A site devoted to discussing techniques that promote quality and ethical practices in software development.

Sunday, January 24, 2010

Web Security article & tutorial

This is an excellent article on web security providing an excellent tutorial on this topic. This is worth considering:
The problem with Web security is that, as important as it is, it is also very complex.... Fact is, you are part of the problem and don’t know what you did to cause it.

Thursday, January 21, 2010

Cooking your own EllipseCOM

During a conversation with a reader on my blog post, it has come to my attention that I have missed a key piece of information with respect to MIMSX.

In order for one to build one's own aggregation server, apart from following the recipe you also need to use a version of MIMSX that is at least of version 2.2.4.2 or later. Earlier version contains an internal setting bug making it an invalid candidate to aggregate.

Unfortunately, one cannot tell from a COM component's registered attributes or type library if it is supporting aggregation. You need to build the aggregation server to see if you can successfully create the aggregated component and wired up the query interface mechanism.

Also during instantiation, you must create an instance of the aggregation server and then query the interface of IMimsxServer; you do not create an instance of MIMSX.

Tuesday, January 19, 2010

My view on the effectiveness of antivirus software is vindicated

I have always formed the opinion that antivirus is a very ineffective and blunt device in protecting one from being attacked. This is not to say that I am flirting carelessly with danger on the Internet. What I am saying is that there are far better and efficient way to protect oneself than to rely on antivirus software.

Recent attack on Google in China invoked a number of comments and postmortem analysis and one of them has vindicated my view,
nCircle's Storms believes that one "lesson from this breach is that antivirus software really is dead. For quite a while it's been the least effective tool in the IT enterprise security toolset because it's only effective against known malware. It only takes one piece of customized malware to infiltrate your network."

In my e-mails with Kurtz he wasn't as bold about declaring the death of antivirus tools, but he did suggest a new approach as well. "There are technologies like whitelisting--McAfee Application Control, that would have prevented successful exploitation of this zero day and many others--without signatures. Companies really need to start augmenting their blacklisting with whitelisting protection technologies."
Antivirus is often like looking in the rear vision mirror. It is totally useless until its database has been updated.

Fujitsu has slate tablets before even Apple considering it

Fujitsu has released several slate tablets many years before Apple even has considered it. They just did not put an 'i' in front of the slate and did not impose all sorts of constrains on the owner.

Monday, January 18, 2010

App Store?

Many in the blog-space and media seem to have Apple's App Store undue recognition as something new and innovative. What a load of myopic view!

Handango has been selling software for PDA and Smartphone way before iPhone was even on a drawing board.

Thursday, January 14, 2010

How do you secure your .Net Application?

Here is a very comprehensive set of guidelines to show how to secure your .Net application after it has been developed.

Guidelines to develope secure ADO.Net application

This is a very comprehensive set of guidelines in making your ADO.Net secure.
Writing a secure ADO.NET application involves more than avoiding common coding pitfalls such as not validating user input. An application that accesses data has many potential points of failure that an attacker can exploit to retrieve, manipulate, or destroy sensitive data. It is therefore important to understand all aspects of security, from the process of threat modeling during the design phase of your application, to its eventual deployment and ongoing maintenance.

Developing program in non-Administrator account

Here is another recommendation from Microsoft:
The Windows user accounts that developers use normally should be added to either the Users or Power Users Groups. Developers should also be added to the Debugging Group. Being a member of the Users group allows you to perform routine tasks including running programs and visiting Internet sites without exposing your computer to unnecessary risk.
I am puzzled and disturbed why Microsoft suggests adding that account into Power Users' group given the result of a detail investigation of its exploit opportunities that concludes:
a determined member of the Power Users group can fairly easily make themselves full administrator using exploits in the operating system and ones created by third-party applications.
[...]
The lesson is that as an IT administrator you shouldn’t fool yourself into thinking that the Power Users group is a secure compromise on the way to running as limited user.
With the availability of runas, /netonly option, there is no need for the default log in account to be a member of Power User. Therefore one should disregard the 'Power User' group in the recommendation.



Damn I have missed my chance...

According this report,
Telling your boss what you really think of them is good for your health -- and helps managers improve, according to research published on Wednesday.

Firms should be even be encouraged to let employees regularly rate their line managers, to produce "happy, healthy, stress-free employees," said the study presented at a conference of the British Psychological Society.

[...]

"When managers received feedback from their staff, they were more likely to change their management style and subsequently be seen as more effective line managers," said the study.

Friday, January 8, 2010

CBA Netbank Text Mode Screen

CBA Netbank exhibits some frustrating and random log in behavior that should never be tolerated in a commercial Internet application, particularly from one of the Big-Four in Australia.

The problem randomly shows up the minute when you click the log in button after you have submitted the client number & password. In Firefox, it shows the page saying 'Server Not Found' and in IE8 it simply says that the page cannot be displaced. Some times you can log in and log off numerous time without seeing problem like this. But other time, you may have to put up with this rubbish.

In Firefox, if you repeatedly clicking on 'Try Again' button or hitting Ctrl-R, it will eventually come good and log you in. From time to time, depends on your click, you can be presented with a rarely seen text mode like this:


All the links on this page are active and you can click on it to get back to the graphical version.

If you get the 'Server not found' page and then go back to the log in screen immediately and supplying invalid log in credentials, CBA Netbank immediately echos back that your log in credentials are invalid. So it is connecting to the CBA Server alright.

This is a very annoying problem. Because of its randomness, one cannot reliably dependent on every log in being successful and not knowing how many clicks on 'Try Again' are needed to get one logged in.

Thursday, January 7, 2010

Cavaets in using Ellipse Business Connector

Ellipse Business Connector (MIMSX) is an integration component to allow developers to integrate with their ERP system.

This is a COM STA component originally designed to work in say Excel. However, this has found usage in many different type of applications, such as Web Servers or multi-threaded daemon process. This blog post is not to show how to use this component properly but to describe a number of the caveats that can cause problems - even when using in Excel.

The need for these caveats is because MIMSX, together with some of its internal components, can cause problems that generally are related to the absence of concurrency control. One may ask how can a STA component can have concurrency issues? Doesn't COM provides synchronization protection when an STA component is being access from multiple apartments?

Read on because MIMSX is not your COM spec conforming STA component.

Caveats on using MIMSX

MIMSX Reentrancy

The main problem of using MIMSX in a GUI application, including Excel, is that MIMSX is re-entrant; this problem is best illustrated using MSQDSK in Ellipse 6, which uses MIMSX. While many of the methods of the MIMSX interfaces do not return until results are ready as all normal COM methods should, they internally contain a message pump that is required by the legacy home-grown IPC mechanism based on window messaging technique. This message pump is the root cause of making MIMSX, inproc-COM component, reentrant. To be fair, it is not entirely MIMSX's problem. Whenever you have a modal method or code modality, you have a reentrant situation.

If your program, even in Excel, sends a command to the backend and expecting for some result, you should implement appropriate reentrancy control techniques. Failure to do so can cause unpredictable problem.

Using MIMSX in a multi-threaded program

More and more people are trying to use MIMSX in say ASP/ASP.Net, Web Service or Service Daemon programs to provide server-side integration solution. Or to move their scripts from desktop deployment to centralize server operation. All these environments operate in MTA and expect all the required COM components to support MTA.

However, MIMSX is an STA component. When MIMSX object is created in this situation, known as mixed-model, MIMSX objects have to be created in its STA while the clients of these objects are living in the MTA. The end effect is that the calls from these clients threads are serialized by COM to call these objects, nullifying the benefit of multi-threading.

When operating in mixed-model environment, COM does not raise any warning or error, all one would notice is the absence of performance when load is applied despite more threads are being used.

To alleviate this is quite straight forward without requiring re-architecting the solution. All one has to do is to apply COM aggregation technique to aggregate MIMSX in a specially crafted COM executable server. Mincom has made one called EllipseCOM but may not be generally available. If that is the case, just follow the instructions to build your own. COM is an open industry standard and there is nothing much a vendor can do to forbid you applying proper COM idiom.

This is actually a good technique to build your own ERP SOA server so that your application is not directly bound to Mincom's idiosyncrasies and products.

This technique is not optimal and certainly not perfect. It would be nicer if MIMSX object model was published by TpAgent, which acts as a COM local server. But this is not the case and using aggregation is the next best option.

While it alleviates serializing all calls from all these threads to MIMSX objects, this option has the following issues:
1) it incurs heavy tolls on marshalling and context swithing as MIMSX's object model is designed to be transverse in-process and hence it employs very chatty interfaces. But now, the in-process calls are discarded replaced by inter-process calls.

If code modification is an option, try to reduce the usage of dotted-expression to transverse the object model. Don't forget memory are allocated on the aggregation server and then marshalled across to the client process and then made available to the client. They can exert heavy toll.

But in comparison, the usage of aggregation server prevents one's call from blocking other threads from doing their work and to call the Ellipse back end and this on the balance has been measured to increase the throughput.

2) If the clients are .Net environment, you are now dealing with two memory management schemes - the COM one is deterministic based on reference count while the CLR one is base on garbage collection, which is non-deterministic. As a results, usage of the dotted-expression can cause large number of temporary CLR objects to be created each of them manages an associated COM object. These CLR objects will not release its associated COM objects until they are garbage collected. This can cause system memory demand to be greater than an operating environment based solely on reference counting.

The biggest attraction of using aggregation server is that you only have to change one line of code; just change from the ProgID or CLSID of MIMSX to that of the aggregation server. This assumes that your application is coded using MIMSX interfaces, as a well-written COM application should, and not using implementation language wrapper classes. If you are prepared to switch the entire server environment over to using the aggregation server, you do not even have to modify your code by leveraging the COM Emulation technique

While this solution uses multiple STA servers to remove the mixed-model problem, for MIMSX it is not the same as implementing a multiple STA server solution because MIMSX uses components that are downright dangerous in this kind of environment.They are covered by other caveats.

Caveat in using MSYMCACH

It is an internal optional COM component used by MIMSX. Its sole purpose is to 'cache' the host commands and their results on the client machine to avoid the expensive trips to the back end. The principle is sound but in practice not well executed.

The cached data are saved, rather in a primitive manner with little performance concerns, in files on the client's machine. They are not isolated by processes. That is if ApplicationA and ApplicationB are to cache data of a same identifier, they are then competing to access the same pair of files.

In well written multi-threaded program, such occurrence will be controlled by suitable synchronization mechanism to ensure orderly access. But not in MSYMCACH, which seems to be a leftover from Windows 3.x's era which was a non-preemptive operating system. In those olden days, only one application can run and no one, including Windows 3.x, can steal its sole usage of the CPU. Therefore why need to implement any synchronization mechanism to control concurrent access? However, the world has changed and we are now using preemptive OS running on Hyper-Threading or multi-core machines. Collision is just matter of when and not even if.

The usage of a set of very old, first generation, C IO functions give credence to this speculation despite newer ones which allow programmers to control file access mode.

So even if you have two Excel scripts running it can cause problem. Problem can range from one application over writing changes made by another application; or it can be access problem when two are trying to either write to the same pair of files.

Because of the poor implementation and doubtful benefit it brings, it is recommended a user to unregister this component to avoid unpredictable problem caused by the absence of any concurrency control.

EllipseCOM or aggregation server design is of no help in this situation. Files are essentially a singleton resource and should be treated as such.

Caveat for CBR32.DLL

Once again, this is internally used by MIMSX and is a mandatory component, unlike MSYMCACH. In brief it is basically Ellipse's marshaller and MIMSX offers a COM conforming object model representation of the Ellipse model.

Once again, it appears this is another leftover from days gone by coupled with gratuitous dependency on global variables (nasty) even when it is using dynamic heap. Naturally it lacks any basic form of concurrency control.

This component assumes that it is always living in a single thread process and possibly only one client using it. Single Thread does not equate to single client using a component; you could have several clients on a Window form using CBR32.

Because it is devoid of any concurrency control, one should never use it in a multi-threaded program or program with multiple STA to host MIMSX. Such environment can result in total CBR32 data corruption. Don't forget, CBR32 is not designed to be used only by MIMSX, it is used by other applications as it offers a C-Style exported functions.

If you need to have multiple STA to host MIMSX, it is recommended that each STA uses either EllipseCOM or MIMSX aggregation server.

The EllipseCOM or MIMSX aggregation server ensures that only one thread per process and that is the kind of the environment expected by CBR32. Failure to observe this will result in data corruption.

Blog Archive