Scott Hanselman

Hanselminutes on 9 - In Norway, inside the Speaker's Room

June 18, '09 Comments [4] Posted in Channel9 | Speaking
Sponsored By

12781036I'm in Norway, speaking at at the Norwegian Developer's Conference. It's a large conference and they've had to hold it inside an indoor soccer stadium as there aren't a lot of large convention centers in Norway.

See if you can get your head around what you're seeing in this pic. They've used curtains to build up a "room" on the bleachers of this part of the stadium. I'm inside that black box, and the people who are overflowing up the bleachers also go all the way down to the bottom. On the outside of the box is projected both a live video of me as well as my projected computer. That acts as an overflow room, and there's people sitting out there also. It's a very clever way to do it, and they've set up six different track rooms, all like this, around the stadium.

Anyway, there's a small speaker's room that we prepare our talks in. I realized that a lot of fun conversations happen in the speaker's room, and it's not fair that the attendees can't enter our "sanctuary." ;) So, I filmed some of it and posted the raw video on Channel 9 under "Hanselminutes on 9."

I captured three conversations so far. To be clear, it's raw, random and silly, but it's representative of the kind of random crap we talk about in the speaker's room. I'd also point out that one speaker just left in the middle because they couldn't get any "friggin'" work done.

Note also that these were all filmed with a Creative Vado HD portable Hi-Def video camera.

Ted Neward and "The Death of the Professional Speaker"

image

Why Aren't There More WinForms Talks with Rocky Lhotka

image 

Scott Bellware and "What Is Productivity"

image

Enjoy. Or not. ;)

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

MSDN Bytes - Today's Random Silly Hanselman Video

June 11, '09 Comments [7] Posted in Channel9
Sponsored By

I just got an email that a video I did with MSDN a while back, at TechEd I think, was just posted online. I'd forgotten about it, frankly. (I prefer to post my Channel 9 "HanselminutesOn9" videos an hour or two after I take the video...feels fresher, IMHO)

Anyway, it's even worse that I remember. ;) I'm in a silly mood, so if you want to see me being totally random, here you go.

image

Video Downloads
WMV (Zip) | WMV | iPod | MP4 | 3GP | Zune | PSP

Audio Downloads
AAC | WMA | MP2 | MP3 | MP4

There's going to be other folks scheduled to be interviewed. The list and schedule is at http://www.msdn.com/bytes.

Enjoy! (Or don't. It could go either way.)

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Breaking All The Rules with WCF

June 10, '09 Comments [35] Posted in Web Services | XML | XmlSerializer
Sponsored By

Sometimes, in my job, I go onsite at partners and work with them, sometimes architecturally, sometimes doing proofs of concepts to make sure they're comfortable with things working together.

This week I’m onsite at a large enterprise and one of the things they wanted to see, amongst many, was .NET interoperating with an existing Web Service. It's not important what platform their Web Service is running on, but it's not Windows and .NET. What was important was that they had WSDL and XSDs for the service, which put them above 99% of the Web Services I come upon in the enterprise.

The team here said that this particular web service used WS-Security and was a compliant web service. I figured, and told them, no problem. That's something .NET is good at. Moving angle-brackets around is something both I, and .NET do pretty well. I figured we had a number of options.

In this scenario was I going to be the Client, I could use:

  • WCF - svcutil.exe - good
  • System.Web.Services - wsdl.exe - pretty good
  • WebClient/XDocument/XmlDocument - not so good, but workable.

You get the idea. There were a few things wrong, though.

Bad-ish WSDL

They gave me the WSDL and when I ran svcutil.exe on it, I got this error (the elements have been changed to protect the innocent.)

C:\Users\Scott\Desktop\foo>svcutil foo.Wsdl foo.xsd /config:app.config
Microsoft (R) Service Model Metadata Tool
[Microsoft (R) Windows (R) Communication Foundation, Version 3.0.4506.2152]
Copyright (c) Microsoft Corporation. All rights reserved.

Error: Cannot import wsdl:binding
Detail: The WSDL binding named FooBinding is not valid because no match for
operation GetFooDetails was found in the corresponding portType definition.
XPath to Error Source: //wsdl:definitions[@targetNamespace='urn:foo:v1']/wsdl:
binding[@name='FooBinding']

Error: Cannot import wsdl:port
Detail: There was an error importing a wsdl:binding that the wsdl:port is dependent on.
XPath to wsdl:binding: //wsdl:definitions[@targetNamespace='urn:foo:v1']
/wsdl:binding[@name='FooBinding']
XPath to Error Source: //wsdl:definitions[@targetNamespace='urn:foo:v1']
/wsdl:service[@name='FooService']/wsdl:port[@name='FooPort']

I googled binged around for this to no avail. After staring at the file long enough, I realized that while this is a lousy error message (to be clear) it was telling me (obscurely) what was up all the while.

Here's a snippet of what I was looking at:

    <Type name="FooType">
<operation name="FooSearch">
<input message="tns:FooSearchRequest"></input>
<output message="tns:FooSearchResponse"></output>
<fault name="FooFault" message="tns:FooFault"></fault>
</operation>
</Type>

<binding name="FooBinding" type="tns:FooType">

<soap:binding style="document" trans="http://schemas.xmlsoap.org/soap/http"></soap:binding>

<operation name="FooSearch">
<soap:operation soapAction=""></soap:operation>
<input name="FooSearchRequest">
<soap:body use="literal"></soap:body>
</input>
<output name="FooSearchResponse">
<soap:body use="literal"></soap:body>
</output>
<fault name="FooFault">
<soap:fault name="FooFault" use="literal"></soap:fault>
</fault>
</operation>
...

The key was that their WSDL didn't have the name="" attribute on the input and output elements of the operation. The name needs to line up to the operation name in the binding.

<Type name="FooType">
<operation name="FooSearch">
<input name="FooSearchRequest" message="tns:FooSearchRequest"></input>
<output name="FooSearchResponse" message="tns:FooSearchResponse"></output>
<fault name="FooFault" message="tns:FooFault"></fault>
</operation>
</Type>

Once these new name="" attributes were added, I was able to generate my client-side stubs. I had to edit their WSDL, which sucks. However, you might argue svcutil.exe could chill out. Either way, a speed bump.

Claiming Compliance

I was told the Web Service would use WS-Security and a usernameToken. However, the actual message seemed like it was missing something.

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/12/secext" xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility" xmlns:tns="urn:foo:v1" xsi:schemaLocation="http://www.w3.org/2003/05/soap-envelope http://www.w3.org/2003/05/soap-envelope/soap-envelope.xsd urn:foo:v1 com.foo.messages.v1.xsd">
<soapenv:Header>
<wsse:Security>
<wsse:UsernameToken>
<wsse:Username>secret</wsse:Username>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<tns:FooRequest>
...

It's been a while (about 18 months) since I did any WCF and WS-Security, but UsernameToken really needs to have a Password element also. Additionally, when you're using WS-Security, you typically get WS-Addressing, etc along for the ride. There's other headers I'd expect to see.

I trudged on, built up the message and tried to send it off. First problem was that the endpoint URI I had was http, not https. It's not possible to send a UsernameToken in plain-text - the system explicitly forbids it. However, their system was setup to default to basic HTTP. Some gnashing of teeth and I found an SSL endpoint I could use. However, it's a hassle to debug SSL traffic. I usually use ProxyTrace or TCPTrace but with SSL, not so much.

Sniffing SSL Traffic with a Proxy

I ended up using Charles, an HTTP Proxy that can act as a man-in-the middle, issue an SSL cert, then decrypt the traffic, and forward it along to the real endpoint. However, the SSL Cert Charles issues isn't from a certificate authority, so I had to make a Policy to blindly (temporarily) accept all certificates:

internal class AcceptAllCertificatePolicy : ICertificatePolicy
{
public AcceptAllCertificatePolicy(){}

public bool CheckValidationResult(ServicePoint sPoint,
X509Certificate cert, WebRequest wRequest, int certProb)
{
return true; //Always accept
}
}

Then I apply it in this (obsolete, but easy) way:

ServicePointManager.CertificatePolicy = new AcceptAllCertificatePolicy();

Now I can run all my traffic through my local man-in-the-middle. I can set the proxy in my config file:

<basicHttpBinding>
<binding name="FooBinding"
...
proxyAddress="http://BigAssLaptop:8888"
useDefaultWebProxy="false">

or in my own binding:

WSHttpBinding oldBinding = new WSHttpBinding();
oldBinding.ProxyAddress = new Uri("http://BIGASSLAPTOP:8888");

FooPortTypeClient svc = new FooPortTypeClient(oldBinding, new EndpointAddress("https://example.com/foo/v1"));

This let me see the outgoing request. I noticed immediately that my WCF client was sending a LOT more stuff that I needed.

Breaking the Rules

It was hard for the client to hear, but here's the deal. They were using the usernameToken element, alone, in the WS-Security namespace in the style of an apiKey. You often see these kinds of APIs in the Web 2.0 world, when intense security isn't needed. You get a key that's unique to you, basically a GUID, and it also acts as a tracker for the provider.

However, this isn't how WS-Security usernameTokens work, or are supposed to work. Perhaps a better way would have been for them to use a custom soap:header, rather than trying to tunnel "apikey" semantics into an existing token.

At this point, regardless of relative-wrongness, I still need to get the WCF client to talk to this unusual endpoint. I could use one of the other XML mechanism available, or, gasp, a StringBuilder, but since I wasn't having trouble with the body of the message, just the envelope.

This essentially means that I wanted WCF to do something incorrect, on purpose. After a call to Steve Maine and team, along with some general freaking out, I was able to get WCF to spit out JUST a usernameToken, like this.

WSHttpBinding oldBinding = new WSHttpBinding();
oldBinding.Security.Mode = SecurityMode.TransportWithMessageCredential;
//Just the username
oldBinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
//And basically nothing else
oldBinding.Security.Message.NegotiateServiceCredential = false;
oldBinding.Security.Message.EstablishSecurityContext = false;

//oldBinding.ProxyAddress = new Uri("http://BIGASSLAPTOP:8888");
//oldBinding.UseDefaultWebProxy = false;

//remove the timestamp
BindingElementCollection elements = oldBinding.CreateBindingElements();
elements.Find<SecurityBindingElement>().IncludeTimestamp = false;

//sets the content type to application/soap+xml
elements.Find<TextMessageEncodingBindingElement>().MessageVersion = MessageVersion.Soap12;
CustomBinding newBinding = new CustomBinding(elements);
FooPortTypeClient svc = new FooPortTypeClient(newBinding, new EndpointAddress("https://example.com/foo/v1"));
FooRequest req = new FooRequest();
//...etc...now it's just request and response.

Unfortunate, but I'll put this configuration of a custom binding, and hopefully when they fix it, it'll be a configuration change. This at least got us to a point where I can reliably call their web services.

Long day, but interesting stuff.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Building your own Arcade Cabinet for Geeks - Part 7 - Success and Conclusion

June 6, '09 Comments [17] Posted in Arcade
Sponsored By

This is the seventh part of a multi-part series I'm going to do about assembling an Arcade Cabinet for my house. This series has two disclaimers:

Software Disclaimer 1: There's all sorts of legal issues around emulating arcade games. This series of posts has nothing to do with that. I do own some original arcade boards, but if you want to emulate arcade games with MAME (Multiple Arcade Machine Emulator), you can search the 'tubes. What I'm doing here is putting a computer in a pretty box.

Hardware Disclaimer 2: Many folks that build arcade cabinets have a purist view of how these things should be done. They will prefer original Arcade CRT monitors and more expensive, higher quality parts. I am more of a pragmatist. I also have no idea what I'm doing, so I've also got ignorance on my side.

Video Tour

Here's a short HiDef Video shot with my Creative Vado HD showing the Arcade Cabinet:

Tour of the Complete System - Building your own Arcade Cabinet from Scott Hanselman on Vimeo.

What I Learned

I learned:

  • You can cut corners, save money and still end up with a nice system, as long as you set your goals up front.
  • Steel is hard to cut. Know what you're doing, or get a pro.
  • Acrylic is hard to cut. Know what you're doing, or get a pro.
  • Painting and sanding something is the easiest way to make it look nice.
  • Making stuff with your hands is very satisfying and easier than you think (if you're a coder and you think this stuff is hard).
  • I could do it way better next time. ;)
  • I, myself, prefer to refurb old stuff rather than make new stuff.

All in all, the wife is amazed it looks so good, and she's said I can bring it into my den/office. She's nixed the living room...for now!

Total Cost: US$441

The Complete Series

  1. Cabinet and Power
  2. Monitor and Mounting
  3. Control Panel
  4. Sound and Lights
  5. Paint and Art
  6. Computer Hardware and Software
  7. Success and Conclusion

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Building your own Arcade Cabinet for Geeks - Part 6 - Computer Hardware and Software

June 6, '09 Comments [2] Posted in Arcade
Sponsored By

This is the sixth part of a multi-part series I'm going to do about assembling an Arcade Cabinet for my house. This series has two disclaimers:

Software Disclaimer 1: There's all sorts of legal issues around emulating arcade games. This series of posts has nothing to do with that. I do own some original arcade boards, but if you want to emulate arcade games with MAME (Multiple Arcade Machine Emulator), you can search the 'tubes. What I'm doing here is putting a computer in a pretty box.

Hardware Disclaimer 2: Many folks that build arcade cabinets have a purist view of how these things should be done. They will prefer original Arcade CRT monitors and more expensive, higher quality parts. I am more of a pragmatist. I also have no idea what I'm doing, so I've also got ignorance on my side.

Hardware

I, like most geeks, have a number of old computers lying around. I picked the best one, a Pentium 4 I used to use as a Media Center. It has a gig of RAM, runs Windows XP SP3 and has a nice fast ATI video card. I figured since I am just as interested in regular games as I am in Arcade Classics, it'd behoove me to have a decent machine in there.

IMG_0108 IMG_0300

The insides are HUGE as I yanked out the original arcade guts. There's lots of room and the back has two holes cut with screendoor material over them. I haven't had a heat problem yet, but I suspose I could easily add a small desk fan to blow air out the back. It would turn on with the rest of the equipment.

I setup a Microsoft Wireless Desktop 6000 mouse and keyboard (to avoid cords) and I may mount a sack or something on the back to hold them. I also plugged in a Wireless Xbox Controller and Xbox USB Gaming Receiver for games like Far Cry.

Software

I put lots of emulators for classics like C64, SNS, Ataris and other old hardware I have lying around. I set a few important BIOS settings that you shouldn't miss.

First:

  • Set your Power BIOS setting to "Always On" or "On After Power Loss."
  • Set your BIOS to "quick" or "silent" in order to speed up the boot.
  • Use "msconfig.exe" to set the time that Windows waits to boot up to some small number like 3 seconds.
  • Configure XP to automatically logon as some user of your choice, per KB3152321.

There's a number of popular "Front Ends" that you can put in your Startup Folder. Some folks replace Explorer.exe as the shell, but I think that's excessive. I just set my launcher to start immediately .

If you're looking for the prettiest, most "art focused" front end, then there is no other front-end than HyperSpin. It uses a file-based system of transparent PNGs and AVIs along with a compositing engine to make a truly beautiful circular menuing system.

Software is one of those things I'll spend the next year getting just the way I want it.

Next Up: Success and Conclusion

  1. Cabinet and Power
  2. Monitor and Mounting
  3. Control Panel
  4. Sound and Lights
  5. Paint and Art
  6. Computer Hardware and Software
  7. Success and Conclusion

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.