Andy’s Blog

For the last few days I’ve been fighting a strange error while porting an application to Silverlight 3 …

Obviously, I had to use Visual Studio 2010 for the work – why not, I’m trying one beta technology, might as well make life interesting eh?
Actually, there are technical reasons why you would want to use VS 2010 for the SL3 development, but I’m not going to discuss them here at this point in time – they have been beaten to death elsewhere on the net.

Anyway, I hit this error message:

Error   3        The "ValidateXaml" task failed unexpectedly.

System.IO.FileLoadException: Could not load file or assembly ‘file:///C:\Development\{Project}\{Assembly}.dll’ or one of its dependencies. Operation is not supported. (Exception from HRESULT: 0×80131515)

File name: ‘file:///C:\Development\{Project}\{Assembly}.dll’ —> System.NotSupportedException: An attempt was made to load an assembly from a network location which would have caused the assembly to be sandboxed in previous versions of the .NET Framework.  This release of the .NET Framework does not enable CAS policy by default, so this load may be dangerous.  If this load is not intended to sandbox the assembly, please enable the loadFromRemoteSources switch. See http://go2.microsoft.com/fwlink/?LinkId=131738 for more information.

Note that I have hidden the project name and assembly name, as it’s for something that I don’t want to expose yet!

The path is not a network path, its local, and it’s a trusted location. I have full admin rights on the machine, so I knew it wasn’t permissions related, but I checked that too just in case.

I was stumped.

Then something hit me this morning. I wonder if it’s a flag on the assemblies themselves. These particular assemblies are 3rd party libraries, and everything we had developed internally was working fine, so I went digging.

Turns out that they had the “block” flag set – this is set by Windows for files that are downloaded from the internet, and apply a restrict set of permissions in some applications such as Internet Explorer, Explorer, HTML Help viewer etc. And it seems Visual Studio / .NET 4.0 beta compiler.

It would be far more useful if the error text actually mentioned it.

A visiting colleague pointed me at this yesterday, but as ever, I’ve only just gotten around to blogging about it (I know, I’ve been slack recently).

Windows 7 (at least, Beta 2 and RC) seem to include Ringtones. Why on earth would you want ringtones in Windows I wonder …

If you don’t believe me, why not fire up Windows 7 (if you can) and go to C:\ProgramData\Microsoft\Windows\Ringtones !

It seems that I’ve managed to break my Azure account – after starting to configure SSL endpoints, and uploading the new package I received this error:

But now all my packages just sit in the “Initializing” state and there seems to be nothing I can do to kick them into life…

It probably was not a good idea putting a Checked Build of Windows 7 RC on a colleagues computer …

He just sheepishly asked what the following error meant

Recently a friends Windows Live account was phished – this on the surface doesn’t seem to be a major issue, then I got thinking about the information that the account would have held for this individual.

Windows Live integrates with many of the Microsoft services – including Hotmail, MSDN, MSN and so forth. And many third party providers, such as Facebook, allow linking to your ID in order to access your contact list.

But what sort of impact could a breach of Windows Live ID have on an individual?

Well, lets look at it from the worst case angle.

A user potentially is using Hotmail as their primary e-mail address, which is obviously their Windows Live ID. If the Live ID were phished, and the password changed by the third party (as it was in this case), the user has immediately lost access to their e-mail. And their contacts. And their calendar. And their profile of personal information. And their blog, website, etc (if on the Microsoft systems).
And before you can say “why not reset the password” … the third parties involved change the password reset alternative e-mail address, so you can NOT get the password reset e-mail. Sneaky.

Many of you will think “that’s not too bad”, but bear in mind that people are regularly using Hotmail et al as their primary e-mail accounts these days. That includes personal communications, which could contain information key for identity theft, or even worse, financial transaction information. Worse still, people may have bank account information saved under Contact entries – something we are told never to do, but how many of us actually heed this advice?

For a system that is essentially only a single factor authentication (username and password), it is rather reassuring that it never made it fully mainstream as a single sign on mechanism.
At least Card Spaces provides are far more secure, reliable and phish resistant interface – let’s hope the adoption of Card Spaces accelerates – it might be one of the few things that will protect us against the ever growing threat of phishing attacks.

What we need is an independent third party to provide enough validation of the claims on the Card now so that people trust it …

Since I rebuilt my work desktop, I’ve had trouble getting the ATI drivers to install and behave. Due to the lack of time, I hadn’t been able to investigate.

And today, while installing an update (which will hopefully stop the annoying artefacts when running dual screen), it hit me. I was missing a Visual C++ update.

So, if you are seeing InstallManagerApp crashing when installing ATI drivers, go get the update: http://code.msdn.microsoft.com/KB961894/Release/ProjectReleases.aspx?ReleaseId=2067. I’m annoyed AMD / ATI don’t bundle this into their installers to be honest.

The BBC last night reported on a foiled bank robber where two “hackers” managed to get access (at least partially) to sensitive information – in this case authentication credentials for terminals in the bank.

They were eventually foiled by incorrectly completing the fund transfer screens, but what I’m more concerned about is the simple fact that they were able to gain physical access the terminals in the first place, and why the key loggers were not detected; the majority of key loggers are detectable by anti-virus applications. But even the fact that in order to install the key logger software (if indeed it was software, there are hardware key loggers) you need user access – you can’t (or shouldn’t) be able to install any software on a corporate machine that hooks keyboard i/o without administrative rights surely ?

I’m more worried by the fact that if these hackers, if they can be called hackers – it’s not exactly difficult to use key logger software after all – had been more proficient, and had selected a better inside person, the outcome of this “robbery” would have been significantly different.

Makes you wonder ..

(BBC Link: http://news.bbc.co.uk/1/hi/uk/7909595.stm)

I’ve just encountered a really strange problem regarding Silverlight 2.0 GDR1 release and our TFS Build Server at work.

First up, there does not seem to be any way to run the GDR1 installer on the server, so no way of updating the SDK on the build server. Great. I initially didn’t think anything of it, unpacked the installer and ran the MSI contained within. And all seemed fine.

The we noticed that builds were different between the local dev machines and the build server; in that they worked locally and threw a mixture of (seemingly) random errors on the server builds. As our system is setup to pull builds only from the build servers to populate our live and test setups, this was obviously a critical problem.

After some digging, it seems the Silverlight 2.0 SDK had NOT been updated; even after running the Silverlight 2.0 SDK msi and it seemingly installing without error.

I ended up pulling a copy of the updated files from a working Dev box to the server and extracting them, and all seems well.

Fingers crossed!

I hope Microsoft will fix this omission, or at least make it slightly more obvious where to find the relevant updates for TFS installations – a lot of people, like us, do not install Visual Studio on our build platforms!

I was planning on going out for a ride on the Zed at the weekend (it was a beautiful weekend weather wise!), but I unfortunately discovered a seized back brake.

No bother, I thought, it will just be the slider full of gunk.

So Sunday after was spent stripping, cleaning and stripping some more (the bike that is).  And it still sticks. Must need new seals.

Ah well, got them ordered up.

While I’m at it, had to order:
- New pads
- Spares for scott oiler (the zed has eaten some of it it seems)
- Couple of spare keys
- New chain adjusters (old ones were worn, still worked tho)
- New bar ends (totally f**ked as I found out fitting heated grips)

But I did get the heated grips fitted (and they work perfectly!).

Next task: Clean, clean, clean, and oil.
The reassemble. Hopefully next weekend will be a decent day and I get an a short run on the bike – assuming all the parts arrive and I have time to reassemble …

One thing that I was looking into this morning is adding Build Notifications to our work TFS Server. Now, initially I thought I’d do this via e-mail, but none of us want more junk appearing in our inbox.

The I thought a small systray app.

A quick google later came up with the answer!

http://msdn.microsoft.com/en-us/teamsystem/bb980963.aspx