58bits - Tech

I posted here a while ago about setting up BitLocker on my PC - without a TPM. Works great.

I've recently been building up a new machine that will become my main development PC in the New Year - having decided to follow in the footsteps of others and build a decent spec Vista Ultimate 64 Bit box.

The spec:

Shuttle SP35P2 Pro
G.Skill 8GB 4-4-4-12 RAM
XFX NVidia GT 8800 Video
WD Raptor 10,000 RPM SATA for OS
SD Barracuda 300GB for Data
Vista 64 Ultimate 64 Bit

Anyway - more on this box later - which of course is going to be way better than others . :-)

BitLocker and EFS are now standard on my PCs and any new notebook I buy will have a TPM in it for sure.

That said - I'll be darned if I could get BitLocker to find the USB flash drive on this new PC to load the BitLocker keys at startup.

There are plenty of threads out there on the topic. Search for 'Bitlocker unable to read USB drive', or 'Bitlocker cannot find keys on USB drive'.

None of these helped me in this case.

Here's the solution (at least for this machine - with a Phoenix Award BIOS - V6.00PG - on an Intel P35 Express Chipset + ICH9R).

1. Be sure to put your USB keyring or flash drive in first!

2. Restart and enter your PC's BIOS (DEL at startup)

3. Go to the Integrated Peripherals menu item

4. Go to your USB Device Settings menu item

5. Set the USB controller to 'Enabled', 'High Speed' and the USB Storage function to 'Enabled'.

6. Here's the trick.... You should see a line like the one below with your USB thumbdrive listed.

*** USB Mass Storage Device Boot Settings***

[Yourdrive MFG name here]   [Auto]

The default is 'Auto'. Change it to 'HDD' and presto - Bitlocker will find the USB drive.

Took me ages to figure this one out...

It's my data and I'll open it if I want to... right? Errr.. not quite. If you've EFS encrypted files on Windows Vista you will not be able to open them under Windows XP. I'd thought I had most of my recovery scenarios covered. Was about to prep my XP Pro notebook for a trip and wanted to take some EFS secured data with me as well...

The following KB article applies...

Error message when you try to open an EFS-encrypted file in Windows XP or in Windows Server 2003 after the file has been opened in Windows Vista: "Access is denied"

A colleague just sent me a link to the MIX07 presentation of ASP.Net Dynamic Data Controls. I'd actually seen this demo before - but something about taking a quick second look made me want to blog about it.

Is it just me, or are there other people out there that kind of wince when they see these sort of presentations? (ignoring the obvious 'prop and holding' behavior of Mahesh Prakriya and his bottle of water).

The tools are definitely cool and I can see how these controls would be useful for knocking together a quick admin UI, or proof of concept app.  But the thing that kind of depresses me when I watch a video like this (with more powerful controls that let you build apps more quickly!) is the thought that there are 'developers' out there that will use this stuff and call themselves programmers - without knowing a whole lot about software development (principles - like searching, sorting, comparing, or how to build applications that are secure, transactional, and scale).

I sometimes wonder if we're headed back the good ol'days of VB6 where whole departments grew up without really knowing much about software development at all.

MS has an evangelical team, but frankly I'd like to see less proselytizing of how technology is going to make our software development lives so much better - and more holistic presentations that combine neat tools like this - with careful qualifiers that put the tools into the wider context of software design, quality and production issues.

I remember the first time I was burgled. It was in 1993 and I was living in London at the time. It was a tad unsettling to come home and see the front door of my apartment smashed open, and things not exactly the way I left them before I went to work!  I lost a bunch of Audio CDs, my TV and some cash that was lying around - but NOT my computer.

Since then being online a LOT more, and needing a safe place to store personal online information - account codes, banking information, subscription information etc. means that I've thought often about the best way to secure my personal (and work related) data.

I've used a couple of third party products in the past - but with Windows Vista Ultimate and BitLocker beckoning - I thought I'd give a combined BitLocker and Encrypted Files System (EFS) combination a shot.

BitLocker (in case you've not heard of it) encrypts the entire system partition - and until a valid key is supplied during system boot - the drive and its contents are effectively a nifty digital paperweight and nothing more. You can even safely dispose of the drive in this state - because again - without the key - it's just a lump of encrypted data.

My biggest concern with BitLocker was going to be performance especially since I was going to enable BitLocker on my main DEV box. Fortunately I have a 'kick it and see' PC I used to test everything on before implementing all of this on my main machine.

Here's the best article there is on how to configure BitLocker... Windows BitLocker Drive Encryption Step-by-Step Guide. In my case my PC doesn't have a Trusted Platform Module (TPM)- so I made the change as detailed in the article to allow BitLocker to be installed without a TMP.

Shortly after Vista Ultimate RTM was released - there was an update that included a BitLocker drive preparation tool. A word of warning here - and this relates to Windows Backup. Use the default partition settings from the drive preparation tool and allow it to create the new (and small) boot partition that will be needed for system startup (so that the boot process can start (unencrypted of course) before loading the OS from the encrypted drive). 

I have two partitions on my drive - my C: drive - which I will enable BitLocker on, and my D: drive which contains all my data. While exploring the command line options for the BitLocker drive preparation tool - I thought that since I already had a second partition (my D: drive) I could make this my boot drive (boot.in and OS loader) - but this was a bad idea. For starters it's a BIG partition - over 100GB. Secondly - when using Windows Complete System Backup (which I now use in favour of my previous third party imaging tool) - the backup will correctly detect that it needs both partitions to do a complete system backup. I don't want my D: drive included in this image (the reason for separate partitions in the first place) and so I switched back to the default BitLocker drive preparation settings - which creates a new small partition (S:) to hold the boot information.

My BitLocker generated key was created and written to a USB thumbdrive (attached to my key ring - along with the other 'real' keys). I put a second USB thumbdrive in a 'real' safe along with the recovery key. If I loose my keys (literally) this is the only way I'm getting back into my machine - so having a safe and alternate location for your recovery key is essential. It's kind of neat having to put the USB thumbdrive in my PC to start it up - like starting a car... :-). And it really doesn't interfere with the way I use my PC - my keys are always there on my desk - and I take them with me wherever I go so it fit fine into my pattern of work and play (you can take the key out of the computer as soon as BitLocker reads it - in fact BitLocker tells you to once it's read the key).

I have to say I was really impressed. I saw no performance difference on the 'kick it and see' PC and when installed on my live box - no difference there either. Impressive.

BitLocker will only work on system partitions - so that left the data on my D: drive. And this is where Encrypted File System comes to the rescue. That said not everything on my D: falls under the category of 'sensitive data' so I wasn't about to encrypt the entire drive. Instead I grouped my 'sensitive data' together in a special folder - and encrypted the contents using EFS. EFS uses a public-private key pair and a per-file encryption key to encrypt and decrypt data. The public-private key pair are stored in your Personal Certificate Store - which you can view by typing certmgr.msc in the search line of the start menu in Vista, or from the 'Run' command in XP. Alternatively you can view the personal store from the Tools, Internet Options, Content, Certificates option in Internet Explorer.

Since the certificate store in on the system partition - and this is now under the protection of BitLocker - the certificates are safe (although you still need to take a backup of the EFS certificate and keep this someplace safe too).

EFS is pretty cool - and they way it uses public keys to protect a per file symmetric key is neat - since it allows you to use several public keys - from several users - to encrypt a file - and then share it amongst those users if you needed to.

Here's an excellent description of how EFS works... Windows XP Resource Kit: Using Encrypting File System.

So I now have a production PC - working hard every day - with BitLocker on the system partition, EFS where I need it on the data partition - a set of keys safely tucked away in two locations - and I feel better about the prospect of getting robbed - because at least this time if they choose to take the PC - they'll be getting a lump of iron and silicone - and not a whole lot more than that.

It's enough to be trying hard to keep up with all there is to read and do these days. The last thing I want in the middle of an engaging and important read - is to be thwarted by an Adobe update. I still love Photoshop, and I'd love to love Adobe as well - but their automatic software updating process is a nightmare. I've had several bad experiences in the past and yet another today...

I was about half way through reading a PDF document - when I noticed the insidious little updater icon appear in my system tray. I ONLY have the 8.0 PDF reader installed and I foolishly thought - surely just updating my reader won't be a problem. Ouch.

First I needed to close my article. Ok - my fault for not finishing it first - but I thought I'd be right back. The updater claimed it was 0% complete when I had just received a message saying that my updates were downloaded and ready for installation. The UI and notifications we so bad that I thought I was done - and so I reopened my PDF. Something died and I got an Adobe application ending error. Then the installer came back to life and I got a new Adobe Reader icon on my desktop and a message telling me to restart my PC. WTF? I'm just updating the Adobe reader right? Not reinstalling the OS! I'm now completely out of the flow of the PDF I was reading and swearing at Adobe as I restart my PC.

On restart I notice for the first time that scrolling an eleven page document in Adobe Reader is incredibly slow and unresponsive - it's not keeping up with the mouse and this is a top spec box (5.4 on the WEI).

Adobe - what have you done? And where are you going?

From one of the net's most generous and pioneering bloggers - a great cause...

I wrote earlier about my experiences using the Application Block Software Factory to create a new Application Block and Provider - it started well - and creating my first provider went fine.

Putting things into production was a slightly different matter.

Again the docs are thin - and it took a brief email exchange between myself, Tom Hollander and Fernando Simonazzi of Clarius Consulting to solve one problem I came unstuck with (no doubt attributed mainly to my first crack at ObjectBuilder and ABSF).

The problem I ran into relates to the ProviderData classes that are created by the ABSF. ProviderData classes are created for each of your providers and contain the configuration information required for your provider (read from the .config file). ABSF will also create another class in the source file for your ProviderData class - an Assembler class - ProviderAssembler. ProviderAssembler implements Object Builder's IAssembler interface and is responsible for handing back an instance of your provider, along with feeding any strongly typed settings to the constructor of your provider as required.

In broad terms - there are two ways to build classes from your application block using ObjectBuilder: IAssembler or using ObjectBuilder's generic CustomProviderAssembler method.

It's not immediately obvious that there are two provider creation strategies here or that there can be issues if you mix the two.

One is strongly typed - using your own Provider Assembler class. In this case any attributes you declare in your settings file....

<add name="Provider1" type="MyProvider, ProviderProject.Providers" databaseName="Test" specialProperty="Test" />

(databaseName and specialProperty) will be referred to in your ProviderData class as properties like the following...(just the databaseName attribute here)

private const string DATABASE_NAME = "databaseName";
[ConfigurationProperty(DATABASE_NAME)]
public string DatabaseName
{
    get { return (string)this[DATABASE_NAME]; }
    set { this[DATABASE_NAME] = value; }
}

During the call to your assembler's Assemble method - you can pass the values of these convenient and strongly typed properties into your provider's constructor.

However here's were I came unstuck.

For each of your ProviderData classes - there is also a BaseProviderData class - and at first glance this seems like correct place to place any provider properties that may be common to all your providers - with one very important exception.

The ABSF also creates a CustomProviderData class - which ALSO derives from the BaseProviderData.

CustomProviderData doesn't implement properties for configuration - it simply reads all the attributes in your settings and places them into a property bag (a name value pair collection) which will get passed into the constructor of your implemented CustomProvider. You then retrieve the settings from the NVC as you need them in your provider (casting into the required types for each attribute).

So...

<add name="Provider2" type="MyCustomProvider, ProviderProject.Providers" databaseName="Test" setting1="Test" setting2="Test" />

In this case setting1, and setting2 will appear in the NVC when received by MyCustomProvider's constructor - BUT - if the databaseName property was defined in the BaseProviderData class - it will NOT be included in the NVC. The NVC is built for 'unknown' attributes only and in the pattern of assembly provided in the ABSF - databaseName is now a 'known' configuration property (known by the BaseProviderData class) and so won't be included.

So - if you are considering offering the client the option to create their own custom providers (as opposed to pre-defined strongly typed providers in the block) - be very careful about placing common property settings in the BaseProviderData class - because if a custom provider needs an attribute of the same name - it will never see it since it won't be included in the NVC of settings during construction.

I've been reading Charles' book, Appplications = Code + Markup, and spotted the flame posted by Jeff Atwood - How Not To Write a Technical Book (which I think was a bit thin all-round as a posting) where he compares Charles' book to Adam Nathan's Windows Presentation Foundation Unleashed.

Charles Petzold's book may lack a little color and design - but he's a skilled software developer and a very thoughtful author. Every code example comes with a matching source and .sln file (there are over 150 short and helpful code projects).

Charles also thought carefully about the division of the book into two halves - code and then markup - and I find it helps enormously to focus on code first - which in turn gave me a deeper understanding of what was going on in the XAML markup that followed. On Charles' own site he says openly that he wishes the design had included more screen shots - but his book is already a 976 page tour de force and frankly I'm glad it was kept as lean and clean as it is.

That said when ever I've really wanted to get a solid understanding of any topic I've usually read more than just one book - and so seeing two great books out there in two different styles can only be a good thing.

aspnet_merge.exe exited with code 1 - read on...

There are a few good articles around that describe the differences between the default Web project in VS2005, and Web Application Projects (which are included with SP1 now). Having come from custom scripts using XCOPY in VS 2003 - I was comfortable with the Web Application Project model - knowing that the site would be compiled into a single DLL which along with all the required files to run the site - could just be copied/XCOPYd/FTPd into production.

I also think the loose directory structure and compilation options of the standard Web Project in VS2005 are pretty cool too. That said for a lot of Web applications - I think the Web Application Project makes a lot of sense.

Rick Strahl has written a pretty good summary of the issues and differences between the default Web Project and Web Application Project formats - at Web Application Projects and Web Deployment Projects are here

We recently switched back to a Web Application Project on one project - but wanted to keep the Web Deployment Project - since the compiler options, pre and post build command options (in the source project file) were a convenient place to perform configuration specific tasks in a build.

For one site in particular we wanted to be able to publish new binaries quickly if needed and so the Web Deployment options were set to 'Merge all outputs to a single assembly', and 'Treat as libaray component'.

I chose the default namespace for the Web Application Project as the assembly name to merge to in the Web Deployment Project.

And at that point I was stuck - the build failed with am  '"aspnet_merge.exe" exited with code 1' failure message.

I enabled Detailed MSBuild messages in the Output window - (Tools, Options, Projects and Solutions, Build and Run - bottom combo box) and saw the following message the next time I tried to build.

The target assembly 'DCL.MG.Web' lists itself as an external reference.

After some experimenting - I told the Web Deployment Project to build to an assembly with a different name - in this case "DCL.MG.Website" - and I discovered two assemblies in the output directory.  One called DCL.MG.Web.dll (from my Web Application Project) and one called DCL.MG.Website.dll which the Web Deployment Project had created.

Using IL DASM - I could see that the DCL.MG.Website assembly had only two classes in it - an ApplicationBrowserCapibilitiesFactory and global_asax. The rest of the site had compiled into the DCL.MG.Web assembly fine.

I can live with this extra assembly - it's small and uploads fine with the other binaries when we do an update. I'm just a little curious as to why this is happening - why we're not getting a single assembly, and whether anyone else has discovered this as well.

Back in March I went to the MSDN Roadshow in London to see presentations on several topics - one of them was LINQ.

In my attempts to keep up with the avalanche of software coming out of Microsoft - I have a short list of beefy books to read, weblogs to keep up with, and videos and Webcasts to watch.

The presentation at the roadshow in March was ok - but I thought for a while about the cost of attending; the time it took to get there - the structured format of the show and my never ending need for utilitarian sources of good information.

Today I came across Mike Champion's very helpful post...

Accelerating Evolution: LINQ News from Mix 2007 which includes a link to a video of Anders' presentation at Mix 2007 .

Anders' presentation is brilliant; fluid and clear - and really demonstrates the LINQ language enhancements well.

What's more I was able to watch it at a time of my choosing, and at my own pace - which makes me wonder a little about the real benefit of the Roadshows (apart from the less than subtle injection of a lot of MS Office 2007 mini-marketing presentations between each of the main items of the event).

Mix 07 on the other hand is a 'whole-n-other' thing.... :-)