Joseph Cooney's Weblog


Proof of concept Asymmetric Encrypted Xml Trace Listener

.NET’s tracing infrastructure isn’t perfect, but it gives you access to some ‘internal’ things that it is otherwise hard to get access to (like network and WCF tracing). Sometimes the things you want to trace are sensitive in nature, and probably shouldn’t be left lying around on the file system, even on your servers. Additionally you don’t want to set up a centralised, secure, logging system, and don’t want the overhead of more network traffic for every trace write (which can be pretty verbose sometimes). So what to do?

I was faced with these challenges recently on a project with my friends from Mexia, and one of the ideas we kicked around was using PKI to encrypt the trace. The app.config file for your .net process has the public key in it, and the app can write trace information, but not read the trace files it has created. Although we didn’t end up going with this approach, I thought it would be interesting to spike out an encrypted XML trace listener that can be dropped in in place of the regular XML trace listener, for things like WCF tracing.


The configuration is hopefully what you’d expect. The base64-encodeed key and exponent for the RSA crypto provider are stored in a delimited string in the .config file, along with the directory you want to write the files to (even though the name says EncryptedXmlWriterTraceListener it would be more accurate to call it the EncryptedFileXmlWriterTraceListener, but the base class the XmlWriterTraceListener is fairly file-centric too).

<add name="EncryptedListener" type="JCooney.Net.Diagnostics.EncryptedXmlWriterTraceListener, JCooney.Net.Diagnostics"
initializeData="Key=pUY9KVcmHF1yvM7YkdvJFMWmQkayeqqYh37kuSQjeYdx1gRtD3dZDF37dd/qbnSujwIX0ebPc6FYDqPCnpjlWA6WqLGvBRvfr2iIBuImkBYKuDP5L2Hun3U97fsz86HTMyf1zo9+WvFQifeDsJtsGuL6RLEOiYoBcla/FTC3fGk=;Exp=AQAB;Directory=f:\temp\" />

Asymmetric Keys, to Encrypt Symmetric Ones

Public key cryptography is not great for encrypting large chunks of data (to do so you generally need a key that is bigger in size than the data you want to encrypt). On the web for instance the public key infrastructure is used so that two parties can exchange a shared symmetric key, which is then used for the duration of their secure conversation. Here I do a similar thing, where the first portion of the file is actually a new symmetric key and IV for the Rijndael cipher that has been encrypted with the public key stored in the config file. To decrypt the log file you use your private key to decrypt the symmetric key and IV, which you then use to decrypt the bulk of the file using the Rijndael cipher. I’ve rolled up this process into a helper class called EncryptedXmlWriterDecrypter which takes a file stream (the encrypted file) and the private key information. Generating new keys is done by creating a new instance of the RSACryptoServiceProvider and serializing out the key using ToXmlString.

Known Issues

I have seen one issue where the decrypted file is incomplete and the closing E2ETraceEvent element has not been written to disk before the trace file is closed, or not read back properly when it is decrypted. I wasn’t easily able to determine the cause of this.

Cryptography Is Hard

This brings me to my last point – cryptography is hard, I’m certainly not an expert at it, and this is very much a proof of concept at this stage. If anyone has any feedback, or pull requests I’d love to see them, but please subject this to some thorough testing before putting it out in production.

My AWS Instance was pwn3d by eastern Europe, and all I got was this click-bait headline

This blog had been extremely quiet for several months while twitter has become my ‘go to’ vehicle for quick rants. Or so I thought, until I received 2 notices from AWS (my blog is hosted on an EC2 instance) saying that my instance had been reported for abusing the terms of service.


The worst part about receiving news like this is the immediate reaction is to drop everything and dive in to investigate, however often other things supervene, and so after quickly cycling through ‘shock and denial’ and ‘pain and guilt’ I decided to turn off the instance to prevent further ‘damage’ arising from its misuse, and to fix it up at a later date.

A few days later I turned the instance back on and had a look at what was happening network-wise on the server. Netstat revealed hundreds of instances of process with ID 0 (PID0 is normally reserved for the system idle process)  listening on port 80 communicating with a client located somewhere in St. Petersburg. Seems legit.


I’d taken some basic security precautions – preventing all inbound ports except port 80 and RDP from my ‘home’ IP address and running app pools under low-privileged accounts, but clearly it wasn’t enough. I’m not sure how I was owned – my windows updates were fairly sporadic, so even though it was a ‘latest’ version of windows server 2012 there were some updated that probably hadn’t been applied in a timely fashion. Also I was using a non-latest version of the ASP.NET-based blog software that I use. After taking a very selective few backups I turned the machine off for good.

To any sys admins whose systems were attacked by my compromised machine – I’m sorry, I’ll try not to let it happen again. Lesson learned is even a little EC2 micro instance can be useful to attackers. This time around I’m going to try to keep on top of those system updates, and stay up to date with 3rd party software.

Questions and Beginnings…

A beginning is the time for taking the most delicate care that the balances are correct, and so it is also with the beginning of one’s stint on a software project. Here is a list of questions that, I have found, it is good to have answers too within the first week or so of starting on a software project. Sometimes the answers to one will make it obvious that a related question does not apply, and sometimes just by asking these questions you can begin to add value by uncovering things that need further consideration.


  • What is the primary language used to develop the project
  • Where is the code stored
  • What is the process for checking in changes to the code (code reviews, running tests before check in etc.)
  • What will happen once I check in changes? (automatically built? Automatically deployed?)
  • What environments will the software be deployed to, and how will it be deployed?
  • Who or what deploys the software to those environments?
  • Who supports the software in those environments?
  • How is the software built/packaged to be deployed?
  • What (if any) is the approval process for adding 3rd party code to the code base?
  • What code quality tools are used?
  • What coding standards does the project follow?
  • How do users of the system interact with it (user interfaces, via 3rd party systems, emails etc)?
  • How are users authenticated?
  • How will the code be verified once it has been deployed?
  • How are bugs in the software tracked?
  • Once a bug has been identified how is it prioritized?
  • Where are changes to bugs applied?
  • Once a bug has been fixed how is the fix tested?
  • Once a bug has been fixed who will test the fix?
  • Does the system persist data, and if so - how?
  • If the system persists data, who makes data model decisions for the project?
  • Who makes architectural decisions for the project?
  • When architectural and design decisions are made how are they captured and communicated?
  • What monitoring tools are used to support the project in production, and how should I instrument my code to work well with them?
  • What other systems does the system communicate with, and how?
  • What are the trust boundaries between this system and the others it integrates with?
  • How do different parts of the system communicate with each other?
  • What laws does the system have to follow with respect to data privacy, auditing, secure storage of data etc?
  • What privacy and security concerns exist for data in non-production environments? (is it a backup of production? Is it synthetic?)
  • How will we know when we're done on this phase of the system's development?
  • If we're aiming for a particular date for delivery, what is driving that date?
  • Where is the best place around here to get coffee?

Please chime in with any useful questions you’ve asked in the past. Image courtesy of Duncan Hull.

Apologies to those who’ve seen this before, it was lost as part of a server update.

No-longer a Windows Client Development MVP

Since 2007 every April (April 1st to be exact) I’ve received an email letting me know I’ve been recognized by Microsoft as a Microsoft Valued Professional (MVP) in client application development, primarily for my contribution to the Windows Presentation Foundation (WPF) community. It came as no surprise, but with a small amount of sadness, when I received no such email this year. I say “no surprise” because it has been about 2 years since I’ve done anything significant with WPF (and, as one of my colleagues said, it’s been a bit longer than that since Microsoft did anything with it, unless you count abandonment as “a thing”). My strategy has shifted, as they say in the trade, to single-page applications with libraries like Knockout.js and Angular, to Sharepoint, to Android development, with lots of ASP.NET MVC thrown into the mix. Ironically it looks like Microsoft might be finally stepping up to address some of the issues with WPF (mostly to do with performance) if their recent job ads are to be believed. I’m planning on keeping learnwpf.com going, and posting anything interesting I come across with WPF.

You’d probably expect I’d have lots of sad farewells to say to on the WPF team at Microsoft, and in the WPF community, but I haven’t. Most of the people I know, or know of who were on the WPF team have moved on. Many of them are working evangelising the “other” rich, fast multi-media UI platform that is kicking a lot of goals lately – chrome. The product team never engaged with me in much capacity – occasional Microsoft live meetings at 3.A.M. which I never really made the most of. Locally DPE’s focus on evangelizing emerging technologies (AKA what they’ve been goaled on for this quarter), and living and working in a city where they have no real presence means there won’t be any sad farewells or commiserations from that quarter either.

The software development ecosystem is a vastly different, and more heterogeneous one from 7 years ago when I became an MVP. Its time to remind myself that first and foremost I am a developer, not [just] a Microsoft developer.

The Future of M# and Organisational Politics

It’s new year’s eve, so naturally I’m at home by myself drinking Veuve Clicquot and thinking about software development. I was interested to read about the new research language announced by Joe Duffy, which he dubbed ‘C# for systems programming’ but which I’m calling M#. This resulted in a lot of comments, both on Joe’s blog and speculation around the web. Rather than focus on the technical aspects of the language, which is ill-suited to one who has ingested a bottle of Veuve Clicquot, I’d rather focus on the organisational politics surrounding the announcement of M#, and the future of Midori.

But first, a bit of history. Midori is a skunk-works operating system project that grew out of MSR’s Singularity operating system/tools project. It is managed code all the way, with the goal of being highly dependable and verifiable. It was made up of a small, but star-studded team. Joe Duffy, who wrote the original prototype of plinq in a week-end, Chris Brumme, the VM guru MS hired from Oracle back in the day for a signing bonus of $1M and a Porsche 911, who knew everything about the CLR and then ‘went dark’ about 9 years ago. WPF Maestro Daniel Lehenbauer, and quite a few others. Midori existed outside the normal Microsoft divisional structure, but was instead run by Eric Rudder who reported directly to Steve Ballmer.

Fast forward to now-ish. A few weeks ago Eric Rudder moved to the newly created role of Executive Vice President of Advanced Strategy, and Midori has been moved into Terry Myerson’s Unified Operating Systems Group, AKA the Windows Division. So far all of this is stuff you would have seen in Mary-Jo Foley’s excellent article on the subject, but the thing that MJF doesn’t say, and which I think is really key when considering the future of M# and Midori is the history of the Windows Division. The Windows Division HATE managed code. HATE, HATE, HATE. C++ and Javascript are the languages of the Windows Division. Every since they got burned by Managed Code in longhorn, and had to scrap a few years of development work, and re-set on top of the server 2003 code-base, the Windows Division has been strongly against managed code.

Lets also consider what Midori was setting out to achieve – replacing windows – something the folks on the Windows team are somewhat enamoured with.

From Mary-Jo’s Article:

Myerson's OS group is going to be determining which parts of Midori have a place in Microsoft's future operating-systems plans.

I suspect the conversation would be discussing the relative merits of suffocation with a pillow, or stabbing with a knife. I could be wrong here – Terry Myerson’s past in Windows Phone, which uses .NET heavily for its programming model, might make him more sympathetic to managed code, but I wouldn’t count on it.

Happy New Year


A Random List of Cool and Useful Stuff

http://visualping.io/ – I wanted to use this to check for the availability of the nexus 5, but due to the location google things the site is coming from the devices section doesn’t show up. Still, a cool idea.


http://tympanus.net/codrops/category/playground/ – a collection of cool HTML5 demos. Animating check-boxes, slide-down combo boxes, sidebar effects etc.


CLink – makes windows command-line better. Command-line probably doesn’t require a screen-shot.

HTML5 Admin Template – built on boot-strap, very slick-looking.


Exception Breaker – toggle on/off ‘break on all exceptions’ in VS quickly.


LiceCAP – weird name, cool utility for doing screen recordings as animated GIFs on Windows or Mac.

Solving SharePoint’s Worst Problem

By any measure SharePoint is a big success – it is used by 100+ million users around the world, and generated (in 2009) over $1.3 billion in revenue for Microsoft (while they were still letting on how much money it was bringing in). 78% of fortune 500 companies use SharePoint, and the platform adds about 20,000 new users to its ranks every day. Ask anyone who’s had to develop or support SharePoint and they’ll tell you it isn’t without its shortcomings. Re-skinning it is a pretty big undertaking, and up 2013 it was pretty terrible on mobile browsers. As a development platform it consistently fails to win the mindshare of other (more generalist) web platforms like Ruby on Rails, ASP.NET MVC, or Node.js. There are no sexy start-ups featured on the front of Hacker News that are building on top of SharePoint. Once it is in production things aren’t much better – while smaller SharePoint sites can run happily on a spare workstation your larger SharePoint deployments are going to need specialist care and handling. While many of these things can be problems I don’t believe any of them comes close to SharePoint’s biggest issue –

finding things in SharePoint is much harder than it should be.

No doubt there will be people out there who have great success finding data in their company’s expansive, well ordered, curated, and taxonomically correct SharePoint deployment. You folks can probably finish reading now, because I doubt you’re going to agree with anything else I have to say, but before you go know this - you people are not the norm. I’ve worked in far too many places to believe anything other than this:

SharePoint search as it currently stands is broken.

How many of these seem familiar?

  • Launching a search in SharePoint, scanning through pages of identical-seeming items, all of which seem to be related more to SharePoint’s inner workings and structure than the information you want to find.
  • Searching for keywords you know should return some results, but getting nothing.
  • Searching in vain for several minutes, before having to email the person you think created the document, asking them to send you a link.
  • Searching, and getting errors every time.

After a friend pointed out to me just how bad this experience was I was amazed I hadn’t recognized it as being that bad before, but it was. After sitting down with a few friends and brainstorming some things

we decided we’d try to fix it. I think we succeeded.

We built an extension to SharePoint that fixes as much of the search experience as we could (we have quite a few more ideas of things we’d like to go after). It is easiest to describe (like so many other things) using the power of animated GIFs, so here goes.

infotext Demo

If you’re interested in trying out Infotext please visit www.infotext.com and get a trial license key. I’d love to hear your feed-back.

Good Developer, Good Googler

or Why Sigmund Freud is right, and Scott Hanselman is wrong.

The prodigious Scott Hanselman recently wrote a blog post responding to a question posed to him – are we really developers anymore, or just good googlers? While Scott touched on a number of things in his response, including the imposter syndrome that affects many people, myself included from time-to-time, one thing he said really struck me as wrong. Wrong enough to bring me out of 4-month-long blogging hiatus. This is what Scott said:

Third, try programming for a day without Googling. Then two days, maybe a week. See how it feels. Remember that there was a time we programmed without copying our work.

While I guess _trying_ something and reflecting on how it went can be a good course of action, it is not always the case “try cutting your wrists and sitting in a warm bath for a few minutes, a few hours. How does it feel?”. Before we head down this road of no googling lets think our strategy through a little. Are we going to start war-dialling the internet and hope that we come across something relevant? Are we going to hit the books instead? If so, are we going to read the book cover-to-cover, or look things up in the index? Isn’t looking something up in the index of a book just a horribly antiquated version of performing a very limited google search? Or are we going to ignore ‘prior art’ altogether? Imagine the following hypothetical conversation between us, and the owner of the small software consulting firm we work for:

Owner: Thanks for coming in at short notice. I’ve just gotten a call for $CLIENT you’ve been out on-site working for. I know you’ve got a great relationship with them, and you’ve done a lot of great work there, but they gave me a call earlier today, and said the standard of your work has been suffering a lot in the last two weeks. They said you’ve only delivered a fraction of what you’d both planned on. Is everything OK?

Us: OK? Everything is great! I decided two weeks ago instead of looking things up on the internet I was going to do everything from first principles. I spent most of the week writing a concurrent dictionary in C# using a lot of the data structures and concurrency theory they taught me at college. It’s been hard, and there are a few bugs, but I think in a few more weeks it will be ready to add to the project.

Owner: I see. I haven’t been too ‘hands on’ for a while, but isn’t there a ConcurrentDictionary they added in .NET Framework 4.0?

Us: You might be right.

Owner: So….just so I’m clear on this – you spent two weeks re-implementing something that was already in the .NET framework, because you unilaterally decided that building things from first principles, rather than searching for existing information on a problem was somehow “better”.

We’re all ultimately accountable to someone for how we spend our time - other founders in a start-up, team-mates and managers if we’re white-collar slaves working for “The Man”, our clients if we’re freelancers or maybe just ourselves [1]. I think wilfully ignoring all the world’s information that has been organized, and made universally accessible and useful, so you can feel better about your prowess as a programmer is crazy.


Freud, who knew a thing or two about crazy, in his 1930 “Civilization and its discontents” hit the nail on the head:

“Man has, as it were, become a kind of prosthetic God. When he puts on all his auxiliary organs he is truly magnificent; but those organs have not grown on to him and they still give him much trouble at times.”

The Internet and the google index are the magnificent auxiliary prosthetic organ that gives us programming super-powers, in much the same way that the atomic bomb is the prosthetic organ that gives humanity the god-like power to destroy the planet. All the same arguments you can make about not using google you can make about every other advancement – intellisense, syntax highlighting, IDEs, high-level languages, integrated circuits, electricity, the steam engine, mathematics, iron, agriculture, language. It is natural that the organs have not grown onto us perfectly yet, and that we, to quote Freud again “do not feel happy in his God-like character”.

[1] - A self-employed person, with no dependents, working on a project for themselves with no deadlines, which is a vanishingly small % of working programmers.

3 gotchas I discovered calling Postgres (esp. from C#).

I’ve always been interested in Postgres – it never seemed to be quite as crazy as MySql, and since I’ve used Access (LoLWUT?), Ingres (party like it’s 1989), DB2 (meh), Oracle (and the difference between god and Larry Ellison is…), SQLite (awesome!), ESE (key-value FTW), SAPDB (why?), MySQL (how did this ever become popular?), different versions of SQL Server, and a few I don’t quite recall at various times I thought I’d give it a try. Here are few gotchas that tripped me up, considering my primarily SQL Server background.

#1 The user-name in the connection string for the otherwise quite awesome looking npgsql seems to need to be lower-case. I created the login via SQL as PascalCase. When it showed up in the pgAdmin III tool it was all lower-case, so maybe it is Postgres’ fault…not sure.

#2 Database functions execute by default with the rights of the Invoker. You can change this with a little bit of extra stuff in the create function statement, by switching to SECURITY DEFINER instead of SECURITY INVOKER (the default). In the MS SQL Server world stored procedures (the closest analogue to Postgres functions) run with the security rights of the creator.

#3 When calling pg_get_serial_sequence to get the name of the sequence that is defined for a serial column I had to double-quote the name of the table like this, which I found slightly odd:

select * from pg_get_serial_sequence('"<table name>"', 'Id')

Otherwise all pretty cool and straightforward.

DDD Brisbane 2012–Single Page Web Applications talk on Vimeo

I recorded a version of the ‘Single Page Web Applications’ talk I did for DDD Brisbane 2012 and put it up on Vimeo. I know the audio is not fantastic, but I don’t have a very nice speaking voice anyway. If anyone has any feedback I’m keen to hear it.

DDD2012 from Joseph Cooney on Vimeo.