Mono at the PDC 2008

by Miguel de Icaza

Great News Mono Lovers!

Later this month I will be presenting the session "Mono and .NET" at the Microsoft Professional Developers Conference in LA.

Exciting times!

Update: My talk will cover new technologies that we have created as part of Mono. Some of them are reusable on .NET (we try to make our code cross platform) and some other are features that specific to Mono's implementation of the CLI.

Posted on 01 Oct 2008

Microsoft to incorporate jQuery into Visual Studio

by Miguel de Icaza

This weekend the news came out that Microsoft was going to bundle and support John Resig's jQuery as part of Visual Studio and ASP.NET. From Scott's blog:

I'm excited today to announce that Microsoft will be shipping jQuery with Visual Studio going forward. We will distribute the jQuery JavaScript library as-is, and will not be forking or changing the source from the main jQuery branch. The files will continue to use and ship under the existing jQuery MIT license.

Beyond the obvious benefits to developers, what interests me is that Microsoft is now bundling an open source component into their commercial offerings.

This is a first time for Microsoft.

With IronPython they continued development of an open source project in house. With IronRuby, they were open to external contributions to the libraries of IronRuby. In both cases they were not taking external code or contributions directly into their core products.

Hopefully they will start using more open source code in their products. Maybe one day they will bundle Mono's Cecil or Mono's embeddable C# compiler.

Posted on 01 Oct 2008

Monovation: Assembly Injection into Live Processes

by Miguel de Icaza

People are loving the C# Interactive Shell.

In the past people have embedded languages like Boo into their applications (MonoDevelop and Banshee for example both have options to embed Boo and a shell).

Zoltan designed a new system for Mono that allows developers to inject and execute code into running Mono applications. Paolo provided significant feedback and design guidelines for the code to be incorporated into Mono.

Thanks to both Zoltan and Paolo this functionality is now available through the Mono.Management assembly: you provide an executable and a PID, and the executable is injected and its Main method executed on the target process:

	using Mono.Attach;


	// Get a handle to a running Mono process.
	VirtualMachine vm = new VirtualMachine (pid);

	// Load hello.exe into the target process, and run it
	vm.Attach ("/tmp/hello.exe", "");

You can use this for billions of things of course. You could patch running programs, you could attach logging software to a running program, or you could inject a C# evaluator into a live application and examine its state, or tweak it live.

Zoltan came up with a really cool extension to the the csharp command (this is the command-line C# Interactive Shell). The csharp command now takes an --attach command line argument and a PID.

The csharp shell can now use the Mono.Attach.VirtualMachine to injects itself into the remote process and then the client and server communicate through a couple of sockets.

For example, this is the sample that Zoltan used to pitch his idea for supporting attaching to the virtual machine. With the following you can pause a live Banshee process:

$ ps aux | grep banshee
miguel   12359 17.0  2.7 141372 55708 pts/5    Sl+  14:30   0:02 banshee-1 /usr/lib64/banshee-1/Nereid.exe
$ csharp --attach 12359
csharp> using Banshee.ServiceStack;
csharp> using Banshee.Gui;
csharp> var s = ServiceManager.Get ();
csharp> s.PlaybackActions ["PlayPauseAction"].Activate ();

All of the code is now on SVN, you need both the mono and mcs modules from trunk.

A GUI Shell

The above commands are a tiny bit risky and are also limited to the shell.

The above commands will execute on a separate thread from the application, and any commands that you execute would be executed on a separate thread which could corrupt the state of your application.

So this weekend, I wrote a tool that integrates with Gtk# applications, its called gsharp and you can find it in the mono-tools module (it borrows some code from Banshee).

gsharp is a Gtk# version of the csharp command. What is important is that it also supports injection of the code on other programs, but makes sure that all the code executes in the Gtk# thread, by issuing all of its commands from the Gtk# idle handler. This means that it is safe to use gsharp with your Gtk# applications.

GUI version of the tool.

Here you can select which project you want to inject the GUI into:

Needs some work, show process names.

This version shows the gsharp tool attached to F-Spot, as I am not very familiar with the codebase, I can not do very much with it:

We will need to implement one of these as well for Windows.Forms applications. This should luckily be easy to do as most of the smarts live in the Mono.CSharp assembly (our embeddable compiler).

Security of Agents

A couple of weeks ago, I asked for people to weigh in on a security concern for temporary files. This was for Zoltan's attach functionality.

The code is now implemented and I would love if security experts could do a source code audit of our implementation. And validate whether our assumptions are safe.

Here is the source code.

Posted on 29 Sep 2008

Public Service Announcement

by Miguel de Icaza

In C# the defaut access level for members in classes and structs is "private".

There is no need to pepper the source code with "private" everywhere. It only introduces noise and makes your code more difficult to read.

Posted on 28 Sep 2008

Love World Domination!

by Miguel de Icaza

Chris Anderson is wearing a Mono T-Shirt on this PDC interview and is hosted on DekiWiki, a Mono-powered Wiki site.

This is clearly awesome.

In other news, the awesome hackers at Imendio have officially released Gtk+ for OSX packages.

Posted on 24 Sep 2008


by Miguel de Icaza

Funkists, why does System.IO.Stream not have a CopyStream method, it seems like everyone ends up implementing this.


Posted on 24 Sep 2008


by Miguel de Icaza

Kudos to Ben and the rest of the Captcha team.

Today I downloaded the binaries for reCaptcha.NET for a web page that I was setting up and it worked out of the box. No recompiles necessary:

  • Drop the Recaptcha.dll in the bin directory of the ASP.NET app.
  • Get your public/private key.
  • Insert this in your page:
  • Hit refresh. Ta da!

Posted on 17 Sep 2008

Encrypted File Systems

by Miguel de Icaza

I just found out about encfs, a user-space encrypted file system that runs on top of FUSE.

To use it, just type:

	$ encfs ~/.encryptedstorage ~/secure

And follow the directions. You then will have a ~/secure directory where you can stash all the material that you would not want to become public if you were to lose your laptop.

But it gets better than this. You can use sshfs to store files on a remote server, and then use the sshfs-backed file system as your encrypted storage, you can then keep your files stashed on a remote server, completely encrypted.

Posted on 16 Sep 2008

Mono team, hiring again

by Miguel de Icaza

Hey folks, it is that time of the year when we are looking to hire some developers to work on Mono.

We are looking for people with experience in Linux, with experience building software from source code and good C# or Java skills. Experience with ASP.NET and ADO.NET is a plus.

The positions this time are only available in Boston, if you are interested, send me an email.

Update: we have filled this position.

Posted on 15 Sep 2008

Securing a Unix Domain Socket: Looking for Help

by Miguel de Icaza

There is a cool hack that we want to introduce in Mono that would allow a remote process to debug a examine data in a running Mono instance. The hack uses the embeddable compiler.

The proposed extension to Mono would use a socket on /tmp/mono-USER/.mono-PID created by the Mono process and set the permissions to read/write for the owner and nothing for the group or other users.

What can go wrong security-wise with the above setup? What should we check that is not immediately obvious?

So far:

  • Create directory with 0600 permissions, bail if mkdir returns anything but 0.
  • Create socket in directory; It should be safe at this point, and change the permissions of the socket (is this really needed?).

Posted on 15 Sep 2008

« Newer entries | Older entries »