Opinion: The Mind of an Elite Software Engineer Friday, July 31, 2009

I have found myself many times involved in the debate over what it takes to be an elite software engineer. Some argue it is the education, others argue it is the experience, yet other argue it is <insert whatever>.

I firmly believe that with all other things being equal, an elite software engineer possess two distinct mental qualities: abstractions over concretions and relativeness over absoluteness. So, regardless of whether a person has a CS/CIMS/whatever degree and/or decades of experience, the ability to see abstractions and think relative is a key to solving complex problems using hardware and software. In essence, the brain must be wired for this type of reasoning. I also believe that someone who is wired this way that pursues an applicable education such as mathematics, computer science, or engineering will be better positioned to ascend to eliteness versus someone without the brain wiring due to the relationship between the mental ability and the academic material. This also implies that one can be elite without a formal education if they can think in the manner needed to excel in the field.

Charlottesville .NET User Group: Debugging on the Windows Platform (including .NET Framework 4.0) Saturday, July 25, 2009

I presented "Debugging on the Windows Platform (including .NET Framework 4.0)" at the Charlottesville .NET User Group this past Thursday. It went quite well and I had a nice number of attendees to the talk. Good questions and even an encore demo as well!

The PDF conversion of the slide deck can be had here:
Debugging on the Windows Platform (including .NET Framework 4.0).pdf

The sample application demonstrated during the talk can be had here:
WinDBG Memory Leak Demo.zip
(Be sure to open in Visual Studio 2010, convert solution, and set to .NET 4.0 framework target.)

MP3 podcast:
Debugging on the Windows Platform (including .NET Framework 4.0) (ChoDNUG 2009-07-23).mp3

Thanks to all those who organized the affair and to all those who attended my talk.

Thoughts on Scrum + PMP Hybrid Projects Wednesday, July 22, 2009

I have been an advocate for and successfully implemented Scrum in various local organizations from private companies, county government to state agencies. I find that resistance is normal and you have to have management buy-in or you can easily find yourself in a quagmire. I am also a firm believer in adhering to the Ken Schwaber pure Scrum; deviations or tweaking usually indicates a preexisting pain point in the organization which MUST be corrected (i.e. do not bend the process framework to hide the pain point rather eliminate the pain point).

I have also been successful in blending Scrum and PMP. Scrum and PMP does not have to be mutually exclusive. I recommend the following Scrum + PMP balance. Day to day engineering/development activities are managed using Scrum whereas the overall project and strategic vision is managed in PMP-land. This serves to provide the correct level of abstraction in the management chain. A PMP project manager should not worry about the minor details in the trenches; rather, they care about aggregate numbers for the project plan. If your project plan has hundreds of lines, then you probably have the wrong level of detail. Scum in the trenches also allows for the team to focus on continuously refined estimated time to completion rather than relying on and committing to exhausting and inaccurate project plan estimates created in a vacuum on high.

Software Is Hardwork Library 1.4.1.22921 Released Tuesday, July 14, 2009

I just released a new version of the Software Is Hardwork Library. This release contains many major and minor changes. Major highlights include:

• Core
• Removed Fact`1, IPersistenceObjectFactory, PersistenceObjectFactory, Rule`1, RuleMethodAttribute, and Violation`1, Widgets\*
      AsmInfo, CommandLineException, CommandLineParameter, (I)ListItem et. al, Pager, ProgramBase, Tokenizer from Core.
• Added XmlFilePersistenceObject`1.cs to Core.
• Refactored remaining Core\Utility classes to be interface-based.
• TransparentProxyFactory`1 renamed to ProxyFactory`1; no more remoting specific code.
• Move InvokeOnObject and InvokeOnDisposable to new abstract class ClientDynamicInvoker in Core.
• Added DependencyManager and supporting types for a simple dependency injection solution.
• Database
• Rename IDatabase to ITableDatabase.
• Rename IDatabaseEx to IObjectDatabase.
• DynamicDatabaseClient now inherits ClientDynamicInvoker instead of implementing IInvokeDynamic.
• IObjectDatabase methods returning IEnumerable`1 now returns IList`1.
• Removed GenericConnectionFactory`1 in favor of TypeConnectionFactory.GetFor<TConnection>().
• Moved IConnectionDatabaseFactory and AdoNetConnectionDatabaseFactory to AdoNetImpl namespace.
• SerivceModelClient
• DynamicServiceClient now inherits ClientDynamicInvoker instead of implementing IInvokeDynamic.
• Testing Extensions
• Add CoverageExclusionAttribute to TestingExtensions.
• All
• Custom built NMock2 library for debugging symbol/source support.
• Updated Resharper 4.5 code style.
• Changed file names with backtick to tilde to circumvent VS.NET debugger bug.
• All classes with major depenencies use DependencyManager.
• Removed src_exp directory and all contents.

This release encompasses quite a lot of work and I am proud to bring it to the developer community. I plan on enhancing this library as time progresses.

NOTE: At this point, I consider many APIs to be feature complete. Due to time constraints, I reserve the right to significantly reduce the API size and scope to fit my interests moving forward. If an API is missing in one release, always feel free to revert to the last release and/or create your own custom release as the sum of the releases. This is the glory of open source!

The Right Way to Impersonate Credentials in .NET Monday, July 6, 2009

I recently discussed the wrong way to impersonate credentials in .NET. All of the code examples I have encountered have introduced a fatal design flaw: restoring an impersonated principal when impersonating yet another principal as in ASP.NET with impersonate=true. The following illustrates correct code based on my current understanding.

using System;
using System.ComponentModel;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Security.Principal;

namespace SoftwareIsHardwork.Samples
{
    public class ImpersonationScope : IDisposable
    {
        #region Constructors/Destructors

        public ImpersonationScope(string userName, string domainName, string password, LogonType logonType, LogonProvider logonProvider)
        {
            IntPtr logonToken = IntPtr.Zero;
            IntPtr logonTokenDuplicate = IntPtr.Zero;

            Debug.WriteLine("Enter impersonation scope");

            if ((object)userName == null)
                throw new ArgumentNullException("userName");

            if ((object)domainName == null)
                throw new ArgumentNullException("domainName");

            if ((object)password == null)
                throw new ArgumentNullException("password");

            if (userName == "")
                throw new ArgumentOutOfRangeException("userName");

            if (domainName == "")
                throw new ArgumentOutOfRangeException("domainName");

            if (password == "")
                throw new ArgumentOutOfRangeException("password");

            try
            {
                Debug.WriteLine("Incoming identity: " + WindowsIdentity.GetCurrent().Name);

                this.processWindowsImpersonationContext = WindowsIdentity.Impersonate(IntPtr.Zero);

                Debug.WriteLine("Process-impersonated identity: " + WindowsIdentity.GetCurrent().Name);

                //if (Win32NativeMethods.RevertToSelf())
                {
                    if (LogonUser(userName,
                                  domainName,
                                  password,
                                  (int)logonType,
                                  (int)logonProvider,
                                  ref logonToken) != 0)
                    {
                        if (DuplicateToken(logonToken, (int)ImpersonationLevel.SecurityImpersonation, ref logonTokenDuplicate) != 0)
                        {
                            this.impersonatedWindowsIdentity = new WindowsIdentity(logonTokenDuplicate);
                            this.threadWindowsImpersonationContext = this.impersonatedWindowsIdentity.Impersonate();

                            Debug.WriteLine("Thread-impersonated identity: " + WindowsIdentity.GetCurrent().Name);
                        }
                        else
                            throw new Win32Exception(Marshal.GetLastWin32Error());
                    }
                    else
                        throw new Win32Exception(Marshal.GetLastWin32Error());
                }
            }
            catch
            {
                this.Dispose();
                throw;
            }
            finally
            {
                if (logonToken != IntPtr.Zero)
                {
                    CloseHandle(logonToken);
                    logonToken = IntPtr.Zero;
                }

                if (logonTokenDuplicate != IntPtr.Zero)
                {
                    CloseHandle(logonTokenDuplicate);
                    logonTokenDuplicate = IntPtr.Zero;
                }

                Debug.WriteLine("Leave constructor");
            }
        }

        #endregion

        #region Fields/Constants

        private readonly WindowsIdentity impersonatedWindowsIdentity;
        private readonly WindowsImpersonationContext processWindowsImpersonationContext;
        private readonly WindowsImpersonationContext threadWindowsImpersonationContext;
        private bool disposed;

        #endregion

        #region Methods/Operators

        [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
        private static extern bool CloseHandle(IntPtr handle);

        [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        private static extern int DuplicateToken(
            IntPtr hToken,
            int impersonationLevel,
            ref IntPtr hNewToken);

        [DllImport("advapi32.dll", SetLastError = true)]
        private static extern int LogonUser(
            string lpszUserName,
            string lpszDomain,
            string lpszPassword,
            int dwLogonType,
            int dwLogonProvider,
            ref IntPtr phToken);

        [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        private static extern bool RevertToSelf();

        public void Dispose()
        {
            if (this.disposed)
                return;

            try
            {
                Debug.WriteLine("Thread-impersonated identity: " + WindowsIdentity.GetCurrent().Name);

                if ((object)this.threadWindowsImpersonationContext != null)
                {
                    this.threadWindowsImpersonationContext.Undo();
                    this.threadWindowsImpersonationContext.Dispose();
                }

                if ((object)this.impersonatedWindowsIdentity != null)
                    this.impersonatedWindowsIdentity.Dispose();

                Debug.WriteLine("Process-impersonated identity: " + WindowsIdentity.GetCurrent().Name);

                if ((object)this.processWindowsImpersonationContext != null)
                {
                    this.processWindowsImpersonationContext.Undo();
                    this.processWindowsImpersonationContext.Dispose();
                }

                Debug.WriteLine("Outgoing identity: " + WindowsIdentity.GetCurrent().Name);
            }
            finally
            {
                this.disposed = true;
                GC.SuppressFinalize(this);

                Debug.WriteLine("Leave impersonation scope");
            }
        }

        #endregion

        #region Classes/Structs/Interfaces/Enums/Delegates

        public enum ImpersonationLevel
        {
            SecurityAnonymous = 0,
            SecurityIdentification = 1,
            SecurityImpersonation = 2,
            SecurityDelegation = 3
        }

        public enum LogonProvider
        {
            LOGON32_PROVIDER_DEFAULT = 0,
            LOGON32_PROVIDER_WINNT35 = 1,
            LOGON32_PROVIDER_WINNT40 = 2,
            LOGON32_PROVIDER_WINNT50 = 3
        }

        public enum LogonType
        {
            LOGON32_LOGON_INTERACTIVE = 2,
            LOGON32_LOGON_NETWORK = 3,
            LOGON32_LOGON_BATCH = 4,
            LOGON32_LOGON_SERVICE = 5,
            LOGON32_LOGON_UNLOCK = 7,
            LOGON32_LOGON_NETWORK_CLEARTEXT = 8, // Win2K or higher
            LOGON32_LOGON_NEW_CREDENTIALS = 9 // Win2K or higher
        }

        #endregion
    }
}

Sample usage scenario:

using (scope = new ImpersonationScope(username, domain, password, ImpersonationScope.LogonType.LOGON32_LOGON_INTERACTIVE, ImpersonationScope.LogonProvider.LOGON32_PROVIDER_DEFAULT))
{
  // code under impersonation
}

Your Organization's Version Control System is a Production Environment Thursday, July 2, 2009

If you use version control, work item tracking, defect tracking, project management, or any other system which stores data related to software development activities, you must be consider these systems production environments, and treat them as such. Even if only developers access these systems, they should be subject to the same maintenance and scrutiny as your LOB money makers. Failure to heed this advice can and will cost your organization money and time eventually - not if but when.