Microsoft Article : Using Code Metrics to Guide Code Reviews

Using Code Metrics to Guide Code Reviews

Using Code Metrics to Guide Code Reviews

This week I have published a new article on the Microsoft Developer Blog. The article is called “Using Code Metrics to Guide Code Reviews” and talks about how you can use the code metrics in Visual Studio as a way to run a code review to stimulate discussions about code quality.

The article also takes a look at the NDepend tools and how they can give you an ever deeper insight into what’s happening in your code.

Microsoft Article : How to Securely Store Passwords and Beat the Hackers

How to Securely Store Passwords and Beat the Hackers

How to Securely Store Passwords and Beat the Hackers

I have just written my first article for the Microsoft UK Developer site on How to Securely Store Passwords and Beat the Hackers. The article talks about the best way to protect passwords by first exploring ways that you shouldn’t protect and store passwords.

Password Based Key Derivation Function Iteration Counts

I have already spoken about Password Based Key Derivation Functions before on this blog and I have discussed secure password storage with PBKDF2 at length in my Pluralsight course, Practical Cryptography in .NET, but in this post I want to expand this a bit and talk about picking suitable iteration lengths for the PBKDF2 key derivation process.

Choosing a good number of iterations for PBKDF2

Choosing a good number of iterations for PBKDF2

A reader of this blog, Geoff Hirst, gave me a heads up to an episode of the Security Now podcast and specifically episode 512 where the recent security breach at LastPass was discussed. Luckily no one’s data was actually at risk due to their security policies and good use  of encryption, but the podcast talked about something that was interesting and that was, what should you set your PBKDF2 iteration count too?

I must admit I have always used round numbers like 50,000 or 100,000 but the podcast says this isn’t a good idea and you should use 5 figure number, beginning with a number larger than 2, but a random number which isn’t rounded up to specific whole number, as in 50,000 or 100,000.

By making this a random number that you do not disclose you are making an attackers life much harder as they have to get the iteration count correct. Of course you shouldn’t rely on this as a main piece of security information, but anything that can make an attackers life a little harder has to be a good thing.

If you are dealing with a system that has multiple users, why not randomly generate different iteration counts per user. Then if one user does get compromised and their password recovered, your other users are still safe as the attacker would still need to guess their number of iterations.

Message Queueing with RabbitMQ Succinctly Released

My 2nd book with Syncfusion has been released today. It is called Message Queueing with RabbitMQ Succinctly. The book is around 100 pages in length and is designed to get you up and running with RabbitMQ very quickly.

Message Queueing with RabbitMQ Succinctly

Message Queueing with RabbitMQ Succinctly

The official book bio is:

An introduction to the RabbitMQ integration platform with an emphasis on C# and .NET development. Author Stephen Haunts introduces the powerful message broker and queuing system, and guides novices from installation to practical coding. With Message Queuing with RabbitMQ Succinctly, developers of all levels will be able to integrate multiple systems with ease.

The book is split into the following chapters.

  1. Message Queuing Overview
  2. RabbitMQ Overview
  3. AMQP Messaging Standard
  4. Installing and Configuring RabbitMQ
  5. Overview of the Management Plug-in
  6. Administration via the Command Line
  7. Basic Queue and Message Example
  8. Working Examples

All the source code from the book is available on BitBucket. The link to the BitBucket repository is in the book. I am also currently doing talks on RabbitMQ around various user groups in the UK.

I would love to know what you think about the book.

Secret Files Decrypted by the Russians and Chinese

It was reported in the press today that a series of files contained in the files stolen by Edward Snowden have been decrypted by the Russians and the Chinese which has given up vital strategic intelligence information forcing SIS (MI6) to move under cover agents out of potential harms way. This story interest me particularly especially with my interest in Cryptography and releasing a Pluralsight course about Cryptography.

Edward Snowden : Secret Files Decrypted by the Russians and Chinese

Edward Snowden : Secret Files Decrypted by the Russians and Chinese

There are a couple of things I am wondering. From a technical perspective, how were the files protected? Was it using AES, RSA, a combination of both? Where the files broken using a Brute force attack? Where the keys particularly weak. These are questions that I am sure I won’t get answers too, but I am curious none the less.

Aside from my own technical geeky curiosity, the other thing running through my mind is why is this even in the news in the first place. It is quite strange that we would hear anything about MI6 operations in the press, which leads me and many others like Former Conservative cabinet minister Andrew Mitchell from wondering if the news story was very well timed to coincide with the Anderson Report.

Continue reading

Update a WPF UI from Another Thread

This is a shorter post with a small solution to a problem, but I wanted to add it here for my own reference. I have recently been working on a little WPF pet project as I want to learn XAML and WPF. I seemed to miss that generation of UI technology when I went from mainly doing WinForms work into WCF and back end enterprise development.

The issue I had the other day was that I had a timer running in my code that triggers an event when the elapsed time hits a certain time. From that event handler I wanted to update something on the user interface. If I update that UI item directly from the event I got the following exception being thrown. This is because the UI is operating on a different thread to the thread handling the timer event.

Thread Exception

Thread Exception

The solution is to use the Dispatcher.Invoke( Action ) method to make the call to the UI thread. This is demonstrated in the following example. We have a timer being setup with an event (OnTimedEvent) being fired every 5 seconds. When the OnTimedEvent is called, the UI is updated inside the Dispatcher.Invoke( Action ) method.

private Timer _timer = new Timer();
_timer = new Timer(5000);      
_timer.Elapsed += OnTimedEvent;
timer.Enabled = false;

private void OnTimedEvent( Object source, ElapsedEventArgs e)
     Dispatcher.Invoke(() =>
          // Set property or change UI compomponents.              

MSDN describes this solution as follows:

In WPF, only the thread that created a DispatcherObject may access that object. For example, a background thread that is spun off from the main UI thread cannot update the contents of a Button that was created on the UI thread. In order for the background thread to access the Content property of the Button, the background thread must delegate the work to the Dispatcher associated with the UI thread. This is accomplished by using either Invoke or BeginInvoke. Invoke is synchronous and BeginInvoke is asynchronous. The operation is added to the event queue of the Dispatcher at the specified DispatcherPriority.

Invoke is a synchronous operation; therefore, control will not return to the calling object until after the callback returns.

New Blog Template

This blog, Stephen Haunts { Coding in the Trenches }, has been running since 2012 and since then I hadn’t changed the visual style of the site. For you regular readers you may have noticed that the styling has changed  a bit from today.

New Blog Template

New Blog Template

I have kept the same kind of layout, as I think this works well for a blog like this, but the styling has been updated to make it look and feel more modern and minimal. This site is also now fully responsive, so it will scale down well to tablets and phones.

I hope you like the changes. If you have any feedback on the new template then please leave a comment on this post.