Weblog

Appcast library

For our Slido integration with Microsoft PowerPoint on macOS we used the Sparkle library to do automatic updates of our main Slido application. Our code also runs inside PowerPoint and we need to do checks if new versions are available. Unfortunately we cannot use the full Sparkle framework because of technical limitations for add-ins running in Office apps on macOS.

Sparkle framework uses the Appcast format for updates. This is an RSS document with additional Sparkle data to facilitate minimum system requirements, critical updates and delta updates information. Sparkle is written in ObjectiveC language and it does not provide a library target just for the Appcast implementation in their Swift package definition.

Our app and addin code is written mostly in Swift and we would prefer to integrate a Swift code for parsing Appcast documents. The authors of Sparkle project would like to keep it Objective C only for compatibility with very old OS X versions. Otherwise we would provide class-by-class migration from Objective C to Swift pull requests back to the Sparkle project.

Individual library

I have decided to write a new Appcast parsing library in pure Swift. The original Appcast code is very stable so the new library can be kept compatible with Sparkle code.

The RSS format and Sparkle extensions are quite simple and the original Appcast code in Objective C is small so rewriting it in Swift was easy.

The first preview release will parse the Appcast document and provide simple data in the AppcastItem structure. This proves we can create modern library which works in our Slido integration with Microsoft PowerPoint.

Integration tests

Sparkle framework has a large integration tests suite for parsing Appcast files. Their integration tests are in a single large test suite. To get better picture about features implemented in the new Appcast library I had to refactor large tests into small test function focused to just do single and focused checks.

I have followed the Definition of a Unit Test from Roy Osherove when refactoring tests. The The Art of Unit Testing book is a great guide for writing tests, refactoring legacy code and ensuring the trustworthiness of tests.

Refactoring of tests is available in the slidoapp/Appcast@test/appcast branch.

What's next?

The new library needs to implement the same logic for resolving the best available update in the Appcast file to match the behavior of Sparkle framework. As we don't need the delta updates (our DMG is just 8MB large) we will skip implementing information about delta updates in first releases.

NetOffice.Core v1.7.4.11: System.NullReferenceException

TLDR: To fix this issue, migrate your project to use our official packages which are named NetOfficeFw and are published by netoffice account.

> This bug does not exists in the NetOfficeFw.Core v1.7.4.11 package and it is not a bug in the official NetOffice source code.

Symptoms

When you use packages like NetOffice.Word, NetOffice.Excel, NetOffice.Oulook and others published by netofficedotnet on NuGet.org, you will encounter error System.NullRe­ferenceExcepti­on: ‚Object reference not set to an instance of an object.‘ when using NetOffice code. (Note the missing Fw in package names.)

In Output window you will see an exception is thrown when calling NetOffice code:

Exception thrown: 'System.NullReferenceException' in NetOffice.dll
Object reference not set to an instance of an object.

This exception is thrown by method NetOffice.Core.TryLoadAssembly(string fileName):

NetOffice.dll!NetOffice.Core.TryLoadAssembly(string fileName)
NetOffice.dll!NetOffice.Core.Initialize(NetOffice.CacheOptions cacheOptions)
NetOffice.dll!NetOffice.Core.CreateKnownObjectFromComProxy(NetOffice.COMObject caller, object comProxy, System.Type wrapperClassType)
ExcelApi.dll!NetOffice.ExcelApi._Application.Workbooks.get()

Cause

There are fake packages on NuGet published by Erika LeBlanc (GitHub account erikaleblanc88, NuGet account netofficedotnet). These fake NetOffice assemblies does not work properly. That account is doing a lot of shady stuff in the https://github.com/netoffice organization (rewriting code history, deleting comments and issues, to name a few).

Because the published packages contain fake assemblies, you will encounter this exception by using NetOffice.Core v1.7.4.11.

Read more in our NetOffice Migration Guide

Official Releases

You will find official releases wither on NetOffice on OSDN or at GitHub

Run InspectCode in your GitHub Actions

When you build .NET projects and you are using GitHub Actions to build your code, you cna now run code inspections with InspectCode without hassle.

InspectCode is a tool from the free ReSharper Command Line Tools (CTL). It can do solution-wide analysis of .NET code.

To use it in GitHub Actions, just add this code to your workflow file:

steps:
- uses: goit/setup-resharper@v1
with:
version: '2020.1'
- run: InspectCode SolutionFile.sln

The goit/setup-resharper action will download the ReSharper CTL and cache it locally (using the actions/tool-cache). ReSharper tools will be added to the %PATH% variable so you can use them anywhere in your build scripts.

As ReSharper CTL tools are supported on Windows, Linux and macOS (versions 2019.3 and newer) you can use the also for non-Windows builds. The setup action supports any ReSharper CTL newer then 2018.2.

Go to GitHub Marketplace to use this action, or checkout the source code at goit/setup-resharper

NetOffice – develop solutions for Microsoft Office apps easily

NetOffice is a great .NET library which can be used to develop solutions for Microsoft Office apps. The library supports automation and extension scenarios.

Automation

Use the NetOffice library to automate Microsoft Office apps. You can generate Office documents, transform and print them.

You can automate repetitive actions like adding signatures and pictures to Word documents, or generating Excel spreadsheets which must use the same Excel formulas you would manually create.

Extensions

NetOffice has first class support for Microsoft Office Add-ins – rich extensions which can modify user interface inside Office application and allow users to access complex features.

NetOffice add-ins are written in managed .NET code so the development is easy, productive and you can debug them from Visual Studio.

NetOffice documentation is available at https://netoffice.io/ and you can join the development community on GitHub at https://github.com/NetOfficeFw

.gitattributes templates

gitattributes.io is a service for generating .gitattribute files from templates. The service is inspired by gitignore.io where you can quickly bootstrap your .gitignore files.

Choose templates on web interface, or use the very simple API to list template names and generate new .gitattribute file content.

To generate .gitattributes file for you web project, just call:

https://gitattributes.io/api/web

Working on a C++ project in Visual Studio? Separate multiple template names with a comma:

https://gitattributes.io/api/c++,visualstudio

The list of all template names is available at api/list endpoint:

https://gitattributes.io/api/list

This service was made possible by the project from alexkaratarakis who created the original alexkaratarakis/gi­tattributes repository with .gitattributes templates. You can contribute to gitattributes.io project at github.com/gi­tattributes

Digital signatures for binaries in open source projects

Digital signatures provides proof that the file was authored by a trusted entity. They allow to verify the integrity of applications distributed in binary form. On Windows, software authors use Authenticode to sign the application and its setup package so Windows can verify who made the application and it allows IT adminstrators to create policies for running only trusted applications.

Open source applications (for Windows) usually are not signed because the Authenticode certificates are expensive and the learning curve for signing is quite steap.

I chose Certum to get certificate for my open source applications. The Authenticode certificate from Certum costs only around 28 EUR. If you does not have any compatible smart card which would store the certificate private key, you can buy one from Certum, but this makes the certificate a bit expensive (for hobby purposes) – the smart card costs 80 EUR and shipping is 30 EUR.

Ordering the certificate from Certum was a bit complicated and painful process as their website likes to switch to Polish language out of a sudden. Authenticode certificates must be issued to natural persons (or legal entities) so the process is not automated (as with Let's Encrypt domain validation) and you must provide them your ID card and some utility bills or bank statement to verify you identity.

Out of the box, you can use the certificate to sign applications (EXE, DLL and MSI files) with signtool.exe using the default SHA1 algorithms. You must run the proCertum CardManager application so signtool.exe can communicate with the smart card when signing binaries. Each time you are signing a file, CardManager will ask for a PIN to the certificate.

Sign application

To sign application named VCardSplitter.exe using certificate named Open Source Developer, Jozef Izso, use this command:

signtool.exe sign /n "Open Source Developer, Jozef Izso" VCardSplitter.exe

This will just sign the file. You must also add the timestamp to the signature so the signature will remain valid even after certificate expires.

signtool.exe sign /n "Open Source Developer, Jozef Izso" /fd sha1 /t http://timestamp.verisign.com/scripts/timstamp.dll VCardSplitter.exe

Signing using SHA256 algorithm

Microsoft requires new applications to be signed using SHA256 algorithm. When you configure signtool.exe to use SHA256, you will receive error when signing files. To resolve this issue, open proCertum CardManager, click Options, enable EV Code Signing – replace CSP with minidriver library and click Ok. This will reconfigure the system and the SHA256 algorithms will work correctly. Note: the certificate for open source developers from Certum is not the EV (Extended Validation) certificate. It just hapens the CSP method of signing with smart card is only compatible with the old SHA1 signatures.

With minidriver mode enable, you can sign your binaries like this:

signtool.exe sign /n "Open Source Developer, Jozef Izso" /fd sha256 /tr http://timestamp.comodoca.com VCardSplitter.exe

Signing NuGet packages

NuGet 4.6 enables signing of nuget packages. It requires the signature to be SHA256 so make sure you enabled the minidriver mode. Signing is similar to the signtool.exe process:

nuget.exe sign library.1.0.0.nupkg -CertificateSubjectName "Open Source Developer, Jozef Izso" -Timestamper http://timestamp.comodoca.com

Switching the CSP and minidrive mode in proCertum CardManager

The proCertum CardManager uses special app called cryptoCardRegister.exe to switch between the CSP and minidriver modes of signing. This can be change from the proCertum CardManager user interface:

  1. Open proCertum CardManager application
  2. Click Options button
  3. Enable or disable the EV Code Signing – replace CSP with minidriver library checkbox
  4. Click Ok

If you have troubles with using the UI to change the mode, you can execute cryptoCardRegister.exe directly from command prompt.

To enable CSP mode manually, use administrative prompt to run:

"C:\Program Files (x86)\Certum\proCertum CardManager\cryptoCardRegister.exe" csp

To enable minidriver mode manually, use administrative prompt to run:

"C:\Program Files (x86)\Certum\proCertum CardManager\cryptoCardRegister.exe" md

Conclusion

Digital signatures can ensure your Windows binaries can be verified to come from trusted source. As open source developer, you must invest about 100–150 EUR to get the first certificate. The certificate from Certum will be issued to you as a natural person and it will be named Open Source Developer, <Your Name>. After correctly changing the CardManager configuration, you can sign you Windows applications, libraries, installation packages and also nuget packages. Signing cannot be automated as you must enter the PIN each time you sign a file. This prohibits scenarios like automatic signing of build output on continous integrations services like AppVeyor.

I hope code signing certificates will get more available to open source developers and projects and cloud services could be used to automate signing as part of the build process. This would make the ecosystem of open source libraries for Windows more trusted.

Apple Wireless Keyboard – Slovak

Potreboval som k MacBook Pro bezdrôtovú klávesnicu pre nové prostredie s externým displejom a keďže som potreboval aby na nej boli funkčné tlačidlá pre OS X na výber mi veľa nezostávalo a kúpil som si Apple Wireless Keyboard so slovenským layout. Skvelá výhoa je, že tá klávesnica je úplne rovnako veľká ako tá na MacBook Pro a nemusím si zvykať na nový prstoklad keď mením klávesnice.

Po týždni som si však všimol malý detail, ktorý keď si raz všimnete, tak ho už vidíte stále. Na klávese „6“ chýbal mäkčeň na písmene „ž“. Je to strašne malý detail, ktorý sa dá opraviť fixkou, ale pri cene klávesnice a dôraze aký kladie Apple na detaily, by sa to nemalo stať. Pri reklamácia v iStyle sa vyjadrili, že to je výrobná vada a určite klávesnicu vymenia, avšak všetky čo mali práve na predajni mali rovnakú vadu, takže ju vymenia až keď prídu nové správne kusy.

Windows 8.1 sa nedostane k vývojárom

Microsoft dokončil vývoj Windows 8.1 RTM (release to manufacturing), ale po novom sa k tejto verzii nedostanú vývojári ani IT profesionáli a budú si musieť počkať až na oficiálne dostupnú verziu ktorá bude uvedená na trh 18. októbra, kedy sa Windows 8.1 automaticky nainštaluje ako bezplatný update na Windows 8.

Windows 8.1 vo finálnej verzii RTM dostali k dispozícii iba hardvéroví partneri Microsoftu, aby mohli pripraviť ovládače pre tento systém. Microsoft sa tiež vyjadril, že ešte potrebuje opraviť nejaké problémy v tomto systéme.

Takýto nový prístup sa vôbec nepáči vývojárom, ktorí si platia nemalé čiastky za MSDN Subscription, aby mali prístup k posledným verziám Microsoft sotvéru a mohli odladiť svoje aplikácie. Microsoft má pre nich iba jednu správu – kde sa nachádza dokumentácia k programovaniu Windows Store aplikácií pre Windows 8.1 Preview. Avšak mnohí vývojári majú problém s touto verziou, pretože to je len verejne dostupná beta v ktorej nie všetko funguje správne a neobsahuje celé nové a odladené API vo Windows 8.1 RTM.

Články Readying Windows 8.1 for release a Get your apps ready for the Windows 8.1 launch! momentálne obsahujú až 100 nespokojných negatívnych komentárov k tomuto rozhodnutiu Microsoftu a zatiaľ sa k nim nikto z Microsoftu oficiálne nevyjadril.

Po neúspešnom predstavení Xbox One a veľmi slabej predajnosti tabletov Surface je toto ďalším veľmi zlým rozhodnutím Microsoftu, ktoré ovplyvní vnímanie Windows 8.1 odborníkmi a bude mať za následok nízku kvalitu aplikácií, ktoré nebudú môcť by odladené vývojármi pred sprístupnením Windows 8.1 koncovým zákazníkom.

Steve Ballmer skončí v Microsofte

Steve Ballmer - fotografia (Photo courtesy of The Verge)

Veľmi nečakaná správa takto na piatok – Steve Ballmer oznámil, že do roka skončí na pozícii CEO v Microsofte. Ballmer nedávno zahájil reštrukturalizáciu firmy pod označením „One Microsoft“, ktorá si kladie za cieľ zjednodiť mnohé divízie a produkty ktoré Microsoft vytvára.

Tom Warren v rozhovore s J.D. Bohnom sa vyjadril, že Microsoft pod Ballmerovým vedením bol síce ziskový, ale strácal príliš veľa na nových trhoch so smartfónmi a tabletmi. V súčastnosti Microsoft čelil veľkej kritike nové používateľského rozhrania vo Windows 8, slabej predajnosti ich tabletov Surface a konzola Xbox One po veľmi výraznej kritike upustila od mnohých nových nepopulárnych vlastnostiach ako požiadavka aby Xbox One bol stále pripojený na Internet, či aby senzor Kinect musel byť stále pripojený ku konzole.

Microsoft TechDays 2013

Druhý ročník konferencie Microsoft TechDays 2013 predstavil vývojárom a IT profesionálom Windows 8, Windows Server 2012 a nové skvelé veci vo Windows Azure. Tento event je obrovský a rozdelený až na štyri hlavné bloky. Ako zvyčajne som si zvolil vývojársky blok a i keď sa veľa vecí o Windows 8 opakovalo z minulého ročníka, tak vďaka prednáškam o Windows Azure Mobile Services od Mira Kubovčíka a potom krátke predstavenie ASP.NET MVC pre začiatočníkov som si odniesol odtiaľ nové poznatky.

Súčasťou TechDays sú aj partneri a tento raz bol skvelo vymyslený systém získavania pečiatok od partnerských firiem za účasť v mini súťažiach a kto získal 8 pečiatok, mohol sa zúčastniť na konci TechDays súťaže o malé ceny.

Fakt že zlé na TechDays bol úvodný keynote. Nový šéf Microsoftu na Slovensku bol súčasťou nepodarenej skeče s web konferenciou v nízkej kvalite a divných predstavením Windows 8 rozhrania namiesto tradičných Windows 7 okien. Celkové ohlasy z publika okolo mňa boli veľmi zlé. Ďalšie keynotes od partnerov boli tiež totálna nuda a iba obchodné kecy, čo samozrejme najskôr nikoho nezaujímalo. Po tomto nešťastnom začiatku sa však začal dobrý technický program pre odborníkov a myslím, že každý si mohol dojsť na svoje v Microsoft technológiách počas dňa.

Trom mojim kolegom sa podarilo v zlosovaní na konci dňa vyhrať, čo bol celkom úspech.

Dnes sa konali kempy, ktoré išli viacej do hĺbky o jednotlivých technológiách. Na Windows 8 kempe sme prebrali znovu základy rozhrania Windows 8, programovanie Windows Store aplikácií v C# a HTML/JS, základné info o WinRT API a nakoniec čo to obnáša vypublikovať aplikáciu do Windows Store.

Technologické prednášky v Microsofte boli vždy skvelé a tieto kempy neboli výnimkou. Do budúceho roka určite odporúčam sa zúčasniť TechDays, keď chcete vedieť, čo Microsoft zamýšľa do budúcnosti so svojimi technológiami.