Category Archives: software development

microsoft, software development, windows

Anti-virus failure leaves XP broken, DNS hijacked, user frustrated

3 Comments

A colleague had some problems with his Windows XP laptop while I was away last week, and I promised to look at it on my return. It’s a sad story, particularly as he is doing everything Microsoft recommends (aside from upgrading to Vista). His HP laptop was fully patched with SP3, and he had a commercial license for AVG anti-virus. He noticed that his system started running slowly when connected to a network, though it worked fine offline, and suspected a faulty network card. It sounded suspicious to me. I wondered if malware was causing heavy network traffic, and advised him to check that his anti-virus was up-to-date and to scan his machine.

It got worse. He ran AVG, which discovered two viral autorun.inf files that it quarantined, but the machine still did not work right. The AVG tech support could not see what was wrong, and suggested reinstalling AVG. Reinstallation failed because AVG could not get updates (this was actually a good clue). Tech support said maybe a firewall problem. Hmm.

The best solution in cases like this is to flatten the machine and reinstall everything, but I was intrigued. I booted from the Ubuntu 8.10 live CD and confirmed that the hardware was fine. I then tried a couple of anti-virus scans that run from boot CDs, which is safer than running from within an infected operating system – the Kapersky rescue disk and the Avira Rescue System. Kapersky identified and removed Trojan-Downloader.Win32.Agent.ahcg somewhere in temporary files. Antivir found nothing. I also ran the Malicious Software Removal Tool which found Trojan: win32/Alureon.gen. Funny how all these tools find different things. No, I don’t find that reassuring.

At this point I connected the machine to the internet. Tried re-installing AVG but it still would not update. Tried downloading a more recent AVG build. However, when I clicked to download, I got an advertisement page instead. Aha! I checked the DNS settings. Instead of being set to obtain the DNS automatically, it was hard-coded to a pair of DNS servers in Ukraine. Clearly the AVG download site was among the ones privileged with an incorrect entry.

Things looked up after I fixed that. Spybot found evidence of Zlob.DNSChanger.Rtk: a registry entry pointing winlogon\system to an executable with a random name somewhere in Windows\system32, but the file itself was not present. Fixed that entry, and Spybot was happy. AVG installed and updated sweetly and found nothing wrong.

I also noticed a hidden directory called resycled (sic) on the root of both partitions, containing the single file boot.com. Has to be a virus, and seems to be associated with the autorun.inf infection; but none of the clean-up tools detected it.

The machine seems fine now, though it should still be flattened as a precaution. I do find the DNS hijack spooky though. It means you can visit safe sites but get dangerous ones. Nasty.

What all this illustrates (again) is that even users who do everything as recommended still get viruses – in this case, probably from an infected USB stick, though I can’t be sure. Why didn’t AVG catch it? Good question. Why didn’t AVG tech support advise how to fix it? Another good question. Vista would have been a little more robust – you would have to pass a UAC prompt to write to the root of drive C, or to HKLM – but I imagine some users would click OK to a prompt after connecting a USB stick, presuming it to be a driver install or something like that.

And if you get ads or porn sites appearing unexpectedly when you browse the web, yes you should be worried.

Update

I sent the suspect file boot.com to Sophos for analysis. I would have sent it to AVG as well, but could find no easy way of doing so. I received an email informing me that this is a worm called W32/Autorun-NX. A filter to detect it was added to Sophos on 7th November at 20.27, which is about 4.5 hours after I submitted it. If mine was the first report, that is impressive speed; but bear in mind that the infection was over a week old when I encountered it, and had circulated for an unknown length of time before my colleague picked it up. Anti-virus software offers only limited and inadequate protection from malware.

Technorati tags: , , , ,

.net, microsoft, silverlight, software development

Microsoft’s new .NET logo

1 Comment

One thing I forgot to mention from PDC 2008: the new .NET logo:

Note the visual link to the Silverlight logo; the ribbon (I may be reading too much into this); and the soft brushwork that is meant to evoke “designer” as well as “developer”.

The .NET part has changed from lower case to upper case. This was the old logo:

 

Since as far as I’m aware Microsoft has always preferred .NET to .net or .Net (except in the logo) I guess this makes sense. Must remember to type it that way.

google, java, microsoft, salesforce.com, software development, web authoring

In which I ask Marc Benioff, CEO Salesforce.com, if his platform is a lock-in

1 Comment

Moving from Microsoft’s PDC last week to Dreamforce (the Salesforce.com conference) this week has been an interesting experience. Microsoft is the giant still trying to come to terms with the new world of the Internet; Salesforce.com is the young upstart convinced that it has the future computing platform in its grasp. Salesforce.com is a much smaller company – revenue of just over $1 billion versus Microsoft’s $60 billion – though oddly Dreamforce is a larger conference, with nearly 10,000 attending, compared to 6,500 at PDC (numbers very approximate). Being small means greater opportunity for growth, and Salesforce.com reported 49% year on year  revenue growth in the last quarter for which figures are available [PDF], ended July 2008.

As for the actual conference, Monday was great, with an upbeat keynote and a fascinating press Q&A with CEO Marc Benioff; Tuesday failed to sustain the momentum with a disappointing keynote (people were leaving in droves as Michael Dell attempted to pitch storage servers to this on-demand crowd), and today is wind-down day.

The press Q&A covered most of the interesting questions about this company. Is it a lock-in? Will it move beyond CRM to a total cloud platform? Will it be bought by Oracle? How is the Salesforce.com platform (called Force.com) different from Microsoft’s Azure? Benioff has a great talent for sound bytes, and made endless digs at Microsoft and its new platform which he called “Azoon”. Microsoft developers are in a black room, he said, but walking out into the bright light of cloud computing – by which he means not Azure, but his stuff, naturally.

I got to ask the lock-in question. Benioff had already observed that making the platform programmable increased his hold on this customers. “It’s exactly the same thing that happened when Oracle moved from version 5 to version 6 with PL/SQL,” he said. “The database became programmable. Customers became customers for life.” Incidentally, Benioff talks a lot about Oracle, which is the database on which Salesforce.com itself runs, and refers to Larry Ellison as his mentor. I asked whether he was now asking his customers to repeat the mistakes of the past, when they locked themselves to Oracle or Microsoft or IBM, and I am going to quote his answer nearly in full:

It’s not a question of repeating the past, it’s just an aspect of our industry that it’s important for vendors to offer customers solutions that give them the ability to fully integrate with the platform. It benefits the customer and it benefits the vendor, and every major vendor has done it. That’s really the power.

I think that it’s true whether you’re writing with Google today and you’re building on the Google AdWords and AppEngine, you have to make the choice as the developer, what’s the right thing? Portability of code is just not something that we have ever got to in our industry. As a developer you want to make the right choice … but the reality is that the customers who are doing deep integration with us, those are customers who are going to be with us for a long time and we’re a strategic solution to them.

It’s not a commodity product. It never has been. If you think of it as a commodity product it’s a mistake … I’m completely honest and open about it, which is you’re making a strategic relationship decision, and you need to look at your vendor deeply, and choose what is the right thing for you. When customers bought Sybase SQL and they wrote Transact SQL, or they bought Oracle and wrote PL/SQL, or they’re writing in Visual Studio, well Visual Studio does not port over to HTML. You’re making a strategic decision …I think that’s important, that you research everything, evaluate everything … you do as a vendor end up with a very loyal customer base over time.

Are you familiar with the iPhone? [sure] So iPhone has a development environment that’s called Cocoa. So you have all these apps now on AppStore, which is a name that we used to have and we’ve given it to them, so when you write on AppStore, when you write on Cocoa, guess what, those apps are in Cocoa. And there’s nothing wrong with that.

I followed up by asking whether Sun’s Java experiment, including the idea of code portability between vendors, was an impossible dream.

If you’re writing in Java, you’re betting on Java. It’s a totally reasonable decision. You make that choice. It’s not portable away from Java, that I know of. I just think it’s an aspect of our industry. You should not avoid it, and vendors should not say something like, oh, we’re gonna offer some level of portability, just be honest about what our strategies are. When you’re writing on SQL Server, when you’re writing on Visual Studio, when you’re writing on Oracle, when you’re writing on DB2, when you’re writing on Force.com, you’re gonna be writing natively to a platform, and then the more open that platform is, the more connections there are to that platform, the more powerful that is for you. But you are making a platform decision, and our job is to make sure you choose our platform and not another platform, because once they have chosen another platform, getting them off it is usually impossible.

I give him credit: he could not be more clear. Even so, if you follow his reasoning, developers have an impossible decision at this point of inflexion in the industry. It is all very well researching Salesforce.com, or other vendors, but we cannot know the future. For example, Salesforce.com may become Oracle (an outcome that analysts I spoke to here see as very plausible), in which case you researched the wrong company.

On balance I doubt that the Force.com platform will go away, but its future cost and evolution is all a matter for speculation. That said, I do think it is an interesting platform and will be posting again about it; I’ve also made some comments on Twitter which you can find on my page there.

.net, microsoft, software development

C# 4.0 goes dynamic

3 Comments

Anders Hejlsberg is explaining new features in C# 4.0, a future version, at Microsoft’s PDC. The big new feature, he says, is support for dynamic typing. Currently C# uses static typing, which means that when you call object members like methods and properties, the compiler checks that they exist or raises an error if they do not. By contrast, with dynamic typing you can call any old method or property, and they are not checked until runtime.

C# 4.0 will support dynamic typing through a new static type called “dynamic” (this raised a laugh at PDC). In other words, if you declare a variable as dynamic:

dynamic obj;

then you can call what you like as if it were a member of obj, and it will be resolved at runtime.

Hejsberg showed in his demonstration how this simplifies interop with other dynamic languages like JavaScript or Python.

Other new features are named parameters and optional parameters. This is a big win for COM interop – automating Microsoft Office, for example, from C# has always been painful because COM was designed to support optional parameters. C# got round this with an ugly hack “ref.missing”. All gone in C# 4.0.

Technorati tags: , ,
.net, java, software development, windows

UK job stats show Java decline

2 Comments

Long-time readers of this blog may recall that I occasionally track IT job vacancies at Jobserve. There may be better sites to track; but it carries a lot of vacancies, and I need to be consistent. I started in early 2002 with the goal of seeing how much adoption Microsoft was winning for its .NET technology. In March 2002, there were 153 vacancies which mentioned C#, versus 2092 for Java.

Since then, C# has grown steadily. Today it overtook Java for the first time (in my random and infrequent visits). There are 2206 C# vacancies, 2066 Java.

I also noticed that the absolute number of vacancies has declined substantially since my last visit, but Java by more than C#. The economy, I guess.

Is Microsoft really sweeping all before it? Well, no. Vista has disappointed; Apple sales grow ever higher; Netcraft’s web server survey shows a decline in the percentage of IIS sites on the Internet in September 2008 and observes that 75% of new web sites coming online use Apache. So it is a matter of what statistic you want to pick. Nevertheless, there is clearly still a lot of C# development out there.

Technorati tags: , , ,
.net, microsoft, software development, windows

Tell me what’s wrong with Microsoft’s Team System

6 Comments

At Microsoft’s Remix08 in Brighton last month, a developer asked about Visual Studio Team System during a panel discussion. What interested me was not so much the question itself, but that after the session she was surrounded by other delegates advising her not to use it. These were people who had tried it, or were using it, but found it frustrating. The general proposal was to use open-source tools instead – things like Subversion and CruiseControl.NET.

I was surprised by the strength of feeling. I’ve looked in some detail at Team System and been reasonably impressed by what it does – but that’s not the same as using it in anger, of course. I admit, for my own work I do use Subversion, just because it is lightweight, works well cross-platform, and runs on my Linux web space as well as locally; but I am not part of a team of developers working on Microsoft platform projects, which is where Team System ought to make sense.

For the sake of balance, I’ll add that I met a developer at the airport on the way to Remix Las Vegas earlier this year, who loves Team System and told me that it is Microsoft’s best product.

I’d love to hear in more detail what users think of Team System. Is it broken, or does it depend on how it is set up and maintained? What are the key things that Microsoft needs to fix? Or is it just great, and those complainers in Brighton atypical?

delphi, software development

SQLite and Delphi 2009

3 Comments

I created a simple Delphi wrapper for SQLite, the popular open source database library. I’ve just updated it to work with Delphi 2009 – I’m not happy with what I’ve done, because I’ve changed a bunch of declarations from PChar to PAnsiChar and from String to AnsiString, just to get it working quickly. SQLite is fine for Unicode, so the next step is to revise it properly to support Unicode … when I or someone else has time.

It was interesting to do some work with Delphi 2009. It has the old problem: out of date documentation. Here’s what it says about PChar, in the entry on pointer types:

The fundamental types PAnsiChar and PWideChar represent pointers to AnsiChar and WideChar values, respectively. The generic PChar represents a pointer to a Char (that is, in its current implementation, to an AnsiChar).

Further, if you have the following code:

var
strTest: PChar;
begin
strTest := StrAlloc(6);
strcopy(strTest,’Hello’);
strdispose(strTest);
end;

and hover the mouse over strTest in the editor, the pop-up tip says:

strTest – System.PAnsiChar

However, this is wrong. In Delphi 2009, a generic PChar is a PWideChar. Here’s the code in SysUtils for StrAlloc:

function StrAlloc(Size: Cardinal): PChar;
begin
{$IFDEF UNICODE}
  Result := WideStrAlloc(Size);
{$ELSE}
  Result := AnsiStrAlloc(Size);
{$ENDIF}
end;

UNICODE is defined in Delphi 2009, so StrAlloc returns a PWideChar.

Technorati tags: , ,
software development

Losing your religion: how to survive the tech downturn

I posted a piece on itjoblog summarizing and reflecting on Tim Bray’s tips for surviving the tech downturn, if you are a software developer.

Yesterday was another grim one on the world’s stock markets; this morning the London stock exchange is down another 3.74% at the time of writing. I’m not seeing much reason to doubt Bray’s pessimism. Still, there’s always tomorrow.

Technorati tags: ,
.net, linux, microsoft, software development, web authoring

Silverlight on Linux: Moonlight or moonshine?

2 Comments

Microsoft’s press release for Silverlight 2.0 says this:

Cross-platform and cross-browser support. This includes support for Mac, Windows and Linux in Firefox, Safari and Windows Internet Explorer.

The use of the present tense for Linux support is … misleading, to be generous. I tried visiting the official Silverlight site on Ubuntu. Here’s what I’m offered as downloads:

Hmmm. If I go to the official Moonlight site, I see this:

Note that not even Silverlight 1.0 is fully released; further, it says “no video or mp3 playback is enabled”. The installers are said to be incomplete.

I asked about this at the press conference; the answer was “we’re working on it” and “as soon as possible” and “Miguel is speaking at PDC”.

That’s fair enough and I understand that these things take time. But if you read the press release, you might suppose that a Linux user could use it now. Other than for geeky and experimental users, that is not the case.

.net, mono, silverlight, software development, web authoring

Silverlight 2.0 is released, Eclipse tools for Silverlight announced

Microsoft’s Scott Guthrie has announced the final release of Silverlight 2.0, its browser plug-in which includes a cross-platform implementation of the .NET runtime as well as a multimedia rendering engine. It will be available for download tomorrow.

Not really a surprise, but nonetheless a significant moment for Microsoft. I have been watching the project closely since it was first announced at PDC 2005 as Windows Presentation Foundation Everywhere. I am particularly interested in the cross-platform aspect. When .NET was first released in 2001, as Microsoft’s answer to Java after falling out with Sun, it had obvious cross-platform potential, yet the company held back form any commercial implementation outside Windows. Miguel de Icaza took independent action to create an unofficial open source Linux implementation, that also runs on Mac and Windows, called Mono. Microsoft was initially wary of Mono, but in my view the company had more to gain than to lose by supporting it. That now appears to be recognized, with Microsoft working formally with Mono to support Moonlight, Silverlight on Linux, and to provide it with multimedia codecs.

Microsoft has also announced Eclipse tools for Silverlight, in partnership with Soyatec, the idea being to enable Java developers to develop for the Silverlight client within Eclipse.

One clarification: although the press release says “This includes support for Mac, Windows and Linux”, the Mac support for Silverlight 2.0 is Intel Mac only, and the Linux version lacks multimedia support and the 2.0 version is described as “Experimental”; it is a long way from full release. Although Microsoft is now working with Mono, cross-platform currently means Windows and Intel Mac, though this does account for a large proportion of active Web users.

Press release is here.

Technorati tags: , ,