The new blog

After total blog silence for most of this year, I have picked up the blogging again!
Only it is not here anymore, it is here instead! (http://blog.roblevine.co.uk)

Foobar

Current Status: Green

I was just wading through the list of RFCs on the IETF web site, looking for a template for a data protocol which I need to write, when I stumbled across this RFC:
http://www.ietf.org/rfc/rfc3092.txt

Far out!

I thought perhaps people have too much time on their hands, but then I noticed the date.

Name resolution in .Net - arrrrrggghhhh!

Current Status: Red

What could be simpler than resolving a name using System.Net.Dns.Resolve?

The documentation states:

"The Resolve method queries a DNS server for the IP address associated with a host name or IP address."

"When hostName is a DNS-style host name associated with multiple IP addresses, only the first IP address that resolves to that host name is returned."

Pretty simple stuff eh? After all, the process of name resolution via DNS is hardly a black art. It is well understood and easily learnt with the help of a tool like nslookup.

Except one thing; both the assertions given in the documentation quoted above are incorrect.

The second assertion is quite clearly wrong. This method returns an IPHostEntry instance, which has an AddressList property. This property is an array of IPAddress instances. A quick test of this method reveals that this list will conatin more than one item if the name resolves to more than one IP address. Black mark number one.

Now to the first assertion. I have a box which has two network adapters. One of these adapters is to a network with private non-routable ip addresses and no routing/bridging is allowed between the networks; the ip address of this NIC is 10.0.0.5. The private network has no DNS server, and there are no host file entries for hosts on this private network. The other network card connects to my main subnet which has all the usual infrastructure such as DNS; the ip address of this NIC is 192.168.0.2

My machine is called 'terminus'. Terminus has one single entry in the DNS, which resolves to 192.168.0.2. A quick test with nslookup confirms that this hostname has a single A record to point to this ip address.

Why then, when I call

System.Net.Dns.Resolve ( "terminus" )

do I get both IP addresses returned? If this method did what it said, I would only get the 192.168 address returned. I even get them in a perverse, reverse order where the 10.0.0.5 comes first. The fact of the matter is that this method does *not* do what it says; or perhaps it does what it says and then does some other things too.

Using

nbtstat -a terminus

reveals that the NetBIOS name cache contains both these IP addresses, and in the order the Resolve call returns them.


I used a reflector to look into how the Resolve method works, and it just appears to call the Windows Sockets function gethostbyname. Firstly, this method is quite clearly marked as deprecated in the documentation (so why is the .Net Framework 1.1 using it), and secondly even the documentation for this call does not detail what it actually does!

My feeling is that this function harks back to the NetBT days of NT when it was preferable to try and resolve names via WINS or NetBIOS broadcasts as well as IP. However, this is not what the documentation says the function does, and there appears no way of actually doing a basic DNS lookup with nothing else.

I have wasted a few days debugging problems that are directly attributable to this and am pretty cross about it! Have I missed something obvious, or is this function as misleading as it seems?

Is there a way of only doing a DNS lookup from within the .Net framework (akin to using nslookup)?

Its browser flamewar time!

Current Status: Red

Peter Torr (from Microsoft) has just blogged an article entitled How can I trust Firefox?. It has also been slashdotted so I have no doubt that an all-out IE vs. Firefox flamewar is brewing.

This seems to me to be an essentially single point rant about (as the title suggests) whether one can actually trust that you are downloading and installing the real Firefox itself.

His main point is basically this - how can you trust the Firefox install when it is not signed, and as part of the download process you get redirected to a mirror site of which you know nothing? Fair point?

We all know there are solutions to this, such as supplying an MD5 signature to verify that the file has not been tampered with, but in truth I think his point is a bit of a red herring. How many times does a user (newbie or expert) download unsigned files? Most of the time IMHO. How many times does the average user click to install an unsigned file in IE? Lots. In my experience you'd be pretty damn limited in what you can install if you insisted on only installing signed downloads.

When is a security measure not a security measure? When no-one actually uses it.

As for his point about the mirrors (if you click "download" link on http://www.mozilla.org/products/firefox/ your download will come from one of a number of mirrors) - again most people are more than happy most of the time to download from a number of mirrors. Not every organization has the resources to be able to host all their applications with enough download bandwidth for all - in fact very few do. It would be nice, as Peter points out, to have a fully qualified domain name instead of the decimal IP address that you get on some mirrors, but again this is missing the point. This is a normal modus operandi for large numbers of net users.

What Peter fails to really do in his article is tackle the issues as to why people perceive that Firefox (once it is safely installed) is a more secure browser than IE. Instead he focusses on a handful of install based issues which, while true enough in their own right, do nothing to progress the discussion of security.

For all the apparent weaknesses in Firefox that he talks about, most people's experience of IE involves at least some level of spyware, unwanted pop-ups, application crashes (which more often than not kill all your IE windows) and other extreme annoyances. I don't think that most Firefox users have had such a bad experience, so far at least.

As for Microsoft's attempts to improve security in IE under Windows 2003 with Internet Explorer Enhanced Security; most people I know turn it off; why ? - because it makes the task of browsing and downloading items absolutely intolerable. I refer you to the answer I gave some moments ago: "When is a security measure not a security measure? When no-one actually uses it."

To my mind the article represents a deliberate attempt to prevent people from actually daring to install Firefox. A thinly veiled attempt at spreading FUD.

Maybe it will succeed to some extent, but it is an embarrisingly poor attempt in my opinion.

By the way - I do quite like IE, and have been using it for years. I just happen to think that the young pretender (Firefox) has turned up as an outrageously usable browser.

Straight in at number one!

Current Status: Amber

I am not someone who pretends to understand the vagaries of search engine optimisation or how to hype a site. However, I have just noticed that, after one week of having any content in my blog, I am straight in at number one on Google.

Just a straight query on "Rob Levine" puts me at the top. You don't even have to add "Bristol" or "UK".

Now that is something of a result! I'll be interested to see how long I hold the position.

Frustrating http connection behaviour in .Net (C#)

Current Status: Red

I seem to be having a bit of a frustrating time with http connections in .Net at the moment.
Basically I am working on a project in which many subsystems use http to communicate with eachother. Once in a while, my .Net client will fail with a "System.Net.WebException: The underlying connection was closed: Unable to connect to the remote server." exception.
The remote server can be an IIS server or a Jetty server running on Linux - I see the same problem with both.

To try and reproduce this problem I wrote a very simple client app that requests a single static page from a web server. It loops round making the request repeatedly, up to 100000 times.
Here is the static Main method from my console application:

[STAThread]

static void Main(string[] args)

{

    int i = 0;

    try

    {

        for (i = 0; i < 10000; i++)

        {



            HttpWebRequest req = (HttpWebRequest)

                WebRequest.Create("http://proxima/test.html");

            using (HttpWebResponse resp =

(HttpWebResponse)req.GetResponse())

            {

                byte[] buffer = new byte[1024*1024];

                int read = 0;

                Stream stream = resp.GetResponseStream();

                do

                {

                    read = stream.Read(buffer, 0, 1024*1024);

                }

                while (read !=0);

                stream.Close();

                resp.Close();

                req = null;

            }



            if (i % 1000 == 0)

                Console.WriteLine(i);

        }

        Console.WriteLine(i);

    }

    catch (Exception ex)

    {

        Console.WriteLine("Exception at iteration " + i);

        Console.WriteLine( ex.ToString());

    }



}

For this example I created a very small html file to put on my server - only 50 bytes.
I see some extremely peculiar behaviour when I run this application; generally the first time it runs, it will process many thousands of iterations before falling over with the aforementioned exception. Once it has failed, if I attempt to run it again straight away the application fails in a matter of a few 10's or 100's of iterations. Why?
It makes no difference to the overall behaviour if I swap my HttpWebRequest stuff for a System.Net.WebClient.
It makes no difference if I insert a GC.Collect() in the loop.
What is going on here and what is 'remembering' the fact that the client has previously failed?

I have to admit to being stumped for the time being.
Does anyone else see this behaviour?

Overflowing Integers

Well - this is my first real blog entry. I wasn't sure how to get myself started, or what to talk about, so I created several dummy blog entries to test the system. The first of these was a few months back, but it wasn't until today that I created a couple more. Subsequently I deleted the two new ones.

After playing around with Blogger.com a little more I noticed that on my profile stats page the 'average posts per week' statistic showed a figure of 2147483647. Now I had hoped to be fairly prolific as a blogger, but this surpassed all my expectations - over 3,500 blogs per second!

Unfortunately I couldn't help but notice that this number is just one short of the point at which an signed integer would overflow.

(2^32)/2 = 2147483648

So Blogger.com appears to think my average blog rate is -1 blogs per week. An interesting concept I thought.