the latter.

Force CORS Firefox Extension

Mon, 01 Aug 2011 02:05:22 +0200

I've created a very simple extension for Firefox that adds the Cross Origin Resource Sharing (CORS) Access-Control- HTTP headers to all responses before they're processed by the browser. This essentially disables the browser's same origin policy and allows cross domain calls even if the web server does not support CORS.

The default setting adds the following headers to every response:

Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST

This can be customized in the forcecors.headers setting via about:config, the values are separated by spaces (and yes, you may add arbitrary, cors-unrelated headers :).

Force CORS is going to be very helpful for my numerous Javascript/HTML5 hacks (diagnostic scripts, little helpers, mashups, etc.) that load data from websites I don't control :)

The code is available on github, feel free to fork it.

And here's the link to Mozilla's "AMO":

https://addons.mozilla.org/en-US/firefox/addon/forcecors/

Oh, and a warning: Force CORS circumvents the browser's same origin policy, so be careful (i.e. don't use it if you don't know what you're doing).

Update

There's a problem with the Mozilla add-on site.

Cannot add graphics to virtual machine

Sun, 31 Jul 2011 12:22:21 +0200

I use libvirt and kvm to run two virtual machines (a linux and a windows guest) on a debian host. Both guests run without a <graphics/> section in their config because I use ssh and rdp to admin these systems.

Last night I broke the network for the windows guest while upgrading the host from lenny to squeeze so I wanted to temporarily enable <graphics type='vnc'/> for troubleshooting. I virsh edit the windows domain and added the following line to the <devices/> section in its config:

<graphics type='vnc' listen='0.0.0.0:0'/>

However, saving the config always resulted in the following error message:

virsh # edit windows
error: internal error unable to reserve PCI address 0:0:2

I tried to run kvm directly by passing a -vnc :0 switch instead of -nographic but that didn't work either:

TUNGETIFF ioctl() failed: Bad file descriptor

Turns out I had run into a bug ("qemu: Always reserves slot 0x02 for primary VGA. (Osier Yang)") that always took pci slot 0x02 for vga. Since my guest already had its network interface configured to that slot, things did not work out.

The fix was to move around the pci slot assignments in the config and allow <graphics/> to use 0x02 (irrelevant sections omitted):

<devices>
  <!-- emulator, disk, etc. omitted -->
  <controller type='ide' index='0'>
    <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
  </controller>
  <interface type='bridge'>
    <!-- mac, source, target, model, etc. omitted -->
    <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
  </interface>
  <graphics type='vnc' port='-1' autoport='yes' listen='0.0.0.0:0'/>
  <video>
    <model type='cirrus' vram='9216' heads='1'/>
    <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
  </video>
  <memballoon model='virtio'>
    <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
  </memballoon>
</devices>

That allowed me to boot the guest and connect to it on display :0 via vnc.

The bug was fixed in libvirt 0.9.2-1.el6 but since the host is on squeeze, it is using libvirt 0.8.3-5.

CORS and IIS

Sun, 17 Jul 2011 20:05:47 +0200

Last time, I wrote about Cross-Origin Resource Sharing (CORS). This time I'll show how it can be implemented with Microsoft's Internet Information Services (IIS), ASP.Net and jQuery.

Let's assume we have two very separate web applications:

http://cooking/, a website that is full of delicous cooking recipes
http://shopping/, a website that allows users to make shopping lists

First, we implement http://shopping/ by adding 127.0.0.1 shopping to the hostfile and creating an empty ASP.NET web application with only one file (list.aspx):

<%@ Page Language="C#" ContentType="application/json" %>
[
    { "amount": "2", "name": "Apples" },
    { "amount": "4", "name": "Bananas" },
    { "amount": "8", "name": "Cookies" }
]

That was fast.

Now the guys from http://cooking/ would like to show shopping lists on their site and allow users to add ingredients for the recipe they're looking at to their list. They add the following Javascript to their recipe-detail page to retrieve a user's current shopping list:

$.ajax({
    url: 'http://shopping/list.aspx',
    dataType: 'json',
    success: function(data) {
        // render shopping list items to page
    }
});

Unfortunately this call is blocked due to the same origin policy. Luckily the girls from http://shopping/ want the whole world to use their shopping lists so they add an HTTP Header Access-Control-Allow-Origin: * to their response. This can be done in the IIS Manager

IIS6: in the Web's properties dialog under 'HTTP Headers'
IIS7: in the 'HTTP Response Headers' section of the 'Features View', or web.config

Here is what the response from http://shopping/list.aspx looks like after the change:

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/json; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Date: Sun, 17 Jul 2011 14:21:59 GMT
Content-Length: 124

[
    { "amount": "2", "name": "Apples" },
    { "amount": "4", "name": "Bananas" },
    { "amount": "8", "name": "Cookies" }
]

Now everybody, including the script on http://cooking, is allowed to retrieve the shopping list.

Additionally it should be possible for users on http://cooking to click a link 'add to shopping list' while they browse the ingredients for a recipe. The cooking-guys add the following Javascript to their site and have it run when users click on these links.

$.ajax({
    type: 'POST',
    url: 'http://shopping/list.aspx',
    contentType: 'json',
    dataType: 'json',
    data: JSON.stringify({
        amount: 16,
        name: 'Dark Chocolates'
    }),
    success: function (data) {
        // render shopping list items to page
    },
});

This will POST the new item (16 Dark Chocolates) to the list but since it is a different domain, the browser will first query Access-Control with an OPTIONS request:

OPTIONS http://shopping/list.aspx HTTP/1.1
Host: shopping
Origin: http://cooking
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type

In particular it checks for the permission to POST with a header content-type. Fortunately the http://shopping site responds with

HTTP/1.1 200 OK
Allow: OPTIONS, TRACE, GET, HEAD, POST
Server: Microsoft-IIS/7.5
Public: OPTIONS, TRACE, GET, HEAD, POST
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST
Access-Control-Allow-Headers: Content-Type
Date: Sun, 17 Jul 2011 17:49:22 GMT
Content-Length: 0

so the browser goes ahead with the original POST:

POST http://shopping/list.aspx HTTP/1.1
Host: shopping
Content-Type: json; charset=UTF-8
Referer: http://cooking/
Content-Length: 38
Origin: http://cooking

{"amount":16,"name":"Dark Chocolates"}

It is possible that everything already works for you after configuring the two additional Access-Control- headers (-Allow-Methods and -Allow-Headers). IIS7 has an OPTIONSVerbHandler configured by default that will respond with all configured custom headers, including the Access-Control- headers. In IIS6, there is no such mapping and depending on your setup it is likely that you need to explicitly allow the OPTIONS verb. In IIS6 this setting is certainly not obvious but you can find it in the website's Properties -> Home Directory -> Configuration... -> Mappings -> .aspx -> Verbs -> Limit to. If you're using a different handler (e.g. WCF) you'll have to add it to the appropriate mapping (e.g. '.svc'). This will allow your ASP.Net application to receive OPTIONS requests. One way to handle these requests is to simply end the response in the Global.asax's Application_BeginRequest method, optionally also setting the Access-Control- headers:

void Application_BeginRequest(object sender, EventArgs e)
{
    var ctx = HttpContext.Current;
    if (ctx.Request.HttpMethod == "OPTIONS")
    {
        //ctx.Response.AddHeader("Access-Control-Allow-Origin", "*");
        ctx.Response.End();
    }
}

Some other things to look out for when it doesn't work:

Don't just rely on your browser plugins (Firebug etc.) to find out what happened. Use a debugging proxy (e.g. Fiddler, Charles, etc.) or network tools (e.g. Wireshark). There is a really fine line between request-blocked-by-browser (i.e. no request actually happened), OPTIONS request problems and GET or POST problems. The plugins' error messages are not always helpful (e.g. '405 Method not allowed')
Depending on your ajax-call setup and content type (json, xml, etc.) you might have to add the Accept header to the list of -Allow-Headers.
If there is a problem with the OPTIONS request, check the <system.webServer><handlers> section, there may be handlers with verb limits configured (IIS7 only)
If there are still problems with the OPTIONS request, check the <system.web><httpHandlers> section for custom handlers
Don't forget about any firewall or security tools that are filtering requests with specific (or unknown) verbs or headers (e.g. UrlScan)

Here is the full sample code: cors-and-iis.zip

Cross-Origin Resource Sharing

Sun, 17 Jul 2011 20:03:39 +0200

If you ever tried to make a request to a different domain using Javascript inside a web browser, you've probably encountered what's known as the same origin policy. This security feature basically blocks all calls that a script tries to make to an origin (protocol + host + port) that is different from its own.

For communication across sub-domains, the document.domain feature can be used. Over time, a number of ways to achieve cross-domain communication have popped up but most of them are hacks (fragments, window.name, JSONP, etc.). While there are some libraries that abstract these hacks and choose the most appropriate method for the given browser (e.g. easyXDM), it's time to start using newer technologies that provide explicit support for cross domain calls.

HTML5 comes with a more generic cross-document-messaging mechanism via postMessage that allows scripts to send messages to other windows and documents. But there is another exciting way to explicitly allow cross-domain HTTP requests on the server side: a W3C Working Draft called Cross-Origin Resource Sharing. The idea is extremely simple. A domain can choose to allow calls from different domains by adding Access-Control- HTTP headers to its response. Example response:

HTTP/1.1 200 OK
Date: Sun, 17 Jul 2011 17:37:32 GMT
Server: Apache/2.2.16 (Debian)
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST
Access-Control-Allow-Headers: Content-Type,Accept

This allows any script on any domain (-Allow-Origin: *) to make requests to this server using GETs and POSTs and some headers to specify content types (xml, json, javascript, etc.). Cool, eh?

Cross-Origin Resource Sharing (CORS) allows for very fine-grained access control and is supported by a lot of popular browsers (basically everyone but Opera). Here's how you implement CORS in IIS and ASP.Net.

Flash + Flex + REST = :-(

Sat, 30 Apr 2011 13:08:09 +0200

We've built the world's most beautiful web API and have done our best to comply with all constraints for representational state transfers. It's been in production for quite some time and used by a few clients, including apps for both iPhones and Androids.

As a next step, we want to make our own (popular) flash application an official API client and deprecate all the custom-made feeds we've created for it in the past. Sounds awesome. Turns out, it is not awesome. When hosted in a browser, Flash has several limitations that make it very difficult to use a RESTful web service correctly.

Setting HTTP Headers is unreliable

Standard HTTP Headers cannot be used reliably because their behavior strongly depends on the combination of browser and flash player version. Example: Let's assume the API supports different request and response formats via Content-Type and Accept headers. Setting the request's Accept header to application/json will work fine in Chrome for Mac 11.0.696.57 with Flash Player 10.2.154.27 but Firefox for Mac 4.0 with Flash Player 10.1.102.64 will just send whatever Accept header the browser sends with all requests (in this case text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8).

Custom HTTP Headers only work for POSTs

Due to a bug in the Flash Player, custom HTTP headers cannot be sent with GETs. This is still open at the moment, and once it is fixed, it will be another thing that strongly depends on the user's flash player version.

Methods other than GET and POST are not supported

Although this seems to be a browser limitation rather than a flash player limitation, only HTTP GETs and POSTs are supported (tracked here). Workarounds include the (in)famous X-Method-Override header, and the _method url parameter with all its fans in the ruby community.

In addition, apparently sometimes POSTs are turned into GETs under specific circumstances.

Problems with HTTP Response

There are several issues regarding the HTTP response. HTTP response headers are hidden (bug), HTTP status codes cannot be retrieved (not supported), and the body cannot be accessed for responses with status codes other than 200 (feature).

Although all of the above sound horrific, maybe none of it will be an actual problem for our endeavor. We'll do with GETs and POSTs, move our token from the custom HTTP header to the URL and mitigate the response format issue by defining a default response format (e.g. application/json).

Links

Disclaimer: I'm not a flash developer (and don't want to be one :) but I see the team that is trying to use our API run into these issues.

Why a WCF's WSDL works, but its inline XSDs don't

Tue, 25 Jan 2011 00:44:53 +0100

You have some extra time and are looking for a WCF related puzzle that will waste some of it? Awesome. Here's what you can do:

Create a simple WCF service, host it in IIS and change its application pool's identity to a windows user you create and only provide with the minimum set of permissions you think it needs. Then create a proxy and try to make a successful call to the service without reading the rest of this post :)

Apparently if you don't grant the application pool's identity write permissions on C:\Windows\Temp, fascinating things happen to the service. It seems up, the ?wsdl works but proxies cannot be created because the XML schemas referenced within the WSDL fail to download. These are usually urls of type ?xsd=xsd0, ?xsd=xsd1, etc. Additionally, some tools (e.g. svcutil.exe) and IIS get into an argument about MIME types, HTTP code 415 'Other mime type expected, expected application/soap+msbin1 but got application/soap+xml' and whatnot.

Obviously the XSDs are somehow dynamically compiled and cached in C:\Windows\Temp but it is certainly interesting to learn about this behavior if you encounter the aforementioned symptoms. Fortunately the fix is already out there.

Implementing foreach-else for .Net (C#)

Sun, 09 Jan 2011 01:33:08 +0100

I like the idea of having else-branches for loops as Python supports them for its for and while statements. It allows code like this:

for i in range(2, n):
    if n % i == 0:
        print n, 'equals', i, '*', n / i
        break
else:
    print n, 'is a prime'

else is executed after the loop, unless the loop is terminated by a break statement. Pretty handy, I think. I've decided this is awesome enough to justify the following extension method:

public static void ForEachElse<TSource>(
    this IEnumerable<TSource> source,
    Func<TSource, bool> action, Action @else)
{
    foreach (var i in source)
    {
        if (!action(i))
        {
            return;
        }
    }
    @else();
}

It's your regular every day foreach on IEnumerable but allows you to specify both a "loop-action" and an "else-action" where the latter is executed after the loop unless you break the loop by returning false from the former. It's a tad clumsier than Python but still useful:

Enumerable.Range(2, n - 2).ForEachElse(i =>
{
    if (n % i == 0)
    {
        Console.WriteLine("{0} equals {1} * {2}", n, i, n / i);
        return false; // break
    }
    return true; // continue
},
() => // else
{
    Console.WriteLine("{0} is a prime", n);
});

What do you think? Implementing WhileElse is left as an exercise to the reader :)

soflair

Thu, 06 Jan 2011 17:27:36 +0100

Soflair is a (very) simple widget for Android that shows a user's flair (avatar, reputation & badges) on any of the stackexchange sites (stackoverflow, serverfault, superuser, etc.). The JSON feed is polled every 60 minutes.

Screenshots

The left screenshot shows how you configure the widget and the right shows it in action on an Android home screen.

Code

The code is available on github.

Download

Please find 'soflair' in the Android Market or use this QR-Code:

Supported Devices

I hope all Android, let me know if it doesn't work for you.

Changelog

--- Version 2.8 ---

moved to stackexchange api 2.2

--- Version 2.7 ---

more room for full reputation display (rep will be truncated at 10^4 instead of 10^3)
minor bugfix for invalid json responses

--- Version 2.6 ---

Stackoverflow changed their 'recent'-url

--- Version 2.5 ---

click on widget takes you to recent activity page
Now displaying identicons for users without a gravatar

--- Version 2.4 ---

Now uses the Stackexchange API instead of the flair.json feed because the latter was turned off. You have to re-add your widget and configure a valid api-url (an example is provided).

--- Version 2.3 ---

Stackoverflow turned off the flair.json feed I was using. Unfortunately the widget responded with an ANR. Quickfix to make it stable.

--- Version 2.2 ---

click on widget takes you to profile page
configuration via full url -> all stackexchange sites supported

--- Version 2.1 ---

upgraded graphics for high resolutions (for my Nexus One :)

--- Version 1.0 ---

Created long before this post
At least now I have something to link to :)

About Me

Wed, 15 Dec 2010 15:13:24 +0100

My name is Josef Pfleger and I am from Austria. I currently manage a team of software engineers at bwin and live and work in Austria.

My interests

I'm interested in everything related to computers, especially software and its creation. Some of my other hobbies include flying small airplanes, scuba diving, playing the violin, snowboarding, soccer and some other sports.

Logo

I created the most awesome logo based on my initials. Here's a visual explanation:

And here is the SVG and a picture of M&M's. And here is the LINQ to create it in ASCII art:

var r = 42; // radius

Func<double, int> f = h => (int) Math.Round(h, 0);
int s = f(r * .8), i = f(r * .9), o = f(r * 1.1);

var jp = from y in Enumerable.Range(0, r * 2 + 1)
         from x in Enumerable.Range(0, r * 2 + 2)
         let d = f(Math.Sqrt(x * x + y * y - (2 * r * (x + y - r))))
         select x > r * 2 ? '\n' :
            (x < i && (y < r ? d <= r : d <= s))
            || (x > o && y < i && d <= s)
            || (x > o && y > o && d <= r) ? '*' : ' ';

Console.WriteLine(jp.ToArray());

Contact

If you need to contact me, please write me an eMail: green-carrot@orange-cactus.org. I have accounts on the most popular social networking sites but don't check these sites regularly.

CDATA in Custom Configuration Sections

Sun, 28 Nov 2010 17:55:55 +0100

Creating a custom configuration section with ConfigurationSection as described in this MSDN article is less straightforward when you want to use more than just attributes (e.g. text or CDATA elements):

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <configSections>
        <section name="stats" type="X.StatsSection, X"/>
    </configSections>
    <stats>
        <sql><![CDATA[SELECT * FROM tbl WHERE x < y]]></sql>
    </stats>
</configuration>

If you do as told, you'll see this exception:

System.Configuration.ConfigurationErrorsException: The configuration section cannot contain a CDATA or text element.

Fortunately, creating a custom ConfigurationElement and overriding its DeserializeElement method does the trick:

class StatsSection : ConfigurationSection
{
    [ConfigurationProperty("sql")]
    public SqlElement Sql { get { return this["sql"] as SqlElement; } }
}

class SqlElement : ConfigurationElement
{
    protected override void DeserializeElement(XmlReader reader, bool s)
    {
        Value = reader.ReadElementContentAs(typeof(string), null) as string;
    }

    public string Value { get; private set; }
}

Not rocket science but (hopefully now less) difficult to find online.

Using AIDL with Eclipse and ADT

Mon, 01 Nov 2010 10:03:18 +0100

In my Android Package Size post, I described how to retrieve the size of an android package. It requires the use of AIDL, which is Android's IDL for interprocess communication (IPC).

Using Eclipse and ADT, working with AIDL files is very simple: When AIDL files are created or imported into the src/ folder, the ADT plugin automatically generates the interface definitions and stubs in the gen/ directory as part of the build.

For example, to generate the IPackageStatsObserver interface and stub for the code used in Android Package Size:

Download the AIDL files for PackageStats and IPackageStatsObserver
Create a new java package android.content.pm
Copy or import both AIDL files to the new package
The ADT plugin will generate the IPackageStatsObserver interface and stub automatically in gen/

The Android SDK also includes a (command line) compiler aidl (in the tools/ directory) that you can use to generate the java code in case you don't use Eclipse.

Upgrade to VS2010

Wed, 11 Aug 2010 20:23:27 +0200

It's been exactly 11² days since Microsoft released Visual Studio 2010. Of course the fearless developer downloaded and installed every CTP and Beta version in the very millisecond it was available, but some places (i.e. work) don't really welcome these additional adventures and productivity fluctuations.

However, with the official release out for some time, we carefully upgraded our fairly large C# codebase from VS2008 to VS2010. Here's what we had in mind:

upgrade our codebase to VS2010
still have it work with VS2008 so not everyone on the team is forced to upgrade at the same time
keep it simple (files) to avoid any crazy scm branching/merging/scripting
keep the codebase at .NET 3.5, without upgrading to .NET 4.0

Don't let your first date with the VS2010 migration assistent (wizard?) ruin your high hopes for the above. Try it, have a look at the result (including but not limited to)

re-auto-generated code (designer files, proxies, etc.), including new fxcop violations if you're lucky ;)
a couple of new migration files, logs and reports
new sections in project files (bootstrapping and whatnot..)

... and then revert these changes and fire up your favorite editor. All you really need to do to make your project files open with both VS2008 and VS2010 is

1 Change the ToolsVersion

Change the ToolsVersion attribute in the <Project/> element from 3.5 to 4.0.

<Project DefaultTargets="Build"
         ToolsVersion="4.0"
         xmlns="http://schemas.microsoft.com/developer/msbuild/2003">

2 Change the OldToolsVersion

Change the <OldToolsVersion/> element from 2.0 to 3.5

<OldToolsVersion>3.5</OldToolsVersion>

3 Conditional import of WebApplication.targets

If you have a WebApplication project, you need to create a conditional import for the Microsoft.WebApplication.targets in order to support both paths:

<Import Condition="'$(Solutions.VSVersion)' == '9.0'" Project="$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v9.0\WebApplications\Microsoft.WebApplication.targets" />
<Import Condition="'$(Solutions.VSVersion)' == '10.0'" Project="$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v10.0\WebApplications\Microsoft.WebApplication.targets" />

And that's it. Your projects should open without any problems or migration wizard interruptions in both versions of Visual Studio. However, when you compile with VS2008 you will encounter the following warning

Project file contains ToolsVersion="4.0", which is not supported by this version of MSBuild. Treating the project as if it had ToolsVersion="3.5".

This is obviously completely harmless and will not affect your build.

4 Create a separate solution file

Unfortunately we did not find a way to make solution files play in both studios so we ended up creating separate files

Super.Clever.Service.sln
Super.Clever.Service.vs2010.sln

Overall it was a very smooth transition where some team members didn't even notice that some of us were already using VS2010 :)

Android Package Size

Thu, 08 Apr 2010 12:28:51 +0200

Unfortunately there is currently no public api to retrieve size information about application packages. However, building on a technique I wrote about in the past, we can use the PackageManager's hidden getPackageSize method to retrieve an instance of PackageStats that includes cache, code and data size information.

First of all our application will need the GET_PACKAGE_SIZE permission:

<uses-permission android:name="android.permission.GET_PACKAGE_SIZE"/>

Using ADT we can import the relevant AIDLs (PackageStats and IPackageStatsObserver) into our project and have ADT generate stubs. With the stubs generated, we can simply use reflection to call the hidden getPackageSize method and retrieve the PackageStats instance in the stub's onGetStatsCompleted callback method:

PackageManager pm = getPackageManager();

Method getPackageSizeInfo = pm.getClass().getMethod(
    "getPackageSizeInfo", String.class, IPackageStatsObserver.class);

getPackageSizeInfo.invoke(pm, "com.android.mms", new IPackageStatsObserver.Stub() {

        @Override
        public void onGetStatsCompleted(PackageStats pStats, boolean succeeded)
            throws RemoteException {

            Log.i(TAG, "codeSize: " + pStats.codeSize);
        }
    });

While this works it is obviously a big hack to work around a missing piece of Android API. Reaching past the SDK is never a good idea, especially for public applications.

Reload vs. Refresh in Firefox (Cache-Control)

Wed, 17 Mar 2010 20:32:00 +0100

Do you know the difference between load, refresh, and reload in your favorite browser? Shortcuts differ but there are roughly three different types of reloads available in most browsers, for example in Firefox:

load: hit enter in the address bar; click on links
reload: F5; Ctrl+R; toolbar's refresh button; Menu -> Reload
hard reload: Ctrl+F5; Ctrl+Shift+R

The terms refresh, reload, and load are frequently used interchangeably and what I listed as a hard reload is also known as super refresh or reload (override cache).

All of this is not really important until you design (or test) features related to browser caching. Then you need to know what the above mean in terms of cache control. Provided the requested resource is in the browser cache and not stale, the following happens in Firefox:

load: no request happens until the cached resource expires
reload: the request contains the If-Modified-Since and Cache-Control: max-age=0 headers that allow the server to respond with 304 Not Modified if applicable
hard reload: the request contains the Pragma: no-cache and Cache-Control: no-cache headers and will bypass the cache

Although a simple concept, it has the potential to drive you into great debugging circles when you are not aware of the subtle differences between the different reload-variants :-)

Session State Lost in ASP.NET Web Farm

Fri, 26 Feb 2010 23:56:57 +0100

The Story.

One day (recently) at work, high traffic asked for five new web servers in our existing ASP.NET Web Farm. Setup, turned on and polished, IT ops discretely told the load balancer about the fresh fish.

But as soon as some of the traffic hit the five new boxes, we monitored an explosion of lost session exceptions in the event log. And it wasn't even limited to the five noob servers - the entire farm was on fire!

Flabbergasted by the event, IT ops banished the deadly five from the farm and things calmed down immediately. After hours of investigating, fantasizing about race conditions, .NET, IIS, Windows bugs and debugging in a test farm, we finally found

The Problem.

Turns out this very old article described our problem exactly:

PRB: Session State Is Lost in Web Farm If You Use SqlServer or StateServer Session Mode

The five new web servers had a slightly different IIS application path (/LM/W3SVC/12/ROOT) configured than the rest of the bunch (/LM/W3SVC/11/ROOT). Since the Stateserver combines the ASP.NET Session ID with the IIS application path to create a unique key, sessions issued for one of the five new webs could not be found when accessed through one of the other webs which is obviously extremely unfortunate in a weighted round robin load balanced web farm. Nevermind the the old article's Applies To section, our setting was IIS6 and .NET 3.5 (32bit).

Although the above incident temporarily smashed our dreams of scalability, it was awesome to come up with and discard hypotheses (our penultimate idea was a race condition) until we eventually acquired this microscopic piece of ASP.NET/IIS knowledge that none of us will ever forget :-)

Working around IE Bugs

Thu, 11 Feb 2010 01:34:50 +0100

As someone who currently works in a team that is located close to the front end of a large web application, I am at times exposed to issues related to Internet Explorer and its numerous bugs, including (but not limited to) parsing, stylesheets, Javascript or rendering.

Today, my now least favorite tester (kidding:) dropped the aforementioned type on me before I could run:

On IE7, and only on IE7, there appears to be a white, 5 by 1 pixel line between the first and second image of the WasteTheUsersBandwidth feature. But only if you zoom in or out. The line is not visible at a regular zoom level and does not change in height at any other zoom level.

Jackpot. After reproducing (the bug) and issuing the appropriate WTFs, I reflected on some of the approaches I had taken in the past. In chronological order:

BFDIED (Brute Force Driven IE Development). Trial & Error until the 'correct' (but secret!) HTML/CSS/JS combination is found (~?h)
Reduce the problem to a minimum reproducible version (>0.5h), 'understand' the IE bug (~?h), locate places in respective specs and standards that 'prove' IE wrong (>0.5h), bash IE in emails & on web 2.0 (∞h), and, eventually, if a suit asks nicely, work around the bug (<0.25h)
Disavow the sucker. Procrastinate indefinitely and argue that there is no business value in fixing it which obviously implies its non-show-stopper status

Number one and two are extremely frustrating and most often incredibly time consuming. Three does help developers maintain sanity but does not really solve any problems.

So this time I decided to try a new ride. Well aligned with our agile methodologies, I allotted myself a creativity time box of 15 minutes before falling back on 3, 2 or 1. Because of the zoom quirk, I was convinced that it must be a rendering issue. Still, for the sake of creativity, I searched the stylesheets for border, underline, 1px, white, #FFF, #FFFFFF, etc.

Bingo. Turns out both text-decoration: underline and color: #FFF were cascaded to the elements under investigation. That, in combination with what seems to be known as the 'IE Whitespace Bug', caused our white-zoom-lines. I removed these styles and had committed my changes before the 15 minutes were up.

This legendary success story taught me a lesson. Bugs (in software) are by definition illogical and irrational so maybe open-minded, non-routine approaches work better than the standard operating procedures. My next debugging session will definitely take place outside the box first and followed by the default weaponry (15 minutes) later.