last updated:06 Aug 2003 14:35 UK time JOS Statistics - Recent Comments (Comments added for week ending Sun 18 May 2003) | View Other Weeks where did all the software jobs go? | Sun 18 May | Bagpuss Ive been unemployed for almost a whole year now. Pretty much after a few months I gave up on the usual job agency route of getting a job. It seems as there are only two private companies in the whole of London seemingly wanting to hire software developers. These two companies have a recruitment process that goes on year round! So I decided to apply direct for standard (I mean non-research) software development jobs at universities and local governments. Ive got nowhere. Local governments dont reply. From tens of university applications, Ive only got three interviews. At all of them not one real technical question has been asked. My first interview lasted only a matter of minutes. All they did was take my photograph, say they couldnt answer any questions about the project until the second interview and that I should leave then and there. I didnt get the job or a second interview there. At my next interview I was told they didnt see people as academically well qualified as myself (I got As at Advanced level when I was 18 years old - over a decade ago now) and that I could do all the work in 1 day. I didnt get that job either. At my third interview (at a former polytechnic/college that gained university status after a change in UK law) one of the interviewers was bordering on rude and made fun of me when I said I was reading technical books and writing software in the spare time I had. What is going on? Where did all the jobs go? When will they come back? Sun 18 May | S.C. | I heard that around 80% of jobs are not even advertised. That was in Toronto, I guess the figure is more or less the same in other countries. An applicant gets the job thru his people network. There are many people in the industry who are not even up to their job but hold a position (and sometimes get good pay). How good you did in school means almost nothing, esp, in a job market like this. Sun 18 May | Joel Spolsky | Here's one hypothesis... packaged software is getting better and better and so there's less of a market for custom software, which puts programmers out of work. For example packaged CRM and HR software as a category didn't even exist 5 years ago, big companies had to write their own, now it's readily available off-the-shelf. Hypothesis two: the trend of outsourcing to India is peaking. I personally don't think this will last, for reasons too complicated to go into here, but that puts pressure on software jobs outside India. Hypothesis three: spending for IT goes in waves. It's at the bottom of a cycle now, recovering from an orgy of Y2K and Internet spending which was perceived by Upper Management as being a waste of money. So now IT is starved for resources. Even a 5-15% reduction in IT budgets basically means a 100% reduction in new hires -- all the brunt of this downtrend is being borne by new hires and consulting firms. On the other hand I'm starting to see signs that this wave is turning around and there will be a burst of pent up demand in the next year or so. Sun 18 May | Bagpuss | I didn't bring up how well I did in school at the interview. The Human Resource woman did. The other interviewer said I could do all the work in 1 day. I got the impression they were saying I wasn't suitable for the job or they thought the job was really a bit low. I was miffed slightly because if they thought I wasn't suitable for the job they shouldn't have interviewed me. Sun 18 May | Matthew Lock | I agree with Joel's Hypothesis three. IT booms seem to be driven by innovations, followed by a bust. I wonder if it will just continue to peak and bust every 5 years or so? Longhorn | Sun 18 May | Dave B. >>The individual windows in Longhorn will be semi-translucent, making it possible to discern the contents of one window hidden behind another. From - http://story.news.yahoo.com/news?tmpl=story&u=/nm/20030518/tc_nm/column_pluggedin_dc_2 - If you have ever played the MMORPG Everquest you know that the windows can be set to a transparent state and when the mouse is moved over the window is becomes opaque. Does anyone like this? I sure dont. I think its annoying and turn it off all the time. Anyway, Longhorn looks like a cool operating system thats borrowed much from other places. (i.e. BEOS, Linux, even games). It also appears to be a monopolistic venture. How will Linux catch up to Palladium. Microsoft owns you. Sun 18 May | www.marktaw.com | It'll be interesting to see the adoption rates between the population at large, corporations, hackers, and programmers. Windows XP was controversial enough with it's 'must contact the mothership' thing, Longhorn will have DRM built right in. Sun 18 May | Not Telling | Baking DRM into the OS isnt going to be a big deal at all. It'll just mean that there will be a market for DRM protected media. Its not going to stop people ripping CDs, movies etc and distributing them in non-DRM formats. So unless MS is going to somehow lock out MP3 (and other formats) from Longhorn, I dont see anything to worry about. Sun 18 May | somebody | Translucent windows have been a feature in Windows since Windows 2000. And, sorry, but I'm not seeing any borrowed features from BeOS, Linux, or games. Could you elaborate please? Sun 18 May | Dave B. | I'm simply saying that I don't believe Longhorn is all original. Not everything has been designed from the 'ground up' so to speak. And the feature set that it's adding has possibly borrowed from ideas and concepts that have existed in other software. I mean you don't really believe that the guys at MS come up with everything original? You don't think they borrowed some ideas from say, the BeOS file system, and incorporated them into their own? Maybe they did, maybe they didn't. I wonder what it's like to work at MS... Their website shows some pretty nice looking campuses. Adding favorites URL to a web site | Sun 18 May | Snacky Is there a way to select a URL on IE and then add the link to the favorites but also update your favorites sites list on a Web Site Is there a freeware or an IE plug in which does publish newly added items to a web site ? Sun 18 May | www.marktaw.com | I use Blogger for this. Add a 'BlogThis!' link to your Links section and click it to add that page to you Blogger thingy. POLL : How Many Of You Guys Are Video Gamers | Sun 18 May | Snacky 1/ Do you play video games 2/ Do you work or have you worked in the video game industry -------------------------- Sun 18 May | Gwyn | 1. rarely (flight sim occasionally) 2. no Sun 18 May | tapiwa | I stopped really playing video games about five years ago. Not sure why, but I just lost interest. Nothing really exciting out there. Fancy graphics, awesome sound, but no real gameplay. I suppose I am waiting for the next SimCity (classic), or tetris. Something in their simplicity that was fun. Once in a while I play Age of Empires, but that's it. Even the Sims did not do it for me. Sun 18 May | B# | Does chess count? When I'm really stressed I'll play golf. Sun 18 May | Giorgio Pallocca | I'm a player (Baldur's Gate / Morrowind / NWN / Warcraft III) etc. Sun 18 May | Tom Vu | leisure suit larry Sun 18 May | GiorgioG | Age Of Mythology/Warcraft3 Sun 18 May | Dave B. | 1. Yes (Mostly MMORPGS, UO, Everquest, Wow and a few others like Baldurs Gate and Wolfenstein) 2. Nope ( But maybe someday ) Sun 18 May | Dimitri. | you mean like, kicking some allied ass in day of defeat? Of course. The important thing here is discipline. One hour, no more. Otherwise it is just a waste of time. Btw, can't wait to get my hands on GTA3:Vice City. Sun 18 May | Tj | 2) Yes, I worked there for a short while. 1) No, because what you normally do in life has interesting and tedious parts, like most games. And most games lack the ability to abstract away boring parts. For example, take sid meier's alpha centauri. There are really routine parts that you should be able to script away. But nope, 90% of the time you're clicking away to get to the interesting 10%. The prebuilt AIs are worthless. (Though smacktalking with friends in games like mariokart or virtua fighter 2 is great.) Plus, many interfaces are intentionally painful, like emacs without remappable keybindings, so a precondition to success is being good at some interface you can't change. Sun 18 May | X. J. Scott | 1. Interesting -- I don't have much interest in games either, unless I have taken a break from developing. I play a game about once a year or so on average -- last year, after about three years of no games, I got Riven and Exile and enjoyed them both at a leisurely pace. These are old cames of course, I tend to stay way behind the curve. Anyway, the thing about this is I think that development satisfies the same needs as gaming would, but the problem solving in development is more interesting and also when I am done with something I have really accomplished something rather than finished some game and feeling frazzled and worn and wondering where all the time went. So both activities require problem solving, but development is more satisfying overall. 2. I was going to say no but then I realized the answer is yes actually since I have designed gaming hardware and drivers. I just haven't designed games themselves. Sun 18 May | Tim Sullivan | 1) Not as much as I used to. I play some ShadowBane, and was a StarCraft JUNKIE for 2 solid years (on the phone with 2 friends for hours every night) I'm eagerly awaiting Duke Nukem Forever, though. 2) Not professionaly; some hobby experience. Sun 18 May | Dirk | 1) Not really 2) Yes Sounds strange, but i am more fascinated by the technology behind games than on the game play side. So I play games sometimes but I spent the last 8 years doing them for a living.... Sun 18 May | Alyosha` | No. No. Sun 18 May | sgf | Not since the arcade version of Space Invaders was hot stuff. Guess I'm ancient, huh? :) Sun 18 May | Edoc | 1. Not really. I don't have time for lengthy shoot 'em ups or mystery/mud stuff. While some of the games are fun, it adds up to a big chunck of time down the drain. If I do play a game, it's a simple arcade type that you can learn in 2 minutes and play during a 5 minute break. 2. Nope. Sun 18 May | Prakash S | was big on Need For Speed, lost interest in Games a few years back. Not yet to answer the second question. Sun 18 May | www.marktaw.com | 1) yes, but very few games interest me lately. I recently played Baldur's Gate (for the PS2) and Zone of Enders. Oh and The Two Towers game. Fun hack and slash games. I didn't like Max Payne much. My girlfriend and I like the Silent Hill series a lot. She's a bit of a Tomb Raider fan, but they got boring for her. I played the Metal Gear duo and enjoyed them. I'm gonna play The Matrix game next. I miss good adventure games... You know, like Zork and such. That was a good Genre that seems to only exist in either Military (Metal Gear, Syphon Filter) Ninja (Tenchu, etc.) and Horror (Silent Hill, Resident Evil). Sun 18 May | www.marktaw.com | 2) No, buy my buddy is the webmaster for Gotham Games. Sun 18 May | The Real PC | [the problem solving in development is more interesting and also when I am done with something I have really accomplished something] I feel the same way. For some reason I don't play any kind of games, video or not. I think of life as being a game, and I would rather spend my energy on that, because you can actually win something. No, I never developed games. Sun 18 May | www.marktaw.com | Sounds like James P Carse's book Finite and Infinite Games. Sun 18 May | Alex Moffat | 1. I used to play PC games but since I kicked the windows habit I've gone to playing PS2 games, and I'm enjoying it (and it saves money on video card upgrades:). I know, Sony ain't saints either. I find the PS2 nice as it's a break from sitting in front of the PC, which PC gaming isn't. I was never a big multiplayer fan so I don't miss that aspect. I'm just looking for quick, easy to get started with, and fun games. I'm really a really 'casual' gamer. 2. Never worked in the games industry. Few jobs for programmers, more jobs for content and level creation. Also, too many last minute crunches. Sun 18 May | LesC | (1) Does free cell count (?) (2) no Sun 18 May | Allagash | 1) Yes. My wife and I are playing through Zelda. She likes the 'chat with villagers' parts and I like the 'throw bombs at the big lizard' parts. 2) Yup, computer games. Surprising similar to my last job doing banking software, probably because everyone acts very professionally at both places. The big differences are games don't require much of an audit trail and phrases like 'this is similar to Conan the Barbarian's universe' don't tend to come up in meetings about banking software. Plus, programming games is much more interesting to me. Sun 18 May | Steve H | 1) Unreal Tournament 2003. I 'binge and purge', ie. I won't play at all for weeks at a time, then I'll play obsessively for a few days. It usually starts when I tell myself I need to take a break from coding and it ends when I realize how much time I've wasted! 2) no. Filtering Mechanism in Access 2000 | Sun 18 May | mark Hi Guys, Im wondering if someone can help me on this. I have an access database that has a text field named Description I want to do a vb module in access (or anything else) that would act like a filtering mechanism. Ok here is the problem.. A description field would have something like this PIPE, 6, Sch. XS, BE, SEAMLESS, ASME B36.10, Charpy per ASME B31.3, Section 323.3 at -45°C, NACE MR-01-75 Now I need to divide the output into 4 parts called Pipes, consumables, Valves and instruments (this might mean 5 tables, one for unsuccessful ones). For example, the above has Pipe, I need to be able to extract PIPE (as well as its accompanying fields in the record) and display it seperately from fields that would have terms like valves, instruments and consumables. But there is another problem, sometimes they do not appear as pipes, (yet must come under pipes) For example ELBOW, 2, 90°, LR, Sch.XXS, BW, ASME 16.9, Charpy per ASME B31.3, Section 323.3 at -45°C, NACE MR-01-75 Now elbow is a name of a pipe that must be grouped/categorised with pipes. Other terms come under Pipe, eg Flange, Bend, Reducer, TEE etc.. The same applies for Consumables that has a sub-term like gasket. Another dilemma that has been puzzling me, in valves you have some items called Valve instrument, now this must come under valves and not instrument. Help on this would be greatly greatly appreciated, thankyou in advance. Mark ps I can send the current access database to show how far Ive gotten with it. Sun 18 May | Albert D. Kallal | If your data text block is ALWAYS divided into 8 fields, then this is a reasonably workable problem. This is really a parsing problem. You would first break out the text block into 8 separate fields. That is a easy 5 minute job. (every programmer I know has some “delimiter” routines to pluck out the “n” value from a delimited list). If by some strange event you as a developer don’t have some delimiter code hanging around, then you can use the built in vb split command if you want also. (access 97 does not have that, but access 2000 and beyond does). However, if the “,” that separates the data is not organized, then your problem is GIGO The above problem here is the oldest term in our industry: GIGO GIGO is a term used when one person in a company calls a pipe a pipe, and another person calls a pipe a thing a ma do. You are wasting everyone’s time until a common language, and a common definition of what means what is defined here. A ugly block of text in a field does not represent any kind of organized data processing at all. By the way, that term GIGO was invented at least 40 years ago in our industry: GIGO is a term for Garbage In = Garbage Out. If you have not control on how that “text” block is being created, then you need to get control over that. Of course, as mentioned, if the 8 fields (separated by a comma) is consistent, then I don’t see the much of the problem here. If the data is consistant, then you can spend some time massaging the data into something more worth while. A few hours later, your data will be normalized. Often, when one tries to computerize a process in a company, if that process is not defined at all well, then the result of computerizing the process is not at all going to be well at all either. If you cannot ensure a consistent naming convention for that ugly block of text, and further you can’t assume the number of fields separated by “,” (comma), then I am at a complete loss here. You can, and should certainly create a table of synonyms , so that you can break out this data into a proper normalized data table. So, perhaps creating a simple table of categories so that Name Category ELBOW Pipe Pipe Pipe Flange Pipe So, you certainly can build a above table to “translate” what those names are “supposed” to be, but human will have to do that. With the above type table, it then it is easy to start normalizing your data. And, with normalized data, you defiantly should NOT have 5 different tables, but one table, and a extra field that tells you if it is a valve, consumable or a instrument. You might want to stop all code and data design here, and sit down before you start working in ms-access. I would read a few articles on data normalizing. Here is are few: ACC2000: Understanding Relational Database Design' Document Available in Download Center http://support.microsoft.com/default.aspx?scid=kb;EN-US;234208 ACC2000: Database Normalization Basics http://support.microsoft.com/default.aspx?scid=kb;en-us;209534 There are also a ton of ms-access newsgroups out there, and for most questions on ms-access, you will find those groups your best bet. And don't forget : www.mvps.org/access The above has a ton of useful code examples. Albert D. Kallal (Microsoft MVP [ms-access]) Edmonton, Alberta Canada kallal@msn.com http://www.attcanada.net/~kallal.msn Sun 18 May | Pained | No offense Mark, but isn't this the Excel to Access conversion that folks helped you with a few threads earlier. In fact I believe some of them actually gave you a working program for conversion. Now I'm not trying to be rude here, but How in the hell did you get a job where you don't know what you're doing? I mean WTF? Some folks on this board don't even have jobs and you come to us with data normalization questions and how to do this and that? The fact is your problems are somewhat simplistic and even a recent college graduate should be able to figure it out. I'm not so sure I could swallow helping you for free. How does $150/hr sound? Sun 18 May | mark | To Pained, No offence taken. I think I've asked this question out of despair. Just been under alot of pressure. I'm experimenting with queries at the moment. My position isnt actually db developer its web designer, as they db guy has left and there trying to find a replacement. Although i do have a basic access skills. And I'm reading up in my spare time on databases, as much as I can. And I'm currently on probabation, so they pay me peanuts. I might as well be working for free, it's just the experience I'm after. Sun 18 May | mark | And honestly, if you do not want to help, then I wont be offended, it's a forum. Its a choice one makes to help one another or not, without neccesarily having to understand the circumstances behind the question. It is not like I'm asking for my work to be done, trust me, what I'm asking is a small part of my work. Sun 18 May | mark | Dear Albert Thank you very much for your detailed help. Its just when i was given this project I assumed I can start from scratch, but its importation process that has thrown me off course, and its only now that I'm gathering pace. I do undersrtand the basics of the normalisation process, and I'm working on it now. Also, I've decided I'll use append queries, and run them via asp. Sun 18 May | Stephen Jones | Dear Mark, Pained is evidently annoyed over something. I looked at your spreadsheet and the data was in a mess that stopped it from being converted easily. You're really in a mess here because you have been given a messy rewrite job when you would have enough on your plate designing something outside your real field of experience from scratch. As Albert says, what you need to do now is to sit down and design the database as if you didn't actually have any data there at all. When you are sure of the basic design, then you can go around moving the data into the correct place in the tables. One thing you ought to do is to stop thinking about an automated solution and start thinkiing about what the data really means. When you have decided that you will probably find that you can do the job piecemeal. Sun 18 May | mark | Dear Stephen, You do have a valid point. Its very frustrating, I know the objectives of what i have to do. But its not like i was given something to start from scratch, hence the need i sought for automated solutions to actually bring the data into the right place so i can fulfil my objectives. It's all too unprecedented. But I'll spend the day doing just that. Thankyou for your kind response Regards Mark Sun 18 May | Dave B. | Hi Mark, Wow, what a mess eh? Well take comfort in the fact that this sort of thing happens in IT departments all over the world. Anyway. If I were you, I would start from scratch. Take a couple printouts of the spreadsheets and identify the entities or objects that you find. For example, when I look at your spreadsheet I see the following entities: 1. A Project 2. A List of parts used to build the project 3. A Description and Specification of each part Now for each of those entities you need to ask a question? How is each entity related? (If at all) For example a project contains a list of parts. Can it contain more than one lists of parts? Looking at your spreadsheet I see 'Fabrication Materials' and 'Erection Materials'. If both of these are lists of parts then you could say that a project contains two lists of parts, one list contains the Fabrication materials and the other list contains the Erection materials. Now what is the difference between Fabrication and Erection materials? Fabrication materials are the individual parts that are assembled and held or 'glued' together by the Erection materials. (For all I know :-) Sooooooo... What can we gather from all this mumbo jumbo? We have to make precise statements about the nature of each entity we just defined. 1 Project can contain 1 or more Parts Lists 1 Parts List can contain many different Parts 1 Part can be classified according to its category Just remember keep asking questions. 'If I could ask Project Number 1 how many Parts Lists it contains it would tell me that it can contain zero, one or many different parts lists.' In doing so you establish relationships among the entities. The entities become tables in your database and the questions answer the type of relationship they share. As for parsing the description you could use the 'split' function and split the string on the ',' or you could simply write a little parsing routine that accumulates the letters of the current string until it hits the comma. Hope this all helps you and I sympathize with you as to what you are trying to do. Sun 18 May | David Roper | Mark, You appear to be in a real dilemma and not getting much support. If I read your situation correctly, the basic problem you seem to have is that you need first to create a sensible database structure with which to work, which you don't have experience in doing, and then to load it from an existing database. Depending upon the consistency with which items have been described in your existing database, the latter may be very difficult to do. The former, however, is a very well researched area. To start with take a look at ISO 15926. This is part of the ISO STEP (standard for the exchange of product data) series and is a complete data model and reference data set for describing all forms of process equipment. If you google for it you'll find quite a lot of detail. It may not solve you problem, but even if you only spend a morning getting an overview you'll probably end up with a clearer picture of how to describe equipment and components. David Hardware book? | Sat 17 May | Wrong end of the screwdriver After 7 years of producing increasingly useful software that runs on PCs, the fact that I dont have a clue about the parts, functions, circuitry, etc of these machines is becoming a liability for me. My mother knows as much about this stuff as I do. But I can read. Looking at Amazon, an OReilly book, _PC Hardware in a Nutshell_ seems like a good start. Any other suggestions? I do not want to become an expert, just gain a little vocabulary and hardware common sense. What books fit my situation? Sun 18 May | Stephen Jones | It might sound like overkill, but Scott Mueller's 'Upgrading and Repairing PCs' is in a league of its own. The amazon linik is http://www.amazon.com/exec/obidos/ASIN/0789727455/qid=1053232296/sr=2-1/ref=sr_2_1/002-5732513-0201657 It's the only book that sets out to explain the 'why', and I actually use it for bedtime reading. Also they give all the earlier editions on CD. When the guy starts explaining how you burn the EPROM chip in order to make your Camaro go faster then you have to pay attention! The 14th edition has just come out. Go to the books web site http://www.upgradingandrepairingpcs.com There are video previws and plenty of other stuff to convince you. Now an interesting little piece of trivia comes in here. The first thirteen editions of the book were called 'Upgrading and Repairing PC's' note the apostrophe. However for the 14th Edition it appears Pearson has updated its style book (mistakenly in my opinion) and the title now is 'Upgrading and Repairing PCs' without the apostrophe. The result is that if you type 'Pc's' in the Amazon search the latest edition you get is the 13th edition, and you will quite possibly find it is out of print. And type in 'Scott Mueller + PC' in the singular in the Amazon search box and you don't get any entries at all. I suspect that Pearson and Scott Mueller will lose sales because of this, and it is a very clear example of how even the smallest detail can have a disproportionate effect. Sun 18 May | Lydbury | Mistakenly, as in you believe we should be writing CD's? Sun 18 May | Stephen Jones | Correct. PC's, CD's, and the roaring 20's. Unfortunately the tide has gone out on this one and left me somewhat stranded. Sun 18 May | Stephen Jones | Actually I've just checked my copy of the book and it appears that Pearson and Que always used the form PCs without the apostrophe. So the apostrophe must have slipped in to the Amazon site unobtrusively! Time to go with the flow and ditch the apostrophe, I suppose. 'Farewell black spot, thou had'st served me well!' Sun 18 May | Gwyn | Interesting. Are you sure about that use of the apostrophe? Usually when you pluralise something you simply add an 's'. no apostrophe. I've often wondered if I am correct as a lot of people seem to do as you suggest. Sun 18 May | A writer | (Regarding the apostrophe usage, not the original topic...) From - The Columbia Guide to Standard American English (1993) http://www.bartleby.com/68/50/4650.html PLURALS OF LETTERS AND NUMBERS [and abbreviations and acronyms]: usually add -s: [for example] two Xs, Ph.D.s, MIAs, 1990s, the ’20s. Use an apostrophe only when you need it to prevent confusion: [for example] Mississippi has four i’s. He got A’s in both courses. Sun 18 May | Stephen Jones | I'm old fashioned. To quote 'A University Grammar of English' by Quirk and Greenbaum Section 4.36 b) ' Nouns of unusual form sometimes pluralize in 's: letter names: 'dot your i's' numerals: ' in the 1890's (or, increasingly, 1890s) abbreviations: two MP's (or, increasingly, MP's) The rub lies in that 'increasingly' because the grammar was written in 1973, and 'increasingly' seems to have become 'almost universally'. I suppose with the problems that can happen with internet searches if I use the minority form, I will have to change over. It does show that Amazon search is defective however, because, although there might be few people like me left that spell it the old way, there are a load of young people who use the apostrophe out of ignorance instead of conservatism. Sun 18 May | Anonymous Coward | Mueller is good but not 'in a league of his own'. 'The Complete PC Upgrade and Maintenance Guide: (With CD-ROM)' by Mark Minasi is as good. http://www.amazon.com/exec/obidos/tg/detail/-/0782140750/qid=1053279074/sr=1-11/ref=sr_1_11/002-8030492-5469609?v=glance&s=books Sun 18 May | Stephen Jones | I've got Minasi's book on Windows 2000 Professional. Yes it's good; very good. So I suspect the hardware book will be too. A way to bypass the user/password dialog in IE? | Sat 17 May | Dario Vasconcelos In order to integrate an existing application into a new one, Im thinking I could display the old one inside an iFrame in the new applications page. My only problem is that the existing application uses HTTP Basic Authentication (you know, the kind that opens a user/password dialog). That is, i need to do single sign-on to the old app. Ive done several tests building an authentication proxy in Java but I was wondering if any of you guys know of a way to bypass the browsers login dialog by programatically sending it the users credentials. I guess an ActiveX could do the trick (I have to worry only about IE). Would it be too hard to write? Sun 18 May | Chris Blaise | Do you mean specifying the URL like: http://user:pass@site.com ? Sun 18 May | tapiwa | maybe I am missing the point, but why not just remove the HTTP authentication. On apache, it is normally just a question of deleting one or two files (.htaccess and .htpassword). Remove that, and replace with whatever authenticatin you use in the 'parent' app. How was the "Paper Prototyping" book selected? | Sat 17 May | Mitch & Murray (from downtown) I am old enough to know that things do not happen for no reason. Attention Mister Joel: How did you run across the Paper Prototyping book? Did a PR outfit drop you a freebie copy? Did you find the book yourself, buried in the stacks at the local B&N? Something else? Simple questions, but fair ones I think. Sat 17 May | somebody | Maybe he saw the review on http://www.useit.com ? Sun 18 May | | I'm not too young to not yet remember when there wasn't a time that didn't not indicate that we don't want what we didn't know we couldn't have. Sun 18 May | Simon Lucy | Ummm that overflowed my negative modifier stack. Sun 18 May | UI Designer | Jacob Nielson highly recommended it in a recent Alertbox newsletter (but he also wrote the Foreward - big surprise) However, it is indeed well written. I bought a copy a couple of weeks ago and have liked it so far. Sun 18 May | | foreword? Sun 18 May | Clutch Cargo | Good Lord. Who cares how the book was found? If a PR frim sent a copy does that make it a bad book somehow? Working for a non-software company | Sat 17 May | sooner Ive only worked in small (< 100 ppl) companies & startups. Software companies all of them. Ive been offered a job by a fortune 500 company, but their business isnt software. Ive heard horrible things about beauracracy and being treated like a step child because you werent part of the profit center. Anybody have experience working for big non-software companies? Good, bad, or indifferent welcome. Sat 17 May | GiorgioG | Hope you like lots and lots and lots of process. Had to talk to 5 people (and took a week to get done) to get an ODBC connection set up on a development server at a fortune 500 company - a client of ours. Then again, you'll have plenty of time to do just about anything. So take the good with the bad I guess. Sun 18 May | Tom Vu | If you're contracting then working for a fortune 500 non-software company is a dream come true. It's not days that go by without doing anything; it's not weeks; it's months. The work is always trivial. Bueracracy and politcs (and irrationality) are also the norm. These large companies exist on inertia. They employ people that want 'stable' environments. IMO, it is everything a contractor would want and everything a smart programmer would not want. Although, if you are doing some kind of networking/router/firewall administration then a large evironment would be good. Sun 18 May | sooner | This is an FTE job. I'm afraid that they will bring in contractors to do any 'real' work. Sun 18 May | Tom Vu | This is an FTE job. I'm afraid that they will bring in contractors to do any 'real' work. Yes, they will. In-house programmers do nothing but maintenance (if that). You will become labeled as someone that can only do xyz. It's all CYA; managers and inhouse people do not want to be responsible for anything. Try an experiment... take the job and hardly ever show up; see how long you stay there for. Sun 18 May | Philo | 'IMO, it is everything a contractor would want and everything a smart programmer would not want. ' HEY! The two are not mutually exclusive, buddy! [grin] Philo Sun 18 May | Tom Vu | HEY! The two are not mutually exclusive, buddy! [grin] I was implying that a contractor (because he is hourly) would want bureaucracy. On the other hand, a smart employee would hate a slow moving bureaucratic environment...eventually quit and become a contractor. Sun 18 May | Bagpuss | I worked in an IT department of an established company for just over a year. Not only did they not know what they wanted done but they didn't know what technology/programming languages to use. A double whammy. One team ended up using over the top technologies and taking over 6 months to write software that couldn't even do what Oracle's SQLPlus provides as built-in functionality. It was scary to watch. Sun 18 May | Himanshu Nath | I agree with all the above. There are plenty of horror stories. Like taking 6 months to come up with requirements for a project that could be written, tested, and deployed in one month. However... at least one non-software company seems to 'get it' and are doing interesting things with real-time OLAP--Walmart. My 2 cents. Sun 18 May | anonQAguy | My observations, based on experience, both as employee and contractor, pretty much echo what you've heard here. Plus, there have been threads on this at JoS already, but might be hard to find them. One observation another poster made in one of those previous threads which I thought was quite 'on point', was that you're likely to find yourself as a bastard step-child whenever you're not engaged in an activity the organization considers 'core'. Then, there are examples, such as what one poster cited in this thread, of big, non-IT organizations that nevertheless realize the value IT brings to their bottom line and does in fact consider it to be effectively 'core', or close to it. Apparently life is better in those, though I've never worked in that particular environment. Another observation I particularly agree with is the one made regarding the desire for stability over other things--that does seem to be the culture at such big, non-IT companies. Also, it's next to impossible to improve things at such a company -- the entrenched attitudes and inertia of the staff, along with the turf battles among the VPs, plus the accountant/business school mindset of the executive level management generally gets in the way of any real, meaningful improvements. Unless, of course, you just happen to find a VP or higher level executive who just 'gets it' regarding how organizations ought to operate, especially with respect to IT related issues. Then, you might be ok. In today's job market though, if you need the job, go ahead with it, just don't have any grandiose expectations. My recommendation would be to do the best you reasonably can in the situation, choose your battles carefully, don't expend too much personal political capital -- it's too easy for them to dump you if you make any waves, no matter how objectively correct your positions might be. Be prepared to do what most other folks in such situations do -- we used to call it 'so your 8 and skate', meaning come in, do your 8 hours and skate out at the end of the day. Use the relatively slow pace of things in personal study and improvement until circumstances improve and you can move on to more challenging things. Of course, once you get into it, you might find you like the slower pace of life, the stability, etc. There's a lot to be said for work not taking over your life, getting home at reasonable hours, being able to spend time with your family, whatever. OK, so maybe you're only doing maintenance on something, maybe a system you're working on takes several times as long as it should to get done because of office politics. Enjoy the opportunity to collect a paycheck with less stress than you would otherwise have. Do some freelance work on the side perhaps. Good luck with it, Does anyone know how to access printer defaults? | Sat 17 May | JWA Hi All, Ive been having a really hard time with this and I thought Id see if anyone here is familiar with this. Im working on an app that prints forms to a roll-fed printer. I need to be able to set the page length programmatically, but I cannot access it no matter what I try. The app is in .NET, but Ive also been trying through VB6. In .NET, enumerating through the printer sizes it shows the various widths supported by the printer with the height set to the current setting in the Printer Preferences. (This can be set in the print driver manually with no problems; Im just trying to access this setting to automate it.) For each size, the .Kind returns Custom, but when trying to set the .Height, it returns an error saying that the height can only be changed on sizes with a kind of Custom. Ive been through numerous Google searches but only found others with the same issue and no answers. On MSDN they have two code samples that should work for this, but neither actually works. When printing from them they send the print but the page height is unaffected. I assume that Ill have to programmatically access that page height setting from within the drivers preferences and basically change the default setting before printing. For this application that would be fine. Ive determined that I apparently need to work with the DEVMODE in the driver. I have documentation of the structure, but no documentation of how to actually use this in .NET or VB6 to access the property and change it. Does anyone here have any experience with this? Id appreciate any tips, pointers, etc. Are there any components that might allow me to do this? A managed .NET wrapper would be perfect, but I cant find one. This is driving me crazy. Thanks, --Josh Sun 18 May | ZiggaDigga | Man this sounds familiar, basically what I struggled with last week. We finally decided to set up a custom form since the printers that were printing the labels would only be using that form size and went with that. In VB 6 you SHOULD be able to just use Printer.Height = , but of course that doesn't seem to work right depending on the print driver. I really don't think Microsoft is to blame for this, but the print driver writers, since it seems that some print drivers work well with this and some don't... Sun 18 May | JWA | Hi ZiggaDigga, Would you mind sharing the method you used to add the custom form that actually worked? I've tried a number of ways, but I can't seem to get that to work either. Regards, Josh Sun 18 May | ZiggaDigga | What I did was go to to the printers folder on the workstation or server. Click File > Server Properties It shoud open up to the Forms tab. Just click the Create new form box, setup the size and margins, give it a name and save it. After that you will need to set the printer up to use the new form. Note, that some printer drivers do not play well custom form sizes, so this may not work for you. Luckily I was working on a little one off custom deal for a long time client, so they can deal with quirkiness... A positive experience | Sat 17 May | The Real PC I would like to describe a positive experience I had at work recently. I was asked to make a web portal demo, which my manager wanted to show the non-IT managers of the organization. I didnt know anything about web portals so it wasnt that easy. Last week he showed it to them and he told me they all liked it. Soon after that an office worker, who had been at the meeting where the demo was shown, told me she really liked my program. I realized my manager had actually given me credit and mentioned my name at the meeting! In previous IT jobs I seldom or never felt anything I did was appreciated. It makes me feel great, and I wonder if other companies do this. Sat 17 May | Philo | Congrats, PC! Sounds like it's ended up being a pretty good week. :-) Philo Sun 18 May | John C. Hillyer II | This is my first visit to briefly comment about what I've experienced in business software development, as an architect and coder. I've not experienced this scenario precisely, but it is representative of most of what the coder will experience in their peasant employment: Q '[traded that leisure day to work] [boss], this meets 14 out of 10 of your requirements, was completed in 60% of budget, and is 2x as sharp as anything ever done, like it?' A 'Yes, it's great, now when do you think R, S, and T can be done (, and expect a functional demo a week before your deadline.)' User Selectected Interface | Sat 17 May | Joe Nieters One of the things I have noticed while supporting end users is that there seems to be a few (perhaps many) different user types regarding desktop layout preferences. For instance, some users tend to keep their desktop simple, plain and organize program objects into deeper menu structures. Another group of users may choose bright colors, a variety of fonts and will place a thousand program icons directly on the desktop. At first I thought that there was no particular pattern or predictability to the preferences. Now I am beginning to sense that these groups are predictable and can be identified and categorized. This leads me to think that it might make sense to consider designing user interfaces that can be selected at runtime to match the preferences of the user type and that go beyond font and color selection to include menu organization, prompt text content, the ratio of graphics to text, etc. Perhaps an application should ask a few questions of the user and then adjust its interface to match the users type? Sat 17 May | Joe Nieters | My 'ect' key must have bounced! Sat 17 May | Mike Swieton | I always liked customizable user interfaces, myself. However, I am not sure about the approach of 'asking questions and ajusting to the user'. I don't want software to adjust to me: if you have N different skins, I want to look at them all and just pick one myself. Maybe I just fall into a particular 'user type', but I'd rather see what tunables are available and manipulate them directly. Or at least be able to. I disagree with the school of thought that 'the program knows best'. It may, but it also may not, and I want to be able to override any decision it makes on my behalf. Sat 17 May | Joe Nieters | Perhaps a configuration wizard that lets the user select from a variety of options for each of the customizable program sections? Sat 17 May | B# | I deeply resent when software Reacts to me. I don't want menu items to hide\show based on experience. If I want them turned off, I'll turn 'em off, thank you. I also become frustrated when there are things I can't control... Shoot for (not at ) the green-horn but allow the geek to do what he wants. Damn users! Sat 17 May | Joe Nieters | I am not so much interested in turning features on or off but more with arrangement and presentation. Sat 17 May | S. Tanna | Writing the documentation could be fun :-) 'Click the X option on the File menu (or it might be on the Edit or View menu on your system, or perhaps not a menu, but be visible as a glowing green goblin icon) Sun 18 May | . | I think that's a great idea, but it all hinges on being able to assess preferences reasonably well. Asymetrix Toolbook... | Sat 17 May | Somebody loved it... was a great environment for teaching programmers beginners and designers. Its good enough for all kinds of Hypercard/Flash/Director types of apps. Sun 18 May | Karel | cut my teeth on that one too... Wrote like a pseudo gis scenario builder in it (v1.5) User would modify land uses (forestry, agriculture, indsutrial,...) graphically, then run engine and look at the impact spatially (quality, amount of run-off) Would not have dreamt of using vb for the task at the time Still pop into the toolbook list just to see how it goes. Amazing how many of the orig dev ended up at MS!!! Matrix Reloaded - only read after you see it | Sat 17 May | Nat Ersoz I loved it. At first I was getting ready for dissappoitment... Too many special effects and trying to make lovers out of Neo and Trinity. I get the poit, but Neo/Trinity are better in black, not naked and intimate. But just after the Club Zion scene (and I get the point which was trying to be made, people are passionate, rash, emotional, ... - revel in it - but it was too contrived, IMO) , the whole thing takes off. I loved the French speaking you come to me without why schtick. And meeting the architect - it was like 2001 in reverse. You could almost hear tick tock in the background. Very elegant arguments for predetermination based on physical effects and rebuttals. Constant conspiracy theories bubble up - who is playing whom? A complete mind wrap. It moved so fast toward the end, I wasnt even sure which door he chose. Gonner have to see it again. That was too cool. We only do what we are meant to do. Ho-my.... Sat 17 May | Alyosha` | I saw it today. I thought it started out pretty horribly. The dream sequence at the beginning of the movie, ripped from context, seemed pretty pointless. There was a Jar-Jar added to it, in the form of Neo's flunky. In fact the dialog at the beginning of the movie was just crap, and the fight scenes -- well, we've seen the special effects before, so now it's getting a bit boring and repetative. Really, they could have cut the first twenty minutes of the movie, with no real loss. But you're right, right after the club zion / temple scene (probably ripped from the movie Blade, somehow), things began to pick up ... the movie got back into deep philosophical territory, toying around with free will / determinism, and they actually managed to come up with a decent plot, for a sequel. At the end of the first movie, I thought it was all a wrap, Neo would just continue to kick butt, but actually it's a bit more complicated than that. Keanu Reeves as superman is sort of lame, tho. The keymaker, on the other hand, rocked. The whole doors thing was a great invention that wasn't in the first movie. I liked the Trinity / Neo as lovers thing, if only for the fact that Hollywood considers a relationship consummated when the guy finally gets the girl, it's nice to see what happens six months down the road. It was a bit sappy in its whole, 'I'd rather destroy all of humanity than lose you' message, but oh well. The bathroom scene was pretty funny. Sat 17 May | Eric Debois | I liked it. If i understood the last minutes correctly, Neo is a thrown exception, caught for the sixth time in that room with the architect. Or am I reading to much into it? Sat 17 May | Herbert Sitz | Eric -- That sounds good to me! The big thing that's bugging me is the role of the Oracle, who it now seems may be operating for the machines in tandem with the architect. Is the Oracle, now understood, simply part of the exception handling system designed to make sure Neo is caught and handled properly? It seems as though all of the rule-breakers naturally come to her and she's in a perfect position to route the mature ones to the Architect. Thus, the profundity of the Merovingian's, 'You don't know the Why.' Neo and Morpheus think it's to get the key to the source mainframe so they can destroy the machines, but really it's to get the key to the source mainframe so Neo can be used to reboot the whole system for another go-round. Also, what of the Oracle's 'intuition'? Since the Oracle is really a program I don't see how her intuition could be the same as human intuition. She's still bound by rules. (Okay, maybe human intuition is, too, in the real world; but I don't think it's supposed to be thought of that way within the movie-world of the Matrix.) So aren't her predictions only 'usually' correct -- or only 'almost always' correct? I think the Oracle may just be amazingly good at predicting the future, so that she convinces humans that she actually knows it. But I doubt whether she can fully account for human choice. So the machines' exception handling system may be foiled by human free will. If so, then one big theme in the final part with be a total mindshift for Morpheus, who will have to abandon his firm belief that everything is predetermined. Humans have true freedom of will -- a freedom that is incompatible with predetermination and beyond the predictive power of machines. And they will somehow use this to defeat the machines. I was disappointed by some parts of the film, namely the human party scene, the overdone and repetitive martial arts scenes (and why is Neo now not as powerful against the agents as he was at the end of the Matrix 1, at the same time as Morpheus and Trinity more powerful against them?), and the long drawn out car chase scene. The highway chase scene, especially, is somewhat generic and could almost be part of any other big special-effects action picture. There's enough else in the move that's humanly interesting and intellectually interesting that I think the movie would've been better if they skipped some of the big-scale special effects stuff. Though I guess maybe that stuff will appeal to a big part of the move-going population, judging by the popularity of other big special-effects movies that don't have the redeeming qualities of the Matrix. Sat 17 May | Herbert Sitz | Another interesting question: Will some of the human free-will that helps them defeat the machines in Matrix 3 end up coming from Mr. Smith himself? Sat 17 May | Anonymous Coward | Why was neo able to stop the sentinels coming at him. Is it because Everything is a simulation? Sat 17 May | Herbert Sitz | Hehe. Either that or Neo has become another Luke Skywalker: 'May the Force be with you!' Sat 17 May | GiorgioG | The Matrix is running itself in a VMWare in a recursive fashion. =) Sat 17 May | www.marktaw.com | I enjoyed the matrix, but the plot was too full of holes for me. None of the characters changed much from the beginning to the end. None of them faced heavy decisions 'your choices are already made.' They basically ran around doing what they were told to do. The main obstacles they faced? Fighting people. Sat 17 May | Ken Klose | Too many scenes just seemed to drag on longer than they should. Trinity falling out the window, Club Zion, the highway chase, Neo fighting Agent Smiths, the conversation with the Architect. Each could have been cut in half time-wise, retained the same plot content, and made the movie flow much better. I think since the first Matrix was such a success, the studio gave the Wachowski's a little too much creative freedom and they ran amok. It coulda been a GREAT movie, as it was it good. Can't wait to see the next one though. Is the real world a simulation, or does Neo's powers extend into the real world? What's Agent Smith going to do now that HE's in the real world? Sat 17 May | www.marktaw.com | Well, so far all we know is Neo had some sort of power over the machines in the real world. If the Machines are run by the same construct that runs The Matrix, then whatever power that allows him to control things in The Matrix may allow him to control the Machines. I don't think those scenes were too long... I think they were too pointless. They added what they had to the plot and then continued on. Did anyone else get the feeling around 2/3 of the way into the movie that they were summarizing and getting ready to end it? I had that feeling over and over again. When Morpheus was giving his speech, didn't it feel like they were doing flash-fowards to the next movie? Sat 17 May | Alyosha` | Re: Neo destroying the sentinels in 'real life'. Neo got lucky. It was the other ship that EMP'd the other sentinels at the precise second Neo was doing his handwavy magic. His coma is probably due to an electric shock discharged from the sentinel as it was shorting out. The other idea is cooler, though ... the 'real world' is itself a matrix simulation. Perhaps the next movie they'll 'wake up' out of real life and find themselves in another matrix simulation. Maybe it's matrixes all the way up. Sun 18 May | www.marktaw.com | Why not... The Architect said they had to have a choice... He didn't say that the choice itself couldn't be a lie. Sun 18 May | jcm | Regarding the 'why' of the frenchman: In rural french-speaking canada, 50 years ago, they were used to say that 'why' was the question of the devil. I found the merovingian a very credible 'satan'. Sun 18 May | www.marktaw.com | While I enjoyed the ramblings of the Frenchman and his wife, their little domestic squabble, his blaseness bugged me. The blase attitude of a lot of people in the movie bugged me. What was his reason for not giving up the Keymaker? If a character doesn't have a reason they're willing to fight for, the plot comes to a standstill... I don't believe his reason was that strong. Sun 18 May | Brad Wilson (dotnetguy.techieswithcats.com) | Well, one could argue that the Frenchman didn't want to give up the keymaket, because he knew that would mean Neo would get to see The Architect, which means the system would be rebooted. I'm guessing he worked pretty hard to get where he was, and didn't want to see it erased in a three finger salute. :-p Sun 18 May | www.marktaw.com | One could argue that sure... but... should we really be faced with having to figure out what a minor character's motives are for a scene that lasts a half hour? Remember, the lobby fight scene and highway chase scene are a direct result of this conflict. The Frenchman / Keymaker usher in the final conflict with the Architect. Basically, everything between the Maitre D' bringing them to the table and Morpheus' speech are the domain of the Frenchman. I wrote a little essay about the movie on my personal site. http://www.marktaw.com/reviews/TheMatrixReloaded.html Sun 18 May | Jim Rankin | '(and why is Neo now not as powerful against the agents as he was at the end of the Matrix 1, at the same time as Morpheus and Trinity more powerful against them?)' When Neo first fights Agents in Reloaded, after the first couple blows he says 'Upgrades'. Not sure that Morpheus and Trinity are more powerful. Specific example? Sun 18 May | Jim Rankin | There are at least two things that lend themselves to the idea that the main characters are still in the (or a) Matrix at the end of the movie: 1) Neo stops the machines; 2) Smith has 'possessed' the guy who sabotages the human attack on the machines (does it really make sense that Smith could upload his program into human neurons)? In any case, I believe the answer to the most important question is: why do the machines REALLY need the humans? For as much thought as the Wachowskis put into these movies, surely they didn't really think that the human battery thing would get past their intended geeky audience as being a viable explanation for the matrix. So assuming that's the case, the answer to why the matrix exists should unravel the other mysteries as well. Sun 18 May | anonQAguy | 'throwing an exception' -- nice way to put it, but I don't think it's quite what's going on. They said the original matrices were perfect, but the human mind couldn't accept the idea of a perfect life, so the architect had to make it deliberately imperfect, and give them at least an illusion of choice, else the human mind would not survive. Personally, I don't ascribe to any religious belief structure, though I've had more than a little 'religious schooling', thanks to various flavors of religious private schools in the USA years ago, where academic classes on religion were required course work. That said, this whole idea of having to provide some choice to the human mind smacks totally to me of the stories about the tree of knowledge in the garden of eden. Do we take a bite from the fruit of the tree of knowledge and learn about truth and reality, or do we remain happy, compliant sheep, ignorant and completely subservient to the total control of a dominant power (the matrix/architect in the movie)? Interesting philosophical questions. Personally, I liked a lot of the formula action-flick scenes, despite their flaws and all. I thought the Neo/superman allusion was funny. Hey, it's entertainment, and I was entertained. The philosophical considerations, however, are the real 'hook' for me in the story -- are we going to find that there are n-levels of artificially-generated reality, all nested within each other? Cool stuff, IMO. Hmmm. Now that I read what I wrote, I think I convinced myself that the 'exception throwing' idea may be just the right expression after all--if the architect had to at least allow the illusion of choice, but he still had to maintain some degree of control (via the Oracle, for example), then he's got all the choices 'handled'. He's got all the things Neo can do scripted out already. So yes, Neo can throw an exception, but what Neo realized was that the architect's got all the exceptions handled already. What I took from the story was that Neo realized what he's got to do is to find a way to throw a completely 'un-handled' exception -- something neither the architect nor the matrix are equipped to deal with. When Neo can do that, perhaps he can crash the system and break out of the layers of simulation and into reality--get outside the system he's been in. He'll have taken a bite of the apple, and will have found a way out of the 'garden' of stasis, ignorance, and control. Well, right now, the matrix or whatever, is telling me to get back to work, so cheers all, Sun 18 May | Jim Rankin | Also, what are the conflicts between the machines? In the first movie, Smith expresses his loathing for the job he has to do. Specifically, how it forces him to interact with humans. Now that he is free of that burden, what does he want to do to the programs that forced him into that role for who knows how long? Do the programs of a higher authority know what happened to Smith? Are they trying to stop him? How about the Architect and the Oracle? Seems likely that they're using Neo each in their own way to get one up on the other. As to the general complaint about the lack of overt conflicts in the plot: that in itself is an overriding theme. The persistent feeling of the characters that there are no choices available to them. With so many open questions, the Wachowskis have definitely painted themselves into a corner. Either Revolutions will brilliantly wrap up all the loose ends, or it will show that they really just got in over their heads. Preventing illegal use of my application. How? | Fri 16 May | Sergio Im about to deploy a new application that generates management decision-support results, using a somewhat complex algorithm that must be used only by licenced users. This algorithm is one of my clients main assets, and he has been developing and inproving it for many years. So, I need to be sure that anyone that has not paid for the software will not be able to get results from the application, or at least make it very difficult. I know that this has been always a problem for every developer and application vendor, and that there is no definitive solution, but in this case there is the oportunity to use any procedure, not matter how cumbersome to the user, to help avoid missuse. Although the app is a VB6 .exe windows application, everything concerning the sensitive algorithm is encapsulated inside an activex .dll (VB6 dll). I first thought of licensing the component using typical ActiveX licencing, but that does not prevent a licenced user from giving the application and licence key to someone else. Neither would do CD-Key protection. I was thinking about some manual challenge-response process that would be performed at installation time. The installer would generate some hash of machine specific values, like machine name, IP address, operating system version, or anything that would help identify the specific installation. The user would have to copy and send that challenge string to my customer. He would generate a response using the challenge message and some private key encryption and/or signing algorithm, and then will send the response to the user. The application would not provide results until the response registration message was registered and validated with a public key. That would be needed in every installation, but that is not a problem since every licenced user does not need to install it on more than one machine (it is not a daily use application). This is the only way that I have thought that might do the trick. But Im not very sure about it. I have no experience implementing such encryption and security features, and wanted to see if you had any recomentatios or resources on the subject. Is there any good commercial solution ready that will work with VB ? Is ActiveX licencing useful for this ? Should I use windows CryptoAPI? The range of operating systems I need to support is Win98/ME, 2000, XP. Thank you very much for your time.. Fri 16 May | Li-fan Chen | You might try making that crucial function a SOAP over SSL operation. But you'll probably have to pass your working values by value (instead of by reference) (YMMV). Is this too much trouble? It might be, but it will protect it from illegal use for as long as you like. Fri 16 May | | Sergio, your thinking is correct. The approach is to generate some identifier specific to the machine, then have the customer send that 'serial number' to you, for which your company generates a key. This approach doesn't inconvenience honest customers, and prevents easy transfer of licencing keys to other computers. These schemes can of course be broken if someone is keen enough, but they're reasonable for commercial operation. Fri 16 May | S. Tanna | Try reading shareware authors messages boards on how they do this - and extra security they use if their app is on the Internet as a download (the moment these are released, they are under attack from crackers) Some tips from this environment - Don't put a clear text message in the binary saying something like 'Thanks for entering the password' (or put dummy ones in, which aren't connected to the real one which doesn't appear in the binary) - Spread the password check code all over your app and make the logic dependent on it. If the code says something like if ( bPasswordEntered) { ...do this...} the assembler it generates is easy to hack - Don't write key check code in a language which is easy to disassemble like Java or C#. - If you use C you might consider putting some dummy inline assembler which has the op code (but not the parameter bytes) for some instruction. Jump over this in your C code. It wil have no effect on the runtime, but might throw off their disassembler. - Maybe make a whole bunch of possible passwords to test against, for each machine id. Only one of which is valid. The others are radically different (some can't be entered by accident), but don't have the same effect as the one true password. This makes it harder for a hacker to figure out which one their key-generator will generate - When making passwords or hashes for this, use logic that can not easily be reversed. For example // easy to reverse // get X from user (a number they enter) x++ ; x=x*2; x^=0xFFFF ; if ( x == 0x1357 ) { AfxMessageBox( 'Thank you entering password' ; } looking at this, I know x needs to end up at 0x1357. Therefore hacker would work back thru the steps from the disassembly. Before it was 0x1357 it was 0xECA8 Before it was 0xECA8 it was 0x7654 Before it was 0x7654 it was 0x7653 Irrevisible logic is one where it is real tough or time-consuming to work backwards, consider for example (this is stupid example, but illustrates the point) - it would take a lot of time to work out what you enter to end up with x == 0x1357 // Hard to reverse // get X from user (a number they enter) label0 : if ( ( x & 0x000F ) > 8 ) goto label1; if ( ( x & 0x00F0 ) > 0x80 ) goto label2; if ( ( x & 0x0F00 ) > 0x800 ) goto label3; if ( ( x & 0xF000 ) > 0x8000 ) goto label4; goto done ; label1: x^= 0x5A5A ; goto label0 ; label2: x^= 0xA5A5 ; goto label0 ; ..etc.. done: if ( x == 0x1357 ) { AfxMessageBox( 'Thank you entering password' ; } I do not have any experience of using commercial products (except dongles) for this type of thing. The concern I have read on shareware boards, is these products could be under attack from more crackers... as compared to people who are only interested in your program would go after your specific scheme. Sat 17 May | | Personally, I think trying to beat every possible attack is a misuse of resources, unless you're protecting missile intercept vectors or something. For commercial software, the aim is to ensure customers know you expect payment, that they have a legal obligation to do this, and that they can't casually use the software without paying you. People in companies know it's not worthwhile for them to misuse significant software. For small, low-priced applications, again, most people don't mind paying for something useful. Sat 17 May | S. Tanna | Well, I sell shareware Usually within 48 hours of releasing any new product on any big shareware site, some guy in China or Russia has released a crack or key code generator. Fortunately these guys don't seem to test their stuff. Using the above type of ideas - none of these cracks work. That doesn't mean people don't try. We get emails and calls every day, not to mention posts on our discussion board, from people who are trying them (we have methods to tell based on what they tell us), and this includes even big US fortune 500 companies, and even in one case a newspaper... In some cases they are blatant, they will openly admit to using a crack, sometimes saying something like 'I was only trying it', or 'people do it all the time'... and guess what, they often pay when they can't make the crack work. Our sales TRIPLED when we tightened up the system (originally it was simple and was broken). Admittedly some of this was because the software got better at the same time (so more legit users), but undoubtedly some was due to the cracks not working any more. Sat 17 May | somebody | I won't name any names, but based on some very bad first hand experience, I'd recommend being VERY cautious when looking at 3rd party solutions. If you decide to go that way, do not assume that the 3rd party component is well tested and compatible with a variety of software and hardware configurations. You will need to do a full battery of testing on a wide variety of machines yourself. Make sure you spend plenty of time on the phone with tech support before you spend money because they might decide to ignore you afterwards. Also, be willing to spend some time looking for related cracks on the net and trying to crack it yourself. Some of the components available are VERY easy to crack. Keep in mind that this is a critical component given that anything wrong with it might prevent customers who paid money for your product from using the product and they will get (justifiably) VERY upset about this. If you decide to do it yourself, keep in mind that most of these systems (including, as far as I can tell, the one you described) come down to eventually to one point in the application where you do the test and check if it passed. It's trivial for someone who wishes to crack your scheme, no matter how fancy your encrypted challenge & response mechanism is, to locate this point and simply NOP over it. Your fancy encryption system never comes into play because someone changed the code to jump over it. It can be more effective to sprinkle simple checks throughout the app rather than have one solid test in one location. Sat 17 May | S. Tanna | > It can be more effective to sprinkle simple checks throughout the app rather than have one solid test in one location. I agree it. Additionally I would make some vital part of your application dependent on the check occuring - i.e. so if the check is NOPed out, so essentially variables don't get initialized or something. Sat 17 May | Philo | Incidentally, I'd strongly recommend setting up an automated key generator. It will make your clients much happier when they have to reformat a wayward system at 2am on a Sunday. Philo Sat 17 May | Sergio | Thank you very much to all of you. Ok, so I will try to avoid using 3rd party solutions. That's for sure. Unfortunately, I cannot setup server-side logic. As some of you suggested, I could have put the key functions as a remote service and that would've eliminated part of the risk. I can't automate the key generation for the same reason. Maybe for a future version. It's sad to say, but I wasn't given budget enough to go through all posible security risks. I might not take care of hacking/cracking scenarios this time, but would like to address at least the illegal user to user distribution problem. Another more specific question: What do you think is the more likely machine specific info that I can expect to succesfuly get in every machine? I just know that some of them have network acess and others don't (some might not have even a lan adapter), so MAC address might not be the best choice. Sat 17 May | Peter Ibbotson | If you can use the mac address, it's relatively painful to get at you need to use the SNMP dll to get at it. The winsock FAQ has more info on this. Personally I did using a mix of IPX/Netbios and the SNMP dll to make it work on all systems. Once upon a time you could get a GUID and the MAC address would be in it, however that changed with Win2K (I bugged it at the time) for privacy reasons. Personally I would be tempted use that as part of a key, for non networked system you could use the SID instead but this vulnerable to image copies of disks. I would also suggest that you degrade the system somehow, possibly with a timer function i.e. it works but moans for a week , then goes readonly for a month, then dies. For most folks forcing them to have a NIC wouldn't be to big a hardship. Sat 17 May | | S Tanna, thanks for that info, especially your own experiences as to the effectiveness of tightening up security. Sat 17 May | Brad Wilson (dotnetguy.techieswithcats.com) | Here's the reality: you can't prevent anybody from hacking your code if you give them the code. The sooner you accept the fact, that happier you'll be that you're not wasting ridiculous amounts of time on solutions that will be beaten. If you feel you absolutely MUST be up some line of defense, then you owe it to yourself to use a third party solution (unless, of course, your time is valueless). Sat 17 May | David Roper | If it is a commercial product, try using FlexLM Sat 17 May | Li-fan Chen | If you find out that you weren't given the budget to implement all the security you desire, then at least consider at least getting a metrics system in place so you can tell when legitimate or illegal use is taking place. Ex: Always send the license key (original or copied from the net or generated by a generator) to a server (along with the unique system or network signature). If it's possible to crack your software so that it works without any use of license key registration.. have it request a patch (it could be a dummy patch) from your website after a random number of days or hours. This again reports more unreported cases (and might give you a chance to patch the software so that it fixes the vulnerability) Give a report on how much the company is losing by not spending more on security. It might give you more budget should the company decide the commercial software has a future worth protecting. Sat 17 May | S. Tanna | My personal experience is the opposite A few days spent on security, probably had more effect on product sales than years spent on improving the product. In other words, from coding time to revenue, it has had the by far the best ratio. While obviously not unbreakable, it sets a higher bar for attempted crackers. It is the difference between locking your door, and merely putting a sign saying do not enter. 3rd party solutions are all well and good, but there could be the risk of somebody developing a universal hack for all products that use a particular third party solution. Sat 17 May | www.marktaw.com | Here are a few of my observations. I'm a non-programmer, but a software user. 1. Check out CollakeSoftware.com - you can add the .dll to the .exe and then compress the whole thing. That's an extra step for any hacker. I don't know if it's a big one, but it's there. 2. What about those programs that allow you to download the installer and then the installer goes out and downloads the components you want. I've seen this from Windows and Netscape and a few other places. 3. Keep changing the way you protect the software and releasing new dot versions. This way the hacker sites fall out of date on a regular basis. They'd have to bundle your app in with their hack to make it usable. Sat 17 May | JWA | Hi Guys, On a related note, has anyone here had any experience with Xheo.Licensing (http://www.xheo.com/Products/Licensing/)? It's a third-party .NET licensing component. The features list looks great. It supports activation, time-limiting, etc. I've read all of the reccomendations against FlexLM, so I've been keeping my eye out for a better option. This looks like it might be promising, but I haven't spent any time with it yet. Unless anyone has had any bad experiences with it I thiunk I might throw it into my next beta juist to check it out. --Josh Sat 17 May | | Brad Wilson, I don't understand what you're saying when you say that providing 'code' automatically exposes it to be being 'hacked.' That's quite obvious. We're talking about providing executables. It's not accurate to describe that as 'code.' Code refers to source code. Is that what you meant? Sat 17 May | | I should add too that I disagree with your claim. Registration systems prevent casual misuse, and good ones prevent even elaborate attacks. Sat 17 May | S. Tanna | I believe SoftIce is the tool of choice for a lot of folks breaking these systems I read a tutorial on some crack site, to learn how they did it, so I could make my systems harder to crack. What softice does is allow them to break point the program while it is running and step thru the disassembly. They then figure out the algorithm for how passwords are generated or patch the executable. Go back to my original ideas, and you'll see most of them are designed to stop (or make it tougher) for this kind of attack. First look at naive example: // easy to reverse // get X from user (a number they enter) x++ ; x=x*2; x^=0xFFFF ; if ( x == 0x1357 ) { AfxMessageBox( 'Thank you entering password' ; } A cracker would look at the disassembly find the message string, work out how to trigger it (x==0x1357) amd then work back to figure out what X to enter. or... a cracker would find a jump-not-equal instructions for x==0x1357 and patch it to a jump-equal. THen any passwords except the real one, now works, by changing a single byte in youre executable. Explaining my earlier suggestions - Don't put a clear text message in the binary saying something like 'Thanks for entering the password' Why: They search the binary for this message, then work back through your program to see how it is triggered. - Spread the password check code all over your app and make the logic dependent on it. Why: Otherwise they only have to patch a single byte/block of code. By making your application logic dependent on it, you also mean that a less than careful patch would break the app. - Don't write key check code in a language which is easy to disassemble like Java or C#. Why: Obvious decompilers. For C or C++ they get back only x86 if they disassemble (which is more work to understand.especially without symbolic names). Whereas for Java or C# they can get back something close to the original code including symbolic names, etc. - If you use C you might consider putting some dummy inline assembler which has the op code (but not the parameter bytes) for some instruction. Jump over this in your C code. It will have no effect on the runtime, but might throw off their disassembler. Why: It will throw off their disassembler. They have to start re-disassembling after each affected jump rather than disassemble the whole thing. You could make macros which did this which you pepper the relevant code with, and eat up tons of their time at trivial effort to you. - Maybe make a whole bunch of possible passwords to test against, for each machine id. Only one of which is valid. The others are radically different (some can't be entered by accident), but don't have the same effect as the one true password. Why: If they figure out the algorithm to generate passwords, it makes harder for them if they have figured out the algorithm for the one true password, or for one of the dummy passwords. Also if they have to figure out a whole bunch of systems, and then work out which is correct, they are going to need a lot more time and effort to break it. - When making passwords or hashes for this, use logic that can not easily be reversed. Why: Remember I said how they would try to work back from the part of code which says 'Thanks for entering the password'. This makes it very hard to work backwards. Sat 17 May | somebody | >> We're talking about providing executables. It's not accurate to describe that as 'code.' Code refers to source code. Is that what you meant? << Executables contain the program as machine code. There are other programs (disassemblers) that'll convert this machine code into slightly more readable assembly code. It is, without a doubt, accurate to describe an executable as code. How else would the processor know what to do? It's trivial for someone who knows what they're doing and who has the right tools to view the executable as code and to modify it to skip checks. Sun 18 May | | Of course executables contain machine code, but that is not normally what is meant when people refer to 'code.' Anyway, this is a side issue. Sorry I raised it. Sun 18 May | WW | One of the most tried tricks in our case is the “not-hands-on manager” type: “We have discovered your product on the internet. Please send a pdf manual or help file to commence evaluation immediately, we are running out of time….” = “I am running your cracked product, help is nowhere to be found, send me some documentation please.” Sun 18 May | somebody | How do you determine that they're not asking for the manual to legitimately evaluate the product? Sun 18 May | andrew m | There is only one gauranteed way to prevent piracy: Don't release any software. If that won't work for you, just accept that no matter how many thousands of dollars you spend on programmer wages while implementing your ultimate security system, someone will crack it in a weekend, if not sooner. All the excellent advice on how to prevent it taking 5 minutes rather than a weekend still won't keep your code from being broken. If you must have a registration key to stop casual hackers (not a bad idea) then focus more on making it reliable and easy to use for your customers. Losing a sale to piracy is bad. Permanently driving a customer away from your business with a faulty protection system is worse. Sun 18 May | Chris Tavares | If you really want to node-lock your software (let it only run on one machine) then rather than some sort of software solution, I'd suggest using a dongle. A dongle is a little piece of hardware that stores your registration key and does the encryption for you. If the dongle is installed, the software runs. If it's not, the software won't run. Easy for you, and the user's got some flexibility, since if they want to move the software to another machine all they need to do is move the dongle. The downsides are extra cost (you have to pay for the hardware), no download sales (since you need to ship hardware), and depending on the dongle hardware, potential driver issues (fear the parallel port dongle!). And the final concern is that, of course, the protection WILL get broken, regardless of what you do or what you use. Sun 18 May | Alex | Dongle are probably the 'best.' That being said, I haven't seen a single security feature that couldn't be cracked eventually. Code is code. And it doesn't get more complicated then assembly which, while tedious, is not all that hard. All you need is soft ice and IDA. It's worth nothing that if you do due dilligence to make it reasonnably hard to do without circumventing the dongle/check, you've got DMCA protection on top of the stardard copyright law. Licenses are best enforced by lawyers. Sun 18 May | . | > If that won't work for you, just accept that no matter how many thousands of dollars you spend on programmer wages while implementing your ultimate security system, someone will crack it in a weekend ... But protecting your work will more than pay for itself by the revenue you earn. For some reason you're comparing the cost of protection against the boolean of whether a scheme might be broken. It's not as simple as that. Bank security systems could be broken if someone wanted to apply the resources. That doesn't stop them protecting their transfers. Making applications good is all very well, but a protected good application will generate a lot more revenue than something anyone can rip off. RUP (Rational Unified Process) | Fri 16 May | Snacky Has anyone have implemented project using RUP with and without the Rational ToolSet Can you effectively use RUP with the Rational ToolSet ? Fri 16 May | Snacky | Sorry, my question was : Can you effectively use RUP WITHOUT the Rational ToolSet ? Joel : An EDIT Feature will be nice ;-) Fri 16 May | i-ching | I've used RUP on a few projects - they work well for me. It's usefulness depends on the size of your project and the understanding of RUP amongst your team. Fri 16 May | Ethan Herdrick | This is a very heavy methodology. Avoid it! Fri 16 May | anonQAguy | With respect, Ethan, two points: 1) Beware damning a methodology in general, as one can normally find situations in which it would apply. This is as inappropriate as claiming that methology XYZ works equally well in all situations. As so many have said in similar threads here, basically it's 'use the right tool for the job', to which I would add the qualifier, 'and that is appropriate to your constraints.' 2) I did a consulting gig a few years ago where I implemented RUP for a new shop that didn't have any process, saw they needed one, and through a series of events I won't go into we ended up choosing RUP. As I read the documentation -- no mean feat, certainly, as there's a lot of it -- I saw that Rational themselves strongly recommends to anyone using RUP that they tailor its processes and artifacts to suit local conditions, at the shop or potentially at the project level, so you can keep it 'heavy' or make it as light as you want. Unless they've changed their stance in the last few years, they (Rational) took the position that (my words) 'here's RUP, the whole enchilada -- take from it what works for you, because the entire thing is probably more than you need for every cases.' So yes, RUP is heavy, if you use it as-is out of the box. Fine, take it and tailor it, with Rational's blessing. And for the record, I've never worked for Rational -- they offer similar services to what I did for my client, but I was totally independent at the time, so I'm not talking as a current or former Rational representative. In response to the main post, I would say that I kind of think of RUP as the top-level, or perhaps 'super-class' of development methodologies. I haven't heard or seen anything in FDD or XP or anything else that isn't subsumed within RUP. Hell, even waterfall's buried in there if you'd want to do it. So I think of the various methodologies one hears about as being special cases of RUP having been tailored down in one way or another. Regarding using their tools or not, Rational has done a lot to tie RUP as a process and their tools together as tightly as they can. Whether they've been successful or not is a different topic, but I don't see anything in the basic process of RUP that would force you to use their tools. It's been a couple of years since I spent any time reading RUP or Rational's documentation, so my exposure to it is dated a bit, but I think it likely one would find some implementation procedures, or their details at least, not to apply well if using RUP without their tools. At the higher levels, though, their general principles seem to apply pretty well irrespective of the tool used. Cheers, Sat 17 May | Clutch Cargo | For a company that spouts methodology Rational's tools are crap. Rose in particular was horrific. I hope that their software isn't an example of what their methodology can produce. Sun 18 May | Arron Bates | The problem with *any* methodology is getting it in motion. Once its going, any methodology is better than none. However, out of all of them, XP's the easiest to start. RUP is heavy, but it is very complete. It becomes more relevant the larger the team and the cycles become. Regarding Rational's tools... I haven't used Rose all that much, but ClearCase is the finest version control system I've ever used (CVS, PVCS, VSS, StarTeam and ClearCase). It's truly awesome, even if a couple of their dialogs are a little slow when used on larger projects (as in 'are you sure it hasn't crashed!?' kind of slow. my only gripe, but it's for truly large projects only with hundreds of baselines). But as I said, any methodology is better than none. All players on the team need to know what the game rules are... Missing C feature? | Fri 16 May | S. Tanna 1. I can (a) Make a function whose parameters I figure out at compile type (normal function definition) (b) Make a function whose parameters I figure out at compile type (variable arguments function) 2. I can (a) Call a function whose address I know at compile time (normal call) (b) Call a function whose address I know at run time (function pointer) 3. I can (a) Call a function whose parameters I know at compile time (normal call) BUT...unless I am mistaken (b) I do NOT think you can call a function whose parameters I figure out at run time. Am I mistaken? If not mistaken, C is supposed to be (almost) a high-level assembler, so would you agree this is a missing feature? If you do not 3b is ever conceivable, here is an example how it might be used: I write a program which lets users interactively test some API by typing in function names and parameters. If it was say the Windows API I could use GetProcAddress to find the function to jump to, but there doesnt seem to be a C-way to pass the parameters in, if they are determined at runtime (consider if you wanted to write a scripting language with a way to call external DLL functions like VB does). Likewise if it was some other library, I would be able to make a table mapping strings of function names to function addresses, but still couldnt pass parameters in. Fri 16 May | Nat Ersoz | I propose 3b is already implemented widely as the lowly printf() function. The parameter list is variable in length and all arguments following are determined at run-time. n'est pas? Fri 16 May | Nat Ersoz | The reason you cannot perform simialr operations with the Windows API is that the function calls are declared __stdapi (PASCAL calling) rather than __stddecl (C calling convention), and PASCAL doesn't support variable argument lists. Variable argument lists would be a requirement, since different types would have different widths which would have to be deteremined by the 'standardised' first argument (in the printf case, the format specifier - which though usually a string literal can itself be dynamic) . MSFT saw PASCAL calling convention as being faster, and heck Apple was using it - so why not? Given that the MSFT paradigm is highly optimized for speed and minimum size, they chose PASCAL calling convention giving up the ability to make C style calls in their API. Fri 16 May | S. Tanna | You both misunderstand printf is 1(b) not 3(b)... a function which determines what its parameters are at run time. As an illustration. Try making a program which - Asks out how many integer to input (ok) - Inputs them all into an array (ok) - Generates the format string like '%d %d %d...etc' (ok) - Make a **single** call to printf passing the format string and all the array arguments in this call, (I don't believe you can do this) i.e. at runtime it has to decide whether to do (and no including every possible variation is not allowed) printf( '%d', x[0] ) ; or printf( '%d %d', x[0], x[1] ) ; or printf( '%d %d %d', x[0], x[1], x[2] ) ; or etc. As for PASCAL vs C calling convention.... under pascal calling convention it is not possible to do 1(b) [well in assembler I think you could do pascal-like which did], but it's not the issue. Under both C and Pascal calling conventions, C language does not allow 3(b). Off topic: I understand MS chose Pascal for Windows, because it fit on one less floppy (smaller code), which is adds up to big bucks when you're distributing millions of copies. Fri 16 May | Simon Lucy | They also, if dusty memory serves (and I'm sure someone will be along to embarrass me if it doesn't), that they also lost the ability to reference the stack using the BP. Fri 16 May | S. Tanna | Ha :-) I would say High Level Assembler which uses a different model than accessing registers directly = part of the machine-independent model, good, makes code more portable High Level Assembler which excludes a whole class of problem types without additional low level assembler help = missing feature (?) Fri 16 May | Simon Lucy | No you can do it, you can pass the format in a string which you build on the fly and pass the array. You might run out of stack and into data if the array was too big. The format string defines how the data is addressed as a set of parameters. Not to be recommended but it can be done. Fri 16 May | S. Tanna | I get the idea, could you give me an example or a link? What if the types of potential parameters are not all the same (e.g. some ints, floats, strings, etc.) - presumably you build a memory block with them in order? Fri 16 May | Simon Lucy | Yes, you can build a struct to handle them if its mixed content, or if you really want to be ugly you can use casts and pointer arithmetic into a byte aligned array. C gives you a completely planar view of memory, you can mix types and whatever you like, but once you do that you have to manage all the details, such as byte alignments and the rest of it. Fri 16 May | Joe AA. | I saw something like this once... but that's been a while ago. Once the parameters were determined at runtime, a routine was used to build a stack frame with the correct parameters (don't forget to allow room for a possible return value) and it then invoked the function. I think it was in an old magazine... something like Windows Developer's Journal? It could handle both C and Pascal calling conventions, you just needed to tell it which type of stack frame to build. Sorry, that's where the memory goes bye-bye Fri 16 May | Nat Ersoz | I see what you mean now. You need to use va_start, va_list, va_end macros to accomplish this. It has been a __long__ time since I've used these, but they _might_ get teh job done. Fri 16 May | Simon Lucy | Well va_ macros would be the modern effete way of doing it, but us muscular, non dish washing guys would just contatenate them all in a memblock using casting and pointer arithmetic. And I have done this kind of thing in memory managers and (oh god) games that have some kind of opcode multiparameter junk. Its been too long, someone throw me a contract to write an asynchronous shared memory manager... Fri 16 May | Nat Ersoz | Here is a good example of va_ macro usage. Its simple but non-trivial: http://www.opengroup.org/onlinepubs/007904975/basedefs/stdarg.h.html The refering page is the Single Unix Specification: http://www.unix-systems.org/single_unix_specification/ search for stdarg.h Feeling light in my loafers referencing va_ macros.... Fri 16 May | Nat Ersoz | So, yes - it can be done in an ANSI portable manner. Fri 16 May | S. Tanna | opengroup example is 1(b), not 3(b) 1(b) The function definiton is variable arguments. i.e. function determines its arguments at runtime 3(b) would be when the CALLER determines the number of arguments at runtime. The function definition may or may not take variable arguments at runtime. Fri 16 May | Nat Ersoz | OK, you're right... still trying... Fri 16 May | Chris Tavares | Just as a slightly more concrete example of what the original poster is asking for: Imagine you're writing an interpreter for a scripting language of some sort. One of your requirements is that you be able to call some reasonable subset of C functions (in a DLL, for example) directly from the script. So, at run time, you need to turn: Call dll.function a, b, c into a stack frame, and then execute the code in the dll in question. *That's* a function call with parameters determined at runtime. And yes, Windows Developer Journal did have an article some years back with a library that did exactly this. However, there were lots of low level stack munging stuff that wouldn't be even slightly portable. Fri 16 May | Dan Shappir | You can't do 3(b) in C because C does not have run-time introspection and reflection capabilities. In languages such as Java and C# the compiled program contains, besides the code and data, the description its various constructs such as structures and function signatures as metadata. This allows you to perform run-time discovery of the 'shape' of these constructs and perform operations on them, such as 3(b). In languages such as Java this is handled by a special API while with other languages such as JavaScript run-time introspection is integrated into the language itself. C, being a low-level language, a high-level assembly if you wish, does not place such metadata in the compiler output. Interestingly C++ can provide some run-time type information using typeid operator and the type_info structure. However, this information and what you can do with it is rather limited. Also, many compilers, e.g. VC++, turn off this feature by default. Fri 16 May | S. Tanna | Chris' explanation is correct example of the type of problem. Comments onDan's comments: Seems to be addressing a different issue: If I have to figure out parameter types from their content, it's very tough in C/C++ [unless you make some convention for it which is not part of the language per-se]. This is one reason why variable arguments functions (1b) needs an extra hint/cue, like the formatting string. In the case of 1(b) the hint/cue is usually the first paraemeter of the function. In the case of 3(b) - if the function is a variable arguments then a hint/cue (like 1st parameter) would be needed. If however the function were not variable arguments, no hint/cue is need in the function itself, just in the caller - (like parsing the script to put it in Chris' example). In fact in either case, the question is not about passing the hint/cue, but how to assembly the stack frame in the caller. Fri 16 May |     | I don't really see it as a missing feature since we can loop over arrays. my_printf (formatString, intArray); Fri 16 May | S. Tanna | What if my_printf could be any one of 1,000 different functions, each with different parameters, and not within your control. Fri 16 May |     | then I'd write my_my_printf() to do the looping, or else I'd get a different library. Fri 16 May | S. Tanna | Read Chris Tavares post about 6 or 7 ago, beginning 'Just as a slightly more concrete example of what the original poster is asking for:'.... then you'll see why this is not a solution. Fri 16 May |     | but I don't know your exact situation so I'm not trying to tell you that that's best for you. Fri 16 May | X. J. Scott | OK, so here is a starting point. We have filled out the GenericFunctionDescription structure, describing the number and type and value of all the arguments. Then we call this routine. The question is whether MIRACLE_STACK_MANGLER can be constructed. I'd say it can but would be implementation dependend on go off looking in std_arg.h to get some clues about how to manipulate the stack as needed. #define STACK_BUFFER_SIZE 1024 // increase if needed void GenericFunction(void *theFunction, GenericFunctionDescription *theDescription_p, void *ReturnValue_out) { char StackBuffer[STACK_BUFFER_SIZE]; MIRACLE_STACK_MANGLER(theDescription_p, STACK_BUFFER_SIZE); // work the magic *ReturnValue_out = theFunction(); // this function has invisible arguments return; } Fri 16 May | George McBay | To answer the original question: No I wouldn't agree this is a missing feature in C as it is way too processor and OS dependent and thus can't be properly standardized in a portable manner. If you absolutely need to do something like this, either use inline assembly or a runtime assembler like SoftWire (http://softwire.sourceforge.net/). Of course you'll then be x86 (or whatever processor you're coding for) specific, but you have to be in any situation, which is why it doesn't belong in standard C. Fri 16 May | Brad Wilson (dotnetguy.techieswithcats.com) | I agree that it's not in C, but I disagree that it would never belong in C. Why shouldn't C get reflection down the line if it's a highly requested feature? Fri 16 May | Chris Tavares | Reflection requires that the runtime system keep track of type information at runtime. C isn't a strongly typed language, so you can't rely on the compiler for runtime type info. C is all about not having a runtime. The guiding language design feature has always been 'to the metal.' Unless the underlying CPU features reflection natively, I don't think you'll find this in C. Fri 16 May | Brad Wilson (dotnetguy.techieswithcats.com) | By my estimation, reflection should require no more runtime than RTTI in C++ does. The specification doesn't set out how memory must be laid out, so there's nothing stopping adding meta-data information that could be read by the runtime library. Now, I'm not saying it's a great idea, just not an impossible one. Fri 16 May | Chris Tavares | Yeah, but C++ has a built in place to stick extra data in a class (the vtable). C doesn't. Note that C++ RTTI only works for classes that have at least one virtual function. And RTTI doesn't help when you're trying to figure out if an arbitrary void * points to an int, a float, or a string. Fri 16 May | . | I think I must be missing the relevance of the question. Why not use the suggestions that people have already given? ie: If you are programming in C, and using it as 'high-level assembly' then just drop in some real, in-line assembly? Look up in your compiler's manual how parameters are passed (e.g.: first four params under word size in R1-4, then pushed onto stack from left to right) . Or if you *must* do this in pure C, then you should probably pass two parameters; a description of args and then a void pointer to a memory block of them. Adding special syntax for that kind of function call seems needless (and varargs is pretty ugly already). It doesn't feel C-ish. Are you sure you are approaching the problem in a C-ish way? Fri 16 May | S. Tanna | XJ Scott's answer is I think along the right lines, but I do not think it would work as I suspect the compiler would add code so that the stack will get cleaned up between MIRACLE_STACK_MANGLER and the *ReturnValue_out = theFunction(); I think the way to do would be something like ..etc. stackframe_t x = MIRACLE_STACK_MANGLER(theDescription_p, STACK_BUFFER_SIZE); // work the magic *ReturnValue_out = theFunction(x); ...etc.. Now stackframe_t would need to be a new type which is variable size, including possibly 0 (function with no arguments) I do not agree it does not belong in C. I can envisage that C could (but sadly does not include a set of functions or macros - which are sort of like reverse_va_start, reverse_va_arg, reverse_va_end (the opposite of va_start etc), so my final code, if C had this facility would be something like ...etc... // x is final stack data to pass, might be 0 or more bytes - it's what to push on the stack // ref is a handle or something to the particular stack frame I am preparing stackframe_h ref = reverse_va_start() ; while (...some condition I write meaning I have another argument...) { ...etc... reverse_va_next( ref, arg, sizeof arg ) ; // arg might be any type } stackframe_t x = reverse_va_end(ref) ; ReturnValue_out = theFunction(x); As for reflection, I see this is an entirely unrelated issue, and personally I strongly believe it does not belong in C, whose goals including getting you close to the underlying machine. Fri 16 May | S. Tanna | Oh by the way, I know this could be coded in assembler... I am just trying to figure out if there is a C way to do it. Consider it a puzzle, rather than a real programming exercise. Fri 16 May | S. Tanna | ... although at some point in future, I expect to need to write code which can call (almost any) DLL, kind of like the example given in Chris Tavares' post. Fri 16 May | Neil Butterworth | 'I am just trying to figure out if there is a C way to do it.' Assuming you mean - Is there a way to do this using ISO Standard C then the answer is 'No'. If you mean - Can I do it non-portably using my specific C implementation then the answer is 'Possibly' But I'm interested in why you are asking this question here? Why not ask it in the comp.lang.c of comp.std.c Usenet newsgroups? Fri 16 May | X. J. Scott | You know, there is setjmp that saves the stack and register context, and longjump that restores it. They use a implementation-dependent data structure to store the info. I see that for the 86 here we have (Copyright (c) 1985-1993 Microsoft) typedef struct __JUMP_BUFFER { unsigned long Ebp; unsigned long Ebx; unsigned long Edi; unsigned long Esi; unsigned long Esp; unsigned long Eip; unsigned long Registration; unsigned long TryLevel; unsigned long Cookie; unsigned long UnwindFunc; unsigned long UnwindData[6]; } _JUMP_BUFFER; ...so maybe you could use those to grab ahold of the stack state, mess with it with wild abandon, and then safely clean up afterwards... Fri 16 May | Don't make things harder than they need to be | Chances are it's not that there's been a missing C feature these past 35 years. Chances are you have a poorly written dll, or you don't know how to design your code properly. Either make your function take varargs, or have the library writer make their function take varargs. Then when you have a dynamic number of params to pass, there's no problem. That's it. That's all there is too it. Fri 16 May | S. Tanna | 'Don't make things harder than they need to be': With all due respect, I don't think you understand the problem. The puzzle is basically how to make an API calculator, one which allows any function, with any number and types of parameters, to be called. The names/addresses of the functions (and therefore what parameters they take) are determined at runtime. Redesigning the functions that you are calling, is not really an option if the API calculator is supposed to work against an existing C API, such as the Windows API, functions in a DLL, or anything else. Changing topic, I do spend spare brain power on thinking about 'missing features' in programming tools, especially missing stuff in C/C++... I was just wondering whether this really was a missing feature in C [I have found a few over the years]. I have always thought it was. For me real project, when I get round to it, I expect that I will just code the thing in assembler, so I am not that desparate for a C solution - just curious if there was one. If this entire discussion is felt to be off-topic by this community, I don't mind ending it. Fri 16 May | Don't make things harder than they need to be | In that case, you know the function signature already, so you should know what number of arguments to expect. Fri 16 May | Brad Wilson (dotnetguy.techieswithcats.com) | Alright, I think the conversion is over done. He wants reflection. There is no reflection in C. That's pretty much the end of the story, as far as 'solving' this problem goes. Sat 17 May | S. Tanna | 'Don't make things harder than they need to be'. Sorry, no that is not the case Suppose I write a scripting language that allows any DLL function to be called Later, Person X writes a DLL contain some C APIs Later, Person Y writes a script declaring the DLLs (including Person X's DLL) he wishes to call, what parameters he takes. At the time I create my scripting language, I have no knowledge of what person X or Y will do in future. In other words, at runtime I would need to call the function with the correct parameters. -- And to repeat, my previous comment, no this is NOT a reflection problem. It would be a reflection problem if I needed to examine types and determine what they were (like writing say a printf type function which didn't take a format specifier). However for this problem, even if I could examine types of variables at runtime, it would be no help resolving it. AFAIK any language which requires the caller specify parameter types to a function at compile time, regardless of whether it had reflection or not, would still have this problem. Sat 17 May | Nat Ersoz | This is one of the more interesting topics generated here, period. I appreiciate it. One question, I'm sure S.T. has already considered, but I'lll mention it anyway... So, you've got your hinter, first arg, and the rest are variable TBD args. So a person pushes all TBD args into an array (on the stack, OK, but not required). And then the called function parses them out of the array, as determined by the hinter. ex: void caller1( void ) { char *fmt = '%d%d%d'; int args[] = { 1, 2, 3 }; callee( fmt, args ); } void caller2( void ) { char *fmt = '%c%f'; void *args; args = malloc( sizeof(char) + sizeof(float) ); callee( fmt, args ); free( args ); } void callee( const char *fmt, void *ptr ) { while( fmt ) { fmt++; // skip '%' switch( *fmt++ ) { case 'c': parse_char( ptr ); ((char*)ptr) ++; break; case 'd': parse_char( ptr ); ((int*)ptr) ++; break; case 'f': parse_char( ptr ); ((float*)ptr) ++; break; } } Very ugly, but doesn't this do functionally the same thing as dynamic parameter lists? Not that I'd want to.... Thanks, Sat 17 May | Stephen Martin | I looked into this a quite few years ago and found that it couldn't be done without using inline assembly. I was creating a component that would allow me to call arbitrary function pointers from VB given the function address and a list of parameters and parameter info. I couldn't find any way to do it without manually manipulating the stack and registers with assembly. So, I just did it in VB using a buffer that I filled with the machine code and CallWindowProc to jump to my first instruction. If anybody can think of a way to do it without the assembly I'd like to hear about it. Sat 17 May | Don't make things harder than they need to be | But for you to call the dll, you have to know how to load it, and for you to load it, you have to know it's signature. Sat 17 May | Stephen Martin | DLLs don't have signatures. All you need to load a DLL is its name (and path, if necessary). All you need to get a function pointer to an exported function is the name of the function. All of the above can be supplied at run-time along with the list of parameters and info needed by the function. But you can't call that arbitrary function without using assembly. That's the whole point of this thread. Sat 17 May | Brad Wilson (dotnetguy.techieswithcats.com) | It's not even about calling it. It's about discovering the signature. Since the function signatures in C contain no hint about the parameters (unlike mangled names in C++), it's impossible for him to know what to pass, regardless of whether he can write the code to actually pass it or not. Cart before the horse. (And, sure, you say this 'isn't a reflection problem'. Okay, whatever makes you happy. In C# or Java, you could do it with reflection, but hey, this isn't a reflection problem, right?) Sat 17 May | Brad Wilson (dotnetguy.techieswithcats.com) | And, to clarify your misconception, .NET does not require compile time knowledge of the function AT ALL. VB.NET can call late bound methods on classes that it has no knowledge of at compile time. There's no syntactic support in C# for doing it (just means you have to build the infrastructure yourself). It's quite trivial to take the name of a method as a string, and print out the precise signature using reflection. It's also quite trivial to call said method with reflection as. All without any compile time knowledge. Sat 17 May | Stephen Martin | The original poster is talking about making a call to a function, the parameters of which are unknown until runtime. There is no requirement to _discover_ the parameters at runtime. We are all aware that that is impossible without some form of meta-data. In my case after having written many C wrappers to enable VB programs to call function pointers returned by APIs, dynamically bind to DLLs based on OS/API version, call cdecl exported functions, etc. I decided to write a component that would be a wrapper for any such call, without the need to write a separate wrapper for each new call. So, when my component was compiled it had no knowledge of the functions it would call. When its clients were compiled they knew what functions needed to be called (by name or address), what their parameters were and what the calling convention was; this information was passed to my component which would then make the call using dynamically created machine code. Another example might be a test harness for a C style API under development where the test harness could be written with no prior knowledge of the API. The tests could be written in some text format (maybe XML to be trendy) that the harness would then interpret to dynamically generate the test calls. I'm well aware of what can be done with VB.NET, C#, reflection and late binding but we're not talking about .NET. And I'm not even sure who has the 'misconception' here since I can't find any reference to .NET in this thread. Sat 17 May | Don't make things harder than they need to be | Misspoke. To load the lib you just need the name. But to call a function you need the sig. The point is: Somewhere along the chain, SOMEBODY knows the signature. USE it. Sat 17 May | S. Tanna | Brad and don't make it harder have it back to front. Like Stephen says (read his last post carefully), there is no requirement to discover the parameters at runtime, just to generate them. To build on a previous example, I gave: Suppose I write a scripting language that allows any DLL function to be called Later, Person X writes a DLL contain some C APIs Later, Person Y writes a script declaring the DLLs (including Person X's DLL) he wishes to call, what parameters he takes. At the time I create my scripting language, I have no knowledge of what person X or Y will do in future. In other words, at runtime I would need to call the function with the correct parameters In this example: I do NOT need to discover the parameters by looking at the function - because person Y's script specify them. I simple parse person Y's script. This is where the meta-data comes from -- Stephen - I have a half solution in C, which could even be half-portable (does that make it a quarter solution :-)). Sat 17 May | S. Tanna | Assume a 'classic' C compiler that passes parameters on the stack, and allocates automatic locals on the same stack (this would not work if the compiler uses registering passing calling conventions) PART 1 Think about a function, like say // does haven't to be ints, just an example void funcX( int i0, int i1, int i2 ) { ...etc.. At the start of func, the stack is going to look like i0 i1 i2 (return-address) <--- if cdecl or similar or i2 i1 i0 (return-address) <--- if pascal or similar 2. Think about this code { func_ptr = ...some method of getting a pointer to the function... int x[1024] ; // must be last automatic before function call *func_ptr() ; } Immediately before the call to func_ptr, the stack contains x[0] x[1] x[2] x[3]... x[1022] x[1023] or x[1023] x[1022] x[1021] x[1020] ... x[1] x[0] Depending on which way the stack goes So inside the function we are going to have a stack which looks like x[0] x[1] x[2] x[3]... x[1022] x[1023] (return address) or x[1023] x[1022] x[1021] x[1020] ... x[1] x[0] (return address) Now suppose func_ptr actually pointed to funcX When funcX is called it's going to get i0, i1, i2 from the x[]'s that are on the stack. There are 4 possible variations, depending on which way the stack grows and whether the compiler does parameters left to right (cdecl) or right to left (pascal). These are 1. i0 = x[0], i1 = x[1], i2 = x[2] ; // if cdecl-like and stack grows up 2. i2 = x[0], i1 = x[1], i0 = x[2] ; // if pascal-like and stack grows up 3. i0 = x[1023], i1 = x[1022], i2 = x[1021] ; // if cdecl-like and stack grows down 4. i2 = x[1023], i1 = x[1022], i0 = x[1021] ; // if pascal-like and stack grows down Conclusion Part 1: if we were to fill out x[] appropriate before jumping to the function pointer