MSDN Code Gallery Goes Live

“Don't piss on my leg and tell me it's raining.” -- Judge Judy

The new MSDN Code Gallery has gone live (although at the time of this original post it wasn't fully functional, e.g. I could not sign in or create a new resource, but as of now it seems to be OK).

My take on this is that this is Microsoft's replacement for the User Samples section on the old Gotdotnet.com site. I hope it gears up, there are already some very nice code samples there. We will see what happens. You can download official Microsoft code samples, download user-submitted code, access tutorials and create your own "resource" page to upload your code samples or other offerings. I guess I'll have to read through the Terms of Service once this thing "really" goes live and all of it is working.

Whereas Codeplex.com offers source control for real "projects" with multideveloper support, the idea of Code Gallery is to provide a simpler interface for the average developer who wants to share their work.

I had something like 56,000+ downloads of the samples that I uploaded to the original gotdotnet.com User Samples, so if this thing works out nicely you can expect to see new contributions of mine there soon. Tutorials, whole projects, and more.

I was finally able to log in and create a user page. W00t! It makes a nice presentation, very much like codeplex.com, but "simpler". Nice job guys.


.Net Links of the Day: Class Builder Wizard, OpenID. Visual WebGui and Patent Extortion

The most radical revolutionary will become a conservative the day after the revolution. - Hannah Arendt

CODEPLEX: Class Builder Wizard is a Microsoft Visual Studio wizard that generates data object classes and a full data layer implementation for Microsoft SQL Server database objects. It can also be used to quickly create custom classes (not necessarily based on a database object) by defining the structure of the class "manually." And, it works with Visual Studio 2008! If you've gotten frustrated waiting for updates to the Repository Factory and other GAT-based add-ins, then this is for you. It's simple, elegant and it gives you all the "DAL" code you need for your deal to work! All you do is "Add Item" and choose the template and follow the "Way of the Wizard"! It even generates a .SQL file with all the T-SQL Code to get your database in synch with the generated DAL code.

OPENID: I've UnBlogged about OpenID before, intimating that it was getting ready for Prime Time, and now I believe it is ready. There are several new .NET implementations that I really like, and I'm starting to actually use them (that's the real test!). Developers want to start here. Mads Kristensen did a real nice "less is more" openid implementation here, but if you want something more feature-complete, check out the ExtremeSwank offering. They even have some basics on the new extensions including MicroIds. This is getting really interesting; I like Microsoft LiveID but if you want something that is really vendor agnostic and already boasts some 120 million users (Yahoo, among others, have already gotten aboard), I am starting to think that OpenID is the way to go. Even has "pravatars" now, and a lot of really neat features on your custom OpenId "page" when you start an OpenId Identity here.

You get back an openid Identity that looks like "pbromberg.myopenid.com" and you can even set features like "always allow" that mean you never have to log in to an OpenId supported site after the initial logon. The ExtremeSwank ASCX UserControl returns the OpenId "Identity" along with the primary email and other data, unlike LiveId which only returns a GUID that is unique to the user and the application. Once again, I think it is important for developers to understand that an OpenID is NOT "an account" - it is simply a way to authenticate a provided Identity via an external service. You still need to have your authenticated OpenId user fill in a local profile including their email (which should come back in their oiu user object) and whatever other items you need to store. Their openid identity (e.g. joeuser.myopenid.com) becomes the primary key or username in your Users database table.

VISUAL WEBGUI: I stumbled across Visual WebGui a couple of weeks ago on Codeplex.com and passed it up, probably because I had my mind on other pursuits. However, I ran across it again today, downloaded the thing, installed the 3.5 Framework version and started playing with some of the samples. Good God! This is POWERFUL Stuff. Basically, you are going to work with Windows Forms and all the richness and goodness and the whole app is gonna run under ASP.NET over the web. Think Outlook Web Access and much, much more. Think Silverlight and AJAX, and you don't have to worry about any code. A little bit more about Visual WebGui: I downloaded a DiggApiNet "digg" .net API wrapper library from codeplex.com. In this solution is a complex Windows Forms Test Harness. I created a new Visual WebGui project with two required forms referencing the Gizmox base classes that extend Windows.Forms, copied in the "guts" of the original WinForms app to each new WebGui form, and changed all the namespace refererences appropriately to match. There was only one other change needed and it was minor. The new application ran perfectly over the web - all of it.

Check them all out!

Patent Extortion Gone Bonkers: Smartphone patented, everybody gets sued.

This past Tuesday, the US Patent and Trademark Office issued a patent on "a mobile entertainment and communication device."

When you read the patent, you will realize pretty quickly it describes the smartphone - something that every major manufacturer puts out and has been doing for years. It's simply a patent for a mobile phone with removable storage, an internet connection, a camera and the ability to download audio or video files and display same.

The company that has the rights to this patent didn't wait at all. The next day it filed three separate lawsuits against just about every manufacturer, including Apple, Nokia, RIM, Sprint, AT&T, HP, Motorola, Helio, HTC, Sony Ericsson, UTStarcomm, Samsung and a lot of others. You can get more details at Patent Troll Tracker blog.

As the link explains, the patent itself is based on a bunch of continuation filings, which are commonly used by patent holders who want broad patents to cover the latest technologies well after they've already come about in the market. Should the PTO EVER have issued this patent? Look, if you are going to issue patents on technology, then you need technology experts to review the applications, not nasty bureaucrats.


Welcome to the 2008 Recession!

The real art of conversation is not only to say the right thing at the right place but to leave unsaid the wrong thing at the tempting moment. - Dorothy Nevill

Economic wisdom's rule of thumb for a recession is two consecutive quarters of negative economic growth. Problem is, by the time the data finally gets in so those pencil-head economists can draw the grey shaded area on the charts, its six months too late. The stock market is a better indicator - a 20% decline from the high being an indicator we're in a bear market, and a bear market being a pretty good indicator that we've entered a recession.

We haven't quite reached the 20% mark yet, but it could be here in another week or so. In a Yahoo Finance poll I saw today, 67% of respondents felt the market would continue to go lower. That's not bearish enough for a bottom - you need to have something like 90% of the respondents throwing in the towel, and we are far from there yet. I don't want to sound alarmist, but the Dow has already broken long term technical support to the downside, and the next long term support level is around the 10000 range.

But the best indicator of a recession is "hard times". If you work for a bank, mortgage lender, or financial services company, I don't need to explain that one to you.

In Japan, where consumer spending only accounts for about 50% of the economy vs. 70% here in the States, they are in a pretty deep recession. The consumer in the U.S. of A. is tapped out, man. Not only does he not have any more credit, he's got a mortgage he cannot afford to pay whose outstanding balance is more than his house is worth.

Of course, the question that most people are now asking is: "How do we stop things from getting worse?" Well, we should probably just listen to the politicians! After all, combining an impending recession with an upcoming election means that every candidate is also now an award-winning economist.

The Fed really only has two tools to manipulate the economy - monetary policy (raising or lowering the discount rate), and fiscal policy ( government intervention via injection of funds, tax dollars, tax policy, or by shifting monies from one group of people to another).

Unfortunately, the Fed has been so psychotically preoccupied with fighting inflation that they failed to hear the recession ballad that the economy has been trumpeting since the subprime mortgage debacle materialized last year. Consequently, it is too late.

The politician "economists" all seem to believe that government intervention is the answer -- everything from tax rebates to rescue funds to extra state aid, it seems that every politician believes that handouts will trigger prosperity. Not!

Handouts, tax rebates, home heating oil payment schemes, and all the rest are just like giving cardiac defibrillation to a man who's already been dead for six hours. Oh sure, his heart may start up and beat a few times, but you've basically thrown the effort down the toilet. Like taking buckets of water from the deep end of the pool and pouring them into the shallow end. Nada!

There have been 10 recessions in the last 63 years. The average length has been about 10 months. The average decline in economic activity from peak to trough was about 2.5 percent. No decline has been worse than 3.7 percent.

In the past 25 years, there have only been 2 recessions. The two recessions, in the early 1990s and the 2000-2001 correction, have been brief.

When the Fed is fighting to promote expansion recessions tend to be brief. Real consumption doesn't fall for more than a few months in such cycles. It would be almost unheard of for there to be a year-on-year fall in retail sales from 2007-2008 if the Fed is actively pumping liquidity into the economy.

Unemployment always rises in recessions; usually about 2 percentage points. The average length of involuntary unemployment during recessions is about six weeks.

The real problem is to understand the long - term approach to fixing what's wrong. We are grossly overdependent on foreign oil, and our government is way too big and inefficient. Twenty years ago, the Saudis could open a few spigots and ease a global economic crisis. But with the kind of demand we have today for oil, that simply doesn't work any longer.

Corporate governance is racked by greed and lack of oversight. When supposedly big, smart companies like Citigroup and Merrill Lynch can have losses in the $10 - $20 Billion range from overinvestment in shaky, dubious sub-prime backed securities, some dumbass CEO and his staff are asleep at the switch, no?

We need to have a long-term, government mandated focus on true energy independence, new technologies, and a more efficient, leaner government.

To quote from a post of my own some time ago:

"Brazil today has ZERO dependence on foreign oil. If oil goes to $100 a barrel, it will hardly affect Brazil's economy at all. Now the U.S. of A., supposedly a superior country with more technical resources, could have done what Brazil started to implement 15 years ago, but it didn't. How come we "just don't get it" over here?"

So far, I haven't seen any indication that the candidates in any of the parties have the slightest clue what to do along these lines. With real leadership, this country could be 100% energy independent in 10 or 15 years. Do you see the plans? Leadership? I don't.

Enjoy the recession. It probably won't last more than a year or so. And we'll continue to forget the lessons of history until the next debacle.

N.B. I posted this on April 18th, two days before what will become known as "Black Monday". US markets were closed for the MLK holiday, but markets around the world were down 5, 6, and even 7 percent. US Stock futures traded down 550 points on the Dow Mini Index, so it looks like my predictions are OK.


.NET Framework Source Code Debugging is Live

Illegal aliens have always been a problem in the United States. Ask any Indian. - Robert Orben

This was trumpeted several months ago mostly by Scott Guthrie, and now it is live (although not all sources and symbol files are available at present).

None of this is rocket science, it's already built into Visual Studio. However, up until now there were no symbol files and sources for the BCL and related assemblies. Now there are.

This is, in my opinion, not only a great debugging tool for any developer who is interested in "getting under the hood", but it is also a great learning tool. If you are not sure you understand what I'm talking about, just go ahead and "do it".

The easiest way to get started with this is to follow the instructions on Shawn Burke's blog post here.

Be sure to follow the instructions exactly - they are not difficult. It requires the download of a QFE to set up the debugger properly, the url is specified in Burke's post.

There is also a new forum hosted by Rob Conery here. There weren't any posts yet as of the time of this writing, but I am sure there will be!

And for those who understand the deep link between programming and jazz, I offer you Bill Evans, who once said:

"To the person who uses music as a medium for the expression of ideas, feelings, images, or what have you; anything which facilitates this expression is properly his instrument."

Have fun!


FIX: Requested Registry Access is not allowed (Visual Studio 2008)

Symptom: in Visual Studio 2008, you attempt to add a new WebContentForm and associate it with a MasterPage. You receive an error dialog "Requested Reqistry Access is not allowed".

Don't ask me what caused this; I'm guessing that the registry keys involved had their access denied due to removal of a previous version of Visual Studio, leaving the new guy (Visual Studio 2008) in the lurch.

Here's the fix:

Download "subinacl" here. This is a command-line tool that enables administrators to obtain security information about files, registry keys, and services, and transfer this information from user to user, from local or global group to group, and from domain to domain.

After installing subinacl.exe (it will be in the C:\Program Files\Windows Resource Kits\Tools folder.), drop to a command prompt and run the following batch file, which you have saved in the same folder with the filename "FIX.bat":

subinacl /subkeyreg HKEY_CLASSES_ROOT\VisualStudio.vbproj.9.0 /grant=administrators=f
subinacl /subkeyreg HKEY_CLASSES_ROOT\VisualStudio.vbproj.9.0 /grant=users=f
subinacl /subkeyreg HKEY_CLASSES_ROOT\VisualStudio.vbproj.9.0 /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT\VisualStudio.csproj.9.0 /grant=administrators=f
subinacl /subkeyreg HKEY_CLASSES_ROOT\VisualStudio.csproj.9.0 /grant=users=f
subinacl /subkeyreg HKEY_CLASSES_ROOT\VisualStudio.csproj.9.0 /grant=system=f

BAM! All fixed! Have fun.


Carbon Credits - the next big .NET Business Opportunity?

I believe that people would be alive today if there were a death penalty. - Nancy Reagan

When I first heard the Al Gore crowd talk about carbon credits as a solution to our purported climate problems, the first thought I had was to create a carbon credit trading web site and make a lot of money. Then I thought about it some more and I got a sense that something didn't compute.

When supposed leaders, both scientific and political, believe that buying and selling what they call carbon credits will help solve the global warming problem (if it actually is a problem), then it is time to stop and question the whole shebang.

Here’s the deal, in case you are curious. Let's say that Al Gore, with his private jets, mansions, etc., is afraid that people might call him a hypocrite for telling them to stop burning so much fuel while he is jetting around burning humongous amounts of it. He can assuage his conscience by taking a small sum of his money and buying what are called carbon credits that are supposedly equal to the value of the carbon his activity is emitting. He goes to what is called a carbon credit broker or trader, who, after taking out his (up to 10%) commission, pays the money to someone who promises not to consume the fossil fuel energy the rich consumer (our Nobel Laureate, Mr. Gore) has already consumed. Got it? Well, look, it is all really quite clear. As long as you can find someone else who will promise not to burn up 4 gazillion BTUs that you intend to keep on burning, you are helping save the world from melting down, right?

What? You say you don’t see how carbon credits slow global warming?

OK, I’ll try to explain it differently. Say you are a rich Texas businessman. You have a coal burning electric plant that is just about shot. You need to build a new one. So, you call up the carbon credit bankers and you tell them you want to help stop global warming. You are willing to close down your plant for the good of humanity. You do not mention your future plans. You think closing down your outmoded plant should be worth say, $5 million worth of carbon credits and that’s fine with them since they make their money by generating these carbon credits for sale. Besides, they don't stop to ask you too many questions.

The carbon credit traders find a billionaire who is feeling guilty because he is burning up $5 million worth of carbon credits every week or so in his factories. He writes a check for $5 million in hopes that it will go to a worthy cause, and hoping that God will see how environmentally sinless he is even though he will keep on burning up $5 million worth of carbon next week just like always. (Billionaires used to give money to churches and non-profit foundations to atone for their sins.)

Our Texas businessman smiles that broad Texas smile, accepts the money in great piety, tips his Stetson hat, and then drives off in his 10mpg Hummer to build a new plant that doesn't necessarily have any more pollution controls than the old one had.

You may think I’m satirizing, but that’s pretty much the way it works, as far as I can figure. There is a possibility that sometimes carbon credits will be paid to someone who actually does something real to keep energy consumption from rising, but there is really never any net loss of energy consumed, and in all likelihood, because humans will cheat every chance they get and there is no watchdog authority over all this scammy business, there will likely still be a net increase in energy consumption on balance.

The World Bank is currently the largest public broker of carbon purchases, with over 1,000 million dollars in its portfolio of carbon credits. Internal documents on the origins of the Bank's Prototype Carbon Fund (PCF) show that it was created as a way of making a profit. The Bank makes up to 10 per cent commission, mainly on the carbon credits it purchases for the fund it is managing. Sounds noble on the face of it, but with the World Bank's track record of accountability over the last 20 years, I wouldn't get too excited.

What the public fails to grasp amidst all this "Al Gore" style alarmism is that the global warming claims neither constitute support for alarm nor do they establish man’s responsibility for the small amount of warming that has actually occurred over the last century or so.

It isn’t just that the alarmists are trumpeting climate model results that we know must be wrong. It is that they are predicting catastrophes that couldn’t happen even if the models were right, in order to justify costly policies to try to prevent global warming. The average person conflates alarmism with science -- the result is a mishmash of misunderstanding.

I have a tip for you carbon credit gurus: Here in Central Florida, we just suffered through two days of below freezing weather. We are having a hard enough time supplying you with vegetables and citrus in the weather we have now. So, why don't you just take your global warming and your carbon credits, and take a long walk off a short pier? Or at least, have the courtesy to blow some of that hot air in our direction.


Like a Bagle With that AntiVirus?

For three days after death hair and fingernails continue to grow but phone calls taper off. - Johnny Carson

I don't catch many viruses; on the rare occasion that I errantly click on some unknown executable, Avast jumps up and bellows. But today, I made a boo-boo and watched in horror as my friends, the two Avast bluecons in the notification area, silently disappeared!

You might be saying to yourself, "Uh-Oh..." - and you'd be right. There are more than 188 variations of the Bagle virus loose on the Internet. The latest variations pack the means to hide new kinds of nastiness inside your computer, and current antivirus software cannot save you. In fact, not only does this little booger jump out from it's invisible rootkit and whisk away the Avast service executables before they can even be started during an installation, it also disables the Windows Defender service, among other anti-spyware and antivirus installations.

That is correct. Traditional antivirus software, no matter how good, is totally, utterly USELESS against this new kind of threat. Read the previous sentence again and weep.

Bagle is really a whole suite of malicious tools. There's a part of the code that's a successful e-mail mass mailer, another part that downloads new content from the Web and a part that captures credit card and password information -- and they all interconnect. But a major part of Bagle's success has been its ability to turn off active antivirus protection; without that, Bagle would not have survived so many iterations.

Currently, Bagle is being used by its authors to create botnets, which these crooks use to sell to others or make money for themselves. So it's not enough for Bagle to disable active antivirus protection if they want to stay in business. Now, Bagle's authors are storing the program's nastiest pieces deep inside the Windows system kernel where they cannot be detected, in a rootkit. You can thank the fine people at Sony for helping the crooks with that innovation.

In case you aren't familiar with this stuff, you cannot see a hidden rootkit process in Task Manager -- and you cannot see it on the hard drive either. And I'm not talking about it having the "Hidden" attribute set on the file -- I'm talking INVISIBLE.

Don't kid yourself, these people are not script kiddies - they are hardened criminals and they are making a lot of money ripping off people's credit cards, getting into their bank accounts and their trading accounts. You DO NOT WANT the bagel virus on your machine! If you ever discover that your Windows Defender or antivirus service is "disabled" or that you cannot reinstall your favorite antivirus product, that's a dead ringer that you are INFECTED, and you need to take action right away.

Fortunately F-Secure offers a product called Blacklight that's specifically designed to find and remove rootkits; a free standalone version is available at the bottom of the page linked above. Oh, and don't click on unknown executables and expect Avast or your favorite AV to stop them. Instead, right-click and scan them first. When I finished scanning with the freebie, the product has detected 424 hidden items that may have needed to be cleaned - none of which Avast has ever found. Anyway, I purchased their F-Secure Internet Security 2008 product for $59.90, which allows installation on up to three separate machines.

Even after running the freebie and renaming obvious files like "wintems.exe" and "srosa.sys" and cleaning out \Windows\System32\Drivers\down\, the full-blown "for pay" product still found and eliminated other "parts" of the offender.

I figure that eventually all the antivirus vendors will be hyping that they can detect invisible rootkit viruses. But as of now, the F-Secure product is the only one that does. AVG, Panda and Symantec have "rootkit" betas or standalones, but as far as I have been able to determine at the time of this post F-Secure is the only firm that has completely integrated all of spyware, malware, antivirus, email spam AND rootkit detection into their base antivirus product.

Avast? You've been a good friend, but I am afraid that as for now, you are behind the bagel. And so we must now part.

Hey, it's us against them! And though it may cause some temporary annoyances, we will win.