No matter how far you have gone on the wrong road, turn back!


I worked with a brilliant team of developers on a project some time ago, with a typically geeky calendar that had sayings by notable computer scientists like Edsger W. Dijkstra that was the subject of discussion in our daily stand-ups from time to time.

I was aware of the proverb, but had never really considered it in a software development context. Sometimes one encounters projects large or small that are failing or have indeed failed, or difficulty in trying to solve a technical  or programming obstacle.

“No matter how far you have gone on the wrong road, turn back – Turkish Proverb”

Windows Ten Free Upgrade Offer


Windows 8 has come on in leaps and bounds since the 8.1 release, making Windows 8 significantly easier to use. When Windows 8 was released, word was everyone was going to ditch their PC and just use a tablet, so the User Interface (UI) in Windows 8 promoted touch based input. Microsoft appears to have corrected the issue in Windows 10.

Why No Windows 9?

It turns out that there is a lot of code out there that relies on some sloppy coding in the Windows 95-98 timeframe, where instead of checking for the whole year e.g. 95 in 1995 or 98 in 1998, the code checks for the first character StartsWith(“9”) instead of Equals(“1995”), you can find an article here that explains the issue.

Windows Ten

The first thing you will notice is that the start bar in the bottom left hand corner looks a little bit more familiar. They have completely done away with the Windows Modern UI Start Screen in Windows 8

Back

Windows Ten Free Upgrade Offer

If you would like to move to Windows 10 for free, have a look at this post

Great news! We will offer a free upgrade to Windows 10 for qualified new or existing Windows 7, Windows 8.1 and Windows Phone 8.1 devices that upgrade in the first year!  And even better: once a qualified Windows device is upgraded to Windows 10, we will continue to keep it up to date for the supported lifetime of the device, keeping it more secure, and introducing new features and functionality over time – for no additional charge. Sign up with your email today, and we will send you more information about Windows 10 and the upgrade offer in the coming months.      

Website

Link available here.

Gangnam Style music video ‘broke’ YouTube view limit


I read an article on the Gangnam Style music video on the BBC website earlier this week and felt it failed to explain any of the numbers mentioned in any meaningful way.

The article asks,

How do you say 9,223,372,036,854,775,808?

Nine quintillion, two hundred and twenty-three quadrillion, three hundred and seventy-two trillion, thirty-six billion, eight hundred and fifty-four million, seven hundred and seventy-five thousand, eight hundred and eight.

When one starts to learn programming, understanding data types is of fundamental importance, irrespective whether you are using Native Languages like C or C++, Managed Languages like Java or C#, Functional Languages like Haskell or F# or Dynamic Languages like JavaScript, PHP or Python. A variable essentially is what a computer uses to store items usually when it is running. Text (like the one you are reading right now in this article) is usually stored in a String variable, whole numbers tend to be stored in an Int variable (integer).

There is no magic!

I program in C# (pronounced “see sharp”) a lot nowadays and can instantly recognise 2,147,483,647 as Int32.MaxValue. It is this limit that the Gangnam style video reached. Programming wise, Youtube is written in a lot of C, so a quick Wikipedia search for C data types shows that all that’s really changed is that they’ve changed their long signed integer type (At least in the −2147483647, +2147483647 range thus at least 32 bits in size) to a long long signed integer type (At least in the −9223372036854775807, +9223372036854775807 range thus at least 64 bits in size. Specified since the C99 version of the standard). In C#, this is Int64.MaxValue.

The remote server returned an error: (407) Proxy Authentication


Periodically, I find myself writing an N-Tier, SaaS app written in Winforms or WPF for a Bank or Energy firm, that uses proxies.

400px-Proxy_concept_en_svg

In fact, as security becomes a better understood component, providing a standardised environment in the enterprise, the more companies typically use proxy servers.

Every once in a while I come across the dreaded message The remote server returned an error: (407) Proxy Authentication Required. 

There is an article here that explains the issue. Make sure you add this to your app.config between the configuration nodes.

<system.net>

<defaultProxy enabled=true useDefaultCredentials=true>

<proxy autoDetect=True usesystemdefault=True/>

</defaultProxy>

</system.net>

<defaultProxy> Element (Network Settings)

enabled  Specifies whether a web proxy is used. The default value is true.

useDefaultCredentials  Specifies whether the default credentials for this host are used to access the web proxy. The default value is false.

 <proxy> Element (Network Settings)

autoDetect Specifies whether the proxy is automatically detected. The default value is unspecified.

usesystemdefault Specifies whether to use Internet Explorer proxy settings. If set to true, subsequent attributes will override Internet Explorer proxy settings. The default value is unspecified.

The calling thread must be STA, because many UI components require this


Whilst working on my current WPF application, I was at Sixes & Sevens trying to correct the following error;

Message: The calling thread must be STA, because many UI components require this

I ended up hacking my way out of this problem a week or so ago, hacks however, make me feel extremely dirty, and subscribing to the “leave code as you would like to find it” mantra meant one had to subsequently revisit it to “tidy-up”.  I have a strictly MVVM application that is complex and multithreaded, needing to update UI components from web service calls that typically are asynchronous. The issue here was that I was using code like this in my view model thinking I had access to the dispatcher.

Dispatcher.CurrentDispatcher.BeginInvoke((Action) (() =>
 

The mistake I made was in not getting a reference to the correct dispatcher.

To correct this issue, ensure you have a variable that gets a reference to the correct dispatcher when the view model is instantiated, you can then use this dispatcher in your view model, without having to pollute your code behind files.

private readonly Dispatcher dispatcher;
 
public DemoViewModel()
{
this.dispatcher = Dispatcher.CurrentDispatcher;
}

Cannot build Expression Blend Project using F5/Ctrl+Shift+B


Whenever I try build Expression Blend on a machine for the first time, I always encounter this error when I hit F5

The specified solution configuration "Debug|HPD" is invalid. Please specify a valid solution configuration using the Configuration and Platform properties (e.g. MSBuild.exe Solution.sln /p:Configuration=Debug /p:Platform="Any CPU") or leave those properties blank to use the default solution configuration.
Done building project "Name Of Your Project.sln" — FAILED.

Error

It goes without saying that it is irritating that you cannot use the application from the word go. I have encountered this error on both 32 and 64 bit windows versions, and resolve the issue thus;

Go into the advanced system settings (I am using windows 7)

01

Select the advanced tab, and click the “Environment Variables” button

02

Delete the “Platform” variable

03

After restarting Expression blend, you should find that you can F5/Ctrl+Shift+B to build your solution.

Encrypting files in C#.NET using the Advanced Encryption Standard (AES)


Cryptography

One of the biggest challenges when dealing with the security and encryption for a system, is the determination of the correct ciphering paradigm. In .NET, there is a copious amount of libraries available for use in the System.Cryptography namespace. A significant amount of these libraries have been deprecated, usually, due to vulnerabilities being subsequently exposed, so it is very easy to use something that may be as watertight as a sieve.

This is further compounded by the fact that the cryptography API’s are very detailed and low level – they are not easy to use for a novice – the consequences of setting a single parameter incorrectly results in a security implementation that may as well not exist. Consequently, it is imperative that this subject never be approached in a typical agile/sprint manner – security should definitely be approached using a waterfall model. Have no hesitation to advise any manager or architect that your solution “will be ready, when it is ready”. The agile methodology is typically about adding units of functionality in a YAGNI way, accruing technical debt that can be paid back later, and refactoring applied, this just simply not a correct or acceptable approach when dealing with the security of a system. Do ensure you take the time to do a lot of research, understanding the pitfalls of various implementations is vital to a robust security implementation.

The Advanced Encryption Standard (AES)

The abundance of so many different types of cryptography, implemented using Symmetric (same key is used to encrypt and decrypt) and Asymmetric (public key and private key used to encrypt and decrypt) algorithms has necessitated that Governments try and standardise implementations across departments, sites and even countries. The AES was released in 2001 as a replacement for the Data Encryption Standard (DES) which had been found to be susceptible to backdoors. This new standard has been widely adopted in commercial environments, as it had a requirement to be able to protect information for a minimum of 20 years or 30 years.

A number of papers were submitted in the application process for the AES by various academic institutions, with the winning cipher named Rijndael (pronounced rain-dahl) a play on the names of the authors of the paper, Joan Daemen and Vincent Rijmen (paper available here). I am sure you will agree that comprehension and implementation of the paper is better suited to domain experts. The algorithm was written by two gifted PhD calibre researchers, so your time as a developer is better suited to try and resolve the domain problems that your business is trying to solve (unless you are a cryptographer of course). You can be sure that researchers at Microsoft have done all the time consuming work of implementing and testing the algorithm, rather than to trying to implement the Rijndael Block Cipher yourself.

To this end, Microsoft have implemented the Rijndael Block Cipher in two in .NET  classes which, incidentally, both inherit from the SymmetricAlgorithm  abstract base class

  • RijndaelManaged.
  • AesManaged
    The AES algorithm essentially, is the Rijndael symmetric algorithm with a fixed block size and iteration count. This class functions the same way as the RijndaelManaged class but limits blocks to 128 bits and does not allow feedback modes. Most developers tend to favour using the RijndaelManaged class directly, as that is the one that is used in the FIPS-197 specification for AES but there are a couple of caveats. If you want to use RijndaelManaged  as AES and adhere to the specification ensure
  1. You set the block size to 128 bits 
  2. You do not use CFB mode, if you do, ensure the feedback size is also 128 bits 

Unlike some of the asymmetric implementations by Microsoft, the AES implementation allows you to work at a very high level of abstraction, reducing the amount of parameters you have to configure, hence the scope for error. I have created a class that allows you to encrypt and decrypt strings (your password), and then use this to encrypt a files from anywhere on your machine.

Thus far, the only way this algorithm can be broken is by using a technique known as brute force. This is done by a supercomputer(s) trying every known word in a language, and various password to try and generate the correct password. Typically, these types of programs run over weeks or even months, but can be increased  to millennia if the end user chooses a strong password to begin with, which is why having a well defined password policy is vital.

public MainWindow()
{
InitializeComponent();
 
byte[] encryptedPassword;
 
// Create a new instance of the RijndaelManaged
// class.  This generates a new key and initialization
// vector (IV).
using (var algorithm = new RijndaelManaged())
{
algorithm.KeySize = 256;
algorithm.BlockSize = 128;
 
// Encrypt the string to an array of bytes.
encryptedPassword = Cryptology.EncryptStringToBytes("Password", algorithm.Key, algorithm.IV);
}
 
string chars = encryptedPassword.Aggregate(string.Empty, (current, b) => current + b.ToString());
 
Cryptology.EncryptFile(@"C:\Users\Ira\Downloads\test.txt", @"C:\Users\Ira\Downloads\encrypted_test.txt", chars);
 
Cryptology.DecryptFile(@"C:\Users\Ira\Downloads\encrypted_test.txt", @"C:\Users\Ira\Downloads\unencyrpted_test.txt", chars);
}
 

I am using 256 bit (you can change this to 128 or 192)

using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;
 
namespace AesApp.Rijndael
{
internal sealed class Cryptology
{
private const string Salt = "d5fg4df5sg4ds5fg45sdfg4";
private const int SizeOfBuffer = 1024*8;
 
internal static byte[] EncryptStringToBytes(string plainText, byte[] key, byte[] iv)
{
// Check arguments.
if (plainText == null || plainText.Length <= 0)
{
throw new ArgumentNullException("plainText");
}
if (key == null || key.Length <= 0)
{
throw new ArgumentNullException("key");
}
if (iv == null || iv.Length <= 0)
{
throw new ArgumentNullException("key");
}
 
byte[] encrypted;
// Create an RijndaelManaged object
// with the specified key and IV.
using (var rijAlg = new RijndaelManaged())
{
rijAlg.Key = key;
rijAlg.IV = iv;
 
// Create a decrytor to perform the stream transform.
ICryptoTransform encryptor = rijAlg.CreateEncryptor(rijAlg.Key, rijAlg.IV);
 
// Create the streams used for encryption.
using (var msEncrypt = new MemoryStream())
{
using (var csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
{
using (var swEncrypt = new StreamWriter(csEncrypt))
{
//Write all data to the stream.
swEncrypt.Write(plainText);
}
encrypted = msEncrypt.ToArray();
}
}
}
 
 
// Return the encrypted bytes from the memory stream.
return encrypted;
 
}
 
internal static string DecryptStringFromBytes(byte[] cipherText, byte[] key, byte[] iv)
{
// Check arguments.
if (cipherText == null || cipherText.Length <= 0)
throw new ArgumentNullException("cipherText");
if (key == null || key.Length <= 0)
throw new ArgumentNullException("key");
if (iv == null || iv.Length <= 0)
throw new ArgumentNullException("key");
 
// Declare the string used to hold
// the decrypted text.
string plaintext;
 
// Create an RijndaelManaged object
// with the specified key and IV.
using (var rijAlg = new RijndaelManaged())
{
rijAlg.Key = key;
rijAlg.IV = iv;
 
// Create a decrytor to perform the stream transform.
ICryptoTransform decryptor = rijAlg.CreateDecryptor(rijAlg.Key, rijAlg.IV);
 
// Create the streams used for decryption.
using (var msDecrypt = new MemoryStream(cipherText))
{
using (var csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
{
using (var srDecrypt = new StreamReader(csDecrypt))
{
// Read the decrypted bytes from the decrypting stream
// and place them in a string.
plaintext = srDecrypt.ReadToEnd();
}
}
}
 
}
return plaintext;
}
 
internal static void EncryptFile(string inputPath, string outputPath, string password)
{
var input = new FileStream(inputPath, FileMode.Open, FileAccess.Read);
var output = new FileStream(outputPath, FileMode.OpenOrCreate, FileAccess.Write);
 
// Essentially, if you want to use RijndaelManaged as AES you need to make sure that:
// 1.The block size is set to 128 bits
// 2.You are not using CFB mode, or if you are the feedback size is also 128 bits
 
var algorithm = new RijndaelManaged {KeySize = 256, BlockSize = 128};
var key = new Rfc2898DeriveBytes(password, Encoding.ASCII.GetBytes(Salt));
 
algorithm.Key = key.GetBytes(algorithm.KeySize/8);
algorithm.IV = key.GetBytes(algorithm.BlockSize/8);
 
using (var encryptedStream = new CryptoStream(output, algorithm.CreateEncryptor(), CryptoStreamMode.Write))
{
CopyStream(input, encryptedStream);
}
}
 
internal static void DecryptFile(string inputPath, string outputPath, string password)
{
var input = new FileStream(inputPath, FileMode.Open, FileAccess.Read);
var output = new FileStream(outputPath, FileMode.OpenOrCreate, FileAccess.Write);
 
// Essentially, if you want to use RijndaelManaged as AES you need to make sure that:
// 1.The block size is set to 128 bits
// 2.You are not using CFB mode, or if you are the feedback size is also 128 bits
var algorithm = new RijndaelManaged {KeySize = 256, BlockSize = 128};
var key = new Rfc2898DeriveBytes(password, Encoding.ASCII.GetBytes(Salt));
 
algorithm.Key = key.GetBytes(algorithm.KeySize/8);
algorithm.IV = key.GetBytes(algorithm.BlockSize/8);
 
try
{
using (var decryptedStream = new CryptoStream(output, algorithm.CreateDecryptor(), CryptoStreamMode.Write))
{
CopyStream(input, decryptedStream);
}
}
catch (CryptographicException)
{
throw new InvalidDataException("Please supply a correct password");
}
catch (Exception ex)
{
throw new Exception(ex.Message);
}
}
 
private static void CopyStream(Stream input, Stream output)
{
using (output)
using (input)
{
byte[] buffer = new byte[SizeOfBuffer];
int read;
while ((read = input.Read(buffer, 0, buffer.Length)) > 0)
{
output.Write(buffer, 0, read);
}
}
}
}
}

If you have found this post useful, please take the time to rate this post by clicking on the stars for this blog post, or to say thanks in the comments.

You can download source code for the AesApp here.