Archive for August, 2007

NHibernate in a Medium Trust Environment

Tuesday, August 21st, 2007

I’ve recently started experimenting with NHibernate – the C#/.NET version of the Hibernate O/R matpping tool that was originally developed for Java. The Java version is very powerful, and I’m a huge fan of it. The C#/.NET version is, for the most part, a straight port of the Java code base (and an ugly port, in some ways). Nevertheless, it appears to be just as robust as its predecessor.

Be warned, however, that the NHibernate DLLs require a high level of trust in the ASP.NET environment they’re deployed to. I spent an entire weekend beating my head against a wall trying to get a simple app up on my GoDaddy account. I suspect NHibernate probably wasn’t designed with a medium trust environment in mind. I was able to make a few tweaks to get the code running with fewer permissions requirements. However, the permissions required to enable dynamic proxies – a fundamental part of the NHibernate architecture – are non-negotiable.

I learned from GoDaddy tech support that their Deluxe Windows plan, a shared host environment, simply doesn’t allow those permissions. I’d need to upgrade to a dedicated server, and that’s just a little too pricey for an environment simply for experimentation. I was able to get NHibernate working without any hacks at Webhost4life, but I thought I’d share what I tried first at GoDaddy just to help you understand the permissions implications if you’re in a medium trust environment — and how you might need to address them on your own projects.



Earth to Wells Fargo: Stop Being Stupid About Phishing!

Thursday, August 9th, 2007

Have banks learned nothing? According to Gartner, U.S. computer users lost $929 million to phishing scams from May 2004 to May 2005. In response, major banks have launched aggressive campaigns to educate customers about how to defend themselves and recognize fraudulent emails.

Their recommendations to customers are simple and easy-to-follow. If someone calls you on the phone asking for your ATM number, don’t give it to them! Only divulge secret information when you initiated the phone call. Be wary of emails asking for your social security number or credit card numbers. You know the drill.

So, why is Wells Fargo undermining all of these self-defense measures by sending out emails with hyperlinks to a Web site asking for your online banking username and password?!


C#, GPS Receivers, and Geocaching: Vincenty’s Formula

Monday, August 6th, 2007

Vincenty’s Formula is an iterative solution for calculating the distance and direction between two points along the surface of Earth. For clarity, I’ve stripped out portions of the code I’ve put up for discussion, but you can download the entire C# source code from here. If you prefer Java, please see the Java version of this discussion.

Several years ago, I stumbled on a great pastime called “geocaching.” It’s a worldwide treasure hunting game where participants use handheld GPS receivers to find hidden “caches” – small boxes filled with prizes, trinkets, and “travel bugs“. The caches are hidden by other participants who post nothing more than the latitude and longitude on a website like My children and I have had a blast. It’s a great way for a grown man to justify playing in the woods (and buying an expensive gadget!) under the pretense of “playing with the kids.” With over 420,000 caches in 222 countries on all continents (including Antarctica!) there are bound to be several near you.