I have Maxivista version 4.0.11 downloaded in December 2009.  It is different from the one downloaded in July 2010.  I don’t know if that makes a difference.

The Dec 2009 version lets Visual Studio 2010 run on 2 monitors, but not 3.

The July 2010 version will not let Visual Studio run on 2 monitors– you get constant flashing, disconnect-reconnect cycles (same as trying to take the Dec 2009 version to 3 monitors)

When rolling back, the old installer refused to run (claimed it was outdated) and you had to reset the system clock to get the install to complete.

Oh well.

The demo version is .12, but re-download seems to try to force you to get only the point version you originally bought, which is odd because the site seems to imply that you can get point updates for free within a major version.  I’m waiting for my phpBB credentials so I can ask on their support board.

I’ve got a WHS.  So I just finished installing:

Subversion vs VisualSVN.  Used AnkhSVN and checked in my code.  Installed WAMP. Found out that my windows home server for some reason had a PHP installation, so I had to update the environment variables to point to the WAMP installation.  I finally got VisualSVN to work with webSVN with windows auth.  It was tricky, required .conf file reading.  Using cygwin I got websvn working.

TeamCity.  Didn’t have to install Visual Studio, but did have to copy C:\program files\MSBUILD files.  It took an hour but now my unit tests and code coverage tools are all running.

Issue Tracker. Team City integrates with only 3 bugtrackers, of which only one is flat out free.  So I’ll be trying out Bugzilla, although several other bug trackers look more interesting.  Update: In frustruation, I gave up on Bugzilla because Perl is for people who enjoy configuration and installation pain and chewing on glass and poking their eyes with ballpoint pens.  I tried next the ruby and rails app “Warehouse”, but the @#$@#$ db scripts refused to run and I realized I didn’t have the patience to build my own inter-op doohicky for ruby to svn communication.  So on to mantis and flyspray.  Superficially, they’re closely matched.  But mantis has plugins and flyspray is more familiar to me because I’ve used it many times before.  So much work just to find out that free tools for developers often come with a heck-of-a installation burden.

Sharepoint homepage.  I’m still trying  to make WSS3.0 sharepoint useful.  So far only the link list is useful, but I may see about taking the RSS Feeds from everything above and creating a RSS reader in WSS3.0 to agregate my feeds which are essentially all intranet feeds.  If it frustrates me too much I’ll install a php base feed reader.

Stop! In the name of code

Before you break the build!
I’m aware of where you go
Each time you check in code
I watch my rss feed of the daily build
Knowing your code turns green dots red
But this time before you run the build
Making us do more work
(Think it over) Have you done a unit test or two ?
(Think it over) Is it refactored through ?

The plug in needs a way to talk to the host app. In ASP.NET, this means things like updating the UI by adding controls, etc. In fact, since in ASP.NET only creates pages, you will eventually have to talk to Page. The host Page isn’t serializable or remotable, so if your Contract has a Page, you won’t be able to create the Add in in a separate AppDomain, i.e. no sandboxing or other isolation, at least not directly. Fortunately, we like to write code and can solve this by writing another layer of indirection.

What I tried next was creating a set of Page and Control wrappers and factory functions. I called the add-in-side wrappers “Recipes” because they where recipes for building controls and recipes for building pages. The new contracts no longer had references to System.Web since no WebForms types there seem to be remotabe. In the hosting application I wrote a “Page Automator”, whose job was to implement recipes recommended by the Add-In and to describe the page for the Add-In by looping through the controls, putting their current state into a wrapper and then providing it to the Add-In.

Finally, out-of-AppDomain Add-In activiation works. And I was able to run the add in in minimal trust. If you’ve ever tried to get a non-trivial website to run under medium trust, you know this is just incredible! I gave up on medium trust because too many of my third party components didn’t play the medium trust way. In a medium trust website, everything in the AppDomain (i.e. the entire website) must refrain from calling forbidden APIs. As soon as there is a single line of code that requires Full-Trust and if you can’t remove it or change it (because it is both necessary and 3rd party closed source), you have to bump the entire website up to Full Trust. Unless you are using Add-Ins.

The plug in may need to communicate several things at once in the AddIn’s interface. System.AddIn makes this very, very hard. I tried string[]. I tried List. I tried IListContract. They all failed. When I used IListContract, the pipeline generator generated interfaces of type IList, and then the addin finder stopped finding addins that supported the contract. Humorously, string[] failed because System.AddIn said string[] wasn’t serializable. WTF? These are strings. I finally decided to use Control NextControl(); as a signature to return a collection one at a time. I finally did get IListContract to work, but the type of T needs to be remotable.

Tags: System.AddIn

Plug ins allow developers to collaborate with zero co-ordination. The host application provides extension points and another developer writes a module that the host application can use without re-compile. A typical plug in architecture also includes:

- Activation. A way to enable and disable plug ins at runtime
- Discovery. Plug ins are registered by scanning a directory for code artifacts.
- Code artifacts that implement an expected interface are used by the host application
- Plug ins are invoked with some sort of reflection
- Plug ins might need to run with fewer security rights than host code.

MAF/System.AddIn exists.
MEF is on the way,but it looks like it will be fully baked in .NET 4.0, no sign if it will support 3.5.

MEF is getting much more attention on the blog and the web and I attribute that entirely to the MEF team promoting their work more than the MAF team.

Benefits of MAF
Its a documented solution, that will always be better known and understood than any plug-in architecture you could throw together.
It is available in release form *now* and doesn’t require 4.0. MEF is pre-release and will require upgrading to 4.0 when it is release. (I think)

Challenges with MAF:
They team assumes you want version resilience. This is the most expensive feature. It achieves version resilience by adding 5 assemblies between your host and plug ins. Without code generation, the extra five assemblies adds too much work.

Also, when it comes time to write the V2 to V1 adapters, you will have to make ugly choices like, should the adapters throw errors or should they similate the new functionality. For example, in the calculator example where V1 supported adding and subtracting and V2 supported multiplication, you could have simulated multiplication by calling the V1 addition method in a loop to replicate multiplication. This would be better backwards compatibility, but now you got some business logic in your ViewAdapters. If you don’t put that logic there, then you will throw NotImplementedExceptions. Now how is a component backwards compatible if it throws runtime errors? (Well, admittedly the adapter lets the old plug in work as well as it used to just so long as you keep away from “new funcitonality” that arrived in V2)

They assume you need the extra security and reliability you get from loading plug ins in a sandbox. This means MAF wants you to declare contracts with primative datatypes if you can. Just like you can’t pass database connections or the HttpContext back and forth across a webservice, you aren’t supposed to do that in MAF (but you can, as long as you don’t load plug ins in a new AppDomain.)

Plug in UI. Officially, you aren’t supposed to pass winforms controls across MAF contracts, ie only the host has UI. WPF controls are supposed to be able to cross, ie. the plugin can have UI.

In ASP.NET, my own experimentation shows you can have server controls in the plug in, but it is hard beyond being worth it to put a Page or UserControl in a plug in and then get it to render on an ASP.NET page. This means that all ASP.NET plugins must mix code and UI more than I like. Some of this can be mitigated by the host providing enough extension points that it wouldn’t matter. For example, if a pluggable form page queried the plug in for the controls and used a host owned layout engine to layout the labels and input boxes, then the plug in writer wouldn’t have to mix too much presentation code and C#.

How does MAF relate to other similar ASP.NET technologies?
ASP.NET already can cope with new pages and classes being added at run time with minimal effect on the running application. A pattern I’ve seen is where V1 of the website is deployed, then when V2 is deployed, only the classes and pages that the developer thinks changed are copied into the V1 website. This creates a blended version V1/V2 website. If the contracts changed, e.g. a property of a webcontrol has a different data type, it is up to the developer to also track down the dependencies and deploy new versions of those too. Because pages are compiled on first request, the developer may not learn about broken contracts until long after the code in in production.

WebParts lets chunks of code and UI get plugged into or removed from a page at runtime. WebParts assume the webparts are being developed by the same team as the host, so the there isn’t necessarily any features for versioning, isolation or what have you. As a component technology, WebParts is all about a specific type of UI widget, where AddIns is *anything*, including things like adding an Icelandic spell checker to your website.

ASP.NET and process isolation.
ASP.NET and JSP and most other non CGI web technologies were created because spawning a new process for each request crushed server when they were under load. A common MAF recommendation is to design for the possibility of running your Add Ins in a separate process. But why would I want to constrain my design so that future developers will have the option of running a new process per page request and destroying the ability to support more than a few dozen concurrent requests? I’m convinced that a MAF addin running in ASP.NET should not take advantage of process isolation.

MAF and COM
It’s been noted that MAF has a lot of COM nostalgia. I think this is because MAF was created to solve the problems of creating Microsoft Office add ins. Microsoft office is a COM application and as such will work best with a component technology that has a lot of parallels with COM. This is a challenge for people like me because I never wrote C++ and don’t have an internal mental model of how COM works.

I got the following error when using Enterprise Library 3.1. It mean it can’t find the reference to ObjectBuilder or it is resolving to the wrong version in GAC. So to use VAB, you need Common, ObjectBuilder and the VAB assembly. If not that then check this link.

System.TypeLoadException: Method ‘CreateObject’ in type ‘Microsoft.Practices.EnterpriseLibrary.Validation.Instrumentation.ValidationInstrumentationListenerCustomFactory’ from assembly ‘Microsoft.Practices.EnterpriseLibrary.Validation, Version=3.1.0.0, Culture=neutral, PublicKeyToken=21a151ab59c9591d’ does not have an implementation.

I’d like to start an opensource project.

Pick the social contract. I’ve learned the distinction between open source products and open source products. The latter is a social group of people collaborating to create an application. The former is an application that the developer will give the source code for, but doesn’t necessarily do collaborative development outside of processing bug reports, etc.

Pick a host Codeplex is a good host for MS centric projects. Sourceforge is good because it is big. Google code is also not bad.

Check your employment contract and pick a license I can’t help you with the first. As for picking a license, pick something that protects you from lawsuits and is compatible with other open source licenses. Licensing is partly governance, so put some thought into how you plan to govern your application and your relationship with users and other developers.

Pick tools that are widely available. If you can only open the source code with an expensive proprietary IDE, you won’t find many friends to help you. In the .NET world, the ideal project would be able to compile in Visual Studio Express and MonoDevelop.

Pick compatible libraries. Closed source applications have an easier time here. If you are completely ripping off someone’s libraries in an intranet application, the rights holders might never discover. In an open source application, it will eventually get indexed and lawyers will look over your code looking for lawsuit opportunities.

Don’t make it hard to install You may love SQL Server. But taking a dependency on something as user friendly as SQL Server will decimate your potential user base. In the case of SQL Server, either choose SQL Compact or Sqlite. MySql has the the problems as SQL–it is a bit to hard for people to use. Your app will not likely have a DBA– even if a company picks up your product, it will likely be a small company that still doesn’t have a DBA. It should work by unzipping into a directory and be portable on a thumb drive.

Ask for help Ask for help in your app– set up something like a uservoice page for feature requests and discussion, a bug tracker that accepts public input.

Tags: opensource

Technical Anonymity. You use proxies, avoid cookies, you browser leaks no information about your IP, computer or other characteristics about your network traffic and computer. Your cover is blown as soon as you include your name, or other correlating information in a blog entry. Your cover will also be blown as soon as the intermediate parties (the proxy owner, the email provider) decides to hand over your information, say under legal pressures from the government.

Who needs technical anonymity? Spammers and people who’ve violated TOS clauses only need technical anonymity, because the traces that technical anonymity techniques remove the clues that web sites use to ban bad actors. Spammers don’t care if people know who they are as long as they can send email with being automatically ID’d as spammers.

Real humans need social and legal anonymity more than technical anonymity.

Social Anonymity. You don’t include your name or any other correlating information. You even try to change your writing style to avoid tools that correlated your favorite ways to misspell words with other documents on the web you publish under your real name. If the people who want to know who you are lack the resources or skill to trace IP addresses and correlate your ID from scraps of info like cookies and information leaked by your browser, then this can be done probably without any technical anonymity.

Who needs social anonymity? Bloggers and people writing about anything that might piss of the Jones up the street. If you decide you don’t want to be harassed for your religion, politics, personal behavior, etc, you might rather to be anonymous instead of being silenced by your personal enemies. For example, if you want to blog about politics, you don’t want it to ruin your chances of getting a job. These people will not user the courts to extract your ID from a commercial proxy service.

Legal anonymity. You are at risk of being throw into jail or losing your job if your ID is discovered– either because the government is corrupt, your company is evil or you really are a criminal. This is the hardest level to achieve because getting the email and proxy requires relying on 3rd parties to move your network traffic and those parties can be subject to government pressure to fork over your ID. Even commercial anonymity services don’t want to protect tax dodgers, mass murderers or spammers.

Sounds hard, is this a fools errand? Technical anonymity is possible, but you are likely to make mistakes, especially over a long period of time. Social anonymity is possible, but the odds of subtle mistakes are very high. Legal anonymity is probably impossible unless you make sure all your intermediate parties are outside your legal jurisdiction. However, as soon as your ID is being protected by a party outside the law, they you can’t enforce your contract with them regarding how they keep your ID safe! Imagine a proxy server company in Bahama that goes bankrupt and sells it’s assets with scraps of your ID to a US company and then your cover is blown again.

Why not use Tor? Tor would make legal anonymity easier because it isn’t a company and it mixes up tons of legal juridsictions, but the performance of the Tor network makes it unusable.

This is the flips side of what I usually work with: figuring out who really is at the other end of an HTTP request. What if some one doesn’t want to be known at all? It turns out to be as hard as proving you are who you say you are!

Tor. Re-route your traffic through a few nodes donated by nice people until your point of origin is hard to trace. Free. Down side, performance is about 100 times slower than without Tor. And I measure that. It’s slower than a modem on a noisy line. The system is currently overrun by bittorrent traffic and there are no incentives to be an exit node: no money and the exit node owners get blamed for the IP laws broken while traversing them.

Commercial Proxies. I tried out Anonymizer. Performance is good, but you can’t directly sign up for email accounts when your IP is proxied. The email providers assume you are a spammer if you are trying to create an account while proxied.

Java Applets, your browser, etc.. All of these fancy client features leak information about who you are. Java applets can even get an honest answer about your unproxied IP address even when your browser is only reporting the proxied IP address! I think, for a nosy website to use this info, they’d have to have a special crafted java applet, AFAIK, an ordinary applet doesn’t leak information.

You’d think that with all this leaked info, we could use it to ID someone routinely, but IP tracing is hard detective work. You’d have to be doing something remarkable to make it worth someone’s effort to track you down by the crumbs you leave when surfing.

Social Engineering Still Rules. I imagine that if a user covered all their tracks, as soon as they accidentally say something online that ties them to a particular person in real life, the game is over.

I should have a badge page to show off what I’m currently using my WHS for.

- Recording radio on a schedule every night. (Doesn’t interfer with daytime bandwidth!)
- Serving up Eclipse by bit torrent (charitable bandwidth donation)
- Backup my workstations (of course, also works as system partition expander)
- Boinc (charitable CPU and electricity donation)

TODO
- Record my podcasts in off hours (hard, because of need to get the files to synch to itunes)
- Record video in off hours (maybe using Miro, but I watch so little TV, it’s not such a priority)
- Convert my movies to IPod in off hours
- Set up SVN (tricky!)
- Make WHS a usable global “My Music” folder. Challenge is that media libraries get polluted with un-sorted and non-music files.
- Set up 24 hour recording security cam (webcam)

MAYBE
- Set up TOR exit point (donate firewall avoidance software to iranians and/or online hooligans. Not trying to imply that they’re overlapping sets