The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,828 other subscribers

Archive for the ‘Software Development’ Category

« Previous Entries
Next Entries »

C# text file deduping based on trimmed lines (via: Stack Overflow)

Posted by jpluimers on 2012/01/25

A while ago, I needed to analyze a bunch of files based on the unique trimmed lines in them.

I based my code on the C# Tee filter and the StackOverflow example of C# deduping based on split.

It is a bit more extensive than strictly needed, as it has a few more commandline arguments that come in handy when processing files on the console:

DeDupe - Dedupes a file into unique lines (only the first occurance of a line is kept) standard output
Lines are terminated by CRLF sequences
C# implementation januari 5th, 2012 by Jeroen Wiert Pluimers (https://wiert.wordpress.com),

DeDupe [-i | --ignore] [-t | --trim] [-f | --flush] [-l | --literal] [-? | --h | --help | /?] [file0] [...]
   Example:
 DeDupe --trim file0.txt file1.txt
   Dedupes the appended content of file0.txt and file1.txt into standard output

-t | --trim                  Will trim the lines before considering duplicates
-f | --flush                 Flushes files every CRLF
                               (setting is per tee instance)
-i | --ignore                Ignore cancel Ctrl+C keypress: see UnixUtils tee
-l | --literal               Stop recognizing flags, force all following filenames literally
-? | --h  | /? | --help      Displays this message and immediately quits

Duplicate filenames are quietly ignored.
If no input filenames are specified, then standard input is used
Press Ctrl+Z (End of File character) then Enter to abort.

Here is the source code:

using System;
using System.IO;
using System.Collections.Generic;

namespace DeDupe
{
    class Program
    {
        static void help()
        {
            Console.Error.WriteLine("DeDupe - Dedupes a file into unique lines (only the first occurance of a line is kept) standard output");
            Console.Error.WriteLine("Lines are terminated by CRLF sequences");
            Console.Error.WriteLine("C# implementation januari 5th, 2012 by Jeroen Wiert Pluimers (https://wiert.wordpress.com),");
            Console.Error.WriteLine("");
            Console.Error.WriteLine("DeDupe [-i | --ignore] [-t | --trim] [-f | --flush] [-l | --literal] [-? | --h | --help | /?] [file0] [...]");
            Console.Error.WriteLine("   Example:");
            Console.Error.WriteLine(" DeDupe --trim file0.txt file1.txt");
            Console.Error.WriteLine("   Dedupes the appended content of file0.txt and file1.txt into standard output");
            Console.Error.WriteLine("");
            Console.Error.WriteLine("-t | --trim                  Will trim the lines before considering duplicates");
            Console.Error.WriteLine("-f | --flush                 Flushes files every CRLF");
            Console.Error.WriteLine("                               (setting is per tee instance)");
            Console.Error.WriteLine("-i | --ignore                Ignore cancel Ctrl+C keypress: see UnixUtils tee");
            Console.Error.WriteLine("-l | --literal               Stop recognizing flags, force all following filenames literally");
            Console.Error.WriteLine("-? | --h  | /? | --help      Displays this message and immediately quits");
            Console.Error.WriteLine("");
            Console.Error.WriteLine("Duplicate filenames are quietly ignored.");
            Console.Error.WriteLine("If no input filenames are specified, then standard input is used");
            Console.Error.WriteLine("Press Ctrl+Z (End of File character) then Enter to abort.");
        }

        static void OnCancelKeyPressed(Object sender, ConsoleCancelEventArgs args)
        {
            // Set the Cancel property to true to prevent the process from
            // terminating.
            args.Cancel = true;
        }

        static List<String> filenames = new List<String>();

        static void addFilename(string value)
        {
            if (-1 == filenames.IndexOf(value))
                filenames.Add(value);
        }

        static bool trimLines = false;
        static bool flushFiles = false;
        static bool stopInterpretingFlags = false;
        static bool ignoreCtrlC = false;

        static int Main(string[] args)
        {
            try
            {

                foreach (string arg in args)
                {
                    //Since we're already parsing.... might as well check for flags:
                    if (stopInterpretingFlags)  //Stop interpreting flags, assume is filename
                    {
                        addFilename(arg);
                    }
                    else if (arg.Equals("/?") || arg.Equals("-?") || arg.Equals("-h") || arg.Equals("--help"))
                    {
                        help();
                        return 1; //Quit immediately
                    }
                    else if (arg.Equals("-t") || arg.Equals("--trim"))
                    {
                        trimLines = true;
                    }
                    else if (arg.Equals("-f") || arg.Equals("--flush"))
                    {
                        flushFiles = true;
                    }
                    else if (arg.Equals("-i") || arg.Equals("--ignore"))
                    {
                        ignoreCtrlC = true;
                    }
                    else if (arg.Equals("-l") || arg.Equals("--literal"))
                    {
                        stopInterpretingFlags = true;
                    }
                    else
                    {	//If it isn't any of the above, it's a filename
                        addFilename(arg);
                    }
                    //Add more flags as necessary, just remember to SKIP adding them to the file processing stream!
                }

                if (ignoreCtrlC) //Implement the Ctrl+C fix selectively (mirror UnixUtils tee behavior)
                    Console.CancelKeyPress += OnCancelKeyPressed;

                HashSet<string> keys = new HashSet<string>();
                Int64 index = 0;

                using (StreamWriter writer = new StreamWriter(Console.OpenStandardOutput()))
                {
                    if (filenames.Count == 0)
                        using (StreamReader reader = new StreamReader(Console.OpenStandardInput()))
                        {
                            processInputFileReader(keys, writer, reader, ref index);
                        }
                    else
                        foreach (String filename in filenames)
                        {
                            using (StreamReader reader = new StreamReader(filename))
                            {
                                processInputFileReader(keys, writer, reader, ref index);
                            }
                        }
                    writer.Flush();
                }

            }
            catch (Exception ex)
            {
                Console.Error.WriteLine(String.Concat("DeDupe: ", ex.Message));  // Send error messages to stderr
            }

            return 0;
        }

        private static void processInputFileReader(HashSet<string> keys, StreamWriter writer, StreamReader reader, ref Int64 index)
        {
            string line = readLine(reader);
            while (!string.IsNullOrEmpty(line))
            {
                string candidate = line;
                if (keys.Add(candidate))
                {
                    writer.WriteLine(line);
                    index += line.Length + Environment.NewLine.Length;
                    if (flushFiles)
                        writer.Flush();
                }

                line = readLine(reader);
            }
        }

        private static string readLine(StreamReader reader)
        {
            string line = reader.ReadLine();
            if (null != line)
                if (trimLines)
                    line = line.Trim();
            return line;
        }
    }
}

–jeroen

via: C# text file deduping based on split – Stack Overflow.

Posted in .NET, C#, C# 2.0, C# 3.0, C# 4.0, Development, Software Development | 4 Comments »

Upgrading a Windows XP machine with Visual Studio 2005: KB2251481 Security Update for Microsoft Visual Studio 2005 Service – Microsoft Answers

Posted by jpluimers on 2012/01/24

Every once in a while you need to maintain really old stuff, and start update an old VM.

In case of Visual Studio 2005, the Windows Update and Microsoft Update will get you into a condition where it cannot install “Security Update for Microsoft Visual Studio 2005 Service Pack 1 XML Editor (KB2251481)“. Not even the direct download will install.

The search for “some updates were not installed” “Security Update for Microsoft Visual Studio 2005 Service Pack 1 XML Editor (KB2251481)” pointed me to the solution:

There are two versions of KB2251481 June and August. When the June version is installed, the August version refuses to install.

Uninstall the original KB2251481 from the Control Panel. Then reinstall the August version.

The KB2251481 article mentions this only for the “Microsoft Visual Studio 2005 Premier Partner Edition SP1”, but it happens with other Visual Studio 2005 editions as well.

–jeroen

via: KB2251481 Security Update for Microsoft Visual Studio 2005 Service – Microsoft Answers.

Posted in .NET, Development, Software Development, Visual Studio 2005, Visual Studio and tools | 1 Comment »

Batch file examples – Wait using CHOICE (via: RobVanDerWoude.com)

Posted by jpluimers on 2012/01/19

Most batchfile wait examples require a functioning network connection.

Just in case you haven’t, Rob van der Woude has a nice example on his batch file Wait page using the Choice command.

The bummer is: choice is available on almost all Windows versions (actually since DOS 6.x), but not on Windows XP, and not on Windows 2000, but it is there in Windows Vista and up where you can use the timeout command :(

Alternatives can be found in the other examples on Rob’s wait page.

CHOICE – Wait.bat: Uses CHOICE to wait for a specified number of seconds.

By using REM | before the CHOICE command, the standard input to CHOICE is blocked, so the only “way out” for CHOICE is the time-out specified by the /T parameter.

The idea was borrowed from Laurence Soucy, I added the /C parameter to make it language independent.

@ECHO OFF
IF "%1"=="" GOTO Syntax
ECHO.
ECHO Waiting %1 seconds
ECHO.
REM | CHOICE /C:AB /T:A,%1 &gt; NUL
IF ERRORLEVEL 255 ECHO Invalid parameter
IF ERRORLEVEL 255 GOTO Syntax
GOTO End
:Syntax
ECHO.
ECHO WAIT for a specified number of seconds
ECHO.
ECHO Usage: WAIT n
ECHO.
ECHO Where: n = the number of seconds to wait (1 to 99)
ECHO.
:End

–jeroen

via: Batch file examples – Wait.

Posted in Batch-Files, Development, Scripting, Software Development | Leave a Comment »

Dear Mister Jones » How to insert a carriage return with batch

Posted by jpluimers on 2012/01/17

When appending multiple text files to a big one (for instance to post-processing on the total: dedupe, sort, gather statistics, etc) you often will find one or more of the source files missing a CRLF.

So you will have to insert those carriage return line feed combo’s manually.

Well, mr Jones points out that:

there’s actually an easy way to simply echo a carriage return and line feed instead, by just issuing an echo command followed immediately by a period (no space in between), like this:

echo. >> somefile.txt

Thanks Jared!

–jeroen

via: Dear Mister Jones » How to insert a carriage return with batch.

Posted in Batch-Files, Development, Scripting | Leave a Comment »

Should watch: Dave Herman: The Future of JavaScript #ECMAScript6

Posted by jpluimers on 2012/01/11

On:

Mozilla Labs engineer and TC39 representative Dave Herman joined us at YUIConf 2011 to give this keynote talk on the future of JavaScript, covering many of the new features currently under consideration for ES6, the next edition of the ECMAScript standard.

Many wonderful new features. Now it just need some great tooling.

–jeroen

via: http://www.youtube.com/watch?v=u4IdoBU1uKE

Posted in Development, JavaScript/ECMAScript, Scripting, Software Development | Leave a Comment »

great answer by Remy Lebeau on windows – CreateProcessAsUser doesn’t work when “change user” – on Stack Overflow part of @StackExchange

Posted by jpluimers on 2012/01/10

You might wonder why I quoted two great StackOverflow answers recently. Well, it is because I absolutely love the way that StackExchange.com and StackOverflow.com changed how to find quality answers (and questions!) on topics varying from programmers through Cooking to Chines Language Usage in a community based way.

This one is by Remy Lebeau, who is part of TeamB:

You don’t need to enumerate running explorer.exe processes, you can use WTSGetActiveConsoleSessionId() instead, and then pass that SessionId to WTSQueryUserToken(). Note that WTSQueryUserToken() returns an impersonation token but CreateProcessAsUser() needs a primary token, so use DuplicateTokenEx() for that conversion.

You should also use CreateEnvironmentBlock() so the spawned process has a proper environment that is suited to the user account that is being used.

Lastly, set the STARTUPINFO.lpDesktop field to ‘WinSta0\Default’ instead of nil so the spawned UI can be made visible correctly.

I have been using this approach for several years now and have not had any problems with it. For example:

… code sample is in the answer …

–jeroen

via: windows – CreateProcessAsUser doesn’t work when “change user” – Stack Overflow.

Posted in Delphi, Development, Software Development | 2 Comments »

Great answer by Cosmin Prund: How and when are variables referenced in Delphi’s anonymous methods captured? – Stack Overflow

Posted by jpluimers on 2012/01/05

Every once in a while, by accident you stumble on a really great answer on StackOverflow.

Here is a quote from Cosmin Prund describing on how Delphi implements anonymous methods using a TInterfacedObject descendant:

When you have a function like the one in the question, where you have an anonymous method accessing a local variable, Delphi appears to create one TInterfacedObject descendant that captures all the stack based variables as it’s own public variables. Using Barry’s trick to get to the implementing TObject and a bit of RTTI we can see this whole thing in action.

Read his full answer for the complete description including sample code.

I stumbled on this great answer trough the question Is it possible for a managed local variable to transparently “travel to” another local scope? which might sound like an odd question, but it is not: StackOverflow is about learning, and some people do that by asking questions on solving problems in a very uncommon way, just to learn there are far better ways of obtaining what they want.

–jeroen

via: How and when are variables referenced in Delphi’s anonymous methods captured? – Stack Overflow.

Posted in Delphi, Development, Software Development | Leave a Comment »

Introducing the for-if anti-pattern – via: The Old New Thing – Site Home – MSDN Blogs

Posted by jpluimers on 2012/01/03

I really like what Raymond Chen writes, not just the tech stuff in his Old New Thing blog, but  especially in his comments.

Here is a nice example:

You also see this anti-pattern used in real life: “What flavors do you have?” and then after the list of flavors is recited, “I was hoping you had raspberry.” -Raymond

And he is right, in real life, lots of people have stopped to actively think, expecing others (very often the government) to solve their problems.

It reminds me of one our kitchen magnets: “If it’s called common sense, then why is it so rare?”.

So: why do you think it is so rare?

–jeroen

via: Introducing the for-if anti-pattern – The Old New Thing – Site Home – MSDN Blogs.

Posted in About, Development, Opinions, Personal, Software Development | 2 Comments »

More vulnerabilities solved than just the ASP.NET hash collision DoS: Microsoft Security Bulletin MS11-100 – Critical : Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420)

Posted by jpluimers on 2011/12/29

In addition to the ASP.NET hash collision Denial of Service attack, Microsoft patches 3 more vulnerabilities resulting in an Aggregate Severity Rating that is Critical.

This is a summary of the vulnerabilities. Please read the full MS11-100 bulletin for more details and how to download and install the patches.

Vulnerability Severity Rating Maximum Security Impact Affected Software CVE ID
Important Denial of Service Collisions in HashTable May Cause DoS Vulnerability CVE-2011-3414
N/A or Moderate N/A or Spoofing Insecure Redirect in .NET Form Authentication Vulnerability CVE-2011-3415
Critical Elevation of Privilege ASP.Net Forms Authentication Bypass Vulnerability CVE-2011-3416
Important Elevation of Privilege ASP.NET Forms Authentication Ticket Caching Vulnerability CVE-2011-3417

The CVE-2011-3415 is N/A in .NET 1.1, and Moderate in all other .NET versions.

–jeroen

via Microsoft Security Bulletin MS11-100 – Critical : Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420).

Posted in .NET, ASP.NET, C#, Development, Software Development, VB.NET, Visual Studio and tools | Tagged: , , , , , | Leave a Comment »

Many more web platforms vulnerable to the hash collision attack (not only ASP.NET) #28C3 @hashDoS #hashDoS @ccc

Posted by jpluimers on 2011/12/29

When writing my Patch your ASP.NET servers ASAP early this morning, I didn’t have time to research the full extend of the vulnerabilities published at 28C3 (slides, mp4), though a small bell was ringing a message that I had seen something like it before earlier this century.

I was right, this posting on perlmonks direct me to a /. posting in 2003 pointing me to the research paper on low-bandwidth attacks based on hash collisions (pdf version) that I had seen before. Perl 5.8.1 fixed it September 2003 (search for “hash” in that link).

The attack can be used for DoS because a normal distributed hash table insert of n elements will be running O(n), but a carefully crafted insert of those elements will run O(n^2).

Carefully crafting a worst case scenario depends on how well you can predict collisions in the underlying hash table implementation, which – apparently – is not too difficult, and requires little bandwidth.

Many platforms and languages are vulnerable (already archived at the WayBack machine), including those based on Java, Tomcat, .NET, Ruby, PHP and more in greater or lesser extent. I have the impression that the list only includes big names, but presume platforms based on smaller names (ASP, Delphi, Objective C) are equally vulnerable.

Just read the articles on CERT 903934, oCERT 2011-003Arstechnica, Cryptanalysis.euHeise (German), Hackillusion and the research paper published at 28C3.

a few quotes:

“This attack is mostly independent of the underlying Web application and just relies on a common fact of how Web application servers typically work,” the team wrote, noting that such attacks would force Web application servers “to use 99% of CPU for several minutes to hours for a single HTTP request.”

“Prior to going public, Klink and Wälde contacted vendors and developer groups such as PHP, Oracle, Python, Ruby, Google, and Microsoft. The researchers noted that the Ruby security team and Tomcat have already released fixes, and that “Oracle has decided there is nothing that needs to be fixed within Java itself, but will release an updated version of Glassfish in a future CPU (critical patch update).”

“The algorithmic complexity of inserting n elements into the
table then goes to O(n**2), making it possible to exhaust hours of CPU time using a single HTTP request”

“We show that PHP 5, Java, ASP.NET as well as v8 are fully vulnerable to this issue and PHP 4,
Python and Ruby are partially vulnerable, depending on version or whether the server
running the code is a 32 bit or 64 bit machine.”

Microsoft seems to have been notified pretty late in the cycle, I presume because the researchers started with a some platforms and finally realized the breath of platforms involved.

The ultimate solution is to patch/fix the platforms using for instance a randomized hash function a.k.a. universal hashing.

Microsoft will provide a patch for ASP.NET later today, Ruby already patched and other vendors will soon or have already (please comment if you know of other platforms and patches).

The links this morning indicated there were no known attacks. That is (maybe was) true for ASP.NET, but for PHP a public proof of concept of such a DoS is has been published by Krzysztof Kotowicz (blog) with sources at github and a demo html page.

Temporary workarounds (based on the some of the links in this and the prior blog post, and the workarounds mentioned here and here):

  1. If you can: replace hash tables by more applicable data structures
    (I know this falls in the for-if anti-pattern category, but lots of people still use a hammer when a different tool works much better)
  2. Limit the request size
  3. Limit the maximum number of entries in the hash table
  4. Limit form requests only for sites/servers/etc that need it.
  5. Limit the CPU time that a request can use
  6. Filter out requests with large number of form entries

Some platforms already have applied temporary workarounds (I know of Tomcat (default max 10000 parameters), and PHP (default max_input_vars = 1000) did, and looks like the ASP.NET fix will do too).

Other platforms (like JRuby 1.6.5.1, CRuby 1.8.7 (comments) and Perl 5.8.1 in September 2003 ) fixed it the proper way.

Note: workarounds are temporary measures that will also deny legitimate requests. The only solution is to apply a fix or patch.

A major lesson learned today for a few people around me: when vendors start publishing “out of band” updates, do not trust a single 3rd party assessment with state “initial investigation”, but be diligent and do some further research.

–jeroen

PS: Just found out that most Azure users won’t need to manually apply a fix: just make sure your Hosted Service OS servicing policy is set to “Auto”.

Posted in .NET, ASP.NET, C#, Cloud Development, Delphi, Development, Java, PHP, Ruby, Scripting, Software Development, Web Development, Windows Azure | 6 Comments »

« Previous Entries
Next Entries »