Applying PFX Certificates for Signing Internal .NET Applications

Motivation

We have a number of tools we distribute internally that we want to ensure are signed (particularly ClickOnce applications).

The goals were:

  1. Anyone on the team could build the tools (including ClickOnce tools) and publish them.
  2. No one on the team has to go through manual steps: they ought to be able to sync and build.
  3. No dialog popups during the build (such as passwords).
  4. No trust issues when using the tools–Certificates are trusted.

Continue reading

GMail Needs IP Address from HTTP Client

This morning I received an email from a family member that was out of the norm.  After confirming with them they didn’t even have their computer on at the time (nor any others in their house) it is clear their account was hacked.

She is using a GMail account and I took a look at the message headers and unfortunately the only IP addresses seen are internal to Google:

Delivered-To: ---email address removed---
Received: by 10.76.170.103 with SMTP id al7csp352256oac;
        Thu, 8 Nov 2012 04:49:34 -0800 (PST)
Received: by 10.182.10.6 with SMTP id e6mr5513302obb.16.1352378974875;
        Thu, 08 Nov 2012 04:49:34 -0800 (PST)
Return-Path: <---email address removed--->
Received: from mail-ob0-f194.google.com (mail-ob0-f194.google.com [209.85.214.194])
        by mx.google.com with ESMTPS id g3si24272819obb.102.2012.11.08.04.49.34
        (version=TLSv1/SSLv3 cipher=OTHER);
        Thu, 08 Nov 2012 04:49:34 -0800 (PST)
Received-SPF: pass (google.com: domain of ---email address removed--- designates 209.85.214.194 as permitted sender) client-ip=209.85.214.194;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of ---email address removed--- designates 209.85.214.194 as permitted sender) smtp.mail=---email address removed---; dkim=pass header.i=@gmail.com
Received: by mail-ob0-f194.google.com with SMTP id wd20so40318obb.1
        for <---email address removed--->; Thu, 08 Nov 2012 04:49:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:from:date:message-id:subject:to:content-type;
        bh=KVctWfppYoZe638A5L2PpKSVcRBstM3C5hZvpXpbZW4=;
        b=xZgyRAvZMQKLuWo+s+PchtJ6eHOOurg6cqSsmku0LLL9Xe2lw8WFwIbAE0k5Pv57e7
         nC7oRkrobe+64ee6ng/LtuSgkRjxGuCPbVUft4vkTyq9RF6S6t9RKHlOXmga0WTIHMZk
         8tHakKbeSaxEQRmrS3+xzPAzRDGednWiK4pQ28vbTf/Z1N5dDMFfFlusNNT+gF+wVbub
         Z/Dew04SopaoTy7gnbYxCAINMohGerW4UAxPoFW8NIRnScwjntQBiFJGnMnpDKLJXt52
         lSPbOdG+GB857AZuUBZ0/YaKCZM6RcI/doNsxU4NGea6trcWy1TOw6Z8QaHM7PK9xf9q
         ibWw==
Received: by 10.60.171.200 with SMTP id aw8mr4753474oec.112.1352378521839;
 Thu, 08 Nov 2012 04:42:01 -0800 (PST)
MIME-Version: 1.0
Received: by 10.182.30.168 with HTTP; Thu, 8 Nov 2012 04:41:41 -0800 (PST)

After that point the remainder is the standard message headers and body.

Unfortunately the last Received:

Received: by 10.182.30.168 with HTTP; Thu, 8 Nov 2012 04:41:41 -0800 (PST)

Doesn’t include the IP address of the web client connected.

Is there any further tracing that can be done at this point?

The only other clue is in the message body sending the recipient to:

http://ladyann.hotel1s.com//wp-content/uploads/2012/Trulia/index.htm

Diamond of Death

I have spent the past numerous years working on a game engine that avoided the Diamond of Death. This is a phenomena that occurs in languages that support multiple inheritance.

I decided to take a look at how Microsoft Visual C++ implements the solution using virtual inheritance. This is expressed by using “class B : public virtual A”.

Continue reading

Arithmetic Coding

I have updated my github project with support for arithmetic coding.  It uses the algorithm provided by Malte Clasen and Eric Bodden.  It is an integer based encoder (32 bit unsigned).

I have made some changes to the original implementation to separate the statistical models more fully from the coder.  This allows substituting models on a per symbol basis.

An example of this behavior is provided in the ArithmeticStream class (paralleling the compression classes in System.IO.Compression).  This class uses two models: a zero order model and a new symbol model.  The former is only initialized with two symbols (stream terminator and new character).  The latter is initialized with all characters.

Continue reading

Canadian Maple Soda Bread

At the last Parents of Multiple Births Assoc sale I purchased A Pot O’ Gold which has a recipe for Irish Soda Bread.

Unfortunately that much lactose (and sugar) would wipe me out for a day or two. So I changed the recipe to the following:

  • 4 cups flour (I used bread flour)
  • 1/2 cup semolina flour
  • 1/3 cup olive oil
  • 1 1/4 cups maple syrup
  • 4 teaspoons baking powder
  • 1/2 teaspoon salt
  • 2 eggs
  • 1 1/2 cups of water
  • 1/3 teaspoon baking soda

The directions are pretty much the same except maple syrup is mixed with liquids instead. I didn’t include the raisins (undead grapes) as I can’t eat them. I didn’t have caraway seeds to include. Unfortunately this was still too much sugar for me but it was mighty tasty.

I used a bread maker on the sweet setting (2 lbs, light setting) and had to intervene in the middle to manually mix the ingredients as the bread maker wasn’t doing so successfully. I suspect it is because the liquid content was so much it wasn’t getting enough purchase to mix.  I’ll be making another loaf this weekend and I’ll include a picture then.

Dynamic Huffman

Summary

The adaptive Huffman algorithm as described by Vitter had three constraints that were compelling to relax.

The first is the size of the table.  The size of the table was constrained based on initial knowledge of the set being compressed—typically constrained to 256 for a single byte alphabet size.

The NotYetTransmitted sequence never adjusted its weight based on its own frequency so clusters of new characters would not benefit from reduced sizes of this sequence.

Once new characters become rare, it makes sense to reduce the NotYetTransmitted weight and therefore demote it farther down the Huffman tree.

Source

The source for these changes can be found on GitHub. The implementation is C#. C/C++ implementations will be added in the future.
Continue reading

Two Responsibilities in the .NET TPL Scheduler Class

I like parallel programming.  Most of my experience comes from developing on Windows in C/C++ and C#.  I haven’t yet had the pleasure of doing so functionally (which I plan to correct).

I prefer task/job based parallelism using threadpools rather than explicit threads performing a suite of tasks (such as FIOS or Kinect).  I could delve into this further, but that is not the purpose of this post.

The Task Parallel Library hinted at an opportunity to build logic I have always wanted with a job based implementation.  I wanted to be able to define my own schedules for task execution.  Unfortunately there is a flaw.

The Scheduler class has two responsibilities.  The Scheduler class not only handles scheduling of tasks, but their execution as well.  Combining these two responsibilities inhibits scheduler composition beyond inheritance and encapsulation.  Furthermore any external libraries that create tasks based on their own schedulers cannot have the scheduling of their tasks altered by any other schedulers.

Continue reading

Green Programming – Intimate Affairs with the Wall

I have been thinking about green programming for the past six months.  As I see the battery on my phone die over and over, and now the iPad too.  I can’t help but think: what is using up all the power?

Miniaturization, more efficient components, and better batteries can go a long way.  Unfortunately this kind of improvement sometimes mean we use our phones, tablets, and other devices more as they become faster and easier to use (Jevon’s paradox: http://en.wikipedia.org/wiki/Jevons_paradox).

I believe there are opportunities to improve hardware utilization at the software level by minimizing unnecessary use of hardware.  There are some barriers however to achieving this and the first is measuring the energy cost.

Continue reading