Monthly Archives: October 2006

SecureStrings are reversable.

Fellow co-worker, Corneliu Tusnea has figured out a way to easily reverse the .NET frameworks SecureString instances and integrated it as a feature into his Hawkeye application (already a formidable tool for editing .NET objects in running applications). The SecureString class is designed to be an easy way for developers to obsfucate strings in memory so that its difficult to get them out of a memory dump by spreading it through the memory space of the host process. They just give you a little bit of extra security.

At runtime, anyone who knows their way around the .NET Framework can probably think up a way to get a SecureString instance back into its unencrypted state, but where the real power of Hawkeye comes in is the way you can just attach to a running process.

Since Corneliu a “good guy” he has decided to only offer the SecureString decryption functionality in Hawkeye for a price in an effort to stop it being used by the vast majority for illegitimate purposes. Well before he released his code he also contacted Microsoft to discuss the issue.

There isn’t really anything that can be done about it – SecureStrings MUST be reversable at some point in time so Microsoft suggested that he go ahead with his release, but put it in a commercial version. Corneliu has decided to donate the proceeds from Hawkeye to a worthy charity which will change on a rolling basis – way to go Corneliu.

You can download Hawkeye from Project Distributor.


Optimising my feeding experience.

I’ve been pretty dark for a few months in my blogging practices and I’ve been feeling distinctly disconnected. I think that one of the reasons was that I changed the way that I was consuming feeds – rather than the feeds coming to me in my Inbox I had to go to them in Bloglines, or even Internet Explorer 7.0.

Today I decided to go back to using Squeet – inspired by Geoff’s recent round of experimentation (hey – who says you can’t experiment with an old friend, err, don’t take that the wrong way).

Anyway – I can already feel that I am more inspired to respond to others blog posts and it is stimulating my own creativity. It also helps that “the super team” that I am working with also pretty much nailed their deliveries today (two projects closing down and one finishing an iteration).

I think that the way that you choose to process input is a very personal choice – I think that some people can’t handle things popping up at them every five seconds, whilst others (myself included) actually find ways to fill the void with “other stuff” – unfortunately that other stuff is often pure work as opposed to more fun geeky endeavours (as well as the usual allocation of family time and sleep).

Fun with scripting shells (how to rename multiple files in PowerShell).

I stumbled across this post by Rob Newcater on which points to this post on It shows the various ways that you can rename or manipulate filenames in groups using the bash shell and a smattering of standard UNIX utilities.

The sample given was renaming a directory full of *.mp3 files such that all the spaces were replaced with underscores – here is the script in BASH:

for FILE in *.mp3 ; do NEWFILE=`echo $FILE | sed ‘s/ /_/g’` ; echo “$FILE will be renamed as $NEWFILE” ; done

That is pretty cool, although it is much more concise in PowerShell:

get-childitem *.mp3 | foreach { rename-item $_ $_.Name.Replace(” “, “_”) }

And by concise, I don’t mean shorter. One of the advantages of PowerShell over traditional text-piping shells is that you are dealing with objects which provide a lot more data to the next part of the processing pipeline. If you are into punctuation you could express it as:

gci *.mp3 | % { rename-item $_ $_.Name.Replace(” “, “_”) }

But to be honest, I prefer it the first way.

Third Top Australian Consumer Technology Blogger

I picked up this post by Paul Montgomery which lists me as the third top Australian consumer technology blogger (who aren’t journalists). Cool – although I think you can be the top five if only you start getting selective with the search criteria. I’m probably the number one Australian consumer technology blogger with the word “not” and “gartner” in the URL.

P.S. Paul – I tried to use Tinfinger – I reckon you could improve usability by providing a few samples of search terms.

Update: Corrected spelling of Tinfinger (was: Tin Finger).


Philip Beadle sent around an e-mail internally about Movember which is basically an awareness campaign for mens health. The idea is that us guys spend all of November growing a Mo (Movember – duh!). Part of the process is raising funds to support initiatives that improve mens health. If you want to donate, head on over to the Movember site, enter our teams registration number (6328) along with your credit card details.

Unfortunately I won’t be able to make one of the Gala’s at the end of the month – but I’ll enjoy pretending that I can grow a Mo 🙂

The Framework Apologist

Paul Stovell reacted to a presentation by Scott Hanselman and Keith Pleas and then Scott Hanselman followed up with his views – or rather an explaination of his position. It is interesting to stand on the sidelines and follow this conversation – especially since there was a lot of traffic on the internal Readify Tech mailing list about it prior to Paul making his original post.

As someone who has had to both design frameworks and consume frameworks developed by other people, I can kind of see both points of view. One of the things that I don’t think has really been brought to the table is the difference between building a framework for every single .NET developer on the planet, and building a framework for just your team (and there is a grey area in the middle there when talking about enterprise frameworks).

Building a framework for every single .NET developer on the planet is hard, you are bound to have someone who disagrees with your approach and you _could_ just mark everything as public virtual (so that you can not only call it, but change it). Some languages work this way.

The drawback of that approach is that you may expose something that is ill thought-out, and then someone comes along and relies on that particular internal implementation detail. You then have two choices – you either break them, or you fork the code. Forking code to support specific customers is really not an option for Microsoft – yet breaking a production system as the result of a patch is not going to make them popular.

The end result is that you need to hide some implementation detail to play it safe and not piss people off, but you need to be as open as possible to allow developers to do what they need to do. I hate to say it, but this is a classic design problem. If we look at the sheer volume of frameworks that Microsoft produce (WPF, WCF, WF, .NET Base Class Library, Visual Studio, Windows Forms, ADO.NET, ASP.NET) – is it any real surprise that they get it wrong some of the time.

I think it is dangerous to assume that we can apply small team framework building philosophies to commercial and foundational programming frameworks. If the ASP.NET team had opened up the session state management API in .NET 1.0 I suspect that they wouldn’t have been able to do as good a job as they did in .NET 2.0. In the end it comes down to a balance between not shipping a perfect open API that isn’t going to bite you back, or shipping a perfect slightly less open API which isn’t going to bite you back.

One thing is for sure, when code bites back, it bites hard.