// Oprogramowanie Roman Ryltsov
It seems that everything is buggy nowadays. Some things – more buggy, some are less. I did not expect Microsoft Forums website to be so… so… of so improper quality. Especially compared to variety of popular forum software, free phpbb, google news etc.
MS WYSIWYG post editor can stand no criticism at all, it is one entire bug under FireFox browser. What I recently start getting is a view of the forum which seems to exclude weeks of recent data:
Version 2008 (9.0) of Microsoft Visual Studio .NET 2008 Service Pack 1 development environment brings new annoyances in. It seems to be still freezing and crashing on certain source code files, just as previous versions did and additionally there is a new trick in:
A termination of debugged application quite often ends up with a crash. Once crashed, IDE is still alive (thanks, really) but no debugging session will ever start again. A restart of IDE is required. Posted a crash report once again, hopefully someone is receiving them on MS side and takes to consideration.
Since ATL version 3, and actually it probably existed even since even earlier time, I have seen Microsoft Visual Studio (and its predecessor Visual C++) generating .RGS registration script with hardcoded CLSID value, ProgID values and other strings entered through IDE wizard. While it seems to work nice at the moment of generation, it still gives the problem to lose sync between identifiers if code is copied between projects or a different way. It might be an oversight originally, but was not it the obvious thing to do later to avoid possible typos of inaccurate user? Microsoft Visua Studio 2008 still generates the same code.
Previous versions of development environment offered attributed code option which in fact took care of this problem very well. Although there has been a lot of negative feedback written about C++ attributes, this was a kind of problem attributes left no chances to break: CLSID was specified once only in C++ COM class attribute and the rest of the deal was generated automatically, including IDL and registration sequence.
It is especially unclear why it was left this way because internal ATL classes already have all necessary capabilities to process wildcards. For example, default .RGS script contains an entry for COM class type library, HKCR\CLSID\{…} key, “TypeLib” value. Why would hardcode it if it can be specified through a replacement:
HKCR
{
NoRemove CLSID
{
ForceRemove %CLSID% = s '...'
{
'TypeLib' = s '%LIBID%'
And the replacement is so easily added overriding CAtlModule’s virtual AddCommonRGSReplacements:
class CFooModule :
public CAtlDllModuleT<CFooModule>
{
...
// CAtlModule
HRESULT AddCommonRGSReplacements(IRegistrarBase* pRegistrar) throw()
{
_ATLTRY
{
ATLENSURE_SUCCEEDED(__super::AddCommonRGSReplacements(pRegistrar));
ATLASSERT(!IsEqualGUID(m_libid, GUID_NULL));
ATLENSURE_SUCCEEDED(pRegistrar->AddReplacement(L"LIBID", StringFromIdentifier(m_libid)));
}
_ATLCATCH(Exception)
{
return Exception;
}
return S_OK;
}
I thought it would be implemented natively in ATL long ago, along with per-coclass replacements like %CLSID%.
This is how I like my registration script:
HKCR
{
%PROGID% = s '%DESCRIPTION%'
{
CLSID = s '%CLSID%'
}
%VIPROGID% = s '%DESCRIPTION%'
{
CLSID = s '%CLSID%'
CurVer = s '%PROGID%'
}
NoRemove CLSID
{
ForceRemove %CLSID% = s '%DESCRIPTION%'
{
ProgID = s '%PROGID%'
VersionIndependentProgID = s '%VIPROGID%'
ForceRemove 'Programmable'
InprocServer32 = s '%MODULE%'
{
val ThreadingModel = s 'Both'
}
TypeLib = s '%LIBID%'
}
}
}
Customer quotes about our product:
By the way, wanted to tell you. I work in the NVR industry, I’m a sales engineer for S* http://www.s*.com. I use your DVR for my 3 home cameras that I’ve recently put up due to some break ins lately in my community. I’ve worked with many commercial DVR/NVR systems in my years working in the surveillance industry, you product is awesome. Now that I have remote monitoring and sequencing configured it’s working great. Your support has been rock solid and quick to respond and your server/DVR software is rock solid, it runs 100% of the time. I’m a fan! Just wanted to say Thanks!
R*
An example to give an idea of how robust and reliable network cameras and video servers today are. Fl***h made video encoder hardware.
The request is http://***.***.***.***/cgi-bin/***.cgi?***, it informs on capabilities of the device.
...
SupportDigitalOutputCount=4
SupportDigitalIutputCount=4
...
Although I personally have no experience with tricky DirectShow filters that decide on possibility of connection not only looking at media type and other capabilities, there has been a number of cases mentioned that certain video decoders will only connect to renderers or video renderers in order to avoid interception of decoded data.
It was recently mentioned that one of such filters checked Misc Flags obtained through IAMFilterMiscFlags interface to make sure it is connected to renderer downstream. Before we proceed, let us make it clear that it is silly and can only protect from beginner, a complete newbie. At the very least it should have checked peer filter’s CLSID and compare against white list of stock video renderer: Video Renderer, Video Mixing Rendeder 7, Video Mixing Rendeder 9, Enhanced Video Renderer. A custom video renderer or even just a transformation filter with a renderer flag would be able to receive decoded data and make it available for any further processing.
What I am going to do is to take Sample Grabber Filter as a base and make a new filter from it which will only connect to renderer (it will check the flags as described above). Then another filter, which will also use Sample Grabber Filter base, will accurately fool the first one and connect to output of the first filter and will render video to complete the graph.
WinHttpCrackUrl and WinHttpCreateUrl API functions are breaking URL string into components and recompose back to string. There was a mess with passwords and security issues since when putting password into URL is no more acceptable. Experienced users might remember the times when URL could embed password, e.g. ftp://john:mysecretpassword@host.com/path. Password is lo longer accepted by major applications in a typed in string and no more allowed by updated RFC 3986 “Uniform Resource Identifier (URI): Generic Syntax”:
3.2.1. User Information
The userinfo subcomponent may consist of a user name and, optionally,
scheme-specific information about how to gain authorization to access
the resource. The user information, if present, is followed by a
commercial at-sign ("@") that delimits it from the host.
userinfo = *( unreserved / pct-encoded / sub-delims / ":" )
Use of the format "user:password" in the userinfo field is
deprecated. Applications should not render as clear text any data
after the first colon (":") character found within a userinfo
subcomponent unless the data after the colon is the empty string
(indicating no password).
What if we don’t have URLs typed in? But it still convenient to keep password as a part of URL? Luckily there is such thing as compatibility, so we can rely on WinHTTP subsystem to process passwords for us. The problem however is escapement. The most tricky is that it is not a bug, it is documented but is unintuitive. The cracking part would unescape all components if ICU_DECODE flag is provided. The composing part however will only escape (ICU_ESCAPE) the part to the right from port number (whether it is specified or expected to be)!
For example (see source code below):
g_ppszUrls[3] http://user:pa%40ss@site.com/path?name=value%20%2F%3A%40 .lpszScheme http .nScheme 1 .lpszHostName site.com .nPort 80 .lpszUserName user .lpszPassword pa@ss .lpszUrlPath /path .lpszExtraInfo ?name=value /:@ pszUrl http://user:pa@ss@site.com/path?name=value /:@ pszUrl (ICU_ESCAPE) http://user:pa@ss@site.com/path?name=value%20/:@