I was having a bad day at the office a couple of weeks ago. One of the things that makes me feel a little better is to look up some programming jokes. I really am a programmer at heart and a nerdy one at that.
So before I was about to endure the drudgery of the commute home I searched for programming jokes and read a few. There are some great programming jokes out there! I especially like the ones about C++ and UNIX. For example “Unix is user friendly, it’s just particular about who it’s friends are”.
Anyway, I was reading this image and kind of chuckled.
After reading this screen shot I briefly thought to myself “There is no way a DOS prompt now days would say that, but I wonder what it does say”. I decided to give it a try so I <WinKey>+R CMD<Enter>. I was having such a bad day that even typing the word “Happy” was difficult, but the result made me laugh so hard I could hardly keep on my chair:
I suppose it was a little perfect! Happy was unexpected at this time! By the way, 100 points to anyone who can convincingly explain why it does that other than “Some programmer at Microsoft thought it would be really funny!”. If you type “If” or “If Your” into a command prompt it responds “The syntax of the command is incorrect.” which is kind of what I expected. If you type just “your” or “happy” you get the all so familiar error “'your' is not recognized as an internal or external command, operable program or batch file.”
Just for fun here is another programming joke – The color of 6 letter words. I rather like the color of “Cashed”.
The Model-View-ViewModel (M-V-VM or MVVM) pattern has been widely adopted by those who build WPF and Silverlight applications. WPF and Silverlight have such strength in data binding that there is no real need to have any code-behind in a view. It is sometimes difficult to get to this point but once you get there the application becomes much more maintainable, and testable.
This is because a clear separation of concerns where the View’s responsibility (concern) is to display UX controls that are bound to real data. The ViewModel is to represent the data in a way that the View can bind to it and to allow a way to produce a model object as a result. The Model is responsible for validating data and is used to persist back to the database.
While this greatly simplifies a single view, in practice many views/view models need to work together. The controller is supposed to help provide some of this cross-view-model communication. It’s actually a myth that MVVM architecture does not include (or need) a controller. At some point there has to be an object that creates a view-model and opens up a view and by definition that object is the controller.
One simple answer to the problem of communication between different parts of the application is to use the Mediator Pattern. I am by no means the first to suggest the mediator pattern as a possible solution to this problem. Josh Smith, among others, suggested it in a past blog post. The implementation I built is a little unique in that it does not make use of a string or an enum to determine message type.
This implementation allows:
- Views to communicate with the controller in a static-typed way.
- Views to communicate with other views in a static-typed way.
- Messages to be sent to all ICommunication classes that are listening for a specific message type.
- Messages to be sent to all ICommunication classes based on the host classes type.
- Messages to be sent to a specific object (callback).
CS Mediator
But we’ll get to that, lets start at the beginning. First, each class that wishes to participate in communication (ViewModels and the Controller) must impelment the ICommunication object.
public interface ICommunication
{
void ReceiveMessage(ICommunication sender, Message message);
}
The reason all participants must implement this is because we want to make it possible for some ViewModelBase to implement the stuff that is shared between all view models. It is also a “catch all” for messages that do not apply to a better action.
This implementation of the Mediator pattern is based on types. This means that the type of message we send determines how the message is routed. For example, consider the following Message types.
public abstract class Message { }
public abstract class DataMessage : Message { }
public abstract class ActionMessage : Message { }
public abstract class StatusMessage : Message { }
public class StatusUpdateMessage : StatusMessage
{
public string ProgressAction { get; set; }
public string ProgressText { get; set; }
/// <summary>
/// The value to set the progress bar.
/// A negative value hides the progress bar
/// </summary>
public sbyte ProgressBarValue { get; set; }
}
public class CloseWindowActionMessage : ActionMessage
{
public WorkspaceViewModelBase Window { get; set; }
public CloseWindowActionMessage(WorkspaceViewModelBase value)
{
Window = value;
}
}
public class OpenWindowMessage : ActionMessage
{
public string ViewName { get; set; }
}
public class OpenWindowMessage<T> : OpenWindowMessage
{
public T WindowParameter { get; set; }
}
You can see that they all derive from the abstract base class Message, but there are different taxonomies for different kinds of messages. For example, if I want to open a new window and I want to pass a parameter to that window to open it, the type I would use is OpenWindowMessage<Fruit> which derives from OpenWindowMessage. OpenWindowMessage contains the name of the window we want to open. OpenWindowMessage is also an ActionMessage which tells the controller it wants it to do something. ActionMessage simply derives from Message.
Therefore to send a message to open a FruitWindowView with a Banana instance we would call:
// Send a message to open up a new view
Controller.SendMessage<OpenWindowMessage<Banana>>(this,
new OpenWindowMessage<Banana>() { ViewName = "Edit Fruit", WindowParameter = SelectedBanana });
The Controller will receive an OpenWindow message and act accordingly. In fact, at this point you may be curious how a subscriber requests these messages. Here is a excerpt from the Controller:
// Setup Messaging
Controller.Subscribe<ActionMessage>(this, (MessageDelegate<ActionMessage>)((sender, message) =>
{
if ( message is CloseWindowActionMessage )
Workspaces.Remove(((CloseWindowActionMessage)message).Window);
if (message is OpenWindowMessage)
{
OpenWindowMessage openMessage = message as OpenWindowMessage;
if (openMessage.ViewName == "Edit Fruit")
{
AddJobRun(((OpenWindowMessage<Fruit>)openMessage).WindowParameter);
}
}
}));
You can see in this example that the controller is opting to subscribe to any messages that are ActionMessage. This includes messages that are ActionMessage or OpenWindowMessage or CloseWindowMessage, as they inherit from ActionMessage. You can subscribe to messages at any level. If we wanted specific implementation to handle OpenWindow<Peanuts> we can register a message handler to execute specific code when that message is received. The great part is because this is all static-typed our message handler gets full use of code completion features and we do not have to cast our object.
You can start to see that it is going to be very important to keep the types of messages clear, clean, and concise. That’s why I didn’t create an OpenFruitWindowMessage, because an OpenWindowMessage<T> should work for any window that requires a parameter.
Here is the interface for IMediator, which is generally implemented by a Mediator class and is used by the controller.
/// <summary>
/// Subscribe to listen for specific types of messages
/// </summary>
/// <typeparam name="T">The message type to listen for</typeparam>
/// <param name="self">The class setting up the event delegate callback</param>
/// <param name="eventDelegate">The event delegate to receive the messages when they arrive</param>
void Subscribe<T>(ICommunication self, MessageDelegate<T> eventDelegate) where T : Message;
/// <summary>
/// Subscribe to listen for specific types of messages
/// </summary>
/// <param name="self">The class setting up the event delegate callback</param>
/// <param name="eventDelegate">The event delegate to receive the messages when they arrive</param>
void Subscribe(ICommunication self, MessageDelegate<Message> eventDelegate);
/// <summary>
/// Remove a ICommunication object from all communication activity
/// </summary>
/// <param name="self">The ICommunication object you wish to unsubscribe</param>
void UnSubscribeAll(ICommunication self);
// Send Message
/// <summary>
/// Sends a message to any other ICommunication object listening for this message type
/// </summary>
/// <typeparam name="T">The type of message you are sending</typeparam>
/// <param name="self">The sender's ICommunication object</param>
/// <param name="value">The message to send</param>
void SendMessage<T>(ICommunication self, T value) where T : Message;
/// <summary>
/// Sends a message to a specific ICommunication object listening for this message type
/// </summary>
/// <typeparam name="T">The type of message you are sending</typeparam>
/// <param name="self">The sender's ICommunication object</param>
/// <param name="recipient">The direct recipient to send the message to</param>
/// <param name="value">The message to send</param>
void SendMessage<T>(ICommunication self, ICommunication recipient, T value) where T : Message;
/// <summary>
/// Sends a message of a particular type to any other ICommunication object that is of a particular type.
/// </summary>
/// <typeparam name="T1">The type of message to send</typeparam>
/// <typeparam name="T2">The type of object to send the message to</typeparam>
/// <param name="self">The sender's ICommunication object</param>
/// <param name="value">The message to send</param>
void SendMessage<T1, T2>(ICommunication self, T1 value) where T1 : Message where T2 : ICommunication;
Final Notes
You will want to try to manage the lifecycle of your ViewModels as you want to subscribe to messages when the ViewModel is created and UnsubscribeAll when it’s about to go away. Because we use a weak reference it won’t prevent garbage collection but if the class is not yet garbage collected and it receives a message it may throw an exception.
You can download the source files here and they consist of 5 CS files. Note: This solution enlists the help of C# 4 dynamic. As such the implantation in CSMediator.cs will only work under the .NET 4 framework. It may be impossible to back-port to an earlier version, but if you manage it, please send me the code! It’s also great to hear from people who find it useful or have suggestions.
- ICommunication.cs – Required to implement for all objects that wish to participate in communication
- IMediator.cs – The interface for the mediator pattern
- Message.cs – The various types of messages that are pre-defined. You will want to change and configure this file.
- MessageRoute.cs – A helper class that keeps track of actions, owners, and registration information.
- CSMediator.cs – This is the main implementation of the Mediator pattern and the IMediator interface. Ideally, your Controller will create an instance of this class as part of it’s lifecycle and provide each ViewModel with a reference during their lifecycles.
References:
This past weekend I got to fly to Denver and present at the Rocky Mountain Tech Trifecta v2. It was a lot of fun! I can see why people get addicted to code camp!
My presentation was on Silverlight 4 and some of the new features in this release. There were so many new features that I couldn't possibly cover them all, but I did hit quite a few.
Here is the screen cast.
I got to Denver in on Friday afternoon and rented a car. The car rental place was a mistake…I could see that from almost the get-go. I saw a shuttle for every other rental care place before I saw one for E-Z Rent-a-car. I waited only about 20 min’s and I was on my way there. When I got there, I passed big shiny car lots, and then at the end of the big long line was a run-down looking building where my car was waiting! Yay! Good thing I found a place that was $5 cheaper than the rest. Undeterred – I’ll do almost anything for a good deal – I went in and got my car. It felt more like a used car dealer than a rental car place. The guy at the counter said that I should note any damage on a piece of paper and then he ripped it off and took the half they keep so I didn’t really get a chance to inspect the car. There seemed to be a lot of pressure to buy the rental insurance (even though your insurance carrier covers you for liability).
The car had other problems too. It was, by my reckoning, a couple of years old and was in pretty good condition for that age, but the dash board said that there was a tire pressure gauge fault and I couldn't see my mileage or trip meter. That is really useful when you’re following directions that have a mileage. It also made some pretty ugly noises at freeway speeds. This was not the last of the car issues, but more on that later.
I stayed at the Comfort Inn about 10 miles from down town. It was pretty nice. It was a bit on the small side, the desk chair was uncomfortable, but the bed was VERY comfortable and the bedding was very clean and fresh.
![IMG_0194[1]](http://interactiveasp.net/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/natesstuff/IMG_5F00_01941_5F00_thumb_5F00_37290672.jpg "IMG_0194[1]")
![IMG_0197[1]](http://interactiveasp.net/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/natesstuff/IMG_5F00_01971_5F00_thumb_5F00_13982841.jpg "IMG_0197[1]")
![IMG_0196[1]](http://interactiveasp.net/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/natesstuff/IMG_5F00_01961_5F00_thumb_5F00_339EFB32.jpg "IMG_0196[1]")
![IMG_0206[1]](http://interactiveasp.net/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/natesstuff/IMG_5F00_02061_5F00_thumb_5F00_08B25D54.jpg "IMG_0206[1]")
One funny thing was the flagpole outside my window. Check this out!
![IMG_0199[1]](http://interactiveasp.net/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/natesstuff/IMG_5F00_01991_5F00_thumb_5F00_75C99FDD.jpg "IMG_0199[1]")
Notice a flag missing? Notice that thing in the tree? That’s right. The flag for the great state of Colorado is stuck in a tree! I also had bunnies outside of my window so it wasn’t all bad.
There was a party the night before the event for the presenters. it was lots of fun!
![IMG_0200[1]](http://interactiveasp.net/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/natesstuff/IMG_5F00_02001_5F00_thumb_5F00_46571D12.jpg "IMG_0200[1]")
The Tech Trifecta is huge! Almost 4 times as large at the Utah Code Camp. It was a bit annoying that there wasn’t enough room for the Silverlight birds of a feather and there wasn’t enough room in the keynote. The only other complaint I had was that it seemed like Session 4 had a bunch of the Microsoft technologies bunched together so you had to pick and choose between ones that you only kind of wanted to see for earlier sessions and between ones you really wanted to see on the later ones.
![IMG_0207[1]](http://interactiveasp.net/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/natesstuff/IMG_5F00_02071_5F00_thumb_5F00_4F7F1E87.jpg "IMG_0207[1]")
![IMG_0208[1]](http://interactiveasp.net/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/natesstuff/IMG_5F00_02081_5F00_thumb_5F00_1643E1EC.jpg "IMG_0208[1]")
![IMG_0209[1]](http://interactiveasp.net/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/natesstuff/IMG_5F00_02091_5F00_thumb_5F00_2D1E9F69.jpg "IMG_0209[1]")
![IMG_0210[1]](http://interactiveasp.net/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/natesstuff/IMG_5F00_02101_5F00_thumb_5F00_1A6591B3.jpg "IMG_0210[1]")
![IMG_0211[1]](http://interactiveasp.net/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/natesstuff/IMG_5F00_02111_5F00_thumb_5F00_2C89F8DC.jpg "IMG_0211[1]")
![IMG_0212[1]](http://interactiveasp.net/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/natesstuff/IMG_5F00_02121_5F00_thumb_5F00_5CBC93C6.jpg "IMG_0212[1]")
Right after I finished my presentation I had to head to the airport. The rental car place will charge you $5 per gal of gas so you need to bring it in full! I figured I would take an exit or two before the airport and fill it up there. I took the exit before the airport and drove over 10 miles before I saw a gas station! No Kidding! I was starting to think that maybe cars in Denver were powered by batteries or something! Needless to say it was an unplanned detour that added 20 min’s to my trip to the airport. It was only then that I saw there was a gas station right next to the airport. Live & Learn!
Here is where things get really fun! I returned the car to the rental place where they inspected the car post haste. The lady handed me the inspection slip and I went inside. That's where I was told that somehow I must have scratched the rear bumper! I was VERY ANGRY!! There was no way that I damaged that car even a little bit! I guess that's what you get when you don’t buy the all-but-mandatory insurance. It took me another 20 min’s to put up enough of a fight that they waved the damage charges. I now had less than 1 hour to get to the airport. The shuttle driver sure took his sweet time and then dropped me off in the wrong wing.
I go to check in with Delta and it wouldn't let me check in (because my flight was within 45 min’s) so I had to wait at the ticket counter. The lady was going to reschedule my flight as it was leaving in just 30 min’s and I was departing from the C-gate. She eventually agreed to give me the boarding pass and told me to RUN to the gate. The rest of the passengers had already boarded. I ran to get through security and picked the shortest of the 6 screening lines. It wasn’t really one of those thing where you could jump to a different lines. The person in front of me took EVERYTHING for carry on including a cheesecake! Apparently it’s impossible to tell the difference between cheesecake and explosives? Yum, C4 with graham cracker crust and cream cheese frosting. After getting through security I only had 10 min’s to make it to the C-gate. I hopped on the tram, got to the C-gate, and they plan took off almost immediately after I boarded!
I hope to be able to go next year but perhaps I’ll drive up instead.
This is a pretty quick post with the notes and screencast from the training I did for an internal company training. I also planed to give this presentation at the NUNUG meeting in February but my new baby girl decided that she wanted to come that day.
Remember, this is Beta software and can change from the actual release. Also, I do not work for Microsoft so if I did something incorrectly, I apologize! :)
// Entity Client & Entity SQL
using (EntityConnection conn = new EntityConnection("Name=UtahCodeCampEntities"))
{
conn.Open();
EntityCommand cmd = conn.CreateCommand();
cmd.CommandText = @"SELECT VALUE p
FROM UtahCodeCampEntities.Presentations AS p
WHERE P.EventID = @EventID";
cmd.Parameters.AddWithValue("EventID", 1);
DbDataReader rdr = cmd.ExecuteReader(CommandBehavior.SequentialAccess);
while (rdr.Read())
Console.WriteLine(rdr["Title"]);
}
// Object Services & Entity SQL
using (UtahCodeCampEntities data = new UtahCodeCampEntities())
{
ObjectQuery<Presentation> presentations = data.CreateQuery<Presentation>(
"SELECT VALUE p FROM Presentations AS p WHERE p.User.UserID = @UserId",
new ObjectParameter("UserID", 5));
foreach (Presentation presentation in presentations)
Console.WriteLine(presentation.Title);
}
// Lazy Loading with Object Services
using (UtahCodeCampEntities data = new UtahCodeCampEntities())
{
ObjectQuery<Presentation> presentations = data.CreateQuery<Presentation>(
"SELECT VALUE p FROM Presentations AS p");
foreach (Presentation presentation in presentations)
{
if (!presentation.UserReference.IsLoaded)
presentation.UserReference.Load();
Console.WriteLine(string.Format("{0} Suggested the topic: {1}",
presentation.User.UserName,
presentation.Title));
}
}
// Eager Loading with Object Services
using (UtahCodeCampEntities data = new UtahCodeCampEntities())
{
ObjectQuery<Presentation> presentations = data.CreateQuery<Presentation>(
"SELECT VALUE p FROM Presentations AS p").Include("User");
foreach (Presentation presentation in presentations)
Console.WriteLine(string.Format("{0} Suggested the topic: {1}",
presentation.User.UserName,
presentation.Title));
}
// LINQ to Entities with Lazy Loading
using (UtahCodeCampEntities data = new UtahCodeCampEntities())
{
var presentations = from p in data.Presentations
where p.Title.Length > 30
select p;
foreach (Presentation presentation in presentations)
Console.WriteLine(string.Format("{0} Suggested the topic: {1}",
presentation.User.UserName,
presentation.Title));
}
// LINQ to Entities with Eager Loading
using (UtahCodeCampEntities data = new UtahCodeCampEntities())
{
var presentations = from p in data.Presentations.Include("User")
where p.Title.Length > 30
select p;
foreach (Presentation presentation in presentations)
Console.WriteLine(string.Format("{0} Suggested the topic: {1}",
presentation.User.UserName,
presentation.Title));
}
// POCO Insert New Object & Transaction Support
User u = new User();
u.UserName = "JohnDoe999";
u.PassHash = "APasswordHere";
u.FirstName = "John";
u.LastName = "Doe";
u.EmailAddress = "JDoe@compserv.com";
u.ShirtSize = "XL";
u.CreatedDate = DateTime.Today;
using (UtahCodeCampEntities data = new UtahCodeCampEntities())
{
DbTransaction trans = data.Connection.BeginTransaction();
data.Users.AddObject(u);
data.SaveChanges();
trans.Commit();
}
// POCO Update Object
User usr = null;
using (UtahCodeCampEntities data = new UtahCodeCampEntities())
{
usr = data.Users.Where(n => n.UserName == "JohnDoe999").Single();
}
// Send user over WCF -- Simulated Disconnected Scenerio
usr.ShirtSize = "M";
// Return back to server
using (UtahCodeCampEntities data = new UtahCodeCampEntities())
{
data.Users.ApplyChanges(usr);
data.SaveChanges();
}
I hope this helps someone who is looking for some answers on how to do stuff.
I am in the middle of a great book right now called The Mother Tongue. It’s about the origin of the English language. In the early pages it pokes a little fun at the attempt some companies who have a false mastery of the language.
I seem to buy a lot of these products and they are hilarious! I’ve been meaning to post this image for a while! It’s the back of the box of my network cable tester.
My favorite is the “Attention”, “Do not change it on your mind.” I can’t even fathom what it’s trying to warn me against. I’ve got a manual for my XO brand radio that is just as bad! Most of the time you have no clue what it’s trying to tell you. The Radio, by the way, is not much better. The English on it is pretty simple, but there are large sections of the user interface that are not translated from Chinese! It’s also a pretty poor MP3 player which sucks because that is the feature I purchased the radio for.
There are three main tools used in cryptography. They are hashing, synchronous encryption, and asynchronous encryption. A very superficial definition could be:
Hashing – Creating a unique value based on blocks of input. Even a minor change in the input, say a value changes by 1 bit, will cause a good hash to change drastically. Ideally, every bit in the right place is the only way to create this number. Hashing is a one-way function so it is not useful for data hiding, but it is very useful for validating the authenticity of data such as a download or a certificate. It is used to ensure that a message has not been tampered with. If even a little change is introduced the unique value becomes very different. If two different blocks of data are hashed using an algorithm that produces the same resultant value it is called a collision, and the algorithm is considered compromised. This is because a malicious hacker could change the value of the data and still have the resulting hashed value not change. When this happens the hash algorithm is useless. This actually happens a lot!
Synchronous Encryption – This means changing an input block using a key into something unrecognizable by anyone not in possession of that key. This type of encryption is what people most commonly think of when you talk about encryption and has been used since about 1900 BC! Depending on the size of the key and the technique used, It is also the most difficult to break.
Asynchronous Encryption – Two keys are generated that are mathematically linked. A key that is used to write (public key) and another key to read (private key). The idea is that a public key can be given to whomever wants to communicate with us. It doesn’t matter if a hacker captures this key because it doesn’t allow them to read the message that the client sends back. In the case of SSL/TSL the message that the client sends back is a key to use for synchronous encryption.
Only the recipient whom has the private key will be able to unlock this message and be able to further communicate with the key that was sent. The only way to break this type of encryption is to guess the key, but if you have sufficient key lengths (1024 is now standard in the US, for example), then a brute-force attack would take longer than the Universe has to live to guess the key. Furthermore, because we passed a random set of data (a new synchronous encryption key) a hacker wouldn't know if they successfully cracked the message or not.
This may sound all well and good but SSL/TSL breaks down if the authenticity of the RP (Remote Party / Server) cannot be verified. That is why we have CA’s, or Certificate Authorities. The job of a CA is to vouch for the authenticity of the remote party. This means that IF YOU GET A CERTIFICATE WARNING THIS IS THE ONLY THING PROTECTING YOU FROM A MAN-IN-THE-MIDDLE ATTACK. If someone relayed communication between you and the remote party the certificate warning is the only thing that will protect you.
Actually, all three of these cryptographic technologies are used in SSL/TSL. If you have ever gone to an https website and clicked on the “lock” icon, this is what you are likely to see.
The first tab states that the certificate’s purpose is to “Ensure the identity of a remote computer” and has some information about the CA and expiration date. In the second tab you can see that the hash algorithm is SHA1 and that the public key is an RSA 1024 bit key. Symmetric communication takes over when we pick a key and a symmetric encryption algorithm. The server may reject the algorithm we selected and you would be forced to pick again until you both agreed on which algorithm to use. Now days it’s likely to be Rijndael AES encryption that is chosen to communicate the rest of your session.
Back to Hashes
Hashes are usually considered the weakest link in this chain of cryptography. To date the following hash algorithms have been compromised: HAVAL, MD2, MD4, MD5, PANAMA, RadioGatun, RIPEMD, SHA-0, SHA-1, and Tiger. Many of these algorithms are not completely compromised, bur rather practically compromised. We know that we can break them but it’s unfeasible. That is to say that generating a collision for a message is likely to be more difficult than it’s worth. The most common algorithms in use today are MD5 and SHA1, both of which have recently been compromised.
In 1996 a flaw was found in the design of MD5 and in 2007 it was broken completely and it was demonstrated that a pair of files could be created which have the same hashed value and they were able to fake SSL certificate validity. This caused the DHS (Department of Homeland Security) to issue a statement indicating that the MD5 function should be considered cryptographically broken and that it is unsuitable for further use. This is no small thing as we have an insatiable addiction for MD5! We use it everywhere! Everywhere else we use SHA-1 which has also been cracked. The DHS suggests SHA-2 but since it is algorithmically similar to SHA-1 there is a good chance it won’t be effective for very long.
So how do we make hashes stronger?
I don’t believe that we are all of a sudden going to invent a new generation of hashing algorithms that are significantly stronger. In fact, if anything we’re getting better and better at cracking these hash functions so they have shorter and shorter lifespan. I think what we will have to do is become more inventive in our use of them.
Hash functions work a lot like block ciphers (synchronous encryption), that is they work on blocks of data at a time. If you are going to fool a hash function then you either need to make the tampered block result in the same hashed value or you need to “balance” out the message in a later block. Blocks are typically 512 bytes of data. If there is a remainder at the end of the message it will be hashed with a partially-empty block.
One obvious thing you can do to protect yourself is to supply more than one type of hash for any given set of data. So, for example, if you download a file from the Internet you sometimes see a few different hashes. You may fool one hash, but you’re not going to fool two hashes with the same collision, especially if the two hashing algorithms are unrelated.
While using two hashes seems a reasonable approach there are some down sides. First, it’s twice the work for your computer hashing the same bits using two different hash functions. Secondly, it is not possible in every scenario where a single hash must be used. One example of this is the use of HMAC authentication. Such authentication works kind of like this:
| Client | | Server |
| User “nzaugg” wishes to authenticate | ------> | |
| | <------ | Okay, here is a very large and unique phrase. |
| Hash(Password+Phrase) | ------> | Yep, that’s what I get when I Hash(Password + Phrase) |
We can’t really send more than one hash as a response and even if we did, it wouldn't help any.
While playing with a pair of hacked files I had an idea which could still use MD5 but stagger the hashes so the blocks align differently, then hash those hashes together. It sounds pretty home-brew, but let me explain.
Offset Hashing
Lets say that I have that same hash as before but I have compromised data in block #1 (red line). If we hash that data again with different data before it and at a different place in the block it will yield a different result. In order for this to work though, we need actual data in the offset blocks (in blue). We can simply take the last 256 bits from the end of the file for the beginning and the first 256 bits for the end. We could also fill it with A..Z, etc. It doesn’t matter too much but should be convention. This is important because if we left the blocks on the beginning and the end empty then we could not detect tampering on those two blocks using MD5 as it’s somewhat position independent. At least it didn’t work when I tried it. It has more to do with what values preceeded it and therefore produced the same value if the previous values were all zero.
And using no new hashing algorithms we can now detect the hash tampered data. It’s still about twice as expensive as a 1-pass hash but overall hashing is fairly inexpensive and modern computers more that compensate. It may be possible to calculate a collision once, but is impossible to calculate the collision for one hash pass and have it work for the other.
It was a little troubling to me that unless the blue squares were filled with some data I was unable to detect the changed data. So I thought why not offset hash with two different hash algorithms and then use a 3rd to hash together the results of the other two hashes. I could use MD5 for pass 1, SHA-1 for pass 2, and SHA-2 to combine the two passes into a single hash.
The result is an unbeatable hash! It doesn’t matter that both SHA-1 and MD5 have been broken, no one has ever broken the pair used together and offset hashing makes that task even more impossible especially considering that the two algorithms chosen are very different algorithms. The third algorithm doesn’t need to be different than one of the other two chosen, it essentially just helps make subtle differences in the hashes stand out.
By the way, BitTorrent downloads rely heavily on hashing functions for both data verification (did I hear you correctly) but also for authenticity. There are programs out there (links below) that can change the file and get it to generate the same hash. When you download stuff off of BitTorrents you can never know what you are downloading does not contain a virus. Even if they were to use my staggered diff hash idea the virus could have been there before the torrent file was even created.
Links
A short time ago I was working on a project using SQL Server Full Text Search. This was my first real deep exposure to the engine and it worked pretty well. However, for the project I was working on there were some very serious problems that I was never able to overcome. Try as I might to tweak SQL Server Full Text Search I was never able to tweak it as much as I needed.
Here are some of the problems that I faced while playing with the Full Text Engine:
- SQL Server Full Text Engine 2005 (FTE) had some scalability issues. I didn’t so much need it to index hundreds of millions of rows (although it needed to be able to do a lot of records) but mostly I need a lot of queries per second. It seemed to only be able to run on a single processor at at time. If someone did a ridiculously huge query everyone else on that server would come to a halt! On a box with 8 logical processors this was not acceptable!
- FTE has not capability for compound words (i.e. the term ‘Riverboat’ and ‘River Boat’). Sure, you could put such pairs in the Thesaurus as expansions, right? Well, I will get to that.
- FTE black boxed the word breaker. You might think that this is not a big deal but you would be wrong! FTE considered the ampersand ‘&’ a word breaker when I needed it to not be. For example, in FTE if you did a search for ‘R&B’ the ampersand would break that into the words ‘R’ and ‘B’. Both of such are in the noise words list by default. Therefore, the terms ‘R&B’ and ‘AT&T’, etc, were optimized out of the query by design. Creating your own word breaker is possible but very difficult and not recommended. Also, I needed an underscore ‘_’ to break words and it did not.
- The ranking information that came back from FTE was not very good. This is because the ranking could not be used to compare two different queries and also because the ranking data was not very good. The numbers were not very evenly distributed. IE, I might have the top 30 rows with a rank of “34”, and the rest had a rank of “20”. The numbers are also arbitrary and meaningless.
- The ‘FREETEXTTABLE’ term is useless! It will only UNION sets rather than INTERSECT them. This means that a search for ‘Sax’ could return 1,254 rows while the term ‘Tenor Sax’ would return 2,259 rows. Every term you add will increase the size of the result rather than decrease it. We had to use the ‘CONTAINSTABLE’ search term but that led to problems with any compound word in the thesaurus and looked awful! Something like:
(“Sax” OR “Sax*” OR FORMSOF(“Sax”) OR THESAURUS(“Sax”))
That is for a one term word. Each word would need it’s own set of criteria.
- FTE was kind of slow on the larger queries. Returning a set of over 1,000 seemed to be quite a chore!
- In order to add things to the thesaurus you had to change the XML file and restart the service. You may even have to rebuild the index – I don’t remember.
- Every few days or so the searches would slow down a lot! In order to get it speed back up we had to shut down the FTE service and the SQL Server service and rebuild the index. We hoped to write a script to do this chore every so often but for some reason the script that Management Studio generated didn't seem to work the same way.
That's all well and good, but what did I gain by writing my own version?
- Most of the code is reentrant and the code that is not uses highly efficient reader/writer locking to make sure the index doesn’t change out from underneath you! This means that I can fully utilize all logical processors on the machine and large queries will not interfere with smaller ones.
- It also means that the index can be rebuilt while the old index is still in use. Once the build is complete they can be quickly and easily swapped.
- I was able to create ranking that yielded very nice even distribution between every result in the set. (more on this below)
- I was able to pull word breaking terms from a file. There is also one file per language. These files are also used to break the search term that was used to create the index. Because it uses the exact same word breaker on both the search terms and the index data we got much better search matching! Terms like ‘R&B’ were indexed and searched for in the same way. Noise words would be dropped the same way as well. It made working with compound words possible.
- This search is much faster than SQL Server FTE. All my queries returned in less than 100ms, usually much less!
- Ranking could be customized. (more on this below)
- I was able to create a ‘FREETEXTTABLE’ style query that reduced the number of results as the search term became more specific.
- I could change the thesaurus on the fly.
- I was able to manage compound words much more effectively.
- I got to implement my own custom Binary Search which was pretty fun!
Before you go tearing off to download my version of search and rip out SQL Server FTE, there are some tradeoffs to using my system. Most notably I keep my index in memory where I don’t believe FTE does that. In the case of this project it only resulted in ~16MiB of memory usage per language. We had 32GiB of memory on that system so that isn’t such a big deal even with the pretty deep set of data indexed. But if you had 100 million or more then this may not be a good solution for you.
CSharpQuery is also slower at creating the index. It seems like the index creation for FTE is almost instantaneous where it takes about 10 seconds per language to build mine. Again, not a big deal in most cases but could be problematic for very large data sets. Lastly, FTE is able to provide the data right to you in T-SQL and is easy to setup and consume. CSharpQuery will merely give you a list of indexes and ranking info and you are expected to get the data into SQL Server yourself. Although, this does mean that it can be used outside of SQL Server which is a plus!
The real genius in the CSharpQuery code is the ranking. As mentioned above the ranking in FTE has two fatal flaws. It doesn’t allow the rankings to be used outside of the result set and the ranking values is pretty scant. In a typical result set of 100 rows, there would only be maybe 5-10 distinct numbers for ranking data. This means that there are large sections that appear unsorted or unranked! This is a pretty difficult problem to come up with a ranking algorithm that is both universal in it’s application and provides a ranking so unique and precise as to almost be synonymous with a hash.
This is accomplished by using these four filters:
- Word Proximity – How close are the search terms to each other?
- Multiple Occurrence – How many times does the search term appear in the indexed phrase?
- Low Phrase Index – Are the search terms found near the beginning of the phrase, perhaps in a title?
- Word Matching – Did we find the exact words or did we use the thesaurus or front word matching to find this row?
The ranking of results is the most complex part of the code. It is also the most process intensive. Each row is ranked independently based on the 4 different filters. Each filter ranks the row between 0 and 1. To produce the final rank, each filter result is weighted as some filters are better at finding what you are looking for than others. Based on this setup some of the less discretionary filters can be used to break ties. This results in a very nice even distribution between the entire result set. The final ranking number is also a number between 0 and 1.
Another great feature of CSharpQuery is the tweaked thesaurus for compound words. Lets say that you were looking for a song titled “Riverboat Shuffle”. In FTE if we were to simply do a thesaurus lookup on “Riverboat” we’ll also get “River Boat”. This means it will return all results with river and boat but not necessarily together. In my version of the thesaurus the exact same results are returned from the queries “Riverboat Shuffle” or “River Boat Shuffle”.
NOTE: The thesaurus that comes with this download is not necessarly a great one. Basically I used a dictionary to find compound words but discovered that there are a lot of words that to a computer look like a compound word but are actually not. Such an example is “monkey” was found from “mon” and “key” but “mon key” is not the same as “monkey”. It is your responsibility to clean up the thesaurus. If you would like you can also send it back to me when your done so everyone else can benefit.
Building an Index
In yet another instance of “It’s free for a reason”, CSharpQuery doesn’t come with any kind of tool to build your index for you. Instead you have to make a small program to build the index. This can also be advantageous. For example, in my C# code I combine different rows from various track tables. This way even though the composer is part of a different table, typing their name in will show all of the tracks for that composer.
public static void UpdateCSharpFullTextSearchIndex(
IDataStore con, int langId, CultureInfo cultureInfo,
string cSharpQueryIndexDirectory) {
// Quicksearch SQL
string quicksearchSql = @"
SELECT
t.TrackID,
p1.Text + ' ' + -- TrackName
p2.Text + ' ' + -- TrackDescription
p3.Text + ' ' + -- AlbumName
p4.Text + ' ' + -- LibraryName
ar.ArtistName + ' ' +
t.Publisher as IndexText
FROM Track t
INNER JOIN Album a
ON t.AlbumID = a.AlbumID
INNER JOIN RecordLabel r
ON a.RecordLabelID = r.RecordLabelID
INNER JOIN Artist ar
ON t.ArtistID = ar.ArtistID
INNER JOIN Phrase p1
ON t.Title_Dict = p1.DictionaryID
AND p1.LanguageID=@LangID
INNER JOIN Phrase p2
ON t.Description_Dict = p2.DictionaryID
AND p2.LanguageID=@LangID
INNER JOIN Phrase p3
ON a.AlbumName_Dict = p3.DictionaryID
AND p3.LanguageID=@LangID
INNER JOIN Phrase p4
ON r.RecordLabelName_Dict = p4.DictionaryID
AND p4.LanguageID=@LangID";
SqlConnection conn = Con(con).Connection as SqlConnection;
try {
conn.Open();
SqlCommand cmd = new SqlCommand(quicksearchSql, conn);
cmd.CommandType = System.Data.CommandType.Text;
cmd.Parameters.AddWithValue("@LangID", langId);
SqlDataReader rdr = cmd.ExecuteReader();
SQLServerIndexCreator creater = new SQLServerIndexCreator();
// Quicksearch Index
creater.CreateIndex(
"QuickSearch", // The name of the index
cSharpQueryIndexDirectory, // Index Dir
rdr, // An open Data Reader
cultureInfo, // The culture info for this index
"TrackID", // The [Key] (int) column of the index
"IndexText"); // The [Value] column of the index
rdr.Close();
} finally {
if (conn != null &&
conn.State == System.Data.ConnectionState.Open)
conn.Close();
}
}
As you can see in this index creation example, we concatenate the track name, track description, album name, and library name for the quick search index. This will then create the .index file like “Index_QuickSearch.en-US.index”. You will notice the file is in the format of “Index_[index name].[culture code].index”. It is important to have a few things in place before you try this. The following files should exist by default:
- Invalid Chars.txt – Contains invalid chars like [tab]~{}[CR][LF], etc.
- Noisewords.global.txt – Contains words that are not useful to index like [a-z], “and”, “the”, etc.
- Substitutions.global.txt – Contains a list of substitutions you wish to make, this is usually used to indicate what symbols break words and which ones do not. For example: “:= “ means that we’re going to substitute the “:” sign for a blank space.
- Thesaurus.global.xml – The thesaurus contains synonyms and compound words. NOTE: if you use the compound word functionality, the compound term must come second.
- WhiteSpace.global.txt – This file tells the work breaker which chars are whitespace so those can be safely used to split the word terms.
These files all work together to help create a better index. You will also notice that the convention is “.global.txt” for these files. That is because for each culture you will want to specialize these files for these languages. So you can have the file “WhiteSpace.en.txt” and “WhiteSpace.en-us.txt” etc. The global lists are merged with the list for a specific language so they are global for all languages.
Congratulations, you now have an index! Now for the easy part – Using the index. A typical full text query will look something like this:
public static List<Track> QuickSearch(
IDataStore con,
string csharpQueryIndexLocation,
string searchCriteria,
int recordLabelID,
int pageSize,
int pageNumber,
SortCriteriaType sort,
Language uiCulture,
User user,
out int rowCount) {
rowCount = 0;
int? labelID =
(recordLabelID > 0) ? recordLabelID : (int?)null;
FreeTextQuery.DatabasePath = csharpQueryIndexLocation;
CultureInfo ci =
uiCulture.LanguageID == 1 ?
CultureInfo.InvariantCulture :
new CultureInfo(uiCulture.CultureCode);
List<QueryResult> trackResults =
FreeTextQuery.SearchFreeTextQuery(
"QuickSearch", // The Index Name
ci, // The culture info
searchCriteria); // The search term
string trackIDxml = FormatResultsAsXml(trackResults);
// Do the search
int? nRowCount = 0;
var searchResults = Con(con).QuickSearch2(
trackIDxml,
uiCulture.LanguageID,
pageSize,
pageNumber,
labelID,
user.UserID,
(int)sort,
ref nRowCount);
rowCount = nRowCount ?? 0;
return searchResults;
}
The code above simply calls FreeTextQuery.DatabasePath to set the location of the text index. You only need to set this path once since it is static but I set it for every call, just in case. Next I call FreeTextQuery.SearchFreeTextQuery to perform the search. This returns a list of QueryResult which gives you back the [Key] that you specified when creating the index, the rank (presorted), and the locations of the words in the original [Value] that it matched to. This is very handy if you wanted to do something like highlight search terms especially if you want to also highlight words that matched via the thesaurus.
After I get my results I call a function called FormatResutlsAsXml so I can get an XML string to send to SQL server and join these keys to the actual track information. My implementation of FormatResultsAsXml actually uses a StringBuilder because I found this to be a little quicker at creating an XML string.
private static string FormatResultsAsXml(
List<QueryResult> phraseResults) {
if (phraseResults == null || phraseResults.Count == 0)
return null;
StringBuilder sb = new StringBuilder();
sb.AppendLine("<root>");
foreach (QueryResult r in phraseResults) {
sb.AppendLine("<result>");
sb.AppendLine("<key>" + r.Key + "</key>");
sb.AppendLine("<rank>" + r.Rank + "</rank>");
sb.AppendLine("</result>");
}
sb.AppendLine("</root>");
return sb.ToString();
}
All we have to do now is pass this into our stored proc. Now, at about this point I’m sure you are thinking something along the lines of I’m using SQL Server 2005, why not use the XmlDocument rather than pass this value in as text. The answer to that question is simple – For some very strange reason the new XML capability in SQL 2005 is VERY SLOW! It is unusably slow for sets of data larger than just 500 nodes!
Here is a snippet of my T-SQL code:
ALTER PROCEDURE [dbo].[QuickSearch]
(
@TracksKeysXml text
,@LanguageID int
,@PageSize int
,@PageNumber int
,@RecordLabelID int = NULL
,@UserID int
,@SortID int = NULL
,@RowCount int OUTPUT
) AS
BEGIN
DECLARE @Tracks TABLE
(
TrackID int primary key,
[Rank] real
)
IF ( @TracksKeysXml IS NOT NULL )
BEGIN
DECLARE @xmlDocTracks int
EXEC sp_xml_preparedocument
@xmlDocTracks OUTPUT,
@TracksKeysXml
/* xml input:
<root>
<result>
<key>123456</key>
<rank>0.75245</rank>
</result>
</root>*/
INSERT INTO @Tracks
SELECT * FROM
OPENXML(@xmlDocTracks, '/root/result', 2)
WITH ( [key] int 'key[1]', [rank] real 'rank[1]')
EXEC sp_xml_removedocument @xmlDocTracks
END
...
It’s as easy as that! Feel free to leave a comment if you have any questions.
This software is distributed under the terms of the Microsoft Public License (Ms-PL). Under the terms of this license, and in addition to it, you may:
- Use this code royalty free in either open source or for profit software.
- You may not remove the copyright notices from any of the files.
- You may not charge any 3rd party for the use of this code.
- You may alter the code, but must not distribute the source once it has been altered.
- You should give the author, Nathan Zaugg, credit for code whenever possible.
- The code is provided to you as-is without any warranty, implicit or explicit.
I would also appreciate it if you left a comment if you found the code to be useful.
You may download the source from here: http://interactiveasp.net/media/p/1124.aspx
UPATE: This project is now being maintained on CodePlex. See http://csharpquery.codeplex.com/ to get the latest code.
Microsoft Public License (Ms-PL) This license governs use of the accompanying software. If you use the software, you accept this license. If you do not accept the license, do not use the software. Definitions The terms "reproduce," "reproduction," "derivative...
We have all seen the TV commercials of Mac and PC standing there while the Mac makes some funny remark about how unreliable PC is or how much more fun Mac is. We all got a good laugh and I even started recording them before realizing that they were available online. I also think that Microsoft had a good laugh, at first. Or at least until it became clear that this one-sided add campaign was really starting to hurt their reputation.
Microsoft, perhaps wanting to fire back started a series of TV commercials that were horribly unfunny! Those were followed by vague “I AM PC” commercials that weren’t meant to be funny but didn’t have much substance either. Now Microsoft has started the “Buy anything you want for $1,000 or $1,500 – BINGO! The commercials, in my opinion, are very effective at dispelling the myth that Mac’s are better than PC’s. This has been dubbed the “Mac Tax”.
They aren’t convincing everyone though. It was a comment from Redmond Report newsletter that got me fired up!
MAILBAG: THE MAC TAX THAT ISN'T, MORE
Microsoft has been talking up the so-called "Mac tax" to dissuade
people from moving to Apple. Marc thinks it's a little disingenuous to
call it that:
"For what it is worth, the 'Mac Tax' is not real! If you want, you
can configure a Dell with specifications virtually identical to any
Macintosh in the Apple product line and come up with very nearly
identical pricing. The catch, of course, is that an Apple Macintosh
is severely overpowered to meet the needs of most folks. Most folks
can meet their computing needs with a $500 to $800 Dell, or they can
go overboard and spend $1,000 and get a 'fully loaded' Dell that will
last them a good five years. Or, they can buy a 'bottom-of-the-line'
MacBook.
The truth is that if Apple could sell as many computers as Dell or
HP, they could afford to sell low-end $500 computers, but because
they don't sell a large enough number of computers to tolerate the
extremely narrow profit margins Dell and HP get on those $500
systems, Apple simply cannot afford to do so. Dell and HP 'take a
loss' on those entry-level systems but they make it up on very high
volumes and the occasional sale of $1,000-plus systems. All of
Apple's systems must be $1,000-plus systems for them to stay
in business."
-Marc
Well Marc, that sounds like a challenge! I completely disagree with the argument that you can configure a Dell with specifications virtually identical to any Mac and come up with nearly identical pricing.
Mac vs. PC Challenge
So what does Apple have to offer?
| 
White MacBook
| 
MacBook
| 
MacBook Air
| 
MacBook Pro
| 
MacBook Pro
|
| Price |
2.0GHz, 120GB $999.00
|
2.0GHz, 160GB $1,299.00
2.4GHz, 250GB $1,599.00
|
1.6GHz, 120GB $1,799.00
1.86GHz, 128GB SSD $2,499.00
|
2.4GHz, 250GB $1,999.00
2.66GHz, 320GB $2,499.00
|
2.66GHz, 320GB $2,799.00
|
| Display |
13.3-inch (viewable) glossy widescreen
1280 x 800 pixels
|
13.3-inch (viewable) LED-backlit glossy widescreen
1280 x 800 pixels
|
13.3-inch (viewable) LED-backlit glossy widescreen
1280 x 800 pixels
|
15.4-inch (viewable) LED-backlit glossy widescreen
1440 x 900 pixels
|
17-inch (viewable) high-resolution LED-backlit glossy widescreen
1920 x 1200 pixels
Option: Antiglare display
|
| Processor |
Intel Core 2 Duo
1066MHz frontside bus
3MB shared L2 cache
|
Intel Core 2 Duo
1066MHz frontside bus
3MB shared L2 cache
|
Intel Core 2 Duo
1066MHz frontside bus
6MB shared L2 cache
|
Intel Core 2 Duo
1066MHz frontside bus
3MB or 6MB shared L2 cache
Option: 2.93GHz
|
Intel Core 2 Duo
1066MHz frontside bus
6MB shared L2 cache
Option: 2.93GHz
|
| Memory |
2GB (two 1GB) of 667MHz DDR2 SDRAM
Option: Up to 4GB DDR2
|
2GB (two 1GB) of 1066MHz DDR3 SDRAM
Option: Up to 4GB DDR3
|
2GB of 1066MHz DDR3 SDRAM (onboard)
|
2GB (two 1GB) or 4GB (two 2GB) of 1066MHz DDR3 SDRAM
Option: Up to 4GB DDR3
|
4GB (two 2GB) of 1066MHz DDR3 SDRAM
Option: Up to 8GB DDR3
|
| Hard drive1 |
120GB Serial ATA, 5400 rpm
Option: Up to 320GB hard drive
|
160GB or 250GB Serial ATA, 5400 rpm
Option: Up to 320GB hard drive or 128GB solid-state drive
|
120GB Serial ATA, 4200 rpm or 128GB solid-state drive
|
250GB or 320GB Serial ATA, 5400 rpm
Option: Up to 320GB hard drive at 7200 rpm or 128GB solid-state drive
|
320GB Serial ATA, 5400 rpm
Option: 320GB hard drive at 7200 rpm, 128GB or 256GB solid state drive
|
| Battery3 |
Up to 4.5 hours of wireless productivity
|
Up to 5 hours of wireless productivity
|
Up to 4.5 hours of wireless productivity
|
Up to 5 hours of wireless productivity
|
Up to 8 hours of wireless productivity2
|
| Graphics |
NVIDIA GeForce 9400M with 256MB of shared DDR2 SDRAM
|
NVIDIA GeForce 9400M with 256MB of shared DDR3 SDRAM
|
NVIDIA GeForce 9400M with 256MB of shared DDR3 SDRAM
|
NVIDIA GeForce 9400M and 9600M GT with 256MB or 512MB of GDDR3 memory
|
NVIDIA GeForce 9400M and 9600M GT with 512MB of GDDR3 memory
|
| Enclosure |
Polycarbonate
|
Precision aluminum unibody
|
| Size (H x W x D) |
1.08 x 12.78 x 8.92 inches
2.75 x 32.5 x 22.7 cm
|
0.95 x 12.78 x 8.94 inches
2.41 x 32.5 x 22.7 cm
|
0.16 to 0.76 x 12.8 x 8.94 inches
0.4 to 1.94 x 32.5 x 22.7 cm
|
0.95 x 14.35 x 9.82 inches
2.41 x 36.4 x 24.9 cm
|
0.98 x 15.47 x 10.51 inches
2.50 x 39.3 x 26.7 cm
|
| Weight4 |
5.0 pounds
2.27 kg
|
4.5 pounds
2.04 kg
|
3.0 pounds
1.36 kg
|
5.5 pounds
2.49 kg
|
6.6 pounds
2.99 kg
|
What does HP have to offer?
The computer that compares with the entry level 13” white MacBook computer:
Well, this comparison isn’t really apples to apples. After all I couldn't find anything with a 13” screen (either smaller or bigger). Also, I took upgrades that I think most people would take. Here is what I came up with:
- HP G60t Laptop running Windows Vista Home Premium x64
- Intel(R) Core(TM)2 Duo Processor T6400 (2.0GHz) (=)
- 3GB DDR2 (+)
- 250GB 5400RPM SATA (+)
- 256MB NVIDIA GeForce 9200M GE( )=
- 16.0" diagonal High Definition HP Brightview Display (1366x768) (+)
- Free HP DESKJET D4360 PRINTER (with mail-in rebate) (+)
- Cost: $708.99 with $100 instant rebate. Savings: $290.01; I did get some other free upgrades, but because they always have this kind of thing I keep them. Here is the link (for as long as it lasts)
The (-) indicates that the chosen component was less than it’s apple counterpart. The (=) indicates identical hardware. The (+) indicates superior hardware.
DECISION: I got a VASTLY superior PC from HP for almost $300 less! The HP notebook even looks nicer than the white apple book. Hands down winner here.
Because my previous configuration beat the next level up MacBook, I’ll move on to the MacBook Air using Dell’s website:
- Dell XPS M1330 running Windows Vista Home Premium x64
- Intel® Core™ 2 Duo T9300 (2.5GHz/800Mhz FSB/6MB cache) (+ & –)
- 3GB Shared Dual Channel DDR2 SDRAM at 667MHz (+ & –)
- Ultra Performance: 128GB Solid State Drive (=)
- 128MB NVIDIA® GeForce™ 8400M GS (–)
- 13.3" UltraSharpTM WXGA (1280 x 800) display with TrueLifeTM (available with 2.0 MP camera) (=)
- Weight 3.97 lbs; Size 31.8 x 2.31x 23.8 cm (–)
- Cost: $1,444. Savings: $355 / $1,055.
This wasn’t as quite as good as comparison as I hoped. I needed a Dell Laptop that did the Solid Sate drive (the whole reason for MacBook Air). The processor is faster than both configurations of MacBook but with a slower BUS speed. In mind this makes them a wash but depending on what you are doing it could make a difference one way or another although it’s not likely to.
The other was the RAM. I couldn't configure this computer with anything less than 3GB which is 50% more RAM, but again, it’s slower RAM so there could be some performance considerations. Most of the time, though, the quantity of RAM beats out the speed of the RAM. It’s still many times quicker than virtual memory residing on a disk drive. The graphics card available for the PC was not as good as the one that comes with the MacBook Air. The XPS system came in a bit chunkier in both weight and size.
DECISION: If you are in the market for a PC that is powerful and small / light and cost is not much of a consideration then the MacBook is a real contender. I might have done better if I would have gone with Acer who is known for their small computers but I still rather doubt that I’d get something as small and powerful. The MacBook Air is the winner for performance and size – that is if you can overlook the price tag.
The next comparison is the MacBook Pro series laptops. While shopping at HP here is what I got and how it compares:
- HP HDX 18t with Windows Vista Ultimate with Service Pack 1 (64-bit)
- Intel(R) Core(TM)2 Duo Processor T9550 (2.66 GHz) (+ & =)
- 4GB DDR2 System Memory (2 Dimm) (-)
- 320GB 7200RPM SATA Hard Drive (=)
- 512MB NVIDIA GeForce 9600M GT (=)
- 18.4" diagonal High Definition HP Ultra BrightView Infinity Display (1920x1080p) (+)
- Blu-Ray ROM with SuperMulti DVD+/-R/RW Double Layer
- HP Integrated HDTV Hybrid Tuner (+)
- Cost: $1,606.99 Savings: $392.01 / $892.01 / $1,192.01 Again, here is the link so you can see for yourself.
I didn’t bother comparing all three MacBook Pro’s separately, the system I built beat even the high end MacBook Pro. This HP system is every bit as good as the MacBook or even better! What are the differences? Again, I had a hard time coming up with comparable memory from the manufacturer. If I wanted that high end stuff, I can still get it on the cheap from New Egg. I even got some freebies that I didn’t expect like a bigger monitor, Blu-Ray DVD-RW combo and an HDTV tuner integrated into the system.
DECISION: The HP notebook is a clear winner! If I had the $1,606.99 I would buy the PC right now! PC’s are a great deal!
CAVEOTS: I wasn’t able to weigh in on all aspects of the laptop such as battery life which I have no data from HP or Dell (mostly because it varies greatly between configurations). I also make the assumption that the overall quality of the computer is equivalent. This is probably a true assumption – all of the PC’s had very high ratings from their customers. I also didn’t investigate warranty models very carefully so that is left to the buyer to evaluate.
Summary
I wouldn't recommend to my parents, grand parents, co-workers, friends, or peers that they choose a Mac over a PC. A Mac is not a better computer by virtue of being made from Apple. You are paying more for a name brand just like anything else. If the software you need to run is Windows based then buy a PC, if it’s Mac based then buy a Mac. Simply running Windows in some kind of VM software is not going to give you a very good end-user experience. The “Mac Tax” is real!
I have been playing with Windows 7 in my VM machine for a few weeks now and have found it to be amazingly fast and lean! So what will keep people from making the leap from XP to Windows 7? Application and hardware compatibility of course! Windows has such a large following now days in large part because of it’s commitment to compatibility between versions of windows. Compatibility is one of the major reasons Windows Vista has been so marginalized.
Since Microsoft is not providing a direct upgrade experience from XP to Windows 7, and because Windows 7 is based on Vista technology, it can be quite a sale to get people to convert from Windows XP to Windows 7. For those in this camp there is some good news. Last week the Windows Blog team posted a very provocative solution called Windows XP Mode for Virtual PC.
Based on the information provided it looks as though they have developed “unity” like features for Microsoft Virtual PC. This allows a program running under a virtual machine to be moved onto the hosts desktop. It will look like it is running on the host machine when it is really running under the virtual machine. It can be so transparent that the only way you can tell on the example in the blog post is because of the tool tip on the shortcut. VMware has had this technology for a little while but my experience with it is kind of mixed. It is really cool to see your app running on say a Mac, but the user experience is not even as good as running the application in the virtual machine directly. Still, this technology has real promise. Citrix, for example, bases their business on this type of technology. Microsoft’s Terminal Services even has support for application virtualization.
For users who only have one or two incompatible applications keeping them from upgrading, this should be a big help! That in conjunction with the great product Windows 7 is shaping up to be I can see people migrating en masse.
taken from the original blog post.
Links:
Silverlight 2 is great! Silverlight 3 is AWESOME! My first experiences with the beta framework and tools have been overwhelmingly positive. In this post I’ll go over my experience creating an application using some of the new features and I’ll show how easy it is to make your Silverlight application available offline. To get started you’ll need the tools. Download the Silverlight Tools for Visual Studio 2008 SP1 from the official Silverlight website. It is also recommended that you download and install the Silverlight Toolkit from the same site.
Getting Started
After installing the Silverlight tools open Visual Studio and click File –> New –> Project. Click Silverlight in the project types section and select Silverlight Application from the Templates group.
When prompted make sure you check the Host the Silverlight application in a new Web site checkbox and press the OK button.
Once your project comes up we can get started in code. Open the MainPage.xaml file, open the toolbox and double click TwilightBlueTheme. This will add some references to our project and update the background of our window. That is how you use a built-in theme. Any tool box item that ends with Theme will change the look of your application.
Another great feature of the Silverlight 3 runtime is that we finally have full binding support! The most useful binding feature is binding the value of one control to another.
<Grid x:Name="LayoutRoot" Background="White">
<twilightBlue:TwilightBlueTheme />
<Button Height="30" Width="150" Content="This is my button Fool"
HorizontalAlignment="Left" VerticalAlignment="Top"
Margin="5" Click="Button_Click" />
<TextBlock Name="tbValue" Margin="50"
Text="{Binding ElementName=slider1, Path=Value}" />
<Slider Name="slider1" Height="80" Width="300"
Margin="0 0 0 0" Value="3" />
</Grid>
Now, lets run it.
You can see that when you move the slider we can see it’s slider position value in the TextBlock we have on our form. Now that we have our ultra-simple app we want to make it available offline. We do that by opening the Properties\AppManifest.xml file and add the following:
<Deployment.ApplicationIdentity>
<ApplicationIdentity
ShortName="Nate Test Application"
Title="Nate Test App">
<ApplicationIdentity.Blurb>This is a test silverlight
3 application out of the browser.</ApplicationIdentity.Blurb>
</ApplicationIdentity>
</Deployment.ApplicationIdentity>
Now run the application again. This time right click the Silverlight app and there is a new option to install the application.
You will then get a very simple “install” dialog. The install process is extremely fast!
And now we can launch our application from the start menu. Here is what it looks like when it is run outside of the browser.
To remove the application from your system, just right click to uninstall.
And that is it! Silverlight 3 works very well outside of the browser!
Links:
Windows 7 hasn't even been released (Currently RC1) and there is already buzz about Windows 8. Of course I know that in terms of development Windows 7 is in it’s stabilization phase so naturally the kernel team and perhaps even some others have started on the next generation of Windows software. I have spent a lot of time on MSDN’s Channel 9 looking at some of the low level design considerations that went into Windows 7 Kernel and there has been some indication that they have already started on the Windows 8 project.
This week my MCPMag.com news flash talked about Windows 8. There wasn’t much information to go on other than two job postings for the Windows 8 team and a blog post that included some tantalizing video of possible UI for Windows 8. This concept design is incredibly cool! My favorite part is that they completely re-designed Windows Explorer which was in worse need of a makeover than Susan Boyle!
From what I could tell in the short video, some of the new design concepts included:
- New Windows Explorer Interface- Makes it easier to switch between views (a pain in Vista) and allows you to find the information you need about a file.
- New Start bar and Taskbar- There is already a new taskbar in Windows 7, but I’m not sure if I really like it. It’s impossible to tell the difference between a program that is running and a quick launch button. The new design concept for Windows 8 is obviously based on the Windows 7 design but looked more friendly to use. My favorite part? You can re-arrange the tabs. This is really awesome if your OC like I am and expect tabs to be in certain places. The new design focuses on screen real-estate and has a very minimalistic feel to it. It looks amazing!
- There is a new feature that will allow a shortcut to launch multiple programs at once. I don’t think I would ever use this but if I were say a customer service person who had to have 10 apps open all at once it might be nice to have this for after I rebooted the machine.
- Multiple current users- It looked from the video like you may be able to quickly switch between user sessions & desktops. You can kind of do this in Windows XP Pro, but it feels more like you are logging out and logging back in as someone else. This feature kind of looked like I could switch to a new desktop as easily as I can switch between two running applications.
- The notification area is smaller and sexier! It is small and looks like most of your nuisance/superfluous notification icons are hidden by default.
Here is the Video of the Windows 8 Concept UI:
Copenhagen User Experience from
Copenhagen Concept on
Vimeo. I think Microsoft has the right concept going with this kind of publicity. While Windows Vista isn’t a great user experience (It’s pretty, but less usable) it has a lot of enhancements under the hood. Enhancements that make a big difference to a user like me. They have learned their lesson from Vista and Windows 7 is all about user experience and some minor enhancements under the hood. There is no information available about what kind of enhancements are in store for Windows 8 other than we do know that it is still based on the Vista / Windows 7 Kernel. I just hope that Windows 8 has the right mix of usability improvements, kernel / system improvements, and features that create an ROI (Return On Investment) so it’s easier for businesses to justify the upgrade.
Here are some screen shots of Windows 8. I took them from the video in case you didn’t want to watch that.
One of the headlines on my news feed came across about anti-tax ‘tea parties’ being held across the U.S. These demonstrations are a form of protest to wasteful government spending. I was quite disappointed that the article included a blurb that in my opinion threatened the neutrality of the article. The paragraph stated that this event “[has] been co-opted by the Republican Party.” It then goes on to try to discredit the official Tax Day Tea Party website by accusing the website owner of being a conservative, as if somehow that is a bad thing.
Deficit Spending and the National Debt
The protests and the demonstrations aside, I do think it's maybe not so much about taxes but more about Government spending and entitlement programs. People in the forum were quick to note that the 2008 tax year is a President Bush legacy. Former President Bush really ran up a deficit so he is not guilt free.
Nearly all of the states in the US are prevented from deficit spending by their state constitutions and that means that while states have to make some very difficult decisions in years like 2008 & 2009, they can be very efficient in the recovery years and hopefully build up a reserve of cash for next time.
The Federal Government, on the other hand, can pretty much incur as much debt as it wants. This is not a good idea and I maintain that the constitution should be amended to prohibit deficit spending. Think of it this way; lets say that we spend $100 billion deficit for healthcare. That is a $100 billion loan, right? Okay, lets be conservative here and say that the US Government gets the amazing rate of 1.5% on that loan. Lets also assume that it’s going to take us 10 years to pay that loan back, which is very optimistic as we have to stop borrowing before we pay anything back.
This means that for the $100 billion we borrowed to pay that bill we will be paying $897,914,997.95 / month or $10.77 billion / year for the next ten years. I actually had to write a special calculator to amortize that amount – no online calculator could handle it! If we continue deficit spending we will in effect be paying more for less as all of the tax revenue has to be applied toward the debt first and social programs last. Debt is a lot like barnacles on a ship, the more of them you have the more drag you have and it takes more “wind” to move you places. Get too many and you might as well have stayed on the doc because your not really going anywhere.
Of course we know that our current proposed deficit is $1.7 trillion which works out to be $15 Billion / month or $183 Billion / year. Remember, this is just to pay for one year of deficit spending. Our current national debt is ~$11.17 trillion dollars, as of 4/15/09. That means that we are now paying $100 billion / month or $1.2 trillion / year to make payments on the national debt! That is $3.2 billion / day, $137 million / hour, $2.2 million / min, and $38 thousand per second! In 2008 the national debt climbed to 73% of GDP (source: Wikipedia). The $100 Billion we borrowed for our experiment here may seem like a drop in the bucket compared to the national debt but every little bit counts.
This country is literally putting bills on the credit card and it’s only a matter of time before we run out of money. The longer we wait to fix the problem the more money we end up borrowing and the more painful it is going to be. Imagine if we had to cut out Medicare, Medicaid, and Social Security AND raise taxes? This is not impossible and could happen. The bottom line is that you can not borrow yourself into prosperity! It is completely irresponsible to borrow money to create social entitlement programs!
Personal Retirement Accounts
I don't want Social Security, but I have no choice but to pay it and there is little chance that there will be anything for me to collect when I reach retirement age. Any personal retirement I do save for is taxed so heavily it can't even keep up with inflation! That is absurd! I would really like to opt out of Social Security and put that money in my retirement account tax-free, but even if I have to pay it, I still need to be able to save for my retirement tax-free. Just to keep pace with inflation.
If I were to reform retirement, I would create something called a Personal Retirement Account (PRA). This would be an alternative to the current Social Security program and would allow people to save for their own retirements tax-free.
The basis would be a function as such:
( (Inflation Base * 100,000) / (Age / Retirement Age) = Maximum Annual Contribution )
Inflation Base is the percentage of inflation since the bill passed. If the bill passed in 2009 and inflation for that year was 3.0% then in 2010 the number is 3.0%, then in 2010 if it rose by 2%, the rate is then 5%.
The idea behind my PRA idea are these simple axioms:
- The closer to retirement you are the more money you should be allowed to save for retirement. Conversely, the younger you are the less you need to put away as the money should grow over time and is tax free.
- Taxes should not be levied on the sums of money being put into these accounts.
- Taxes should not be levied on the sums of money being withdrawn from these accounts if done so within the bounds of the rules of the accounts.
- The current rate of $100k / year is a comfortable amount of money to live on.
- The amount you are allowed to contribute should be adjusted annually for inflation.
- If you would like to save more money than the maximum annual contribution amount, then taxes should be paid up front (much like an Roth IRA).
- There needs to be some rules to limit risk to accounts of individuals that are closer to retirement.
- Participation in a retirement program becomes mandatory once a worker turns 30. They may either opt for traditional Social Security or Personal Retirement Accounts. The minimum amount for the Personal Retirement Accounts plan is the current social security withholding amount.
- You should be able to switch between the two programs. If you are switching from Social Security then the amount contributed should be put toward the Personal Retirement Account Plan – no interest accrued. If you switch to Social Security then your account is transferred but you do not get additional benefits and must pay if the value of your account is less than the cumulative Social Security contribution amount.
- Because these retirement accounts are tax-free, the money should be invested more conservatively to mitigate risk.
- Retirement Age should be between 55 and 65 years old.
- It’s in the best interest of our society to have people financially prepared for retirement. This is why the accounts should always remain tax-free.
Summary
The problem with entitlement programs, such as Social Security, Medicare, Medicaid, etc. is that they are never run efficiently and the completely eliminate peoples ability to choose something that works better for them. They take away from people the ability to dictate our own futures and supplant it with a poor-at-best replacement.
I lived in the UK for two years where medical care is fully socialized. I can vouch first hand that while they do not have the same problems as Americans they do envy the quality of American Health Care. Indeed, I believe that the level of health care provided in America is the envy of the world. Rather than fixing problems like ER wait time, cost, etc. nationalization will add to the national deficit and would lower the quality of health care across the board.
Once we socialize medical care we will never be able to get rid of it, and I don't think most people are going to like what they are going to get. President Obama may not completely nationalize the health care system this go around but he's going to get enough of a foot in the door that the only option for future presidents is going to be full nationalization.
We need to seek to find answers to social problems that are efficient, accountable, optional, sustainable, and above all, responsible.
It may come as no surprise to those who know me that I have recently confirmed that I am certifiable! After all, when you have been doing what I do for as long as I have been doing it it’s hard not to be affected. It happens to a very large number of people in my field and that number continues to grow.
Although I have been certified before, after some exhausting battery of examinations, this online examination is nice as I can quickly determine my status even if there is some kind of doubt – just for my minds sake.
Thanks to Microsoft there is now an online tool to check your IT status as Certifiable! What, you thought I meant mentally unfit or crazy? Nope, I’m talking about the uber-geeky Microsoft Certifications. For some time now they have had the Measure Up practice tests for study preparation, but now there is a new skill-building tool, Are You Certifiable. Rather than a boring, dry, practice test this new site is a game show!
This actually makes a lot of sense to me because when I was Microsoft Certification Coordinator for STG I found the best way to get the material to sink-in was to have fun with it. That usually included some form of study group Jeopardy. Facts just don’t sink in as well when your mind is not very stimulated and some of the questions can be quite dry.
Here is a screen shot of me capturing the high score for guests. It will ask you if you are an IT professional or a Developer and gives you questions relevant to your position. The questions vary greatly and it takes a very well-rounded skill set to do really well, but it’s fun regardless.
My only critique is that it is not practical to practice for a specific certification test you plan to take because you don’t get to pick which topics or banks of questions you get. It is a lot of fun and has some great “thinking music”! Leave a comment if you happen to beat my score.
I would like to also mention that it is built using Silverlight 2.0 as it is a great example of the power of Silverlight.
Links
It's time for another episode of Good Idea / Bad Idea:
Good Idea! Catching a specific exception from a suspect numeric conversion and showing a polite input error message.
Bad Idea! Catching all exceptions and "swallowing" the exception.
Okay, so it's not as funny as it is on Animaniacs, but true none-the-less.
Exception Handling in C#
In terms of exception handling I am a big fan of "catch it only if you can do something with it" and/or "catch it only if you mean it". Putting a try / catch around every method makes debugging very difficult and can leave your application in an unexpected state. Besides the code is less readable, more complex, and slower performing.
Before I get in to good practices, lets review some bad ones. The first and most obvious is throwing away exceptions (without regard to what they are). Example:
// Anti-pattern #1: Throw away the exception
private void button1_Click(object sender, EventArgs e) {
try {
AddPerson(new Person() { Name = txtName.Text });
} catch { }
}
Another example of what not to do is what I call the “catch just because” pattern. Example:
// Anti-pattern #2: Needless Try / Catch
private void DoStuff(string shipping) {
try {
// Call down to middle tier to do the shipping calculation
decimal ShippingCost = MyApi.Shipping.GetShippingCost(orderNum);
} catch (Exception ex) {
throw ex;
}
}
// Needless Try / Catch
private void button2_Click(object sender, EventArgs e) {
try {
// CalculateShipping has it's own Try / Catch; see below.
CalculateShipping();
} catch (Exception ex) {
MessageBox.Show(ex.Message);
}
}
There are multiple problems with the second example. First, there was no reason for “DoStuff” to catch the exception if all it was going to do was re-throw any exception it encountered. Second, “DoStuff” is catching any exception rather than limiting the scope to the kinds of exceptions it might expect like “Unknown Zipcode”, “Order not found”, etc. Next, the “button2_Click” is catching any exception and showing the raw message.
Rather than showing the exception message which is only part of the clues given in the exception object you should either show a user-friendly message indicating the kind of error that has taken place and save the exception information for later debugging. Alternatively, you can show ex.ToString() which will show you all information in the exception class. This is very unimpressive for end-user applications but can be acceptable with internal corporate apps and a simple screen shot will give you the information you need to find and take care of the problem.
Remember, an exception doesn’t necessarily mean that there is a bug in the software. If you do show a user an “unfriendly” exception message they will immediately think that the software has a bug when the issue could be as simple as the network is down or a database is temporarily unavailable. I always recommend taking the time to display user-friendly messages and saving the exception information elsewhere.
In the next section I will show some good examples on what "layer" to catch and/or re-throw an exception.
Presentation Layer
Personally I think that any event here should catch any/all expected exceptions and show them in a user-friendly manor. Notice I said "expected exceptions", this could be pretty vague unless you have an design pattern in place for exceptions in your applications so I'd start with that. One way to start is to make some "base" exceptions like "DataException", "ValidationException", "InputException", etc. More specific types of exceptions can be derived from these.
When do you make a new type of exception? Well, the exception should have the information needed to solve the problem. Stack traces and exception information are like clues; leave your self a breadcrumb trail to follow later. Throwing an ApplicationException because you couldn't connect to the database isn't very helpful.
It is also acceptable to use pre-defined / framework exception types when appropriate. For example:
public void DivideMyObjects(MyObjectType o1, MyOtherObjectType o2)
{
if (o1 == null || o2 == null)
throw new NullReferenceException(
"The numerator or the denominator cannot be null!");
if (o2.Value == 0)
throw new DivideByZeroException(
"Denominator may not be zero!");
if (o1.Value == null)
throw new ArgumentException(
"There is no value for the numerator");
...
}
You may notice in the code example above that a null reference may occur organically. I am a strong believer in organic exceptions as good practice. I define an organic exception as an error that is thrown by the Framework. The only exception to that rule is when there isn’t enough information from that exception to track down the problem. Remember, you need to leave yourself enough clues that you should be able to know what is wrong from the exception information given rather than expecting users to be able to remember what steps led up to the exception. Few, if any, end users will be able to help you reproduce any particular error. If this can’t be accomplished by an organic exception then you may want to re-throw that exception with the appropriate information and/or change the type of the exception to be more appropriate for the callers.
// Presentation Layer Good Example
private void Calculate_Shipping(object sender, EventArgs e) {
try {
decimal shippingCost = MyApi.Shipping.CalculateShipping(order);
txtShippingCost.Text = shippingCost.ToString("C");
} catch (UnknownZipcode uzipEx) {
// Specific
MessageBox.Show(
"Could not locate shipping information for this zip code!");
btnSave.Enabled = false;
} catch (ShippingException shipEx) {
// Less specific, but still helpful to the user.
MessageBox.Show("Unable to calculate shipping!"
+ Environment.NewLine +
shipEx.Message);
MyLogging.Log(shipEx);
} catch (Exception ex) {
MessageBox.Show(
"An unknown error has occured, Please report this error");
MyLogging.Log(ex);
Close();
}
}
In general you are pretty safe catching exceptions in the presentation layer. The only real thing to watch out for here is that your control states don’t become invalid because an exception is caught but the event still altered the state. For example, if a call to “Calculate_Shipping” throws an exception you will want to be careful to invalidate the shipping cost control and disable the “save order” button.
You will notice in the code above that I did catch generic exception. The presentation layer is usually okay doing this so long as it is taking adequate measures to protect application integrity. You will notice that I am closing the order form if I get an exception back that that is unknown. Of course this will give you plenty of motivation to make sure you know what kinds of exceptions are expected as end users will generally hate having their order forms close. You may be tempted to leave the form open or take lesser action but it is very important that you keep application integrity. Otherwise you will spend your life chasing down un-reproducible bugs.
Middle Layer
Most of your code should end up being middle layer code. We want the presentation layer to be as light as possible! The middle layer should act as the API of the application. Anything that the application “does” this layer should do it either directly or indirectly. In this sense the middle layer needs to be very up front in which exceptions are possible from any given call.
Take for example a method call in the middle layer that inserts a new customer into the database. Because you use the database objects you are exposed to any exceptions that are possible from the objects that you use such as SqlExceptions. You will either need to publish that you are going to allow SqlExceptions to be bubble through this API or you need to catch the expected exceptions from those objects and throw your own brand of exception.
Here is an example of publishing the exceptions that are known to be thrown:
// Middle Layer Exceptions
/// <summary>
/// Calculates shipping for a given order
/// </summary>
/// <param name="order">The order to calculate shipping for</param>
/// <returns>the shipping amount applied to the order</returns>
/// <exception cref="UnknownZipcode">Unknown Zip Code / Zip Not Found</exception>
/// <exception cref="BadWeightException">The weight of the order is zero or unknown</exception>
public decimal CalculateShipping(Order order) {
...
}
Simply using ndoc XML style comments will give the consumer of the API enough information to make good decisions regarding the use of exception handling from the intellisense.
Another thing you should avoid while designing your middle tier is the use of exceptions as “message handling” in non-exceptional cases. Remember, the reason you are throwing an exception is because something happened that was catastrophic enough that you were unable to continue with the normal flow of the method. I admit that there is still a lot of gray area here. Some of that gray area can be demonstrated in the sample code already shown. For example, rather than throwing an exception in the “CalculateShipping” method we could refactor so an exception wouldn't be necessary. Anytime this can be done cleanly I usually opt for these types of changes.
- Refactor to return a ShippingResult class that contains information about the calculation along with the rate. Such information could include wither it was able to successfully get a shipping rate.
- Create a ValidateShippingAddress method that looks up the address before the calculate shipping is run. It could return true if we know we can get shipping information for that address.
- We could pass back a nullable decimal result. A null return would indicate a failure to retrieve shipping information. We would want to make sure it was clear in our ndoc comments that this is why the value is nullable.
- We could pass pack a zero or negative result. Again, making sure this behavior is documented.
- We could implement the “Get Last Error” pattern; though at this point I’d rather see an exception.
Another question I am often asked is “When is it appropriate to re-throw an exception”. The answer to that questions is, of course, it depends. The next few sections will discuss some of these nuances of this question.
Bottom Layer
The bottom layer of an application could be a database layer, a Framework of some sort but the philosophy is very different from the middle layer. As the bottom layers deal with primitive classes and data and as such can stick pretty well to exception handling ideals. One of the big differences is that you won’t be using nearly as many user defined exception types. It is not taboo to use a user defined type in a Framework layer but it’s just likely to be unnecessary. The difficulty here is the exception message that you are going to pass along. There could be any number of middle layer calls that call your method so by nature these messages are going to be far more generic. Generic, however, does not mean it can’t be insightful. You should include as much information as possible about the exception and the data that caused the exception. Take the two following exception statements:
- “Invalid DateTime”
- “The date ‘4/11/2089’ is an invalid birth date! The date cannot be in the future!”
The first exception tells us that there is an invalid date time but other than a stack trace gives us no other information. The second exception is extremely helpful and specific, including as many clues as possible. The user may have entered the value ‘4/11/89’ and the computer may have just assumed the wrong century. The first error message would cause greater confusion whereas the second, if the user were to see that message, could be helpful.
Summary
Of course there are lots of different ideas and philosophies on exception handling so you need to do what makes sense for your project. Simply avoiding the two anti-patterns on the top of this blog will improve your code a lot. MY ONE LAST PEICE OF ADVIECE IS THAT SOMETIMES YOU REALLY WANT TO USE A DEBUG.ASSERT RATHER THAN AN EXCEPTION! The advantage of the assertion is that only debug builds show these messages. This is good for testing scenarios in which you want to be aware of a certain condition but it’s not necessarily an exception.
Links:
More Posts
Next page »