Monday 30 June 2008

Why do normal people not use Live Search

I think you can group searchers into various categories (Normal People, Techies and Researchers), I'm sure there are more categories but these will do for just now. 

Since I fit into the Techie category most of my searches will come under that banner (however I occasionally stray into the normal person category, for example sports searches). 

I think Live.Com does a good job at normal searches (probably better than Google).  For example searching for Spurs in Live gives me a broader set of results than Google.  In Google I get a large amount of results to do with Tottenham Hotspur (soccer team) but no results about San Antonio Spurs. 

I am British and I live in the UK so my results in Google are geared towards the UK and most people in the UK searching for Spurs would be interested in Tottenham Hotspur but since I support San Antonio Spurs (and have no interest in Tottenham Hotspur), the results from Google are no use to me. 

Live however gives me results from all camps (and gives me what I am really interested in Last Result, Division Standing etc). 

So if Live.com does a better job at normal results than Google then there is something else going on.  What it is I am not sure?  I suspect it is all to do with Marketing, Image, Brand, UX and all that kind of thing.

Sunday 29 June 2008

ContentPresenter in Items Controls

This frustrated me a little today.  In Silverlight 2 Beta 2, if you attempt to use a ContentPresenter within an ItemsControl your application hangs indefinately.

       <ItemsControl x:Name="myItems">
            <ItemsControl.ItemTemplate>
                <DataTemplate>
                    <ContentPresenter Content="Hello World"/>
                </DataTemplate>
            </ItemsControl.ItemTemplate>
        </ItemsControl>

A little frustrating, in the mean time the solution is to use a ContentControl instead, the code would now look like

       <ItemsControl x:Name="myItems">
            <ItemsControl.ItemTemplate>
                <DataTemplate>
                    <ContentControl Content="Hello World"/>
                </DataTemplate>
            </ItemsControl.ItemTemplate>
        </ItemsControl>

Hopefully by posting this I might remember this in the future :(

Friday 27 June 2008

Silverlight Assault Course

We are running a Silverlight Assault Course in Poole (Dorset, England) on Saturday the 26th of July.

Places are limited to 20 people and we have only a few places left. At £40 a person, this is serious value for money.

The day is going to be seriously fun!

Sign up just now before the final places go

Thanks Cambridge

I did a 15 minute nugget (on Silverlight Encryption) at the www.nxtgenug.net user group in Cambridge (which I also run).

The feedback I have received is very high (one of the top sessions across NxtGenUg, so far).

The supporting blog postings and screencast are available on my blog.

Thanks Bristol

I did a session at DotNetDevNet in Bristol last month, which I received very good feedback on.

Big thanks to Guy Smith-Ferrier for having me across.

It was the first time I presented that session, so there is always lots of changes and improvements to make.

Thanks to everyone who came and the slides and code are available at site.

Monday 23 June 2008

Silverlight Encryption Screencast

Following on from yesterdays posts on Silverlight Encryption, i have now produced a screencast on it. You can View the screencast from here.

I hope you enjoy it, hopefully as time goes by my screencasting should both improve in quality and increase in frequency.

Beta 2

I've also just realised that the machine I built the Encryptor sample was still running Beta 1, so I've now update the online sample and the code to Beta 2.

You can view the online sample here, or download the code from my Skydrive

Sunday 22 June 2008

Silverlight Encryption (Part 3)

In part 1, we showed an application that I built to encrypt/decrypt data. In part 2, we discussed encryption algorithms and key management.

In this final part of the series, having generated a symmetric-key to encrypt/decrypt our data we will now look at encryption / decryption code.

Encryption

The code below is what I used to encrypt the data. The data to be encrypted is passed in, as well as the encryption key (previous article), and it will return the encryped data as a Base64 string.

The important thing to note is that i use the encryption key as both the InitializationVector (IV), and the Key. You will need to do this also for the decryption.

internal static string Encrypt(byte[] key, string dataToEncrypt)
{
// Initialise
AesManaged encryptor = new AesManaged();

// Set the key
encryptor.Key = key;
encryptor.IV = key;

// create a memory stream
using (MemoryStream encryptionStream = new MemoryStream())
{
// Create the crypto stream
using (CryptoStream encrypt = new CryptoStream(encryptionStream, encryptor.CreateEncryptor(), CryptoStreamMode.Write))
{
// Encrypt
byte[] utfD1 = UTF8Encoding.UTF8.GetBytes(dataToEncrypt);
encrypt.Write(utfD1, 0, utfD1.Length);
encrypt.FlushFinalBlock();
encrypt.Close();

// Return the encrypted data
return Convert.ToBase64String(encryptionStream.ToArray());
}
}
}

Finally if to decrypt (an encrypted base64 string) we use the following method:

internal static string Decrypt(byte[] key, string encryptedString)
{
// Initialise
AesManaged decryptor = new AesManaged();
byte[] encryptedData = Convert.FromBase64String(encryptedString);

// Set the key
decryptor.Key = key;
decryptor.IV = key;

// create a memory stream
using (MemoryStream decryptionStream = new MemoryStream())
{
// Create the crypto stream
using (CryptoStream decrypt = new CryptoStream(decryptionStream, decryptor.CreateDecryptor(), CryptoStreamMode.Write))
{
// Encrypt
decrypt.Write(encryptedData, 0, encryptedData.Length);
decrypt.Flush();
decrypt.Close();

// Return the unencrypted data
byte[] decryptedData = decryptionStream.ToArray();
return UTF8Encoding.UTF8.GetString(decryptedData, 0, decryptedData.Length);
}
}

}

If we passed in the same string that we got back from the encrypt, and run it through the decrypt we will get our original data back.

Again please note that the same key used for encryption is used as the key for decryption (and we again set the Initialization Vector (IV) to the key).

Anyways, I hope you found these series of articles useful, and you can view an online demo here or you can download the source from my skydrive

Silverlight Encryption (Part 2) - Generating the key

Following on from my previous article, I will now explain some of the techniques used for encryption within Silverlight, specifically focusing on generation of the key used for encryption/decryption.

AES

We will be using the AES algorithm to encrypt/decrypt our data, this is symmetric-key algorithm which means a single key is used to encrypt and decrypt the data.

If your application needs to both encrypt/decrypt data then a symmetric-key algorithm is the correct choice. In Silverlight applications if you are looking to encrypt data to be stored in Isolated Storage then a symmetric-key algorithm is the right choice.

Within Silverlight 2 at this time, AES is the only standard symmetric-key algorithm available (you can of course write your own). AESManaged is available within the System.Security.Cryptography namespace.

Key Storage

To protect our data we need to protect the key. If the key is easily obtained then our data can be easily decrypted.

We should not keep the key within the application as it will be possible for someone to download the application and use reflector to get the key.

Therefore we really have 2 options

1) Generate a key based upon user input

2) Download the key (based on authenticated login) from the backend website/(web service)

If we use download the key from the server, this provides a pretty secure method of encryption. The only downside to this technique, is that it means that the user must have access to the website. So this is perfect for online scenarios, but not great for offline scenarios. So for 99% (figure pulled of the air rather than based up on some statistical survey) of Silverlight applications this is the best technique to use.

Offline Scenarios

If you wish to make your Silverlight application available offline, then you will need to generate your key based on user input (this is because if your application is offline your user won't be able to download the key). You can't even store the key anywhere (as this would defeat the point of encrypting the data in the first place).

In this case it may' be worth using a username/password mechanism for the application and generating your key based upon the username/password.

The downside of this approach is that you will have to keep the username/password mechanism of the application/website and the encryption of the data in sync.

Generation of the Key

The following code is used to generate the key used to perform the encryption/decryption for the AES algorithm.

To generate the key we use Rfc2898DeriveBytes (which is provided in the BCL) to generate hash keys for passwords and supports the use of a salt.

internal static byte[] GetHashKey(string hashKey)
{
// Initialise
UTF8Encoding encoder = new UTF8Encoding();

// Get the salt
string salt = "I am a nice little salt";
byte[] saltBytes = encoder.GetBytes(salt);

// Setup the hasher
Rfc2898DeriveBytes rfc = new Rfc2898DeriveBytes(hashKey, saltBytes);

// Return the key
return rfc.GetBytes(16);
}

So in our examples we had previously we could generate the keys and store them on the web server and the application could download the key, or you would pass in a username/password into the GetHashKey method which would generate the key for you.

In our final article we will make use of the generated key to perform the encryption.

In the meantime you can download the source from my skydrive

You can also view an online demo of this application here.

Silverlight Encryption (Part 1)

So I'm working on a little application at the moment, where I want to store some stuff in Isolated Storage. The main issue i have is that I don't particularly want to leave the data in the clear, I really want to encrypt this data.

So I knocked up a little test application which will allow me to encrypt data in a Silverlight application.

A screenshot of the test application is below

image

The test is simple, all i do is enter some text to encrypt, click on the encrypt button, and we get the encrypted data.

To ensure all is ok, I can take the encrypted string, and put it in the decryption textbox, click on decrypt and check the result matches my original string.

In my next article, I will discuss in more detail how the code works. In the meantime you can download the source from my skydrive

You can also view an online demo of this application here.

Saturday 21 June 2008

Silverlight 2 Styles Designer Bug

I'm sure loads have people have seen this already.

I have a silverlight usercontrol (mysilverlightpage.xaml), which contains a silverlight usercontrol (mylefthandnav.xaml).  If both usercontrols use a global style (defined in my app.xaml), the designer blows up in the container page (mysilverlightpage.xaml), but is ok in the contained control (mylefthandnav.xaml).

The application however runs fine.  If I however remove the style from my application resources (app.xaml), and have a local version of the style in each user control, then all is fine.

Friday 20 June 2008

Listbox - SelectionMode

One of the features I am missing at the moment from Silverlight 2 is SelectionMode=”Multiple” for Listboxes.

This is a feature that they don’t plan to support at the moment. I can’t really argue with features being cut. It’s about trying to get out as much as possible as soon as possible.

From delay’s blog.

“Why is SelectionMode.Single the only supported SelectionMode? The Silverlight controls are subsets of their WPF counterparts in order to keep complexity and download size as low as possible. In cases where it seemed that specific functionality was not widely used, we opted to exclude it for Beta 1 and use customer feedback to identify which missing features are the most important. SelectionMode.Multiple and SelectionMode.Extended both fall into the category of "very nice to have, but seemingly not critical for most scenarios" - if you need multiple selection support, please let us know!”

However I have to disagree, if you speak to many developers regarding Silverlight 2, the most missing requested control is the ComboBox. I have no doubt that when the combobox is made available, for single selects most people will use the combobox has the control of choice.

So where does this leave the listbox, the most common scenario for a listbox (from my own experience) is for doing multiple selects. So therefore i believe this feature is important as it’s difficult to do this without it. Leaving the only real solution is to use the Html Bridge, use a third party control, or write your own control.

To the extent that I have decided to use XBAP for a feature I am developing at the moment (in which I would prefer to use Silverlight 2)

Friday 13 June 2008

Fest08 – What a blast

I was at the superb NxtGenUG Fest08 yesterday. I have to say this was one of the best conferences I’ve been too.

Session Highlights:

Oliver Sturm – F# – Superb overview of F# (something that i play with in my spare time occasionally)

Josh Twist’s Expression Blend Demo – best designer demo I’ve seen from a developer.

Who’s Session is it anyway – another NxtGen gameshow. What a hoot!

Day Highlights

Although coordinators can’t win prizes (I’m one of the Cambridge region coordinators). My nugget in Birmingham was top rated nugget for the year, My nugget in Coventry was rated 2nd top nugget. And my session with Richie Costall was rated 2nd best session in Cambridge (Daniel Moth was first).

It was also great to see Daniel Moth do his swansong nugget before he heads to Redmond.

I was asked very last minute to do a grok talk (which seemed to go down very well).

Big Thanks to Rich, Dave and John for putting together a brilliant day.

Tuesday 3 June 2008

Silverlight Beta 2 - This Week

Silverlight Beta 2 is available this week with a commercial Go Live Licence.

New version of Blend 2.5 and Microsoft Silverlight Tools Beta 2 for Visual Studio 2008.

Yaaaaay

WCF Hosts. Ports and Namespaces

If you have one Windows Service host which hosts multiple WCF Services, you can reuse the same port for multiple endpoints.

If you use host the endpoints in different Windows Service Hosts then you can't share port. This is because the host is responsible for the port.

SQL Reuse

One of my goals for this year is to advance my SQL knowledge.

The real way of doing this is to constantly ask questions of how you do things. I am very lucky as I work beside some really top SQL bods, who i like to bounce different ideas with.

The one thing I think you need to keep in mind is the difference between a SQL developers mentality and a C# developers mentality (the camp i sit in).

Since there are many solutions too different problems, I like to try and work out the best solution (sometimes I see it, sometimes I don't), in yesterdays case I didn't. Thanks to Nick for helping me out on this one.

I had an existing stored proc, which parsed the syscomments table to work out the default parameter for a specified stored procedure. I wanted to ramp this up so i could get the default parameter for all stored procedures. Now this is a batch job, so performance is less of an issue but nonetheless I wanted production level code (with the best performance).

I saw two solutions to this problem:

1) Convert my stored proc to a UDF and then perform the calc for each stored proc as part of a join with sys.objects and sys.parameters
2) Get all the stored procs + parameters stored in a temp table, and then loop over the table, calling my default parameter stored proc.

I thought like a C# developer (caring more about reuse), rather than a SQL developer.

The real solution was to analyse the stored procedure to see what it was doing rather than just trying to reuse it out of the box. This led me to solution 3 :

3) Join to syscomments with my stored proc, and use a UDF to perform the string manipulation to retrieve the default parameter (passing the stored proc text into the UDF), rather than allowing the UDF (per solution 1) to make the call to the syscomments table.

I feel my quest has taken a great leap forward today :)

Monday 2 June 2008

NxtGenUG Fest08

FEST08 the annual NxtGenUG one-day event takes place at Microsoft Reading on Thursday 12th June. As ever it's going to be an action packed day with great content from the likes of Mike Taulty ,Oliver Sturm , Dave Sussman and other top speakers. No doubt there will be bundles of 'swag' and prizes and Pizza somewhere down the line - there always is when the nxtGenUG Boyz are around. There seems to be a few more of them this year with the Cambridge and Southampton crews joining in the mix.

So go to http://www.nxtgenug.net/fest08/ for details and to register your place. It's free to all NxtGenUG members and a mere £49.99 to non-members - bargain! Oh and also if you're around the night before there is a G(r)eek dinner to toast Daniel Moth on his way to the states. http://www.nxtgenug.net/ViewEvent.aspx?EventID=140 is the link to signup to.