Wednesday, December 15, 2010

That confounded WCF configuration file

The great thing about Visual Studio is that it pampers you, by doing a fantastic job on your behalf to hide all the nitty-gritties.  The downside is that when you depart from the default values/names/settings, you may not know what manual changes are needed.

If you have read Keith Elder's article about WCF, you will understand what a Boeing 747 you have.  And you need a lot of new skills to pilot such a plane.  I would like to share some basics about web.config/app.config that I learned the hard way.

The new section of interest in the configuration file is: <system.serviceModel>.   You can have nothing in this section, and everything will simply take on certain default values.  The commonly used elements in this section are:

  • <services>
  • <bindings>
  • <behaviors>


The <services> section defines the web services you want to publish. (On the client's web.config, you would not have this but a <client> section instead.) The <services> element contains the <service> elements (that's how subtle and confusing the names can be if you read too fast).

For each web service you have in your project, though optional, you should have a corresponding <service> element defined. If your web service code is like:

namespace NNNN
   public interface CCCC
   { ...

and the implementation:

namespace NNNN
   public class SSSS : CCCC
   { ...

then an example of your <service> element can be as follows:

 <service name="NNNN.SSSS"   behaviorConfiguration="BBBB">
    <endpoint address=""   binding="basicHttpBinding"   bindingConfiguration="BCBC"
    <contract="NNNN.CCCC" />

BBBB points to a <behavior> element in your configuration file, while BCBC points to a binding element in the same file.  In other words, BBBB, if it is specified in the service, must be in the name attribute of a <behavior> element in the <behaviors> section, and similarly BCBC must be in the name attribute of a binding element in the <bindings> section. Otherwise, you will get an error when you try to call anything on the host.

One thing I find odd is the need for the binding attribute in the <endpoint> element.  It is not free text, but must be one of the valid binding types.  But the binding type is already defined in the binding element (see below) referred to in the bindingConfiguration attribute of the endpoint.

A service can have zero or one or more endpoints explicitly defined.


The elements in the bindings are not named <binding> but must be one of the valid WCF binding types. So, they could be <basicHttpBinding>, <webHttpBinding>, and so on.  (Use Intellisense in Visual Studio to see the full list.)  For my above example, you can use something like the following to make use of integrated Windows authentication:

    <binding name="BCBC">
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Windows" />

You may need to look up further documentation on what other values you can have in <security> or <transport>, and other elements you can add.


I have not learned what behaviors web services can have other than the one use to publish meta data.  Meta data is the information that your client can use to determine the web methods and data types that are available from the web service.  If your clients are using .NET WCF, then a behavior such as below will expose the meta data:

    <behavior name="BBBB">
      <serviceMetadata httpGetEnabled="true" />


I hope the above gives you an introduction to the intricacies of the WCF configuration file. With the basics out of the way, you will be able to explore the esoteric options and attributes.

Sunday, November 28, 2010

Super OLED!

After two years, the age of my Nokia E-71 showed.  The main shortcoming has been the display size.  The good and real keyboard has made it impossible to go higher than 320x240 without increasing the thickness of the phone.

So I got myself the Samsung Galaxy S recently.  It is a very good copycat of the iPhone 3GS, down to the packing box.  What did they say about imitation and flattery?  I am speculating that the next version of the Galaxy would, like the iPhone 4, have rectangular instead of curvy edges on the sides.

I have not used the iPhone other than testing it.  I find Android much more usable compared with my experience with the iPhone.  The menu and back buttons on the Galaxy S are really handy.  The Program Monitor gives me a very visible state of my phone.  If control equals power, I am power-drunk.  People like me would have difficultly living under the yoke of Mr Jobs.

The biggest jump in capability has to be Swype.  I guess Samsung has to pay for it as one Motorola model I know does not have it.  It is so powerful that it makes you become more verbose.  Ever since my first SMS in 1996, I have always ensured that every word in every single SMS I send is spelled in full and every sentence is properly punctuated.  Hence Swype is an excellent tool for me.

The Super OLED display is just super.  It gives new meaning to the term "vibrant colors".  If you have not seen it go to a phone shop and check out the weather forecast in Daily Briefing.  The lightning or moon behind clouds will stun you.

One thing I will have to get used to is that I have to get some basic essential stuff from the Market. I am used to Nokia providing a basic set of software for the hardware they sold.  In the Android world, you are expected to use those written by some kind souls out there.  I still don't feel good that my location accurate to 5m can be reported to some unknown person every time I use some application.

One feature I wish for is an on/off switch for celluar data.  Other than roaming protection, there are times when I need to control radiation.  For example if I am still outside and my battery is low, I want to be able to conserve power until I get a chance to recharge.

Overall, the Samsung Galaxy S is an excellent phone.

I have not upgraded to 2.2 Froyo as I keep hearing all those negative reports.

Monday, November 15, 2010

Why it is Peking and not Beijing

[As at January 2011, this web site cannot be viewed from within China.]

Lord Carrington explained it most clearly when he said that English speakers do not call Moscow Mockba.

I see two fundamental misunderstandings on names and languages.

First, English speakers do not need the permission of the CCP to decide how to name the capital of China in English. English speakers do not seek Italy's permission when they call Roma Rome. The list goes on. Similarly, Britain does not, and cannot, insist that the Chinese do not call London 伦敦 but London. Britain cannot object the French from calling that same place Londres. President Obama cannot command that the Chinese call him 奥峇马 instead of 奥巴马. In summary, if users of a language decide to name something X, no one else from another language can come and say it must be Y instead.

Second, the capital of China in Chinese is 北京, not Beijing. This second point may be a bit subtle.  "Beijing" is 100% not a Chinese word. Chinese is not written using the letters of the English or Latin alphabet. Chinese is written using pictographs, eg 北京.  The word "Beijing" is as Chinese as "Лондон" (London in Russian) is English.

There is nothing offensive or ominous about calling the capital of China Peking in English. There are no western hegemonic overtones or Chinese humiliation implied when we use the word Peking.  [Jan 2, 2011 update: mind you I just returned from an absorbing visit to Yuan Ming Yuan]  Just like when the Chinese call London 伦敦 in their language, there is no connotation China might have overrun England.  On the other hand, using Beijing instead of Peking in English unequivocally acknowledges a total capitulation to the CCP!  I guess big cash can do wonderful things.  If this goes on, soon we will have to use Zhong-guo instead of China. And from 2019, many documents will have to be updated, such as "We the People of Mei Guo, in Order to form ..."

Coming back to the word "Beijing", it is merely the Hanyu Pinyin phonetic spelling of 北京, when pronounced in Chinese, just like "lʌndən" is the IPA phonetic spelling of London, when pronounced in English.  We should leave these as they are.

Long live Peking!  北京万岁!

Monday, October 11, 2010

Auto Cars

I had this idea for twenty years but Google beats me to testing it.

The car carrying capacity of any road is simple: unlimited.

To take more cars, just increase the speed of cars.  The real limit is parking.  Sooner or later cars have to stop.  So the trick is to find a way for cars to slow down gradually to a a parking spot.

Hence, we should just increase the speed limit to give everyone a smooth ride.  Every car will know where every other car is and is going.  All cars can zoom past each other at traffic junctions with no need for traffic lights.  The faster you zoom past each other, the more people can have cars and use them.  Of course all cars will be driverless, like what Google is trying to do.

In my vision of things, nobody owns cars anymore.  To go anywhere, just punch a button on your mobile phone.  In a minute or so, a driverless car will come to your exact spot.  Hop on, and the car will pick up speed and join the main traffic.  If your destination is 10 miles away , you should reach there in much lesser than 10 minutes, irrespective of the traffic volume!

After you alight, your car will stop where it is and wait for the next request.  In version 2, the car will move to the next best spot based on predictive demand forecasting.

The amount of fuel consumed per passenger for such a journey will be a small fraction of what you can get today on a mass transport system like the bus.  Remember Newton's first law, and second law?  Fuel is needed only on the initial pick up and, after that, only for overcoming traction and air resistance.

Thursday, February 18, 2010

Getting Web Images Right

I appreciate all the programming and troubleshooting tips posted by the many enthusiastic contributors from all over the world. Many of them include lots (and lots) of screenshots to illustrate what they are trying so hard to help us. One problem, however, is the clarity (and size) of those screenshot images.

I always love screenshot images that are in native resolution: one pixel in the bitmap corresponding to one pixel on the original screen and corresponding to one pixel on my screen.

No one should have any problems capturing the screenshot - the [Alt]-[prt sc] key does it all to the active window. I think the problem is in saving it. The original MS Paint was a disaster. You have to manually set the size your image. And it can't save to the png format.

I find that Paint Dot NET is the most convenient tool. Pasting from the clipboard automatically creates a new image of the dimensions of the image in the clipboard. So it's the perfect size, no chances of error. And saving to png gives the best, in terms of color and file size, for most dialog box type of screenshots.

One mistake most people make is to resize (I don't mean crop) the screenshot images. Never never do that. The moment the image is resized, even by one pixel smaller, a million floating point calculations are done to divide out the original number of pixels over the new number of pixels. Unless it happens to be nice round integers, there will be lots of fractions and arbitrary decisions have to be made whether to round up or truncate. Thus the image gets distorted and the colors get distorted. Textual characters that use the minimum number of pixels in the original image become illegible.

There are two places where images can be resized. First is in the image editing software as mentioned in the preceding paragraph. The second place is at the web page. Many people still add a WIDTH or HEIGHT attribute to their IMG tag. NEVER DO THIS! But then there are culprits, such as, who refuse to allow me to put up my original image. Look at the sample below:

My picture was 406x471 pixels, a crisp looking snapshot of Task Manager with one pixel in my file for every one pixel in the original image, and a file size of only 7.63kB.  The picture fits more than nicely on the page, but Google insists on greeking it into an ugly illegible smudge with a file size of 79kb!!!!. Grrrr!  Why why why?

Friday, February 5, 2010

Are you current?

[It is not fiction that a fully-laden airliner can complete its whole trip from take-off to landing, at most modern airports, with the pilot's hands totally off the controls throughout the journey.  Nevertheless,]

An airline captain, say of a Boeing 777, must land a Boeing 777 manually at least once every 35 days to maintain his currency as a captain.  If he does not achieve that, then he must land the same aircraft in a simulator.  If he has extended his currency through the simulator, then within the next 35 days he must land the real plane from the right hand seat, that is, with another captain in command and supervising.

In contrast, anyone can claim to be a qualified and experienced software architect or developer!  Is it because no one gets killed when software is poorly written?  I am convinced that this is the real answer.

An airline pilot is certified not only on his flying skills but by aircraft type.  A Boeing 777-200 pilot is not permitted to fly a Boeing 777-300ER without undergoing a conversion course.  Imagine a company not permitting a Java programmer to write in C# until he is re-trained.  That company will go out of business because other companies will not impose this restriction upon themselves.  And the reason can only be: no one gets killed when the software crashes.

My favorite question during hiring interviews has been: "Have you written 500 lines of xx code in the last 30 days?"

Thursday, January 14, 2010

The Mother of All Trojans

Well, now we know that the Communists do not understand that entering someone's computer is the same as entering someone's house.  Or maybe I am giving them too much credit.  Do they also enter people's homes if no one is watching?

Using zero-day attacks or upatched vulnerabilities is a contorted process that requires lots of hardwork trying to predict and then handle all possible outcomes.  Such attacks are not always successful even if the target computer is vulnerable.

If they could spent their talent and energies on such hacks, just imagine what they could have put into all those Huawei routers!

According to Wikipedia, Huawei is founded and still led by an ex-PLA man, a card-carrying member of the Communist Party of China and a congressman!

Could they be that far-sighted?  The router is the mother of all Trojans.  It's the interface point between your internal network and the Internet.  All other network equipment are similarly vulnerable as they just have to communicate.  Just imagine all the sleeping robots out there waiting to be awaken and report back to Commie HQ.  The possibilities for total destruction are mind-boggling.  All that is needed is a little backdoor code to boot-strap the software of the day!

All you corporations and government departments out there in America, Europe, and even China: if you had purchased Huawei because the quotation was 50% cheaper than the Cisco one, you had better quickly unplug them.

My thinking is not original.  See the following too:

UK Sunday Times Huawei's Dubios Reputation Is Huawei behind Ghostnet?

Welcome to the new Cold War - added May 10, 2011 Perhaps the hacker community can do some community service and study the Huawei firmware for Trojans.

Sunday, January 3, 2010

Download Fails for Windows Update

I don't know how well-known it is that the Windows Update client, even when run from IE, does not run using your logged-in credentials.  This is according to KB 900935.

So, if your computer requires a proxy server to connect to the Internet and you have configured the proxy server through your IE settings, the Windows Update client will still try to connect directly.  This is because the IE settings are specific for each user.

I have a newly installed Windows Server 2003 that is on a LAN that requires a proxy.  The first update went through ok.  But subsequent updates keep failing to download. By running proxycfg -u to copy my IE proxy settings for everyone, Windows Update breezed through.

The puzzling thing is that I have two other Windows Server 2003 sitting next to this one on the same network.  They were installed 1.5 years ago, with the proxy server configured in IE.  I checked and proxycfg on these two says "Direct access".  But Windows Updates for those two servers work fine!!