Tag Archives: programming

Converting a binary/blob guid column to text in SQL

Posted on by Mahmoud Al-Qudsi
5

Since we live in an imperfect world where we often have to trade ease-of-use for simplicity and abstractions for performance, while dealing with computer systems and standards you’ll often run into tasks that seem like they should be really obvious and simple only to later discover that in reality they lead down a rabbit hole. Such is the case anytime a developer comes into contact with the individual bits of a binary blob – and that can happen even when you least expect it.

The premise is simple: given a database powered by, for example, the extremely popular MySQL or SQLite RDBMS engines that do not offer “native” representation of UUIDs or GUIDs, database designers and systems programmers have a choice to make: do you store a GUID as a plaintext (VARCHAR or TEXT) and take the performance, memory, and storage hit that comes with it, or do you take off the gloves and dig out the BLOB column type in your DDL?

Continue reading

System.Threading.Thread, Universal Windows Platform, and the fragmentation of .NET Standard

Posted on by NeoSmart Technologies
1

This post is chiefly directed at .NET developers and others involved in the various stages of .NET deployment, in particular, anyone that’s been keeping tabs on the situation with the new cross-platform, open-source .NET Core initiative or .NET Standard, which came about as Microsoft’s response to the increased fragmentation of the .NET Platform as a result of the myriad of different deployment targets now available. If you’re not into that kind of stuff, feel free to skip this post, or read on and we’ll try to explain things sufficiently as we go through.

When a new Microsoft, with Satya Nadella at the helm, first open sourced the .NET Platform on November 12, 2014 it became clear that they fully intended to put everything they had into the initiative and that great things and big changes were coming to the .NET Framework and its languages. But what it also signaled was the inevitable beginning of a new level of fragmentation for the Framework, which had thus far – by and large – resisted any major fragmentation for the past 12 years of its existence.1 But taking a framework that was cobbled together from parts old and new, built atop of WIN32, GDI, and various Windows-specific anachronisms meant that porting the .NET Framework as-is to other platforms was nigh-impossible — and that major changes would have to be made to support this gargantuan effort.

Continue reading

  1. There are notable exceptions to this, namely the .NET Micro Framework, the .NET Compact Framework, and Mono; however, these “members” of the .NET ecosystem – one not even by Microsoft – were never considered to be first-class .NET Targets within or without Microsoft. 

A smarter month and year input field: solving the credit card expiry conundrum

Posted on by Mahmoud Al-Qudsi
1

Every computer-savvy keyboarder has run into this problem before: you’re typing your merry way through a credit card payment form, pounding out your address and credit card numbers, tabbing between the fields so you don’t waste time mucking around with the mouse, when you come across the dreaded expiry date fields:

Expiry Date Fields

You groan. You know what’s coming next. Your card expires in April of 2019. Are they expecting you to type ‘A’ for “April” or to key in “04”? Or maybe it’s just ‘4’? Murphy’s law guarantees that whatever sequence you try typing these options in, it’ll be the last one you try. You sigh. You either try the different options haphazardly, holding your breath and cringing when it doesn’t change, or changes to select the wrong value. Finally, you give up and move your hand those excruciatingly-far 6″ to the mouse, and sigh in despair as you resort to clicking on the drop-down box and scrolling through the entries to select the one you’re looking for.

Continue reading

pevents: a cross-platform Win32 events library

Posted on by Mahmoud Al-Qudsi
Reply

Threads-GitHubpevents, our implementation of Windows manual- and auto-reset events for Mac and Linux, is now officially pevents, our truly cross-platform win32 lightweight events library for Windows, Mac, Linux, and other platforms. We first released pevents way back in 2011, when we searched for and were unable to find an existing implementation of Windows events, the basic primitives for thread synchronization on Win32.

The *nix world has seen a lot of progress when it comes to non-blocking waits in recent years, but it’s very recently that purely event-driven libraries like epoll and kqueue have properly taken off. In the Windows world, it’s long-been possible to wait on filesystem and network events with WaitForMultipleObjects – a paradigm most Windows C/C++ developers are intimately familiar with. One thing that WaitForMultipleObjects (and pevents!) can also do rather neatly is wait on multiple mutexes, events, and/or semaphores simultaneously, unblocking when one or more (or all) are triggered or available.

Continue reading

Answers to password reset questions are passwords too — so why aren’t we treating them that way?

Posted on by Mahmoud Al-Qudsi
4

identity-theftIf you’re a developer working on or maintaining a website catering to the general public, chances are you’ve implemented some form of password reset via security question-and-answer into your site. How are you storing the answers to these questions in your database? Are you encrypting them? Storing the (hopefully cryptographic, salted) hashes? Or are you storing them plain text?

I can’t answer for you, but I can tell you that I’ve never used a system that didn’t leave tell-tale signs of storing these answers in plaintext. Here’s the thing – if it’s possible to use these answers to reset a password, then these answers, by extension, are passwords too.

In some ways, answers to password reset questions are more important than the password itself. With the password, an attacker can compromise and gain control of a user’s account. With the answers to security questions, an attacker can compromise a user’s entire online and offline security, steal their identity, and quite-literally ruin their lives. Think about it, these same questions (mother’s maiden name, childhood best friend, street you grew up on, where you were on New Year’s Eve of 2000) are the same questions every site asks you to confirm your identity and reset your password. They’re the questions your telephone banker asks before divulging account info or letting you wire money to an international account. They’re the questions that you’ll be asked when applying for a credit card to prove you’re who you claim to be.

Continue reading

Life in a post-database world: using crypto to avoid DB writes

Posted on by Mahmoud Al-Qudsi
35

CryptoPossibly one of the biggest hurdles that stands in the way of fostering innovation and discovering newer and better techniques of doing old things is the ease with which developers and designers today can quickly research and find so-called “best practices.” While a quick Google search for “user table structure” or “best way to design password reset” can reduce (but never extinguish!) outlandish practices and horrific mistakes, it does nothing to encourage developers to think outside the box, and results in the perpetuation of less-than-optimal approaches.

To that end, there’s one thing in particular that virtually all documented approaches get wrong, and that’s writing to the database when you should be using modern cryptography instead. It might sound like a bit of a non-sequitur — after all, what does storing information have to do with cryptography when one usually exists only to supplement the other? Which is exactly right. Too often, you’ll find software writing to the database not because it needs to store something, but because it needs to guarantee something. Which is what cryptography is for.

Continue reading

AutoFormat for Windows

Posted on by Mahmoud Al-Qudsi
1

A few years ago while working on another boot-related project, I had need of a scripted method of formatting a drive, silently and without user intervention (don’t ask).

After mucking around with the various IOCTL in the disk and volume management WIN32 APIs, I realized there was a much easier method. Windows has always shipped with a command-line format utility (aptly named “format”) that could technically be coerced err convinced to do the job.

The only problem with format.com is its (understandable) reluctance to actually wipe a disk without the user explicitly OKing it. At the same time, there are quite a few developers out there doing low-level work that does not involve viruses or other malicious intent that are in need of a scripted format run. And, of course, the expectation is that the developer will obtain the user’s permission beforehand.

However when all is said and done, there’s no clean way of formatting a disk behind the scenes. Enter AutoFormat for Windows.

Continue reading

WaitForMultipleObjects and WIN32 events for Linux/OS X/*nix and Read-Write Locks for Windows

Posted on by Mahmoud Al-Qudsi
11

As every programmer worth his salt knows, synchronization primitives form the very building blocks of multithreaded programming. Without them, the world as we know it would cease to exist and chaos would reign free and unchecked.

All joking aside, synchronization objects such as mutexes and semaphores are essential to safe multithreading and are found on just about any platform under the sun. Mutexes and semaphores alike have one purpose: to keep different threads from messing around with bits and bytes at the same time another thread is, keeping your code free of segfaults and memory access violations alike. But that’s about where the similarities between the synchronization primitives on different platforms end.

POSIX-compliant operating systems with pthreads offer additional really neat synchronization primitives not found on Windows, such as condition variables and read-write locks (the latter is now available on Windows Vista+). And Windows programmers have at their disposal automatic and manual reset events, which make designing certain types of multithreaded software incredibly easy, abstracting away much of the hard-core synchronization logic that lies beneath the hood.

Continue reading

My Thoughts on Sutter’s “C++ and Beyond 2011”

Posted on by Mahmoud Al-Qudsi
5

Around a month ago, Herb Sutter gave a talk on why C++ is once more gaining relevance in the world of programming, and how after a decade of neglect and abandonment, it is set to pave the way into the future. I downloaded it a while ago and finally had a chance to watch it last night; the talk itself is most-excellent and is around 40 minutes long, you can stream it online or download it in a higher-resolution format on Channel 9. Or click below to watch:

As someone that’s been using both C/C++ and .NET extensively over the past years, I found there was one very important point that Sutter glanced on, danced around, and did everything short of actually naming in his talk and it’s that if you’re doing anything remotely intricate or complicated, leaky abstractions in managed languages will bite you in the ass, and end up lowering your productivity, some times (and if what you’re working on is truly complicated, often times) to a point where you’d have been more productive using C or C++ in the first place.

The concept of leaky abstractions isn’t anything new and I’m hardly the first to point out how it can turn a knight in shining armor into a harbinger of doom and destruction. It’s the number one problem fundamentally present in almost any framework, but even more so in managed languages where the framework is all you have, and you’re not allowed to side-step it and build your own foundations to work with (p/invoke and interop aside). But lately it’s becoming more and more of a problem as the “push” for innovation that Sutter speaks of has become a fundamental requirement in just about all corners of the industry.

Continue reading

Intel C++ Compiler 12??

Posted on by Mahmoud Al-Qudsi
8

Microsoft Visual Studio 2010 has been officially released for 3 months now (to the day), and to be pedantic, it has also been available in beta form since October 2008. Its bugs not withstanding, Visual Studio 2010 been a pretty successful hit. Besides the huge improvements to the .NET language and platform, big on the list of features for C++ developers is basic support for C++0x (the next standard version of C++, with lots of new & revolutionary features) and plenty of IDE enhancements. Intel’s C++ Compiler is the industry-standard with regards to performance and optimizations, still doesn’t support Visual Studio 2010 or C++0x.

As numerous postings on the Intel forums indicate, a plethora of users are in pressing need of an update to the Intel C++ Compiler. Questions on the matter are brushed-off, with short and rather-useless replies such as:

“This question has been discussed several times recently. The first such integration would come in a beta version of icc 12.0, which hasn’t yet been announced.”

Continue reading