What is it about?

The answer provided by Micah Martin in the discussion group is one I most agree with: “…a gentle push away from “crap code” and toward  craftsmanship.”

This manifesto is created after the agile manifesto but it’s not intended to be an appendix or an addition of the former one.

The principles in the Manifesto for Software Craftsmanship are stated as follow:

“Not only working software,

    but also well-crafted software

Not only responding to change,

    but also steadily adding value

Not only individuals and interactions,

    but also a community of professionals

Not only customer collaboration,

    but also productive partnerships“

Note that the manifesto stands for principles and not commandments. The difference between these 2 has clearly described in this post as follows:

“Rule based systems lend themselves to misinterpretation, misapplication and gaming, while systems based on values and principles empower individual choice and responsibility and lead to simple, elegant and appropriate solutions.”

 Why did I sign?

I signed the Manifesto for Software Craftsmanship mainly because of 2 reasons:

1.       I agree with the principles

2.       I push people in my environments (university, work) to follow them

I believe we have to think what we do, understand what we do, care about what we do and, in a broader sense, love what we do.

After a usual 10 minutes wait, I got to a desk and presented my case with the proper documents to Mr. Payments (don’t know the real name so this will be his name from now). He looked friendly, answered all my questions and handed in the refund check. Everything was running smooth until I verified the amount on the check. They were paying me, by accident, only 20% of the expected refund. I was not happy at all with this so he pointed to the next desk where I could settle my complaint.

At the complaint’s desk I found a 5 person queue, attended only by one single employee. As you probably know, complaints take average over 15 minutes so I forecasted a minimum hour-wait for a company’s mistake. 20 minutes afterwards I decided it was enough waiting and went back to Mr. Payments desk to fill a customer dissatisfaction form against the companies bad policies for making me wait when it was their error.

Arriving at Mr. Payment’s desk, I asked for a pen and a paper and, after providing me both, he suggested that he could take care of passing over my complaint and wrote down my contact number to let me know when the new check is ready.

Instead of filling a customer dissatisfaction form I was glad to having my car insured with them.

In this situation, it was not Mr. Payment’s direct responsibility to  receive my complaint but he understood that the customer satisfaction is vital for his company, and by being agile (adapting to change and collaborating with the customer) he strengthened the relationship with a customer instead of losing him. He probably does not know what agile means but he practices it for sure.

The problem is that the communication between Host adapter and AddIn adater, using remoting, can handle only 2 concurent conections.

This is because the implemented remoting communication is opening only 2 channels as shown in the picture below.

If more than 2 concurrent requests arrives to the Host adapter, the folowing exception is raised:

“RemotingException: Port is busy (…) All pipe instances are busy.”

A proposed approach to solve this issue would be to create an AddIn pool as shown below.

Component	Description
	The Application that will use the AddIn.
	Component that runs on the application’s ApplicationDomain. It is the gateway between the application and the addIn.
	Component that runs on the addIn’s ApplicationDomain. It is the entry point of the addIn.
	The AddIn that is executed. The call to it is made by the AddIn Adapter.

For mor information on the AddIn Framework:

• CLR AddIn team blog
• CLR AddIn in Codeplex
• MSDN documentation

A WPF application that uses a VisualBrush object in a RichTextBox control encounters a memory leak when you try to clean up the RichTextBox control

Hopefuly, this post saves your time. The solution is tricky but it works.

The error occurs because the user (usually NETWORK SERVICE) running the process has no “read & execute” access rights on the private key file (created when the certificate is created).

Assign “read & execute” access rights to the private key file for this user.

By default, the file is stored in the folder:

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\

The last modified file is the private key file you have just created.

Now https should work correctly.

The main reason you would need to create a self issued certificate is to test your application. Earlier versions of Cardspace required a valid certificate to connect over https (using a SSL – Secure Socket Layer). Although CardSpace now supports http communications, it is a good idea to make a full functional test using https. The production server will need to use https for security reasons.

The Certificates generated by these commands have been used with IIS 7.0.

Before running these commands, change the value of -n “CN=your.domain.com” in the signed certificate to match your own.

To run the commands open a “Visual Studio Command Prompt” (“Start” à “Programs” à “Microsoft Visual Studio” à “Visual Studio Tools” à “Visual Studio Command Prompt”)

[If your OS is Windows Vista and UAC is activated, you will need to open the “Visual Studio Command Prompt” as “Administrator”]

For the root certificate:

makecert -pe -n “CN=Sample Root Authority” -ss root -sr LocalMachine -a sha1 -sky signature -r “SampleRootAuthority.cer”

For the signed certificate:

makecert -pe -n “CN=your.domain.com” -ss my -sr LocalMachine -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1 -in “Sample Root Authority” -is root -ir LocalMachine -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12 “SampleSSLCert.cer”

To verify that the certificates have been installed correctly, (open the certificate store) and look for the certificates:

“Local Computer” à “Trusted Root Certification Authority” à “Sample Root Authority”

“Local Computer” à “Personal” à “your.domain. com”

Finally, try browsing a page on your site using https. If you get “File Access Permission Error”, check the File Permission Error after creating the self issued certificate post.

To open the “Certificate Store” follow these steps:

1.       Run mmc.exe

[Select Continue if Windows asks for confirmation]

2.       From the menu, click on File àAdd/Remove Snap In…, the following window will pop-up. 

3.       Select “Certificates” in the left list

4.       Click on “Add >”, the following window will pop-up. 

5.       Select “Computer account”

6.       Click on “Next >”, you will see the following screen. 

7.       With “Local Computer” selected, click on “Finish”

8.       Now the “Local Computer Certificate Snap-In” will appear in the “selected snap-ins” list.  

9.       Click on “OK” to finish. You will see a window similar to the following.

This is the “Certificate Store” window.

When CardSpace pops-up from an http (unsecure page), it will display a message informing the user that the connection is unsecure.

This screen opens for CardSpace without SSL…

Instead of the one for CardSpace with SSL…

This little difference has big implications.

He wrote: “So, let me stress this one more time: we are still using asymmetric cryptography here. The UniqueID check is as solid as it with HTTPS, losing the transport encryption does not affect it.”

The identity for authentication can still be verified because the only one who has the private key for signing the PPID is the user requiring authentication.

Additionally, the second consequence brings the bigger menace. The man-in-the-middle attack can be used, taking advantage of the fact that no Certificate Authority is certifying the domain the user is connecting to.