Talking to myself…..in public

This topic has been written about but not as much as it should have been. Hence, I am repeating it here again. It will also serve as a future reference for me.

DEP stands for Data Execution Prevention. It is a hardware based feature supported by Intel as well as AMD processors that disables execution of code that resides in memory areas marked as data pages. On AMD processors, this feature is implemented as NX (No eXecute) bit, and on Intel processors it is implemented as XD (eXecute Disable) bit. An OS can expose this feature and enable the application to take advantage of this protection. Once enabled, it becomes very difficult to inject and run malicious code using popular exploits such as buffer overflow which injects code on stack or heap memory and branches the instruction pointer (EIP) to execute the code. Microsoft has made this feature available in its operating systems starting with the Windows XP Service Pack 2. This feature can be enabled either system wide, or per application in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003. In Windows Vista this feature is enabled by default for all the system applications. Vista also has an Opt-out feature that allows you to enable DEP for all the (system as well as user) applications except those on the opt-out list. Robert Hensing explains this is great detail in his post. For VC++ developers there is one more way to take advantage of DEP. Visual Studio 2003 and above provide a linker switch called /NXCOMPAT. This switch sets a bit in the executable that indicates the OS loader that the application is DEP enabled. However, there is one catch. Setting this bit in the executable overrides all the other DEP settings - meaning even if DEP is disabled system wide or the application is opted out of DEP, the OS will still enable DEP for that application!!! This is where the problem starts for applications compiled using .NET 2.0 SP1. The C# compiler was updated to set this bit in the assemblies that it creates, and there is no way to unset it as in VC++ linker. If your application does not use native code, then you have nothing to worry about. If your application uses native then you may be in for a rude shock; your application might suddenly crash with IP_ON_HEAP errors. The old ATL framework generated code on the fly that ran on the stack or heap. If your .NET application uses a component or an ActiveX control that was built using the old ATL framework then your application will fail. The option is to recompile your native code using VS2003 or above. If this is a third party component that the vendor has not updated then you may be out of luck. Don't panic however! There is a ray of hope. You can disable the NXCOMPAT bit set by the C# compiler in the executable using the EditBin utility that is a part of Visual Studio installation. If your assembly is strongly named then you will have to resign it using SN utility. I strongly believe that Microsoft made a horrible mistake by deciding to set this bit by default on all the assemblies. It would have been much better if they had provided a switch just like the C++ linker. This new C# compiler feature is not well publicized by Microsoft. All the .NET developers that I have spoken to so far do not even know what DEP or NXCOMPAT is. Following the pure managed code mantra, most .NET developers do not care about native code any more even if they are using native code in their application. There is still lot of native code out there in the enterprises that is incompatible with DEP. There are lot of .NET applications that use such native code. This creates quite a problem when unknowing developers are faced with a situation when their application(s) suddenly stops working by just recompiling it in .NET 2.0 SP1. There are also other breaking changes as well as new properties, methods and Types added in SP1 as mentioned in a post by Scott Hanselman. This situation is made even worse by the release of Visual Studio 2008 as it installs .NET FX 2.0 SP1. Developers are keen to take advantage of the new features in C# 3.0 in .NET 2.0 applications using VS2008's multi-targeting feature. In an enterprise application development scenario, it is quite possible that developers will have .NET 2.0 SP1 on their development and test machines due to VS2008, but the user desktops will not have SP1. If the application uses new methods or types then it will fail on user desktops. Although one might be inclined to blame developers for developing and testing on environment that differs from the user's environment, such a scenario is highly likely to occur since the changes in .NET 2.0 SP1 are not well known. I have been able to find a list of bug fixes in SP1, but there is no knowledge base article that lists the differences between .NET 2.0 and SP1 other than the few scattered blog entries. It is a very bad idea to make such significant changes in a service pack level release. This is however a reality. . . so developers beware!

Visual Studio 2008 has a new feature called Multi-Targeting which allows developers to create applications that use different versions of .NET Framework using the same IDE. This feature has caused quite a bit of confusion among developers. Let me explain what the reason is for this confusion. Up until .NET Framework 2.0 the version of the framework was synonymous to the version of CLR. In fact there was no distinction between the two. Meaning if you were developing for .NET Framework 1.0, then you are targeting CLR 1.0. The same is true for versions 1.1 and 2.0. Starting with version 3.0, Microsoft broke the relationship between the .NET FX version and the CLR version. To put it simply, Microsoft is now considering .NET FX and CLR as two separate entities. Version 3.0 of .NET FX contains new libraries that support new technologies such as WPF, WCF and WF. However, these features were built on top of the existing .NET FX 2.0. However, no changes where made to the CLR, which still remains version 2.0. In reality, the FX 3.0 is actually .NET FX/CLR 2.0 + new libraries. Why Microsoft branded the new set of libraries as a new .NET FX version is beyond me. The marketing groks at Microsoft apparently felt it was the right thing to do. Additionally, the .NET FX 3.5 takes this idiosyncrasy to the next level. The .NET FX 3.5 contains new features such as LINQ as well as some enhancements to the C# language. The C# language gets the new version 3.0. The new features of C# language such as Object Initializers, Collection Initializers, Anonymous types, Implicit Type Inference, and Automatic Properties are compiler features and require no additional supporting libraries. However, lambda expressions and LINQ which are also considered C# language features, do need supporting libraries which are part of .NET FX 3.5. The CLR version for .NET Framework 3.5 is still 2.o. The end result being, .NET FX 3.5 = .NET FX/CLR 2.0 + FX 3.0 (WPF, WCF, WF) + C# 3.0 and LINQ. The relationship between the various versions of .NET Framework, CLR, and Visual Studio is nicely explained by David Broman in his post, so I won't repeat it here. Though, I would like to make one point clear and that is whether you are using .NET FX 2.0, 3.0, or 3.5, you are still targeting the CLR version 2.0. In an interview in the February 2008 issue of DDJ, Microsoft Vice President of Developer Division  S. Somasegar mentions that one of the biggest feature requests that Microsoft received from its customers was the ability to target the older version of .NET Framework using the newer version of Visual Studio. He goes on to mention that using VS2008 you can build applications targeting .NET FX 2.0, 3.0, and 3.5. While this is true, Microsoft is missing the point. While Visual Studio 2005 was in beta (and even after its release), when customers asked for the feature for targeting the older version of the framework, they actually meant CLR 1.0, 1.1, and 2.0. What customers were asking for and what they actually received in VS2008 are two different things. The VS2008 Multi-Targeting feature is quite misleading IMHO. Whether you are using FX 2.0, 3.0, or 3.5, you are still using CLR 2.0. What multi-targeting really does is just provide an easy way to reference different sets of libraries while still using the same old CLR. Since Microsoft changed the meaning of the .NET Framework version and made the distinction between CLR version and the Framework version, I guess they are correct when they say VS2008 supports multiple .NET FX. However, Microsoft also has changed the meaning of the request that the customers originally made and supplied something quite different.  Additionally, they created quite a bit of confusion.

Note: I understand and I am not denying that .NET FX 3.5 is much more than C# 3.0 and LINQ. I am specifically discussing the VS2008 feature, its relationship with FX and CLR version, and the confusion that it has caused.

For those living their lives in Reflector this is very welcome news. Microsoft has released source code of .NET Framework. Shawn Burke has detailed instructions on how to configure VS2008 to use symbols and be able to download source on the fly while debugging. Lot of people have blogged about this. However, some may still have problems making this work. The first time I tried, I was not able to download the source either. I had experimented a lot with different symbol server settings before the source was actually released. Due to this I already had symbols in my local folder which is the reason why the new symbols were not getting downloaded and hence, the source was not getting downloaded. I deleted the local symbol cache and lo and behold, everything started working. Turns out, this was already mentioned in Shawn's post. The key is to read the instructions properly and follow them. Hence I am posting key points below:

1. Enable Symbol Server Support.
2. Disable Just My Code.
3. Configure Symbol URL correctly and provide local symbol folder.
4. If already using Symbol server then delete the local symbol cache -this caused me some trouble for a bit.
5. If the assembly shows grayed out in call stack window then right click and select Load Symbols.

John Robbins has also posted some additional tricks.

Happy Coding!

We finally switched our land line phone service from Verizon to OptimumVoice's VOIP service. Verizon has the worst customer service one could ever imagine. First, they gave everyone a hard time while laying fiber optics for their new FiOS service in our apartment complex. They provided less than a day's notice that they would need access to the apartments and garages for installation. Secondly, they did not show up for installation as they promised while residents had taken a day off work. Thirdly, they left garages wide open without any security person guarding it like they promised they would. And last but not the least, they did not even install fiber optics cables in most of the apartments. When asked, they said it was not necessary at the moment and they will install the cables in the apartments when the residents actually want the service!!! So much for taking a day off for a service that you don't need. A lot of residents complained to Verizon about this, but complaints fell on deaf ears. While speaking to my neighbors about this, some feared that as a result of these complaints Verizon might retaliate by cutting off their phone service and ask them to switch to FiOS. But this was laughed off as a conspiracy theory. Oddly enough, within a week of this saga, five of the neighbors' phones went dead, including mine! Our worst nightmare with Verizon's customer service and repair begins. When called regarding the phone service, some of us were asked in a round about way if we would like to make the switch to FiOS - déjà vu! Verizon would set an appointment, but their service technicians will not show up on time, technicians will call at times other than when the appointment was set etc. After going back and forth for few days a technicians shows up, but is not able to find the problem. The follow up technician is able to find the problem, but not able to fix it. Three weeks later a lady technician fixes the problem within an hour. However, the phone goes dead within 24 hours! Talking to all the technicians we knew where the problem was; it was in the line between the two switch boxes in our apartment complex. Apparently, one pair was shorted and they had to switch to a spare pair. So with this knowledge we call the customer service again and tell them that the problem is external and that the technician should be able to fix it without having to come in the apartment. Nevertheless we go back and forth again like last time. A technician finally arrives after a week and fixes the problem - someone had cut our wires, literally cut the wires at the switch board!!! Less than a week later the phone goes dead again. A call to customer service again, technician dosen't show up at appointment time and leaves a message for us to reschedule, and the following morning Verizon leaves a voicemail (we were able to retrieve the voicemails because the number to access the voicemail is different than our phone number) that they have fixed the problem when they have done absolutely nothing and the phone is still dead!!! Enough is enough!!!

Meanwhile, Cablevision our cable TV and internet service provider, has been trying to woo us for over a year now into switching to its Triple Play service at lower rates for the first year. Simple math showed that we would indeed save some $$ if we switched not only now, but even after the rates go back to normal following the promotion (provided their rates remain the same). We set an appointment with them for today. The technicians show up on time (actually before time). Within half an hour we have a working phone we get to keep the same phone number due to number portability. And guess what? Four of our neighbors in our building have switched to OptimumVoice after going through the nightmare with Verizon. The voice quality is crystal clear and we couldn't be happier having a working phone. If Verizon continues with their tactics, they are bound to lose more customers. Googling for "Verizon Sucks" provides 117,000 results - enough said.

...Again! I decided to blog back in Christmas of 2002. My main intention was to write informative articles at my main site. I started by writing one full article, an incomplete one and a title for another one. Alas, I never progressed beyond that. Its been a long time since then and there are lot of things that I would like to write about. Lets see how it goes this time!

I will be updating the theme of the blog and site design in upcoming weeks. I am not a big fan of the 2 or 3-column layout that is very common as it wastes a lot of space on the page. I am searching for a different, unconventional theme. Hopefully, I will find one soon.

Happy New Year!!!