Alik Levin's

Clarity, Technology, and Solving Problems | PracticeThis.com 

July, 2007

  • Alik Levin's

    Use Sysinternals DebugView To Diagnose The Application

    • 7 Comments

    "Unspecified error", "Catastrophic failure", "Object reference not set to an instance of an object" and other "self explanatory" errors promise no easy debugging. Good instrumentation of the application  to the rescue! The techniques described in the paper explores on very often overlooked healthmonitoring feature of ASP.NET 2.0. It supports few providers - mechanisms that collect and log the events emitted by the application:

    • SimpleMailWebEventProvider. This provider sends e-mail for event notifications.
    • TemplatedMailWebEventProvider. This provider uses templates to define and format e-mail messages sent for event notifications.
    • SqlWebEventProvider. This provider logs event details to a SQL Server database. If you use this provider, you should encrypt the connection string in your Web.config file by using the Aspnet_regiis.exe tool.
    • EventLogWebEventProvider. This provider logs events to the Windows application event log.
    • TraceWebEventProvider. This provider logs events as ASP.NET trace messages.
    • WmiWebEventProvider. This provider maps ASP.NET health monitoring events to Windows Management Instrumentation (WMI) events.

    Nothing is to log into file or to show interactively though.

    Here is another way for quick and dirty understanding what happened in the app (assuming instrumentation is in place). Instrumentation mechanism is my old friend System.Diagnostics.Debug.WriteLine(string message). This command emits messages to OutputDebugString. The best tool that collects and shows the messages that I found so far is Sysinternal's Debugview.

    The following code:

        protected void Page_Load(object sender, EventArgs e)
        {
            Trace.WriteLine("Loading the page");

        }

    Would interactively look like this:

    image

    DebugView also offers logging the events into file - very handy.

     

    While healthmonitoring is great to log stuff for later analyzing, tracing with DebugView is great for interactive debugging. I can think of some wrapper class that is used by the application to log the messages, and the implementation uses both healthmonitoring custom events and Debug.WriteLine. Both then rely on the web.config stuff.

     

    Enjoy and happy debugging, tracing, instrumentation, and other veggies.

  • Alik Levin's

    Ubuntu And Apache Web Server Join My Lab Network

    • 1 Comments

    I have my lab network, my playground Active Directory Domain( more on it here - How I Setup Lab Domain Using VPC 2007 ).

    I have customers who explore on interoperability between .Net applications and Java application that run on Windows/Linux. They seek for help.

    To get started I decided that I need to have Linux machine on my lab network with Http server. From quick research on the Internet I understood that Ubuntu 6.06 would be the easiest for me to install on my VPC 2007. I followed the instructions from Installing Ubuntu on VirtualPC Step by Step.

    After the Linux machine was up and running I needed to install apache web server. To do so I ran the following command line:

    sudo apt-get install apache2

    but it failed since some packages were not there.

    I consulted with people who are in the know and what was done is the following:

    • Add "universe" to resource.list file. It lets Ubuntu get all repositories of updates.
    • Run command sudo apt-get update. Get all latest updates lists.
    • Run sudo apt-get install apache2 command again to install apache

    The apache is now installed. Here is the look at it from Ubuntu machine on my lab network (notice "localhost" in Firefox's address bar):

    image

     

    Here is the look at it from Windows machine on my lab network:

    image

     

    Next would be starting to build .Net and Java applications and make them interop. 

  • Alik Levin's

    Typed DataSet - Potential Performance And Security Risk

    • 4 Comments

    Are you using Typed DataSet as DTO (data transfer object)? Are you building distributed systems where the DTO goes back and forth including your Smart Client? If yes then I think you should be aware that the most of your DB schema can be easily revealed using my friends ILDASM and FindStr.

    It is common pattern creating shared libraries that contain only data definitions. These libraries are shared/deployed usually to both client and the server.

    In my example I created simple library called TypedDataSetSharedLibrary.dll. It holds Typed DataSet I generated from AdventureWorks sample database. I ran simple command line as follows:

    ildasm.exe TypedDataSetSharedLibrary.dll  /text | findstr /C:"ldstr" >"C:\TypedDataSetSharedLibrary.dll.Strings.txt"

    Here is the fragment of what I see after opening the resulting file:

    IL_00d7:  ldstr      "tableTypeName"
    IL_00e4:  ldstr      "vEmployeeDataTable"
    IL_001d:  ldstr      "The value for column 'Title' in table 'vEmployee' "
    IL_001d:  ldstr      "The value for column 'MiddleName' in table 'vEmplo"
    IL_001d:  ldstr      "The value for column 'Suffix' in table 'vEmployee'"
    IL_001d:  ldstr      "The value for column 'Phone' in table 'vEmployee' "
    IL_001d:  ldstr      "The value for column 'EmailAddress' in table 'vEmp"
    IL_001d:  ldstr      "The value for column 'AddressLine2' in table 'vEmp"
    IL_001d:  ldstr      "The value for column 'AdditionalContactInfo' in ta"
    IL_0059:  ldstr      "XmlSchema"
    IL_00a9:  ldstr      "vEmployee"
    IL_00c9:  ldstr      "vEmployee"
    IL_0031:  ldstr      "vEmployee"
    IL_004f:  ldstr      "vEmployee"

    It is clear that from such information an attacker may learn a lot about DB schema thus being able to craft her attacks more easily.

    Why it is performance risk? Well, it is not but using this approach one could spot it.

    Imagine that the above fragment only small representation of huge data set that travels the network. Recently I stumbled on such code. This simple check revealed that the code uses Typed DataSet of about 1000 columns. We assumed that this should be a problem from network throughput perspective and we ran some load tests using VSTS.

    The result was pretty expected - almost all bandwidth was utilized by load of few simultaneous users.

    Next time you design distributed system - take these into account.

    Plus Dino Esposito once published another discussion around DataSets vs. Collections which might be useful too.

     

    Enjoy

Page 2 of 3 (8 items) 123