Rupert Rawnsley's WebLog

Fragment (consider revising)

Monday, October 26, 2009

Overture Online Goes Live!

Our company "stealth" project is now officially live and kicking. Overture Online is the shop front of a new range of tools for wireless network design. As the name suggests, the Internet is a major part of our strategy.


We have tried to make the user experience as seamless as possible and the learning curve gentle and pleasurable. We still have some way to go, but lots of ideas about how to keep on improving things - we are never short of ideas!

Let us know if you have any comments or suggestions. We even have a Twitter account because it makes us look really cool.

The reaction to Overture so far has been very good. The engineers are excited and the competition are terrified. Hopefully we can turn that positive interest into a healthy customer base and smash our competitors into dust, then burn the dust, then dance in the flames laughing like lunatics. Partnering opportunities are also available.

Thursday, October 15, 2009

ClickOnce Deployment Problems

We have recently moved to ClickOnce for all our application deployment needs, and it is fantastic in so many ways, but there are still some scenarios where it fails. I will collect these together in one post and keep it up-to-date as new information becomes available. If anyone else has any ClickOnce war-stories, please add them to the comments.

Proxy Servers


If your customers are behind an authenticated proxy server, ClickOnce may fail to work. This is because the authentication settings are usually stored in Internet Explorer, but the ClickOnce deployment libraries (System.Deployment.Application) do not use them by default. The bug is documented here, but opinion varies about whether it should be fixed or not: Microsoft says it shouldn't, everybody else says it should.

When it goes wrong a typical error report looks like this:


PLATFORM VERSION INFO
Windows : 5.2.3790.131072 (Win32NT)
Common Language Runtime : 2.0.50727.3053
System.Deployment.dll : 2.0.50727.3053 (netfxsp.050727-3000)
mscorwks.dll : 2.0.50727.3053 (netfxsp.050727-3000)
dfdll.dll : 2.0.50727.3053 (netfxsp.050727-3000)
dfshim.dll : 2.0.50727.3053 (netfxsp.050727-3000)

SOURCES
Deployment url : http://overtureonline.com/Applications/Keima/Overture/Overture.application

ERROR SUMMARY
Below is a summary of the errors, details of these errors are listed later in the log.
* Activation of http://OvertureOnline.com/Applications/Keima/Overture/Overture.application resulted in exception. Following failure messages were detected:
+ Downloading http://overtureonline.com/Applications/Keima/Overture/Overture.application did not succeed.
+ The remote server returned an error: (407) Proxy Authentication Required.

COMPONENT STORE TRANSACTION FAILURE SUMMARY
No transaction error was detected.

WARNINGS
There were no warnings during this operation.

OPERATION PROGRESS STATUS
* [25/09/2009 15:59:15] : Activation of http://OvertureOnline.com/Applications/Keima/Overture/Overture.application has started.

ERROR DETAILS
Following errors were detected during this operation.
* [25/09/2009 15:59:16] System.Deployment.Application.DeploymentDownloadException (Unknown subtype)
- Downloading http://overtureonline.com/Applications/Keima/Overture/Overture.application did not succeed.
- Source: System.Deployment
- Stack trace:
at System.Deployment.Application.SystemNetDownloader.DownloadSingleFile(DownloadQueueItem next)
at System.Deployment.Application.SystemNetDownloader.DownloadAllFiles()
at System.Deployment.Application.FileDownloader.Download(SubscriptionState subState)
at System.Deployment.Application.DownloadManager.DownloadManifestAsRawFile(Uri& sourceUri, String targetPath, IDownloadNotification notification, DownloadOptions options, ServerInformation& serverInformation)
at System.Deployment.Application.DownloadManager.DownloadDeploymentManifestDirectBypass(SubscriptionStore subStore, Uri& sourceUri, TempFile& tempFile, SubscriptionState& subState, IDownloadNotification notification, DownloadOptions options, ServerInformation& serverInformation)
at System.Deployment.Application.DownloadManager.DownloadDeploymentManifestBypass(SubscriptionStore subStore, Uri& sourceUri, TempFile& tempFile, SubscriptionState& subState, IDownloadNotification notification, DownloadOptions options)
at System.Deployment.Application.ApplicationActivator.PerformDeploymentActivation(Uri activationUri, Boolean isShortcut, String textualSubId, String deploymentProviderUrlFromExtension, BrowserSettings browserSettings, String& errorPageUrl)
at System.Deployment.Application.ApplicationActivator.ActivateDeploymentWorker(Object state)
--- Inner Exception ---
System.Net.WebException
- The remote server returned an error: (407) Proxy Authentication Required.
- Source: System
- Stack trace:
at System.Net.HttpWebRequest.GetResponse()
at System.Deployment.Application.SystemNetDownloader.DownloadSingleFile(DownloadQueueItem next)

COMPONENT STORE TRANSACTION DETAILS
No transaction information is available.


A smart customer of ours actually found an answer: she ran an NTLM proxy, but we shouldn't expect all our customers to be computer geniuses.

The recommended solution is for the customer to edit their machine.config file - I can't see how that could possibly go badly ;-)

Internet Explorer Security


If the Internet Explorer security option "Run components not signed with Authenticode" option is set to "Disable", then your .application file will not work. The reason why would be clearer if the wording was "Run components not signed with Authenticode certificates that I trust", because even if your installer is actually signed, it is not necessarily a trusted publisher on the customers machine.

The error looks like this:


PLATFORM VERSION INFO
Windows : 6.0.6001.65536 (Win32NT)
Common Language Runtime : 4.0.20506.1
System.Deployment.dll : 4.0.20506.1 (Beta1.020506-0100)
clr.dll : 4.0.20506.1 (Beta1.020506-0100)
dfdll.dll : 4.0.20506.1 (Beta1.020506-0100)
dfshim.dll : 4.0.20428.1 (Beta1.020428-0100)

SOURCES
Deployment url : http://cadenza.keima.co.uk/Applications/Keima/Test/ConsoleApplicationClickOnce/ConsoleApplicationClickOnce.application
Server : Microsoft-IIS/7.0
X-Powered-By : ASP.NET

ERROR SUMMARY
Below is a summary of the errors, details of these errors are listed later in the log.
* Activation of http://cadenza.keima.co.uk/Applications/Keima/Test/ConsoleApplicationClickOnce/ConsoleApplicationClickOnce.application resulted in exception. Following failure messages were detected:
+ Your Web browser settings do not allow you to run unsigned applications.

COMPONENT STORE TRANSACTION FAILURE SUMMARY
No transaction error was detected.

WARNINGS
There were no warnings during this operation.

OPERATION PROGRESS STATUS
* [10/15/2009 3:21:06 PM] : Activation of http://cadenza.keima.co.uk/Applications/Keima/Test/ConsoleApplicationClickOnce/ConsoleApplicationClickOnce.application has started.

ERROR DETAILS
Following errors were detected during this operation.
* [10/15/2009 3:21:06 PM] System.Deployment.Application.InvalidDeploymentException (Manifest)
- Your Web browser settings do not allow you to run unsigned applications.
- Source: System.Deployment
- Stack trace:
at System.Deployment.Application.ApplicationActivator.BrowserSettings.Validate(String manifestPath)
at System.Deployment.Application.ApplicationActivator.PerformDeploymentActivation(Uri activationUri, Boolean isShortcut, String textualSubId, String deploymentProviderUrlFromExtension, BrowserSettings browserSettings, String& errorPageUrl)
at System.Deployment.Application.ApplicationActivator.ActivateDeploymentWorker(Object state)

COMPONENT STORE TRANSACTION DETAILS
No transaction information is available.


I don't know of any tidy workaround for this. If the client installs your certificate prior to product installation then it will work, but then it's no longer ClickOnce is it? One might argue that they asked for this by changing the setting, but it is more likely that their IT department did it and they know nothing about it. The irony is that if you run the bootstrap setup.exe, as you must from browsers like Chrome, then it works fine, but this means you are forcing clients to run a full-trust executable instead of a potentially low-trust .application file.

Missing Local Files


A ClickOnce install puts files in a special folder called Apps (%localappdata%\Apps on Vista at least). I'm not sure the exact purpose of all of the folders and files, but I do know if you delete some of them it can cause web-launch failures. For instance, I installed a simple application, deleted the folder which held the application binary files and then tried to relaunch the application. This failed with the following message:


PLATFORM VERSION INFO
Windows : 6.0.6001.65536 (Win32NT)
Common Language Runtime : 4.0.20506.1
System.Deployment.dll : 4.0.20506.1 (Beta1.020506-0100)
clr.dll : 4.0.20506.1 (Beta1.020506-0100)
dfdll.dll : 4.0.20506.1 (Beta1.020506-0100)
dfshim.dll : 4.0.20428.1 (Beta1.020428-0100)

SOURCES
Deployment url : http://cadenza.keima.co.uk/Applications/Keima/Test/ConsoleApplicationClickOnce/ConsoleApplicationClickOnce.application
Server : Microsoft-IIS/7.0
X-Powered-By : ASP.NET

IDENTITIES
Deployment Identity : ConsoleApplicationClickOnce.application, Version=1.0.0.1, Culture=neutral, PublicKeyToken=39bbeb210852ebe6, processorArchitecture=msil

APPLICATION SUMMARY
* Online only application.

ERROR SUMMARY
Below is a summary of the errors, details of these errors are listed later in the log.
* Activation of http://cadenza.keima.co.uk/Applications/Keima/Test/ConsoleApplicationClickOnce/ConsoleApplicationClickOnce.application resulted in exception. Following failure messages were detected:
+ The directory name is invalid. (Exception from HRESULT: 0x8007010B)

COMPONENT STORE TRANSACTION FAILURE SUMMARY
No transaction error was detected.

WARNINGS
There were no warnings during this operation.

OPERATION PROGRESS STATUS
* [10/15/2009 3:32:28 PM] : Activation of http://cadenza.keima.co.uk/Applications/Keima/Test/ConsoleApplicationClickOnce/ConsoleApplicationClickOnce.application has started.
* [10/15/2009 3:32:28 PM] : Processing of deployment manifest has successfully completed.

ERROR DETAILS
Following errors were detected during this operation.
* [10/15/2009 3:32:28 PM] System.Runtime.InteropServices.COMException
- The directory name is invalid. (Exception from HRESULT: 0x8007010B)
- Source: System.Deployment
- Stack trace:
at System.Deployment.Application.NativeMethods.CorLaunchApplication(UInt32 hostType, String applicationFullName, Int32 manifestPathsCount, String[] manifestPaths, Int32 activationDataCount, String[] activationData, PROCESS_INFORMATION processInformation)
at System.Deployment.Application.ComponentStore.ActivateApplication(DefinitionAppId appId, String activationParameter, Boolean useActivationParameter)
at System.Deployment.Application.SubscriptionStore.ActivateApplication(DefinitionAppId appId, String activationParameter, Boolean useActivationParameter)
at System.Deployment.Application.ApplicationActivator.Activate(DefinitionAppId appId, AssemblyManifest appManifest, String activationParameter, Boolean useActivationParameter)
at System.Deployment.Application.ApplicationActivator.PerformDeploymentActivation(Uri activationUri, Boolean isShortcut, String textualSubId, String deploymentProviderUrlFromExtension, BrowserSettings browserSettings, String& errorPageUrl)
at System.Deployment.Application.ApplicationActivator.ActivateDeploymentWorker(Object state)

COMPONENT STORE TRANSACTION DETAILS
* Transaction at [10/15/2009 3:32:28 PM]
+ System.Deployment.Internal.Isolation.StoreOperationSetDeploymentMetadata
- Status: Set
- HRESULT: 0x0
+ System.Deployment.Internal.Isolation.StoreTransactionOperationType (27)
- HRESULT: 0x0


Thanks to Russell Christopher for blogging the only solution I have found that works: delete everything in the Apps folder. This should be safe given that ClickOnce applications repair themselves if completely removed. Apart from Start Menu shortcuts, they are completely defined by the files on the disk (I think).

Obviously this is the clients fault for messing with the files in the first place, but I was surprised it didn't repair itself.

Thursday, October 01, 2009

Sinister discovery of the day

Whilst researching international post-codes (don't ask), I happened upon a Wiki page about Chinese post-codes (not a euphemism). Note the codes (000000–009999) reserved for Taiwan.

Friday, September 11, 2009

Apology for Alan Turing

The British Government apologised for their persecution of Alan Turning following an online petition. I'm delighted by this for both highlighting the abominable treatment of gay people and for bringing my hero Turing to peoples attention again.

As a signatory of the online petition, I received a copy of the apology in full in an email (which I thought was a nice touch). Here it is reproduced in full:

"Thank you for signing this petition. The Prime Minister has written a response. Please read below.

Prime Minister: 2009 has been a year of deep reflection – a chance for Britain, as a nation, to commemorate the profound debts we owe to those who came before. A unique combination of anniversaries and events have stirred in us that sense of pride and gratitude which characterise the British experience. Earlier this year I stood with Presidents Sarkozy and Obama to honour the service and the sacrifice of the heroes who stormed the beaches of Normandy 65 years ago. And just last week, we marked the 70 years which have passed since the British government declared its willingness to take up arms against Fascism and declared the outbreak of World War Two. So I am both pleased and proud that, thanks to a coalition of computer scientists, historians and LGBT activists, we have this year a chance to mark and celebrate another contribution to Britain’s fight against the darkness of dictatorship; that of code-breaker Alan Turing.

Turing was a quite brilliant mathematician, most famous for his work on breaking the German Enigma codes. It is no exaggeration to say that, without his outstanding contribution, the history of World War Two could well have been very different. He truly was one of those individuals we can point to whose unique contribution helped to turn the tide of war. The debt of gratitude he is owed makes it all the more horrifying, therefore, that he was treated so inhumanely. In 1952, he was convicted of ‘gross indecency’ – in effect, tried for being gay. His sentence – and he was faced with the miserable choice of this or prison - was chemical castration by a series of injections of female hormones. He took his own life just two years later.

Thousands of people have come together to demand justice for Alan Turing and recognition of the appalling way he was treated. While Turing was dealt with under the law of the time and we can't put the clock back, his treatment was of course utterly unfair and I am pleased to have the chance to say how deeply sorry I and we all are for what happened to him. Alan and the many thousands of other gay men who were convicted as he was convicted under homophobic laws were treated terribly. Over the years millions more lived in fear of conviction.

I am proud that those days are gone and that in the last 12 years this government has done so much to make life fairer and more equal for our LGBT community. This recognition of Alan’s status as one of Britain’s most famous victims of homophobia is another step towards equality and long overdue.

But even more than that, Alan deserves recognition for his contribution to humankind. For those of us born after 1945, into a Europe which is united, democratic and at peace, it is hard to imagine that our continent was once the theatre of mankind’s darkest hour. It is difficult to believe that in living memory, people could become so consumed by hate – by anti-Semitism, by homophobia, by xenophobia and other murderous prejudices – that the gas chambers and crematoria became a piece of the European landscape as surely as the galleries and universities and concert halls which had marked out the European civilisation for hundreds of years. It is thanks to men and women who were totally committed to fighting fascism, people like Alan Turing, that the horrors of the Holocaust and of total war are part of Europe’s history and not Europe’s present.

So on behalf of the British government, and all those who live freely thanks to Alan’s work I am very proud to say: we’re sorry, you deserved so much better.

Gordon Brown

If you would like to help preserve Alan Turing's memory for future generations, please donate here: http://www.bletchleypark.org.uk/

Petition information - http://petitions.number10.gov.uk/turing/"


I won't link to the Downing Street site version because the comments might as well have come from the Daily Mail's letters page.

Friday, August 28, 2009

BBC News: File-sharers' TV tastes revealed

The BBC have a story based on some download statistics for TV & film that makes interesting reading. If the TV network executives read this and think "threat" rather than "opportunity" they are missing a trick. What if they uploaded the torrent themselves simultaneously with transmission including the adverts? Nobody is going to bother with an illegal version if this one is available immediately and is of high quality. Only a hardcore pirate would bother with an ad-free version because this would lag slightly behind the official version in terms of time to release, but crucially the number of seeds, and hence the download speed, would be significantly lower.

Yes people could zap through the ads, but that is no different to "TIVO" on broadcast anyway and only a schmuck watches things live these days anyway. If only 2% of people sat through the ads, that is still 1 million people you don't have today in a demographic you would normally struggle to reach.

There is a secret power in "global" as well. Advertisers talk about "playground repeats", which is when slogans and jingles are repeated in the school yard. If your adverts start to permeate the global culture a synergy emerges where the phrases and concepts become a lingua franca in online conversations.

Infrastructure requirements: a laptop, a big disk, and a decent uplink; not bad if you want to reach more than 50 million people worldwide. If it really takes off you could even do away with that expensive array of radio towers.

A halfway solution is no good. Custom players, region and DRM locking, proprietary standards, etc... will always be a niche play against the power of free. Open it up and let the community build the software and hardware to support it. Stick to what you know: making TV shows.

I don't pretend that this is a good solution for films, but it is perfect for TV.

Friday, August 21, 2009

ASP.NET File Permissions

Short Story:

Use Process Monitor to help resolve ASP.NET file permission problems.

Long Story:

I have some files on one machine that I would like to make available through one of our company websites. We use IIS for our hosting, so I created a file share on the machine with the files and linked to it using a Virtual Directory. Now when resources are accessed via IIS they do so as the IUSR account (unless other authentication options are enabled), so I added read permissions for this user to my files security settings and to the sharing permissions (I always forget to do both), but it did not work. There may be some fancy ASP logging that tells you why, but I have always struggled to get the ASP logs to do anything very useful. Several smart people on the Internet recommended using Process Monitor from Microsoft (previously from Sysinternals). Everything that the Sysinternals guys make is made of pure awesome, and this is no exception. It allows you to search for the ACCESS DENIED operation (a CreateFile function call), and this shows all of the relevant details, including the user credentials used. In my case it was IUSR, or actually /IUSR_, which is some sort of domain equivalent. Exactly the user I had set the permissions for, so why wasn't it working?

Running Process Monitor on the file hosting machine instead reveals the problem: the file access was impersonating a different user, namely /$. It seems that this is the default behaviour across machine boundaries unless you are explicitly impersonating a designated user, in which case those credentials are passed intact.

The fix I chose may not be the recommended solution, but it worked for me: explictly impersonate IUSR to force the credentials to be passed across the machine boundary. To do this you need the IUSR password, which can be obtained by following this helpful advice. Whatever you do, don't change the IUSR password or you may unwittingly open a portal to a new dimension of pain.

Monday, July 20, 2009

Richard Feynman: The Character of Physical Law

Feynman's incredible lecture series is now freely available on video here: http://research.microsoft.com/apps/tools/tuva/index.html.

It is wonderfully complete, including the VT header, which I think should begin all videos.

It's all made possible by someone called "Gates".

Monday, May 25, 2009

eMail for Kids

#1 son is of an age where he would love an email address. There are many pay for services that offer safe kids emails, but it seems like a dumb thing to have to pay for.

The must have feature is an exclusive whitelist. This means that ONLY people on your contact list can send you emails.

My beloved GMail don't offer this service, but Microsoft's Live Mail does. I will let you know how it works out. It took a while to make sure all the permissions were locked down.

Incidentally, the default account name for my location is live.co.uk or hotmail.co.uk, which is lame, so I experimented with the URL and found I could trick it into US mode like this: https://signup.live.com/signup.aspx?mkt=EN-US&rollrs=12&lic=1. This gives you the option of registering for live.com or hotmail.com addresses.

Monday, March 30, 2009

Visual Studio 2008 Product Comparison

The Visual Studio product page appears to have no comparison chart that spans all product editions. This is quite an omission for a product line that costs anywhere from $0 (for the Express editions) to $10939 (for Team Suite with an MSDN subscription). A range I would also describe as going from "outrageously amazing" to "poking developers in the eyes with toothpicks". If you dig around for a while, there is at least a price comparison chart on the site. However, you have to venture further afield for a clear feature comparison chart on the general Microsoft download site.

One price step that interests me is between Professional and Team System Developer. These are likely to be the two editions most commonly compared by price conscious code shops. If you use Team Foundation Server, you will need to add a Client Access License to Professional, which takes the total to $800 + $500 = $1300. Feature wise Developer edition gives you:

  • Code Profiling
  • Code Analysis (including check-in policies and spell checking)
  • Code Coverage

With Developer you are also required to buy MSDN Premium, so the total cost is $5469. Professional + CAL + MSDN Premium is $2500. So you have to ask yourself if MSDN Premium is worth it, and if the extra Developer features are then worth doubling your investment.

Tuesday, March 24, 2009

101 LINQ Samples

(via MSDN)