Sometimes in an environment you get one of those pesky error messages that only shows up occasionally. Recently for me, it’s been the System.OutofMemory exception. The error was being thrown by an IIS Website the server was hosting. My troubleshooting was specific to an IIS Application pool, but hopefully this post will give you some food for thought if you’re experiencing a similar situation.
The first thing was to do the obvious and check to make sure we weren’t actually out of memory. These days there are about 1000 different warning signs letting you know the server is close to being out of memory. Not to mention you’ll probably see performance issues across the board as opposed to a single application. So if you’ve got enough memory, why would you get an OutOfMemory exception?
Well first, let’s back up a bit and talk about the virtual memory manager of Windows. If you’ve never done any programming or operating system work, you may not know this. All processes are given their own virtual address space. What this means is that the executing process is ignorant to the actual memory available to the system. As far as the process is concerned, it has a whopping 4 gigabytes of memory. The upper 2 gigabytes of the stack are “reserved” by the operating system, while the lower 2 gigabytes are used by the process. These values can change based on boot switches, 64bit Windows or other settings, but we’ll use these numbers for our example.
The process is a bit ignorant to things like paging. The process simply requests memory and treats it as if all memory is physical ram, leaving those cumbersome paging and mapping details to the operating system. The other important thing to remember is that memory is allocated in contiguous chunks. That means if your program is requesting 5 megabytes of memory, not only must there be 5 megabytes of memory available, but there must be 5 megabytes of adjacent memory locations available. So even if you’ve got 1 gigabyte of memory available, if it’s totally fragmented into small chunks, you may not have enough contiguous memory available, which in turn will cause the System.OutofMemory exception.
How do you defragment a process’s virtual memory map? I’m not sure that you do. If you restart the process, a new map is created, but this isn’t always feasible. In reality, most of your applications won’t have this problem, but long running processes, for example IIS, might run into this situation. If you dump all your websites into your DefaultApp pool, it’s quite possible that all those applications are fragmenting the address space to the point where you can’t load large DLLs, such as the AjaxControlToolkit.dll file. (The culprit in my exercise)
Sometimes it’s difficult to get an idea of what the process virtual map looks like. I’ve discovered a helpful tool called Address Space Monitor. The application will let you know the largest amount of contiguous memory available to your process along with some other helpful bits of information.
I combined this, with another helpful tool called Procmon. With Procmon you can monitor all types of activities, including attempted file loads into memory. I simply ran Procmon with a filter for dll files that were being loaded by the process I was having trouble with to get an idea of what was going on when the OutofMemroy exception was being thrown. After seeing a 5.6 megabyte file being loaded by a process with 2 megabytes of contiguous address space available, it was pretty clear what my problem was.
This write-up is somewhat specific to my problem, but I hope it at least has given you some food for thought for troubleshooting your own issue.
I’ve been working on a web site using C# and the Microsoft MVC framework. So far I’m liking what I’m seeing, but I’m still digging into some of the actual implementation details. There are some things that happen with MVC that look like standard stuff you’ve seen before, but actually behave quite differently.
One of the hurdles I (and several other people) was facing was that I had a controller action, with a parameter, but the parameter was being passed into the controller with a value of NULL. Phil Haack put together a nice Routing Debugger utility to see how your routes were being interpreted by the MVC Framework. Everything looked good, I could see that the ID value was being properly populated, but my Controller action parameter still had a null value.
After doing some research I discovered that even though your Controller Action looks like a regular method signature, the way parameters are passed is actually quite different. The parameters are actually key/value pairs that exist in the HTTPRequest Object. If you’ve defined the following controller method signature
public ActionResult SaveADDomain(string Name, string Desc, string Id)
The MVC Framework will look for keys named “Name”, “Desc” and “Id” and populate the corresponding variables with the key’s value. If the key doesn’t exist, null is instead populated in the variable. I believe the collection for the key/value pairs is stored in the HTTPRequest Params property, but don’t quote me on that just yet. So how do we define these key value pairs? In the Global.asax file of course!
The Global.asax file is where the Routes for your application are registered. The default file should look something like the following:
public static void RegisterRoutes(RouteCollection routes)
{
routes.IgnoreRoute("{resource}.axd/{*pathInfo}");
routes.MapRoute(
"Default", // Route name
"{controller}/{action}/{id}", // URL with parameters
new { controller = "Home", action = "Index", id = UrlParameter.Optional } // Parameter defaults
);
}
You’ll notice in the routes.MapRoute call, there is a URL path definition of {controller}/{action}/{id}. The {id} is the beginning of the parameters calls. So if you wanted to also have a parameter like “sortorder” or something like that, you could modify the route pattern to look like {controller}/{action}/{id}/{sortorder}. Or you could use it to rename the {id} to something else.
As most of you know, FTP is the devil in terms of security. It sends clear text passwords over the wire, with most users being actual system users as well. It’s telnet’s equally evil little brother. In the *nix world, it’s not that big of a deal, because you have free tools that come shipped with the OS. But in the Windows world (at least in pre 2003) there is no secure solution out of the box. With budget crunches being what they are, most managers aren’t willing to switch to an SFTP solution which can run $1000+ per license.
For one of our smaller FTP implementations I decided to try and get Cygwin running on Windows, with an OpenSSH implementation. It’s not the greatest, but it is free, cheap and will execute as a service as opposed to some big control panel that needs a user logged in. (A common symptom of free Windows SFTP solutions) I also wanted to make sure that a user couldn’t get an interactive shell once they logged in, essentially giving them access to the entire machine.
Cygwin Installation
The first thing I had to do was go through the Cygwin installation. When you go through the setup, there will be an additional section that asks you for additional packages to install. Be sure that you install the OpenSSH packages, as those will provide your SSH and SFTP server binaries.
Once Cygwin is installed, we’ll need to add a new user to the system to handle the SSHD process. We don’t want to execute this as Local System, due to some security issues and hurdles. First we’ll create the user account. Drop to a command line (I’m a command line guy) and execute
net user sshd password /add /fullname:”Cygwin SSH Daemon”
Replaced “sshd” with whatever username you want to use and “password” with whatever password you want. You probably also want to make sure the password doesn’t expire, but I’ll let you make that call. Next you’ll need to add this user to the Administrators group. I still haven’t been able to find out the other security needs, but I know that my implementation didn’t work until I added the user to the Admin group. You shouldn’t worry though, we’ll be taking other precautions to ensure that the user is sufficiently limited.
net localgroup Administrator sshd /add
Next we’ll need to assign the SSHD account some appropriate rights, as well as take away some rights. I’m using the ntrights command which can be found in the Windows 2003 Resource Kit.
You’ll notice that we’ve chosen to deny the user interactive logon capabilities, meaning he is just a service account at this point.
Now we’ll want to setup one of the System Variables. Right click on My Computer and go to Properties. Click the “Advanced” Tab and then click “Environment Variables” on the bottom pane.
In the section marked “System Variables” click New and add a variable named “CYGWIN” and give it a value of “ntsec tty”. Click OK, and then OK again to save your changes.
Now you’ll want to launch your Cygwin shell and run the SSH configuration script.
ssh-host-config
You’ll want to answer Yes to all questions except the question “This script plans to use cyg_server, Do you want to use a different name?” You should enter the name of the user account we created earlier. (In our exampled it was “sshd”)
Next you’ll need to run
cyglsa-config
Warning: This will require a reboot!! This command enables Cygwin to use the Local Security Authority to help authenticate users. Once the command is complete, be sure to reboot your system. If your service fails to start after the reboot check the services failure section.
Next we need to create the group and passwd file. These files are necessary for Cygwin users to authenticate. They are the Unix counterpart to the SAM database.
You should be able to now accept incoming SSH connections. Make sure that all necessary firewall ports are open. Using Putty or your other favorite SSH client, connect to your machines IP with a username and password. Be sure that you’ve setup another user besides the SSHD user.
Preventing a User from Logging In
If you want to prevent a user from completely logging in, you can modify the /etc/passwd file in Cygwin. Chances are you don’t have VI installed, so your best bet is to browse to your Cygwin installation directory in explorer and open the passwd file in the etc folder. The very last portion of each line represents what shell should be launched for the user. The default is “/bin/bash”. If there’s a user you don’t want accessing the system, change that to “/bin/false”. Voila. The user can’t login via SFTP or SSH. However, you will have to change this every time you regenerate the password file. (Which is why this solution is only good for small implementations)
Only allowing SFTP for a User
Edit the /etc/passwd file on the system by browsing to it either in explorer or by launching VI in a Cywin window. Change the default shell for the user (the last portion of the user line) from “/bin/bash” to “/usr/sbin/sftp-server”. This will make SFTP the users default shell.
Setting up a CHROOT for a User
There is no true CHROOT concept in Cygwin, because it is implemented using Windows DLLs. If you need to do CHROOT, I’ve heard that scponly is a solution that works and can be compiled in Cygwin. I’ll be trying this soon, so details will follow.
Closing Remarks
Let’s be clear. Cygwin is not the ideal SFTP solution for Windows. Sometimes however, circumstances will warrant its use. The above solution without the CHROOT has one major flaw. The user has complete access to the disk. While they can’t necessarily execute code directly, there are things they could do to make life bad for you. You need to be diligent in your security setup if you intend to do this. Hopefully my CHROOT experience will go well and I can share the details with you at another time.
I’m a relative newcomer to Python, but drew interest in it when looking for a framework to develop a project I’ve been working on. I was introduced to DJango and liked the possibilities, but figured I should do a bit more with Python before diving in. So I started working on a Python script at the office to help me parse some JMeter log results. I’m trying to gather some statistical data on when errors occur during a load test and the JMeter reports don’t seem to have quite what I’m looking for.
The first problem I ran into was that there are multiple threads executing the load test. As a result, the log file is not organized in a linear fashion. I’ve put all of the data elements of the test into objects, but now I need to sort the list based on the TimeStamp property of each object. Not to mention the list is roughly 500,000 elements long, so I need it to be somewhat efficient. (Although performance isn’t a HUGE deal in this project) I opted to go with a min-heap data structure.
After doing some digging I came across the heapq library in Python. The problem was that there was no mechanism for sorting based on the property of an object. It basically would take a list of values and sort them. I really wasn’t in the mood to write my own library for this project, but I figured it was worth spending some time with the problem because it would most certainly come up again in my days with Python.
Ultimately I discovered that the heapq library would also accept a tuple as a parameter, sorting based on the first element in the tuple. So the problem came down to something as simple as:
Now when I iterate though my list, I’ll be returned a tuple. I just need to grab the second element out of the tuple for my actual object and do my worse with it. It was pretty simple.
There was another option however. We could overload the comparison operators on our objects.
__eq__
__ne__
__ge__
__gt__
__le__
__lt__
By overloading these comparison operators, I can define how the comparison would take place.
Now I’ll need to do this for all of the comparison operators, but once I’m done I’m golden. Some people suggested doing this using the Decorator Pattern but for my needs that might be overkill. My data set won’t be that dynamic and I know my needs at compile time. (Or design time as it were)
Also there was some chatter out there about using overloading __cmp__ , which would work, but is deprecated as of Python 3.0. Python 3.0 isn’t in wide use yet and future proofing in this case is easy enough. But if you’re really lazy and don’t have a need for 3.0 compatibility, there’s that route too.
I was at my monthly Chicago Comic Book Meetup and we started an interesting conversation about dysfunctional families in comics. The discussion finally made its way to the relationship between Alfred and Bruce Wayne. While their relationship obviously goes beyond master and butler, there still exists a certain rigidness about it. Alfred still refers to him as Master Bruce or Master Wayne. Someone at the meetup made the comment that despite the closeness of their relationship, Alfred would always adhere to his position in society in relation to Bruce Wayne.
But hasn’t their relationship become more like family? (Even though it’s not reflected in their addresses to one another.) So the idea of Alfred getting a weekly pay check from the Wayne Foundation for his service as a butler just seems odd to me. I’m sure it has never come up in conversations at DC, but I can’t imagine Alfred getting a regular direct deposit pay check. Sure he’s compensated, but I would imagine that just about anything and everything he does, goes on the black Visa card. Can you imagine Alfred “saving up” for a new flat screen television. I’m not sure what butlers make, but my guess is that it’s not baller status. But at the same time, I couldn’t imagine Bruce letting Alfred want for anything.
Here’s another angle. If Alfred gets paid like any other commoner, what happens if Bruce goes broke? Does Alfred move out and get another job? Does he work a register during the day and help Batman solve crimes at night? I think not. They’d be broke, in squalor together, trying to figure a way out of things. I’ve had some terrific bosses, but I’d never stick around for no pay if our relationship hadn’t somehow transcended employer/employee.
Here are a few things that regular employees would have to go through, that I can’t imagine Alfred ever dealing with.
Pitching into his 401k plan
Going through a performance appraisal
Filing an expense report
Getting a Purchase Order approved
Choosing between an HMO and a PPO
Missing the family reunion because gas rates are so high
The list is silly, but at the same time incredibly serious. When Alfred starts to collect a paycheck, it brings into focus the everyday problems that must come along with that. It also makes us separate what Alfred has and what Bruce Wayne has, which for years has been one in the same to me.
Do you think Alfred Pennyworth collects a pay check? Why or why not?
It’s rare that a game makes me downright emotional. The game will have a hard time living up to this trailer, but I already want to kick some zombie ass! For Jasmine!!!! Or whatever the girl’s name is….
The comic book world was shocked and dismayed yesterday when the news broke that Wizard Magazine would be closing up immediately. The reaction was typical to our nerd community. Comic book lovers and science fiction fans tend to live in the land of nostalgia rather than the harsh reality of an ever changing world. I too was extremely disappointed at the news. I even went home to go through my old Wizard magazines so that I could silently reflect on this tragic loss. Then it occurred to me that I haven’t bought a Wizard Magazine in over 2 years. When I did actually subscribe, it was only to get a 10% discount on a purchase I made at Best Buy.
Nerds have a hard time accepting change. So often the value of a good or service is tied to our memories and experiences with it, rather than the practicalities and place that it holds in the coming age. In comic book land, the situation is even worse. We hold our experiences as sacrosanct, feeling that the way were exposed to the medium is the best way to remain relevant. But that approach did not fair well for the music industry, the movie industry or the newspaper industry and it won’t hold well for the comic book industry either.
The closing of the magazine shows me that the comic book industry is growing up and is capable of making tough decisions for the viability of the business, not just to appease basement dwelling fanboys. To make a decision like this is probably more difficult in comics, where the business operators are also die-hard fans of the medium. The management team has also decided to take Wizard World Inc public, a move that should provide additional funding for the ever popular Comic Con. These conventions have become a staple not just in the comic book industry, but the entertainment scene as a whole. A digital magazine is also in the works, although I question the quality of the magazine considering they laid off most of the magazine’s writing staff. (Maybe they only ditched the chum)
It’s true, a piece of comic book history has died. But this industry will thrive or dwindle based on its efficiency in the new digital age. The actual print version of comic books also has its days numbered. But do you love the medium or do you love your memories of it? Did music suddenly change because we went from vinyl to cd’s to MP3s? The acquisition is different, but the core of the experience is the same. The communities are different, but rest assured new communities have emerged. As nerds we need to divorce ourselves from the romanticized images of the past. Today is here and it’s a lot different than yesterday.
It has been quite sometime since I’ve made a blog post. Between school, work, love and life I haven’t had much free time. But alas, I’m mostly caught up on school and it’s 8:30am so I figured, “what the hell”. One of the things I’ve been doing in the free moments I have, is attempting to figure out this home theater PC solution. I wrestled with choices between the D-Link Boxee box, the Logitech Revue, which is basically a set-top device for Google TV. I also threw in the new Apple TV and a just a regular old PC. The basic idea was to have a single solution that would serve up all my content either from my network drives, or streaming from the Internet.
There was some controversy around TV networks blocking content from GoogleTV, which really made me nervous. You could buy a device for a specific purpose and then suddenly, content is blocked and there is NOTHING the manufacturer of your device can do about it. So with that in mind, I decided to get just a regular old PC. It’s not the clean unified UI I was looking for, but it assures that if specific applications are blocked, I can always just fire up a browser and view on the web. I installed Boxee on my Zotac PC and for the most part I’m very pleased.
A friend and I decided to watch Paranormal Activity. We’d both shown interest in seeing the second film, but had never seen the first. Low and behold, it was available on Netflix streaming. I fire up Boxee and we start viewing it in a matter of minutes. The quality of the stream was decent, but it’s all footage from a hand held camera, so I wasn’t really going to judge the quality of the stream considering the original source. What I will judge however, is buffering. Lots and lots of buffering. For those that don’t know, buffering occurs when Netflix detects a change in your Internet speed and begins to take steps to either A) alter the quality of your video so your bandwidth can handle it or B) allow for you to prefetch enough of the movie so that you can view it from the buffers, while it continues to download. The screen completely takes you out of the movie while this occurs.
There are a number of reasons buffering could happen. It might be your Internet connection. It might be traffic on your local network. It might be traffic in your particular region, impacting where the stream is sourced from. The list goes on. Neil Hunt offers a pretty open letter about the potential issues that can occur on the Netflix blog. I know everyone is itching to say “I stream content all the time without a problem.” Yes, I do as well most of the time. But this was the first time I had ever watched a full length film on Netflix streaming and the experience ruined the movie.
Watching a film is an experience. Watching a film for the very first time, is a once in a lifetime experience. Film is an art, a lot of energy goes into everything you see. The pacing of the film, the scene structure, the emotions that it puts you through. The artist is trying to invoke a feeling in you, part of which is built upon slowly. It’s about having you in that moment. This is why I prefer the theater experience over watching at home. There’s no pause button, no phone calls to interrupt you. You’re in the moment the way the artist intended you to be. I know I’m probably the odd-ball here. People love the convenience of being able to drag a 2 hour movie into a 3 day affair and I appreciate and respect that. But I prefer the experience. So you can imagine how much it absolutely kills me when I’m deep in the moment, waiting for the big scare and then I get the Netflix buffering screen. (Which in itself is also scary) It frustrates me to no end.
It’s for this reason that optical media will still be around for quite sometime. Don’t listen to those podcasters who live in a bubble, proclaiming the death of optical media. (They’re still waiting for Linux to rule the desktop too) The DVD/Blu-ray experience is still far superior to me. There is no denying the convenience of instant streaming, but when I watch Avatar, I want no buffering. I want Dolby Digital 5.1 surround sound blaring. When the movie is over, I may want to re-watch a specific scene, fast forwarding and rewinding at will. The optical media offers something that just isn’t produced (reliably) in the streaming market yet. I don’t know if I can ever trust my virgin experience with a film to streaming media again. I’ll check back in a few years when (hopefully) our Internet Infrastructure is a little more sound, but I cannot risk that once in a lifetime opportunity. TV shows are a different animal, because I don’t have the same level of investment or commitment. Movies I’ve seen already are also fair game. The Princess Bride can buffer all it wants, I know all the lines and can keep the story going while I wait.
I know a lot of this seems extreme to you, but what can I say? I respect the art and the artist’s intention. Of course I’m guilty of the same thing in other areas. I order my steaks well done. It drives my wife crazy. “How can you destroy what the chef is trying to present to you?”
I was at my monthly 
