The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My work

  • My badges

  • Twitter Updates

  • My Flickr Stream




    More Photos
  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,523 other followers

Archive for the ‘Development’ Category

C# Settings reminder

Posted by jpluimers on 2015/11/26

As a reminder to self: Settings are nice (too bad they advertise them as Windows Forms Application Settings, as they are just as useful for other assemblies), but be aware…

When using Settings.Default, it will get the values to the state of the app.config (or defaults if there is no app.config) of the assembly that defined the settings, not the app.config of the starting process.

This is unless your settings are merged into the app.config of the starting process.


Posted in .NET, .NET 1.x, .NET 2.0, .NET 3.0, .NET 3.5, .NET 4.0, .NET 4.5, Development, Software Development | Leave a Comment »

Raise specific exceptions like InvalidOperationException, not generic ones like ApplicationException.

Posted by jpluimers on 2015/11/25

Code Analysis in Visual Studio objects against using very generic exception types:

CA2201 Do not raise reserved exception types

‘BusinessClass<T>.StopProcessing()’ creates an exception of type ‘ApplicationException’, an exception type that is not sufficiently specific and should never be raised by user code. If this exception instance might be thrown, use a different exception type.

Company.Departement.Functionality BusinessClass.cs 157

Indeed ApplicationException and SystemException are bad (both mapping to also very generic COM HRESULT values COR_E_APPLICATION / -2146232832 / 0x80131600 and COR_E_SYSTEM / -2146233087 / 0x80131501).

Using InvalidOperationException is much nicer in this case. It still maps to a COM exception (in this case COR_E_INVALIDOPERATION / -2146233079 / 0x80131509).


Posted in .NET, .NET 3.0, .NET 3.5, .NET 4.0, .NET 4.5, C#, C# 3.0, C# 4.0, C# 5.0, C# 6 (Roslyn), Development, Software Development | Leave a Comment »

Resolving “Unknown SSL protocol error in connection to”

Posted by jpluimers on 2015/11/24

A while ago, I had this error on BitBucket:

Running git.exe with arguments "fetch --prune" failed with return code 128 and error output: "fatal: unable to access '': Unknown SSL protocol error in connection to

A quick search for “Unknown SSL protocol error in connection to” pointed me to a comment by Ludwik Trammer on an answer by Jordfräs:

I resolved the issue by upgrading from git 1.8 to git 2.0.

Which reminded me this was a Windows system, where there is no package manager that verifies how far your non-system software is behind.

One day, I will write a script that finds out about the git version history and inform me of major/minor versions I’ve skipped.

Some notes for that:

Probably I will need to do something similar for Mercurial/hg in the future as well.


via: git – Unknown SSL protocol error in connection – Stack Overflow

Posted in Software Development, Development, Source Code Management, Power User, Windows 7, DVCS - Distributed Version Control, Windows 8, Windows, Windows Server 2008, Windows Server 2008 R2, git, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows 9 | Leave a Comment »

Ensure you know the state of an instance.

Posted by jpluimers on 2015/11/24

A while ago, I came across a class having (among other members) two methods named like this:

  • Start
  • Stop

Within one of the other members of the class, I had to (temporarily) Stop processing, then Start it again.

But I couldn’t, as neither Start, nor Stop would make a record of the state it left the instance in.

Always ensure you know the state of an instance.

So I added the state, and tests to ensure a Stop/Start change was indeed not breaking things.


Posted in .NET, .NET 1.x, .NET 2.0, .NET 3.0, .NET 3.5, .NET 4.0, .NET 4.5, C#, C# 1.0, C# 2.0, C# 3.0, C# 4.0, C# 5.0, C# 6 (Roslyn), Delphi, Delphi 10 Seattle, Delphi 2007, Delphi 2009, Delphi 2010, Delphi XE, Delphi XE2, Delphi XE3, Delphi XE4, Delphi XE5, Delphi XE6, Delphi XE7, Delphi XE8, Development, Software Development | 1 Comment »

How is NSA breaking so much crypto? “weak” standard primes for Diffie-Hellman are being widely used and take NSA only ~$100 million to crack

Posted by jpluimers on 2015/11/19

Interesting: a few quotes below, read How is NSA breaking so much crypto? and the full paper Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice for details.

The key is, somewhat ironically, Diffie-Hellman key exchange, an algorithm that we and many others have advocated as a defense against mass surveillance. Diffie-Hellman is a cornerstone of modern cryptography used for VPNs, HTTPS websites, email, and many other protocols. Our paper shows that, through a confluence of number theory and bad implementation choices, many real-world users of Diffie-Hellman are likely vulnerable to state-level attackers.

.. there was a very important detail that got lost in translation between the mathematicians and the practitioners: an adversary can perform a single enormous computation to “crack” a particular prime, then easily break any individual connection that uses that prime.

How enormous a computation, you ask? …  For the most common strength of Diffie-Hellman (1024 bits), it would cost a few hundred million dollars to build a machine, based on special purpose hardware, that would be able to crack one Diffie-Hellman prime every year.

Would this be worth it for an intelligence agency? Since a handful of primes are so widely reused, the payoff, in terms of connections they could decrypt, would be enormous. Breaking a single, common 1024-bit prime would allow NSA to passively decrypt connections to two-thirds of VPNs and a quarter of all SSH servers globally. Breaking a second 1024-bit prime would allow passive eavesdropping on connections to nearly 20% of the top million HTTPS websites. In other words, a one-time investment in massive computation would make it possible to eavesdrop on trillions of encrypted connections.

NSA could afford such an investment. The 2013 “black budget” request …  shows that the agency’s budget is on the order of $10 billion a year, with over $1 billion dedicated to computer network exploitation, and several subprograms in the hundreds of millions a year.

… However, our proposed Diffie-Hellman break fits the known technical details about their large-scale decryption capabilities better than any competing explanation. For instance, the Snowden documents show that NSA’s VPN decryption infrastructure involves intercepting encrypted connections and passing certain data to supercomputers, which return the key. The design of the system goes to great lengths to collect particular data that would be necessary for an attack on Diffie-Hellman but not for alternative explanations, like a break in AES or other symmetric crypto.

Since weak use of Diffie-Hellman is widespread in standards and implementations, it will be many years before the problems go away, even given existing security recommendations and our new findings. In the meantime, other large governments potentially can implement similar attacks, if they haven’t already.

Our findings illuminate the tension between NSA’s two missions, gathering intelligence and defending U.S. computer security. If our hypothesis is correct, the agency has been vigorously exploiting weak Diffie-Hellman, while taking only small steps to help fix the problem. On the defensive side, NSA has recommended that implementors should transition to elliptic curve cryptography, which isn’t known to suffer from this loophole, but such recommendations tend to go unheeded absent explicit justifications or demonstrations. This problem is compounded because the security community is hesitant to take NSA recommendations at face value, following apparent efforts to backdoor cryptographic standards.



Posted in Algorithms, Development, Encryption, Power User, Security, Software Development | Leave a Comment »


Get every new post delivered to your Inbox.

Join 1,523 other followers

%d bloggers like this: