Friday, 1 February 2013

The 7 layers of the OSI model

TCP/IP vs OSI and the corresponding protocols


The physical layer represents the physical elements used to transport the data on the network. This layer implements different technologies and some protocols like DSL and ISDN. RJ45, Ethernet, Circuit switching and multiplexing are things that can be placed on the physical layer. A hub or repeater is an example of devices that runs at the layer 1.


The data-link layer is the only layer of the osi model that is devised in two more sub-layer called the Logical Link Layer (LLC) and the Media access control layer (MAC). The data-link layers deal with protocols that works mainly with the mac address, like ARP (Address resolution protocol) and PPP (Point-to-point protocol).  Specified by the iso, this is the layer that should also manage flow control via CSMA (Carrier sense multiple access), where in reality most of this process happens on a higher level of the OSI. A switch is an example of a device that runs at the layer 2.


This is the layer that will take care of routing and forwarding of the packet. This is also the layer that implements TCP and UDP protocols.  A router is an example of a device which operates at the layer 3.


On the transport layer 4 is where the flow control and reliability of the transmission happens. As packets can be lost in the transport due to collisions and network congestion, the reliability is accomplished either by ACKs or checksums and requests a packet to be resent.
The congestion control is accomplished by CSMA which stands for Carrier sense multiple access. There is two principal way for CSMA to operates which are CA (Collision Avoidance) used mainly for wireless network. The other one being CD (Collision Detection) used for wired networks.


This layer establishes, manages and closes sessions for the process and applications.  This layer has some common tunneling protocols like L2TP (Layer 2 tunneling protocol) and L2F (Layer 2 forwarding protocol). Some authentication protocols like PAP (Password authentication protocol) are present at the session layer 5.


The presentation layer is where information is formatted following different standards. This is a translation layer that is responsible for delivery and formatting the information from the application layer. Common file formats like JPEG and PNG are part of this layer. Note that TLS, which supersedes the SSL protocol, is implemented at the presentation layer while SSL operates at the session layer.


This layer is used for all communication protocols. This is where the most common protocols reside, FTP, HTTP, SMTP and POP3 operates at this layer to name a few.

Friday, 24 August 2012

POCO vs EntityObject (EF) model

What is a poco object?

POCO is a short for Plain old clr object and refers to an object that does not depends on the framework. It will not inherits and it should support it's own functionnalities.

For example, when you get to chose a generation template for your edmx, you will have Self-Tracked entity objects. These will be generated over a POCO model and will contain their own methods for propertyChanged and will also contains it's own EntityState property as it cannot rely on it's base object.

What is the EF model?

The alternative to POCO is to generate your entities and inherits them from EntityObject. This is the other text template offered in VS2010. The base EntityObject class will support a common PropertyChanged method and the EntityState method but you will still have a partial member for each of your primitive properties.

What should i choose?

It depends on your needs. If you use a WCF service or if you need your data to be exposed to other frameworks or languages , you should go for the POCO option. These objects does not rely on .net and could be easily consumed by any other language like php or java.

If you are using RIA services and have no plan in the future to expose your data, you can go with the EntityObject approach. In a silverlight context for example, the client proxy for your domain context class will be generated using the EF model no matter if you are using POCO or not.

This is the main difference over the two models, you should go with POCO if you need to expose data to other technologies or need a better portability for your objects. If you want to avoid some redundant code and add some common functionality to your objects , the EF model is an option.

Remember that there is a few differences in the text template itself so you can easily do the switch later in your development.

Wednesday, 22 August 2012

Text template: Attribute writer

Here’s a function I wrote that can take an attribute as a parameter and return its string equivalence into a text template. This is useful if you need to generate data annotations attributes for your metadata class but will work anywhere you need to output an attribute instance.
private static string AttributeToString(Attribute obj)
            Type attrType;
            StringBuilder sb_AttrParts;
            StringBuilder sb_Attributes = new StringBuilder();

            sb_AttrParts = new StringBuilder();
            attrType = obj.GetType();

            PropertyInfo[] props = attrType.GetProperties();


            bool first = true;
            foreach (PropertyInfo pi in props)
                    if (pi.Name == "TypeId")

                    object value = pi.GetValue(obj, null);

                    if (value == null)

                    if (!first)
                        first = false;


                    if (value != null)
                        if (value.GetType() == typeof(string))
                            sb_AttrParts.Append("\"" + value.ToString() + "\"");
                        else if (value.GetType() == typeof(bool))
                            if ((bool)value)
                catch { continue; }

            return sb_Attributes.ToString();

Monday, 20 August 2012

RIA: Get EntitySet DomainContext extension method

The default RIA class generates an EntitySet for each type in your ObjectContext.While doing some generics data operation in a generic control inheritance, it's difficult to know on which EntitySet of the DomainContext an action should be performed. In my case i only have one EntitySet for each Entity type so i created the following DomainContext extension.
    public static class DomainContextExtension
        /// <summary>
        /// DavidB : This provides a generic access to an entitySet of a given type.
        /// </summary>
        /// <typeparam name="T">An entity type</typeparam>
        public static EntitySet<T> GetEntitySet<T>(this DomainContext source) where T : Entity
            Type domainType = source.GetType();
            var properties = domainType.GetProperties();

            foreach (PropertyInfo pi in properties)
                if (!pi.PropertyType.Name.Contains("EntitySet"))

                var tArgs = pi.PropertyType.GetGenericArguments();

                if (tArgs.Count() > 0 && tArgs.FirstOrDefault() == typeof(T))
                    EntitySet<T> entitySet = (EntitySet<T>)pi.GetValue(source, null);

                    return entitySet;

            return null;

Tuesday, 14 August 2012

RIA: Load ComplexObject with async CTP

Async ctp is great but is not integrated with RIA services yet. Usualy we write a loadOperation from the domain context and then perform some task when the completed event is raised.  With the async ctp you can write the code as you would usualy do in a synchronous context allowing you to write code in a logical order.  

One very useful class I found and currently use is one created by Kyle McClellan, explained on his blog:

This extension static class is very simple to use and brings the async functionalities to load entities from your DomainContext. 

One feature it’s missing is the ability to load a non-persisted class that is not an entity. When you reference a complex type in a function, the RIA generated class for your client interface will inherit it to a ComplexObject. 

Using the same approach described above, I created a load wrapper extension method that will return the complex type from a query asynchronously.
 public static class DomainContextExtension
        public static Task<T> LoadComplexObjectAsync<T>(this DomainContext source, InvokeOperation<T> task) where T : ComplexObject
            TaskCompletionSource<T> taskCompletionSource = new TaskCompletionSource<T>();
            Action<InvokeOperation<T>> callback =
                cb =>
                    if (cb.HasError && !cb.IsErrorHandled)
                    else if (cb.IsCanceled)

            var op = ((InvokeOperation<T>)(source.InvokeOperation(task.OperationName, typeof(T), task.Parameters, true, callback, null)));

            return taskCompletionSource.Task;

Wednesday, 1 August 2012

Load assembly from file and enforce strong name verification

Loading an external assembly in your application context may represent an important security hazard. An assembly loaded from  Assembly.LoadFrom will not check for a strong name.

During the development process , you probably don't want everyone to have your SN key pair and it's a lot easier to delay sign your assembly.

Here is a way to check your public key token with an expected byte array representing a known public key token.

        public static bool CheckToken(string assembly, byte[] expectedToken)
            if (assembly == null)
                throw new ArgumentNullException("assembly");
            if (expectedToken == null)
                throw new ArgumentNullException("expectedToken");

                // Get the public key token of the given assembly
                Assembly asm = Assembly.LoadFrom(assembly);
                byte[] asmToken = asm.GetName().GetPublicKeyToken();

                // Compare it to the given token
                if (asmToken.Length != expectedToken.Length)
                    return false;

                for (int i = 0; i < asmToken.Length; i++)
                    if (asmToken[i] != expectedToken[i])
                        return false;

                return true;
            catch (System.IO.FileNotFoundException)
                // couldn't find the assembly
                return false;
            catch (BadImageFormatException)
                // the given file couldn't get through the loader
                return false;
This is fine but it will not allow you to check if you have a strong name signed, and you cant make sure you are not delay signed.

A solution would be to import external funcion from mscoree.dll that will make this check for you. This is a good approach to make sure you dont rely on the standard .net check that could be easily bypassed (

[DllImport("mscoree.dll", CharSet = CharSet.Unicode)]
static extern bool StrongNameSignatureVerificationEx(string wszFilePath, bool fForceVerification, ref bool pfWasVerification);

        public static bool CheckStrongName(string assembly)
            // check the signature first
            bool notForced = false;
            bool verified = StrongNameSignatureVerificationEx(assembly, false, ref notForced);

            byte[] your_key = null;

     //Check different key for debug / release ..
            #if DEBUG
            your_key = new byte[] { 0x11, 0x11, 0x11, 0x38, 0x12, 0x11, 0x61, 0xF4 };
            your_key = new byte[] { 0x11, 0x11, 0x11, 0x38, 0x12, 0x11, 0x61, 0xF4 };

            bool isSecureAsm = CheckToken(assembly, your_key);

            if (isSecureAsm  && verified && notForced)
                return true; //signed assembly
            else if (isSecureAsm && verified && !notForced)
                throw new InvalidOperationException("Delay signed assembly");
            else if (isSecureAsm && !verified)
                throw new InvalidOperationException("Assembly modified since signing");
                throw new InvalidOperationException("Not a valid assembly"); 
By setting the notForced parameter to false, you will check for a correct assembly no matter what has been set as a bypass.

Monday, 30 July 2012

Google search calculator

As you probably already know, you can search math formula into Google and let it compute for you.

Today i was doing some maths into Google and a calculator appeared.

Another great addition to the search functions is the conversion user control. It was possible to search for a sentence like "10 ft in meters" but you will now get a control displayed with from an to units.

Very nice features Google!