iPhone 4: Siri Security Fail

 iPhone Related, Security  2 Responses »
Feb 052012
 

This weekend I discovered a pretty massive security fail on the iPhone 4S.  As you might know, you can set a security pin code to prevent unauthorized use of an iPhone handset.

You might also be aware of the new Siri feature built into the iPhone 4S.  Assuming you have Siri enabled, then out of the box the following is possible (as of time of writing):

You can hold the home button to activate Siri – whether the handset is locked or not.  Once activated, you can direct Siri to perform specific actions – for example, making a phone call!

I’ve tested the following scenarios/commands -

  • “Call Paul” (assuming you have a person named ‘Paul’ in your contacts)
    • Will list matching entries in the Contact List
    • Will dial a selected contact
    • I assume this will worj with any contact
  • “Call <a number>”
    • e.g. “Call 12345”

Interestingly, if you issue the command “Unlock the Phone”, Siri responds with “I’m sorry, I can’t do that”.

So, there’s a pretty blatant hole in the iPhone security model – not only can you dial arbitrary phone numbers with Siri’s help, you can also expose contacts in the contact’s list.

It also appears that Siri will conduct web searches (e.g. “What is the capital of Columbia?”) while the handset is locked – using up your data plan.

Now, how about some bonus security flaws?  You can also send messages via Siri.  The command “Send a message to Paul” will take you through steps to select a contact, select a number and then will record a message and allow you to send – all while the handset is locked.

Cupertino says: Oops.

Update

As a few people have communicated (many thanks), it is possible to disable Siri while the handset is locked (as opposed to disabling Siri altogether).  This is not the default configuration (unfortunately!) which means (IMHO) this is still a fairly significant flaw.  To disable Siri when the phone is locked, go to:

Settings -> General -> Passcode Lock -> Siri.  Set ON -> OFF.

Again, note this will disable Siri when the phone is locked rather than switching Siri off altogether.

Note: I’m not the first to discover this, here’s more reading on the topic:

Further Reading

http://tech2.in.com/news/smartphones/siri-makes-phone-calls-even-if-phone-is-locked/250662
http://mashable.com/2011/10/19/siri-lets-you-make-calls-on-passcode-locked-iphone-4s/
http://www.techradar.com/news/computing/apple/siri-security-flaw-uncovered-1035270

Just-In-Time Credit

Tip o’ the hat to my co-contributor, Paul Doessel, for the initial discovery and further testing

 Posted by Rob at 6:49 pm  Tagged with: iPhone 4, Security Fail, Siri

Anatomy of a Phishing Scam

 Security, Tech Meme  No Responses »
Jan 222012
 

Today I received an e-mail which made it past Google’s Junk E-mail protection.  It was sent from “Gmail Team” and titled “Google Verification”.  As I’ve had to do site verifications for Analytics and Webmaster tools, I took a look at the e-mail.

Within half a microsecond, I decided to compose this quick “Tech Meme”, breaking down all the tell tale signs of a Phishing attempt.  As far as they go, this one was pretty poor – but could still trip up some unfortunate folks.

Firstly, what is Phishing?

According to Wikipedia:

Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.

Does my e-mail constitute a Phishing attempt?  Check it out and see what you think.  Here’s the complete message:

image

So let’s break it down:

1. The “From“ Address

Although this e-mail was sent from a “@gmail.com” address (although most official Google E-mail is sent from @google.com), clearly the folks at Google would have a better reply-to email address than “customerservice.verifyinfor”

2. No Branding/Google “look and feel”. 

Although some authentic e-mails from Google are sent in a basic format, even they carry some kind of corporate signature, like the following:

“© 2011 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043”

Microsoft usually applies style sheets to their emails, most of the major banks do too.  If you receive an e-mail which doesn’t look or feel right (fonts, colours, lack of legalese in the footer), chances are it’s not an authentic e-mail.

3. Nature of the request

There’s just no way that Google (or any other large company) will ever expect end users to fill out details in text like this.  In fact, no big company or financial should ever contact their customers this way and request private information.

Even if they did, it would be horrible to import into their systems, and it would be very hard to validate the input text.

4. Grammar and spelling mistakes. 

Even in this age of decaying English, most big companies tend to proof read their e-mail text.  This email isn’t too bad for a phishing scam, but you likely won’t find these kind of mistakes in legitimate e-mails.image

Lastly, if you read this e-mail and thought “isn’t this information already located at accounts.google.com?” you’d be correct. 

Why would a company re-request this information?  You’ve already supplied your account and password when you logged into your account, your year of birth doesn’t change, and your name wouldn’t change that often either.

There’s a good chance you don’t remember the year you registered (and shouldn’t they be able to look it up?) and place of residency isn’t required.

Finally..

If you get an e-mail like this one from a bank, Microsoft, Apple or Google (or others like them) apply some simple logic before hitting reply.  As always please be careful with your personal information.

Your details should be as protected as your PIN number or bank account details.  Don’t give the information away freely.

R

 Posted by Rob at 8:10 am  Tagged with: Fake Email, Information, Phising

Deploying BizTalk 2010 Assembly Dependencies

 BizTalk Server, Infrastructure, Tips and Tricks  No Responses »
Jan 062012
 

Introduction

From time to time, it is natural for us to deploy BizTalk solutions with Assembly dependencies.  Usually this is because we have created helper classes (for mapping, or querying) or perhaps it reuses some common logic shared between application suites.

Whatever the reason, it can be very handy to pick up all assemblies when we export the BizTalk Application from BizTalk Administration, when we use the Export MSI feature/wizard.

The Problem

The one drawback is that, since BizTalk requires assemblies to be GAC’d (that is, strong named and added to the Global Assembly Cache), it’s hard for a tool, like the export to MSI wizard, to know what are custom assemblies which the BizTalk assemblies rely on (that aren’t system or framework assemblies).

In other words, you need a way to call out the dependencies, so that the export wizard will package the entire application.  The alternative would be that you would have to ensure any custom dependencies are already deployed to your (new) target environment.

The Solution

As you might be aware, you can view a BizTalk application’s resources (assemblies) from within BizTalk Administrator.  What you may not know is that you can add “Resources” to this location.  In particular, you can add (or call out) dependency assemblies.

Just right click in the Resources view, and select Add->Resources..

image

A dialog pops up and allows you to browse for the required assemblie(s).  You have some options here, you can force the assemblies to overwrite, you can select if and when the chosen assemblie(s) are GAC’d (registered with the GAC), registered as COM components or made visible to COM components.

image

The dependencies tab allows you to quickly see if all the dependencies for a specific assembly are to be found.  This will help you check and ensure your solution has everything it needs.

When you decide to do an “Export to MSI”, you’ll notice that it now includes any dependency resource Assemblies which you have added to your application:

image

If the assembly you are adding has a dependency on another assembly that is not included in the application, the add operation will fail.

Great, but what if I want to automate this procedure as part of an automated deployment?

I’m glad you asked.  Naturally, you can script commands which will accomplish this task for you.  You could easily script this command, to be included in automated builds or deployments.

Note that, as a general rule, it is not advised to automatically register any assemblies in the Global Assembly Cache of a build machine/build server.

Steps to add assemblies from command line:

  1. Open a command prompt as follows: Click Start, click Run, type cmd, and then click OK.

    Note: you may require elevated permissions to accomplish this, you’ll certainly need permissions to administer BizTalk Server as well.     

  2. Type the following command, substituting the appropriate values, as described in the following table.

Command Syntax:

BTSTask AddResource [/ApplicationName:value] /Type:System.BizTalk:BizTalkAssembly [/Overwrite] /Source:value [/Destination:value] [/Options:GacOnAdd|GacOnInstall|GacOnImport] [/Server:value] [/Database:value]

Example:

BTSTask AddResource /ApplicationName:MyApplication
/Type:System.BizTalk:BizTalkAssembly /Overwrite
/Source:"C:\BizTalk Assemblies\MyOrchestration.dll"
/Destination:"C:\New BizTalk Assemblies\
MyOrchestration.dll " /Server:MyDatabaseServer
/Database:BizTalkMgmtDb

The following is a complete list of options lifted from MSDN, but they approximate what you can do via the BizTalk Administrator console.

Parameter Value

/ApplicationName

Name of the BizTalk application to which to add the BizTalk assembly. If the application name is not specified, the default BizTalk application is used. If the name includes spaces, you must enclose it in double quotation marks (").

/Type

System.BizTalk:BizTalkAssembly

/Overwrite

Option to update an existing assembly. If not specified, and an assembly already exists in the application that has the same LUID as the assembly being added, the AddResource operation fails. You can view the LUIDs for the artifacts in an application by using the ListApp Command. If another application depends on the assembly being overwritten, the AddResource operation fails, even when this parameter is specified.

/Source

Full path of the assembly file, including the file name. If the path includes spaces, you must enclose it in double quotation marks (").

/Destination

Full path of the location where the assembly file is to be copied when the application is installed from the .msi file. If not provided, the assembly file is not copied to the local file system during installation. If the path includes spaces, you must enclose it in double quotation marks (").

/Options

  • GacOnAdd: Specify to install the assembly to the global assembly cache (GAC) on the local computer during the AddResource operation.
  • GacOnInstall: Specify to install the assembly to the GAC when the application is installed from the .msi file.
  • GacOnImport: Specify to install the assembly to the GAC when the application .msi file is imported.

You must separate multiple options with a comma.

/Server

Name of the SQL Server instance hosting the BizTalk Management database, in the form ServerName\InstanceName,Port.

Instance name is only required when the instance name is different than the server name. Port is only required when SQL Server uses a port number other than the default (1433).

Examples:
Server=MyServer
Server=MyServer\MySQLServer,1533

If not provided, the name of the SQL Server instance running on the local computer is used.

/Database

Name of the BizTalk Management database. If not specified, the BizTalk Management database running in the local instance of SQL Server is used.

Further Reading

How to Add a BizTalk Assembly to an Application
http://msdn.microsoft.com/en-us/library/aa558703%28BTS.20%29.aspx

More on BizTalk Deployments
http://social.msdn.microsoft.com/Forums/en-US/biztalkgeneral/thread/1e6cd3a9-42d1-42b8-911c-c3f7bdc35145/

 Posted by Rob at 7:45 pm  Tagged with: Assembly Dependencies, BizTalk 2010, Deployment, Lessons Learned

SQL Server 2012 Release Candidate 0

 Database Magic, Pre-Release, Technology  No Responses »
Jan 012012
 

Introduction

In December 2011, Microsoft released an early Release Candidate (RC) of SQL Server 2012 (formerly known as codename Denali).

There are a bunch of new things in SQL Server 2012 – here’s a list of just a few:

To find out more about what is coming in SQL Server 2012 check out the following “What’s New?” page

Downloading SQL Server 2012 RC 0

I’ve found the easiest way to proceed with the RC0 is to obtain a DVD .iso (image) of the whole kit, otherwise, you can download it in component parts to keep your download footprint minimal.

The following location is the “correct” download link: http://www.microsoft.com/download/en/details.aspx?id=28145 or you can just go directly to the beta experience website here: http://www.microsoft.com/betaexperience/pd/SQLDCTP3CTA/enus/

Installing SQL Server 2012 RC 0

SQL Server, in recent years, has had one of the best setup and installation experiences of any Microsoft product on the market.  Well, based on y experience with the 2012 RC 0 release, this is getting a little more complicated.

The next few screenshots will guide you through a fairly straightforward configuration, using the latest release.

Installation Screenshots

1. Execute the installation package
2. In the SQL Server Installation Center, select the Installation option
3. From here, jump right in and click on “..new installation”
4. You’ll get all the prerequisite checks and loading of setup files, just proceed as you would with a prior
    edition of SQL Server
5. Once the main installer kicks in (you passed all the prerequisite checks etc), you’ll get to the intro page
6. Click through to the licensing page – note we’ll keep it on Evaluation:

0-2

7. Next, we’re going to select the first option (feature installation):

0-3

8. In the feature selection page, I’m selecting all features, but you should select just what you’re going to want
    to evaluate:

0-4

9. Skipping ahead through some screens now (they are unchanged from 2008 R2), the Server Configuration page has changed, requires you to individually set service accounts.

Best Practice: Use a different account for each service
Best Practice II: In a domain environment, if you wish to use Kerberos, ensure you use a Domain account for the service identity, and ensure the proper ADSI settings are set

0-5

10. Assign some user accounts as System Admins.  I always assign the local machine admin (in non-Production environments) and a Domain Admin (in a Domain environment) so that we don’t get accidentally locked out.

1-1

11. Same procedure for Analysis Services (if applicable):

1-2

12. Reporting Services has changed a little since 2008 R2, you have a few options for configuring native mode or SharePoint Integrated mode.  The native configuration is handy if you don’t have any exotic configuration requirements:

3

13. The Distributed Registry Controller (optional) is new to 2012.  You can only assign user accounts (not groups).  If you accidentally add a group, it’ll complain – and then (in my experience) crash..

4

13.1. Oops, a soft crash when trying to remove the offending group (best to avoid this situation):

2

14. If you’ve chosen it, the Distributed Replay client needs a Controller name:

5

15. Finally, assuming you’ve accepted most of the defaults, you may arrive at the summary screen:

6

16. When you are happy, you can kick off the install.  It may take a while, if you’ve selected a number of features.  Finally, if all goes to plan, you hopefully will end up with a success:

image

..and it’s probably time for a reboot. 

Post-Install Sanity Check

After the system has restarted, we can check out all the new stuff installed:

image

image

image

Summary

Well, this was a lesson in patience from my perspective.  Whilst nowhere near as challenging of some other products, there are a few new things to consider when installing SQL Server 2012. 

As always, it helps to read the installation guide.  There are a number of new changes this time around, so even if you’ve done plenty of SQL Server 2008 installs, it might pay to do a quick skim of the install material first.

Lastly, as always, it pays to properly plan your infrastructure.  I’m usually installing into sandboxes, so what I’ve presented here is by no means what I’d recommend for a production system.  If you are planning a production system with a pre-release edition, all power to you (brave).

Please always keep these issues in mind when planning your SQL/Infrastructure:

  • Disaster Recovery,
  • Fault Tolerance,
  • Availability and Scale,
  • Persisted Storage requirements,
  • Physical hardware limitations, and,
  • Backup and test your backup strategy!

Further Reading

Tutorials and Samples for SQL Server 2012 RC 0

Microsoft SQL Server Data Tools (SSDT)

 Posted by Rob at 2:20 pm  Tagged with: Guide, Installation, Pre-Release, RC0, SQL Server, SQL Server 2012

Have you met……… BizTalk?

 BizTalk Server, Projects, Technology  No Responses »
Dec 292011
 

Hi Everyone,

Well, it’s nearly the end of the year 2011, and hasn’t it been a doozy?  I don’t know about you, but my year has been haywire, to say the least.  I started the year living in China, moved back to Australia, set up in Sydney and then finished the year in Canberra (the capital of Australia).

With all that going on, you’d think I’d be hard pressed to find time to write anything substantiative.  Of course, you’d be right.  Therefore, I’m aiming to write at least one more article of value before the year is out.  Since the bulk of the work I did this month was BizTalk related, I’m going to write a little bit about some problems I had to solve with BizTalk 2010.

I realise that I had previous written about a few other topics I wanted to cover off.. and I will.. but for now, BizTalk is the most convenient topic, so please bear with me Smile

There’s also quite a lot to look forward to in 2012.  For one thing, we’re expecting the next version of SQL Server (codename Denali) to drop – that should be a biggie – and there are the usual soft spots (WCF, Web Services, IIS) and so on.

Hopefully, you’ll see my BizTalk article before the new year, but in the meantime.. thanks for reading this year and all the best for 2012!

/R

 Posted by Rob at 12:04 pm  Tagged with: BizTalk, BizTalk 2010, Orchestrations, Transforms

An anatomy of hardware failure

 Infrastructure  No Responses »
Dec 042011
 

It’s been a tough week for me from a hardware and infrastructure perspective.

Late Thursday night, I lost one of the two desktop machines I own which still functioned. It had been on its way out for a while in theory, since somehow the CPU fan docking clamps were broken during transit in 2010.

I managed to squeeze about an extra eight months out of it this year when I was really in a tight bind (my main workstation was in storage).

Now, I find myself losing a weekend doing a massive reconfiguration of physical and virtual machines, to replace the loss.

One thing has changed; I blew away 4 260 GB Seagate drives and created a new RAID 0+1 drive. This left me with the decision of whether or not to load the OS onto it or not.

In the end, I rationalised that I might wish to upgrade the 4 disks at a later date to > 260 GB (which, in RAID 0+1, is a volume approaching 500 GB).

So the OS is installed onto a separate disk, but the RAID volume is still a great location for SQL Server database files and so on.

I’ll post some performance (i/o) statistics about read/write later on for comparison purposes. For now, I have a tonne of work to do..

 Posted by Rob at 10:06 am  Tagged with: DSL, Hardware, servers

Apache Hadoop

 Cloud Computing, Infrastructure, Technology  No Responses »
Nov 102011
 

Recently, I decided that I need to begin a new learning exercise.  This time around, I’ve chosen Apache Hadoop, partly because of the weird name, and partly because of how it is defined.  To add clarity, here’s the official definition from the Apache site:

What Is Apache Hadoop?

The Apache Hadoop software library is a framework that allows for the distributed processing of large data sets across clusters of computers using a simple programming model. It is designed to scale up from single servers to thousands of machines, each offering local computation and storage. Rather than rely on hardware to deliver high-avaiability, the library itself is designed to detect and handle failures at the application layer, so delivering a highly-available service on top of a cluster of computers, each of which may be prone to failures.

I’ve actually heard of some of the sub components before (such as Cassandra) and I love the fact that the entire platform is designed for parallelism and distribution.  To get started I decided to choose a couple of the main sub components to focus on – below:

  1. Hadoop Common
  2. Hadoop Distributed File System (HDFS™)
  3. Hadoop MapReduce
  4. Cassandra™

What I’ll do is post a new article each time I’ve spent some time investigating the nuts and bolts of one of the subcomponents.  That way, you can follow my notes and pick up the salient points as I go.

For a full list of the Hadoop platform, check out the Apache site – there’s quite a number of subcomponents that are worth looking at.  I’m a little unsure what the hardware requirements might be if you wanted to play with this locally, but I’m sure you’d be able to throw something onto a cloud infrastructure for some fun time at a low cost.

In the meantime, here are the “getting started” pages for the components I’ve selected:

This really looks quite interesting Smile 

Here’s an architectural diagram of HDFS:

image

I’ve categorized this as ‘Cloud Computing’ but it’s really distributed computing.  Forgive me.  Now I’m really starting to look forward to seeing what this can do..  Check back soon.

Please note:

“Win32 is supported as a development platform. Distributed operation has not been well tested on Win32, so it is not supported as a production platform. “

I’ll setup on Windows Server 2008 or Windows 7, but Production systems are obviously GNU/Linux based.  Later I might dabble at re-installing Gentoo when my new home office is set up in a couple of weeks.

 Posted by Rob at 6:55 am  Tagged with: Something Different

GPS Log

 Cloud Computing, Gadgets and Phones, News  No Responses »
Nov 052011
 

Recently I started to use this nifty application called GPS Log on my brand spanking new Apple iPhone 4S. 

I know what you are thinking: WTF is Rob using an iPhone for? 

Well, after years and years of failed promises from Microsoft to deliver a stable, functioning mobile phone*  I’ve had enough of the unfulfilled promises and the hacky/buggy/ mobile operating system and the can’t-make-a-phone-call handsets in the Windows Mobile range.  I bought an iPhone.  Deal with it (and keep reading).

*ahem*, O-K, iPhone you say?

Right, so I have a new iPhone 4S and it works pretty well I have to admit.  Okay, it’s pretty damn stable and the range of apps is decent.  It takes nice photos, video and so forth, but to be honest – within a few days of using it – I found myself getting bored.

You said something about GPS?

Then, along came an app I could really admire.  GPS Log.  At first it was a bit of a shock to find an application with a lot of functionality.  Most of the stuff people rave about is pretty simplistic – and a lot of it just makes web service calls to websites.. a bit “ho-hum:” (underwhelming).

imageGPS Log is brilliant, because it allows me to create a GPS-based log of places I’ve been, allows me to tag locations and to associate photos with the places I’ve “spiked”.

You can add repeat visits (if it is a place you’ve visited regularly) and you can share your “spikes” with your friends (or the public).  It’s also exceptionally handy to “spike” locations you’d like to return to one day.

There are many options on ways to share your locations via existing services like Facebook and Twitter, plus you can “synch” your data with the GPSLog server so that you can access the data from other locations on other devices (say, a web browser). 

It also means you can restore your data if you lose your handset or worse!  You can associate multiple photos with a “spike”, which can be helpful if you want to shoot a picture of the front of a shop or restaurant, or take pictures of food you’ve been served (for reference purposes!).

Anyhow, it’s early days, but so far it’s really helped sell the iPhone to me.  I highly recommend it for iPhone or Android mobile phone users.  Once you start getting into the habit of spiking places, you’ll find it invaluable.

* Although Windows Phone 7 does look promising

 Posted by Rob at 7:01 pm  Tagged with: Android, App, GPS, iPhone, utility

Team Foundation Server in the Cloud (Part 3): Builds, builds, builds

 Build and Config, Cloud Computing, Infrastructure, Team Foundation Server  5 Responses »
Sep 252011
 

Part 1Setting up TFS Azure
Part 2Configuring Visual Studio to use TFS Azure
Part 3Registering Team Build controllers for TFS Azure
Part 4 

Introduction

Continuing from Part 2, now that we have the essentials set up, we’ll take a look at how to utilize the full functionality of Team Foundation Server Azure.

Before we get too deep into the article – this from Microsoft:

5. Unable to configure a TFS 2010 build agent/controller

Unfortunately, the TFS 2010 build agent and controller is not compatible with the Team Foundation Service Preview. You’ll need to use the build server software that is part of the Team Foundation Server 11 Developer Preview. You can find information about that release here.

You’ll need to install a facet of the Team Foundation Server 2011 Developer Preview in order to configure a Build Controller and Agents.

Microsoft® Visual Studio® Team Foundation Server 11 Developer Preview is the collaboration platform at the core of the Microsoft Application Lifecycle Management suite of tools, which helps teams be more agile, collaborate more effectively, and deliver better software faster.

Anyhow, you’ll have to download the installer (choose from Web Installer, .iso or self extracting EXE).  you could start downloading while continuing reading this article.

TFS Preview invite codes

I’ve had a few readers contact me in regards to invite codes for TFS Preview.  AFAIK, I was able to help them all out; and I have a couple of code/activations (2-3) left. 
So if you haven’t received your own activation code yet, and want to get started ASAP, drop me a line and I’ll send you one of the last codes I have which still has activations available.

Continuing Along

So when we left off, we’d configured Visual Studio 2010 to connect to TFS Azure, but now it is time to consume TFS Azure by using some of the functionality available.  I’ve got a sample solution that I’ll be writing about and publishing in a later series of posts, and I’ll be using it as a guinea pig (test) of TFS Azure’s service.

Open the solution you’d like to manage under TFS Azure, connect to your TFS Azure account (follow steps in Part 2), and then add your solution to Source Control as you would for a normal solution.  I prefer to add my solution structure to the source control directory before opening the solution.  This makes it easier to bind.

You can check your bindings, you should be able to bind:

binding

Now, once the solution is opened, you’ll see that the files are pending in the source control window:

source tree

As a good developer always does, I’ve run my Unit Tests and ensured that everything is peachy:

UnitTestsPass

Now that everything is ready, I’ll commit my changes to the Cloud!

commit

Assuming all goes well, you commit should work successfully, and your solution is now hosted and bound to TFS Azure.

Building

Configuring automated builds, however, pose a tougher problem to solve.  First, I tried to create a build definition myself, as I would with TFS 2010.  I navigated my way to the Team Explorer window and right clicked on Builds and tried to create a “New Build Definition”:

create build

This was met (predictably) with the following (somewhat unhelpful) error message:

“TF225001: Creating a build definition requires a build controller be defined for this team project collection.”

controller

As mentioned earlier, and according to this known issues page – you’ll need to install the Team Foundation Server 2011 Developer Preview to define build and a build controller.

So, whilst we’re sitting pretty without our solution bound to source control, we can’t create continuous integration or other automated build definitions.  A pickle.

Configuring a TFS 2011 Build Service

I’ll be the first to pose this question – what’s the point of Team Foundation Server Azure (in the Cloud) if build controllers and build agents don’t also sit in the cloud?  It seems totally redundant to me, to go to the hassle of binding to Azure if I must create and maintain my own build controller and agents in what amounts to off-cloud hosting.

It is my hope that this is rectified sooner or later.

Nonetheless, moving on..

To set up a build controller/agent you can follow along here, watch Richard Hundhausen’s video or read BHarry’s post here.

Install

Once you’ve downloaded and mounted the TFS 2011 Developer Preview image, you’ll need to run the TFS Server install.  I realise that a separate installer for the build parts would be *far* more convenient, but you have no choice in the matter, it seems:

install

Once the variety of prerequisites are preinstalled (including the ominous copying  of installers to the dreaded “installer cache” you’ll be prompted with the following screen:

image

Configure Your Build Server

Since we’re only interested in the Build Service, select it from the left hand tree, and then click on “Start Wizard”.

Once you hit the welcome page, click “Next” ton configure your Build Service installation.  On the second page you’ll have to select your Team Collection, you do this in much the same way as from Team Explorer (refer to Part 2 for details).

imageimage

image

Once connected, you’ll notice that there are no build controllers.

Clicking Next, we’ll accept the default, and have a build controller and single build agent created for us.

image

image

On the next page, we’ll be prompted to provide credentials for the Build Service to run under.  Note that you can change the default port that the service will use to communicate with TFS Azure (9191 by default).  You might want to ensure you’ve opened the port with your firewall (or other systems).  Don’t forget to click on the “Test” hyperlink to authenticate the credentials you’ve supplied.

Also note that the service will use the Windows Live credentials you specified when you connected to the Team Collection, earlier in the configuration steps, not the credentials you specify now, to connect to TFS Azure.

image

Our final page is the configuration summary page.  Once satisfied that your configuration is correct, press the Next button:

imageimage

Once the checks have completed, click on the “Configure” button..

imageimage

Once finished, you should get (hopefully) all successes.  Your Build Controller is now registered with your TFS Azure account.

image

Finally – A Build Configuration

Now that we’ve configured a Build Controller.. we can return to Visual Studio 2010.  I refreshed my Team Explorer, then right clicked on the Build item and selected “New Build Definition”.  This time, a different result – success.

imageimage

Now I can configure my build as I normally would.  For my first build, I’m not going to bother with a drop folder, so I unchecked this option (above) and also in the Process configuration:

image

Building

Now I’ve saved my build configuration, I’m going to run a test build.  I right click on the build definition and select “Queue New Build”:

image

image

My initial build built, but failed the unit testing.  This was caused by one of the tests which launches an interactive WinForm.  Commenting out this form, and checking in, triggers the automatic Continuous Integration build.  With luck, everything passes the second time:

imageimage

Returning to our browser, if you log into your TFS console, ensuring you aren’t in the Administration section, you can browse and see the build history now:

image

Conclusion

TFS Azure represents a tantalizing option for teams to share their workspaces and automated builds, but until Build Controllers and Build Agents can be hosted in the Cloud too, build services are a major weakness.   It is also somewhat disappointing that the Build Server software isn’t packaged and made available as a separate installation package (less than 1 GB).

That said, I had no trouble at all in configuring the Build Service 2011 (Developer Preview) and the whole process from Visual Studio 2010 to TFS Azure to Team Build worked seamlessly the first time through, with no errors or installation show stoppers.

In the next article, we’ll look at some ways we can customize the build as well as set some more meta data, such as Areas/Iterations and team security settings.  We’ll also look at how we can link build definitions into our work items and how the registered builds play a part in our overall SDLC.

Check out http://www.tfspreview.com for more information, or the community message boards located here.

Part 1Setting up TFS Azure
Part 2Configuring Visual Studio to use TFS Azure
Part 3Registering Team Build controllers for TFS Azure
Part 4 
 Posted by Rob at 4:42 pm  Tagged with: Build Services, TFS 2011, TFS Azure

Product Numbering and Branch Management

 Build and Config, Process Methodology, Team Foundation Server  No Responses »
Sep 222011
 

Introduction

Recently I had to determine a universal product versioning syntax for our products and services.   This was done to ensure a level of consistency between projects and products. Depending on the deployment, currently there has been a wildly different format used between products and services.  

Given the recent adoption of Team Foundation Server 2010 (TFS), and the use of Team Build throughout the product and service range, the new numbering format and branching strategy is designed to support the functionality TFS provides.

Methodology

The cardinal rule of build and release management is: “each build must be unique”.  Without the ability to discern one build from another, a team cannot establish any baselines; nor can issues or defects be reported on, or resolved in, a specific (identifiable) release candidate.

To ensure every build is unique, every product or service release will be identified following a basic numbering format: [Major].[Minor].[Build].[Revision].  In addition to binary numbering (which accompanies files built as part of the build process), the build is identified also by the Build Configuration Name – the name and number form the unique build name within systems such as Team Foundation Server. 

Note that Continuous Integration builds do not require an increment in version number (to avoid a useless increase in the signal-to-noise ratio of build numbers registered in TFS).

image

[Major], [Minor]

The project management team for each project will define the [major] and [minor] numbers for each release in line with project goals and the addition of features and functionality etc. Typically a production release will involve a minor number increment, although should the changes warrant it, a major revision is also likely.

[Build Number]

The [build] number is an atomically increasing number which ensures the uniqueness of each release build and label. Note that CI builds should not increment the product number. Formal builds also create a label within source control, so that the exact source can always be retrieved at any point in the future.

[Revision Number]

The [revision] number should be incremented in the event of a rebuild e.g. due to a build failure or perhaps because a build doesn’t pass smoke testing (and needs to be fixed and rebuilt). The revision number should be reset to zero once the build is accepted.

Note that TFS 2010 uses build labels throughout work items in each Team Project (for example in Bug work items) so that work items can be tied to explicit builds which have been created. These, in turn, can also be linked to automation run executions, changesets, work items and so on.

[The Build Name]

Thus our standard production build will be represented by the following naming convention:

<[Build Configuration Name +  Number(Maj.Min.Build.Rev)]> Example: Widget Release Build [1.0.0.0]

Understanding Source Control

The standard approach to source control management has solutions arrayed in a specific folder structure, often defined as follows:

image

The following definitions are applied:

RootThe top level folder in a folder hierarchy
TrunkRepresents the main, ongoing development of a solution (or solutions)
BranchesTypically represents forks in the source control management, usually branched from the trunk

There are several different valid approaches to source control branching and without going into detail, the most common are:

  • Branch per Release
    • Branch contains a specific product release build
    • Useful for patching production releases
  • Code-Promotion Branches
    • Specific code can be isolated for specific testing
    • Useful for feature isolation development
    • Reduces instances of source file conflicts
  • Branch per Task
    • Rather than branching by feature, code can be isolated according to a specific task, such as vertical architecture changes (e.g. cross cutting concerns)
    • Branch per Component
    • For larger projects, individual components may be branched for independent development and release
  • Branch per Technology
    • Useful when dealing with multiple operating platforms or versions, development can be split in alignment with different technology alignment, or environments

Generally, these approaches stem from a rationale behind change isolation – i.e. reducing the impact of change on the development of a solution’s code base.  To learn more about these branching strategies, refer to the “Further Reading” section below.

Branching and Versioning Scenarios

The following are diagrams and scenarios which outline our approach to product and release versioning under branching scenarios.

Versioning Branches

Since our approach to release management dictates a unique build number per release, and typically an increment in the Major or Minor build number, we may branch source control at any time, continuing the product numbering in parallel.

This means that there may be concurrent builds of a solution with a similar – if not identical – version, differentiated by the build configuration/build definition naming.

When a release candidate is produced – and ultimately put into production – the remaining branches (or trunk, as applicable) are then incremented (typically with the minor version) so that ongoing development now represents the next logical product number.

Persisting Version Numbers

Anytime a Branch is merged back into the Trunk, the version number of the Trunk is persisted, not the branch version. The Branch can be resurrected at any time in the future, by branching from the merge change set.

If a Branch is merged into another Branch, typically the version number of the target Branch is kept.

A Release Versioning Example

Prior to release:

Trunk: 1.2.345.0
Branch A: 1.2.358.0 (branched from 1.2.298.0)
Branch B: 1.2.349.0

After a release from Trunk:

Trunk: 1.3.345.0 [Released as 1.2.346.0]
Branch A: 1.3.358.0 (branched from 1.2.298.0)
Branch B: 1.3.349.0

After a release from Branch A:

Trunk: 1.4.355.0 (branch A merged and released as 1.2.354.0 from the Trunk)
Branch B: 1.4.361.0

Patching

One of the most common scenarios involves patching a released product. Whilst normal development has continued on (on the source control trunk), a branch is created from the released code base, patched, and then the new updated release is deployed to production.

image

A Common Patching/Branching Scenario

Feature Isolation

Below you may observe two different approaches (labelled as options A and B) which can be undertaken to support “feature” branch releases – one scenario avoids a trunk release (option B); both are valid options no matter how many branches exist in parallel – they just require multiple source file merges.

image

In this scenario, the feature branch doesn’t feature the release patch until the final merge to trunk, prior to release

image

In this scenario, the release is made from the branch, then merged into the trunk

In general, it is considered a “best practice” to merge changes to the trunk and release as this avoids potential merges with other branches, and also means rolling changes can be included in other releases. It’s also far less messy in the long run.

Multiple Branch Releases

It is also possible to release and merge concurrent branches, although this carries a fairly large overhead, requiring merging of three (or more) different revisions of files. This has been captured in the following scenario:

image

In this scenario, Branches A and B are merged to the Trunk before being released

Additionally, rather than releasing from the Trunk, it is also possible to merge two branches into a “feature release branch”, prior to merging down to the Trunk. This is captured in the following scenario:

image

This release contains a “feature merge” branch, combining the changes from Branch A and B

Further Reading

Chris Birmele’s Branching and Merging Primer
http://msdn.microsoft.com/en-us/library/aa730834%28VS.80%29.aspx

 Posted by Rob at 2:42 pm  Tagged with: branching, build and release, Team Build, TFS 2010, versioning
 Older Entries

Aussie Wine Guy

Archives

© 2012 Rob Sanders: Sanders Technology Suffusion theme by Sayontan Sinha
WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera