GAC Changes in Windows Server 2012

Prior to Windows Server 2012, gacutil is typically used to install DLL files in the Windows Global Assembly Cache (GAC). With Windows Server 2012 unfortunately it's not quite so easy. Being able to simply open the GAC in Explorer and drag/drop is gone (so yeah, no shell!). Also GacUtil.exe is not present on the server by default as part of runtime. In order to use gacutil like earlier versions of Windows, we would need to install the .NET SDK on the server which is not really a good idea (defense in depth; only have runtime on server). Of course copying-pasting gacutil.exe doesn’t work (dependencies).

Since we are all too familiar to.NET versions prior to 4.0, GAC used to be in the c:\windows\assembly window and had a custom shell extension to flatten the directory structure into a list of assemblies. Like mentioned earlier, the shell extension is no longer used for .NET versions 4.0 and up. Since we have .NET 4.5 on server machines, its GAC is stored in c:\windows\\assembly. You just get to see the actual directory structure. Locating the assembly isn't that difficult, start in the GAC_MSIL directory and you should have no trouble locating your assembly there by its name. Locate the folder with the same display name as your assembly. It will have a subdirectory that has an unspeakable name that's based on the version and public key token, that subdirectory contains the DLL.

Therefore, PowerShell is the recommended approach to do the GAC install. Following are the instructions on how to install the dll to GAC in Windows 2012 Server. For EL6, we ended up writing the following powershell script.

Set-location "C:\tmp"
 [System.Reflection.Assembly]::Load("System.EnterpriseServices, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")
 $publish = New-Object System.EnterpriseServices.Internal.Publish

Happy Coding!


WCF Handling Nested Attributes in AttributeGroup

tldr; SVCUtil does not Generate Code for Nested Attributes in AttributeGroup; here is the code (github repo) and explanation of a workaround.

Beyond Controlled HelloWorld() samples, interoperability standards are not black and white, rather a process that has shades of gray. If you've worked on consuming 3rd party 'enterprise' API's, you may have encountered problems with flattening of WSDL’s, or when generating a service proxy using svcutil.exe, noticed that not all attribute groups gets generated.  For instance, an attributeGroup wrapping another which contains attributes, those attributes will NOT be generated.

I tried a few things like using the DataContractSerializer but it appears that the attributeGroup is ignored by design. The only workaround appears to be removing the extra attributeGroup wrapping. DataContractSerializer does not recognize the attributeGroup (see Data Contract Schema Reference) and as you have already noticed, Xsd (essentially the XmlSerializer) does not recognize nested attributeGroups.

One Reference workaround that is described here, essentially asks you to replace the attributeGroup elements with the actual attributes.

For example:

<xs:attributeGroup name="myAttributeGroup">
<xs:attribute name="someattribute1" type="xs:integer"/>
<xs:attribute name="someattribute2" type="xs:string"/>

<xs:complexType name="myElementType">
<xs:attributeGroup ref="myAttributeGroup"/>

should be transformed into:

<xs:complexType name="myElementType">
<xs:attribute name="someattribute1" type="xs:integer"/>
<xs:attribute name="someattribute2" type="xs:string"/>

To do this in a repeatable manner, following code provides a good starting point on how to handle the attributeGroup issue. Here is a before and after screenshot of WSDL's.

SVCUtil does not Generate Code for Nested Attributes in AttributeGroup


I created a small C# app to transform the data, and then run svcutil to generate the WSDL. essentially replacing all instances of <attributeGroup ref=”xxx”> with the definitions of <attributeGroupname=”xxx”>, just as described in the link that I provided earlier.

XDocument wsdl = XDocument.Load(inputFile);

IEnumerable<XElement> attributeGroupDefs =
.Where(w => w.Attribute("name") != null)
.Select(x => x);

foreach (
XElement r in
.Where(w => w.Attribute("ref") != null))
string refValue = r.Attribute("ref").Value;

foreach (XElement d in attributeGroupDefs)
string defValue = d.Attribute("name").Value;
if (refValue == defValue)
IEnumerable<XElement> s =
d.Elements("{}attribute").Select(x => x);
foreach (XElement e in s)

.Where(w => w.Attribute("ref") != null)


This may require some more tweaking, but it appears have corrected all / most of the attributeGroup issues (I only spot checked this).

Happy Coding!


Dissertation - Done!

Screen Shot 2014-08-26 at 10.37.48 AM


P≠NP - A Definitive Proof by Contradiction

Following the great scholarly acceptance and outstanding academic success of "The Clairvoyant Load Balancing Algorithm for Highly Available Service Oriented Architectures, this year I present P Not Equal to NP - A Definitive Proof by Contradiction.


P Not Equal to NP - A Definitive Proof by Contradiction


Click here to read the entire paper in PDF. P Not Equal to NP - A Definitive Proof by Contradiction.


LyX/LaTeX formatting for the C# code

If you are googling trying to find a good way to insert C# code in LyX, this is where you'd probably end up. MaPePer has provided a very good solution; I have modified it slightly (hiding tabs and removing comments) and following is illustration on how to use it in LyX.

First thing you'd need is a Lyx document (LyxC#CodeListing.lyx). Empty one works well.

Add the following to Preamble (Document-> Settings-> LaTeX Preamble)


\lstloadlanguages{% Check Dokumentation for further languages ...

\definecolor{red}{rgb}{0.6,0,0} % for strings

morecomment=[l]{//}, %use comment-line-style!
morecomment=[s]{/*}{*/}, %for multiline comments
morekeywords={ abstract, event, new, struct,
as, explicit, null, switch,
base, extern, object, this,
bool, false, operator, throw,
break, finally, out, true,
byte, fixed, override, try,
case, float, params, typeof,
catch, for, private, uint,
char, foreach, protected, ulong,
checked, goto, public, unchecked,
class, if, readonly, unsafe,
const, implicit, ref, ushort,
continue, in, return, using,
decimal, int, sbyte, virtual,
default, interface, sealed, volatile,
delegate, internal, short, void,
do, is, sizeof, while,
double, lock, stackalloc,
else, long, static,
enum, namespace, string},
\captionsetup[lstlisting]{format=listing,labelfont=white,textfont=white, singlelinecheck=false, margin=0pt, font={bf,footnotesize}}


In the preamble (Document-> Settings-> LaTeX Preamble)


Now add a program listing block. Hopefully you have the listing package installed otherwise you can always use the listing MikTeX update.



Now add the code to the listing block.


and then Ctrl-R






Happy Lyxing


References & download LyxC#CodeListing.lyx




Machine Learning - On the Art and Science of Algorithms with Peter Flach

Over a decade ago, Peter Flach of Bristol University wrote a paper on the topic of "On the state of the art in machine learning: A personal review" in which he reviewed several, then recent books, related to developments in machine learning. This included Pat Langley’s Elements of Machine Learning (Morgan Kaufmann), Tom Mitchell’s Machine Learning (McGraw-Hill), and Data Mining: Practical Machine Learning Tools and Techniques with Java Implementations by Ian Witten and Eibe Frank (Morgan Kaufman) among many others. Dr. Flach mentioned Michael Berry and Gordon Linoff’s Data Mining Techniques for Marketing, Sales, and Customer Support (John Wiley) for it's excellent writing style citing the paragraph below and commending "I wish that all computer science textbooks were written like this."

“People often find it hard to understand why the training set and test set are “tainted” once they have been used to build a model. An analogy may help: Imagine yourself back in the 5th grade. The class is taking a spelling test. Suppose that, at the end of the test period, the teacher asks you to estimate your own grade on the quiz by marking the words you got wrong. You will give yourself a very good grade, but your spelling will not improve. If, at the beginning of the period, you thought there should be an ‘e’ at the end of “tomato”, nothing will have happened to change your mind when you grade your paper. No new data has entered the system. You need a test set!





Now, imagine that at the end of the test the teacher allows you to look at the papersof several neighbors before grading your own. If they all agree that “tomato” has no final ‘e’, you may decide to mark your own answer wrong. If the teacher gives the same quiz tomorrow, you will do better. But how much better? If you use the papers of the very same neighbors to evaluate your performance tomorrow, you may still be fooling yourself. If they all agree that “potatoes” has no more need of an ‘e’ then “tomato”, and you have changed your own guess to agree with theirs, then you will overestimate your actual grade on the second quiz as well. That is why the evaluation set should be different from the test set.” [3, pp. 76–77] 4




That is why when I recently came across  "Machine Learning The Art and Science of Algorithms that Make Sense of Data", I decided to check it out and wasn't disappointed. Dr. Flach is the Professor of Artificial Intelligence at the University of Bristol and in this "future classic", he left no stone unturned when it comes to clarity and explainability.  The book starts with a machine learning sampler, introduces the ingredients of machine learning fast progressing to Binary classification and Beyond. Written as a textbook, riddled with examples, foot-notes and figures, this text elaborates concept learning, tree models, rule models, linear models, distance-based models, probabilistic models to features and ensembles concluding with Machine learning experiments. I really enjoyed the "Important points to remember" section of the book as a quick refresher on machine-learning-commandments.

The concept learning section seems to have been influenced by author's own research interest and is not discussed in as much details in contemporary machine learning texts. I also found frequent summarization of concepts to be quite helpful. Contrary to it's subtitle and compared to it's counterparts, the book however is light on algorithms and code, possibly on purpose. While it explains the concepts with examples, number of formal algorithms are kept to a minimum. This may aid in clarity and help avoiding recipe-book-syndrome while making it potentially inaccessible to practitioners. Great at basics, the text also falls short on elaboration of intermediate to advance topics such as LDA, kernel methods, PCA, RKHS, and convex optimization. For instance, in chapter 10 "Matrix transformations and decompositions" could have been made an appendix while expanding upon meaningful topics like LSA and use cases of sparse matrix (pg 327). It is definitely not the book's fault; but rather of this reader expecting too much from an introductory text just because author explains everything so well!

As a text book on On the Art and Science of Algorithms, Peter Flach definitely delivers on the promise of clarity, with well chosen illustrations and example based approach. A highly recommended reading for all who would like to understand the principles behind machine learning techniques.

Materials can be downloaded from here which generously include excerpts with background material and literature references, full set of 540 lecture slides in PDF including all figures in the book with LaTeX beamer source of the above.


Public Bookmarks - NoSQL/NewSQL, Spanner, Agile et al

Makes for a "light" sunday morning reading list :)


P&P -Data Access for Highly-Scalable Solutions: Using SQL, NoSQL, and Polyglot Persistence

NoSQL Performance & Failover benchmarking

Ultra-High Performance NoSQL Benchmarking: Analyzing Durability and Performance Tradeoffs

 "Quick" NoSQL Comparison: Measuring performance and failover of Aerospike, Cassandra, Couchbase, and MongoDB

NoSQL Failover Characteristics: Aerospike, Cassandra, Couchbase, MongoDB

Thumbtack Technology's YCSB Benchmark GitHub Repository

Thumbtack Technology's NoSQL Test Results Repository


Aero Spike

AeroSpike: Flash-Optimized NoSQL DB  (200k TPS, sub-millisecond latency)

Aerospike 3: Documentation


Google Spanner




Google Spanner's Most Surprising Revelation: NoSQL Is Out And NewSQL Is In

Wired: Google Spans Entire Planet With GPS-Powered Database

Spanner: Google's globally distributed database

Cloudant Labs on Google Spanner



NewSQL - Scalable Relational Databases

The NewSQL Movement

SQL Makes a Comeback through NewSQL

Choosing a Next-Gen Database: The New World Order of NoSQL, NewSQL, and MySQL

Integrating SQL & NoSQL & NewSQL Realtime Data Intelligence for the Financial Industry

Choose the "Right" Database and NewSQL: NoSQL Under Attack

MySQL vs NoSQL and NewSQL - Survey Results (451 Research)


Big data Reference Glossary


Foundation  DB

The Transaction Manifesto

ACID claims: Which modern databases support ACID transactions?


FoundationDB: Problem Statement

FoundationDB: Solution Statement

FoundationDB Architecture

FoundationDB: Core Features

FoundationDB: Core Anti-Features

FoundationDB: Consistency

FoundationDB: The Future of NoSQL

FoundationDB: Layers

FoundationDB: Layer Catalog

FoundationDB: Getting Started

FoundationDB: Developer Guide

FoundationDB: API Reference

FoundationDB: SQL Layer Documentation

FoundationDB: SQL Layer REST API Reference

FoundationDB: SQL Layer REST API Getting Started Guide

FoundationDB: Tutorials

FoundationDB: Data Modelling


The Year in NoSQL

Gartner 2013 Magic Quadrant for Operational Database Management Systems

Comments on the 2013 Gartner Magic Quadrant for Operational Database Management Systems

DB-Engines: A Knowledge Base of Relational and NoSQL Database Management Systems

DB-Engines Ranking Page

451's NoSQL LinkedIn Skills Index

Martin Fowler's NoSQL Page

NoSQL, No Problem: An Introduction to NoSQL Databases (Thoughtworks)

NoSQL Databases Comparison (Kristof Kovacs)

Visual Guide to NoSQL Databases

NoSQL Options Compared: A Developer's Look at the Primary NoSQL Options   (Dr. Dobbs, March 2013)

NoSQL Comparison Table

How To Compare NoSQL Databases for Performance and Reliability

Benchmarking Top NoSQL Databases: A Performance Comparison for Architects and IT Managers (DataStax, Feb 2013)


an open-source project to easily create lightweight, portable, self-sufficient containers from any application.  The same container that a developer builds and tests on a laptop can run at scale in production, on VMs, bare metal, OpenStack clusters, public clouds, and more.


Create and configure lightweight, reproducible, and portable development environments.
Orient DB


OrientDB on GitHub

Presentation: OrientDB: The database for the Web

OrientDB vs MongoDB

Presentation: OrientDB 

A Look at OrientDB: The Graph-Document NoSQL

Book: Getting Started with OrientDB


Presentation: Switching from relational to the graph model (Luca Garulli)

Presentation: Select the right model - Document vs. Graph, what is the answer?

Presentation: OrientDB Distributed Architecture


Xen breakout

VUPEN Method Breaks Out of Virtual Machine to Attack Hosts

NSA Keeps Its Hands Clean, Buys Zero-Day Vulnerabilities From French Firm Vupen

Subverting the Xen hypervisor (part 1)

Preventing and Detecting Xen Hypervisor Subversions

Bluepilling the Xen Hypervisor


Mirage OS


Technical Background





PaaS Decision Matrix Simplified


The Seven Wastes of Software Development  (Matt Stine)

#1: Partially Done Work

 #2: Extra Features

#3: Relearning

 #4: Handoffs

#5: Delays

#6: Task Switching

#7: Defects


How to Manage the 7 Wastes of Agile Software Development (Vijaya Kumar Bandaru)

Agile Teamwork: 3 Ways to Minimize Handoffs (Mike Cohn)


Courtesy - David Lazar


Hacktivity - Software Threat Modeling by Shakeel Tufail

Threat modeling and diversion tactics; a good high level overview on software security.

There are only a handful of threat modeling approaches in the industry which are difficult to implement due to the subjective guidelines. Our training session will focus on best practices and a hands-on approach that will provide attendees a better understanding of how to conduct threat modeling in their organization. Most threat models focus on attackers, we will look at the threat model using trust zones, identifying assets, indirect threats, and ambiguity analysis. We will also speak about secure design concepts and best practices for securing software architecture.

Learning Objectives: At the end of this workshop, participants will be able to:

  • Understand the basics of threat modeling software applications
  • Understand the meaning of threats, attack vectors, and trust zones
  • Learn about ambiguity analysis
  • Learn about secure design concepts
  • Learn best practices for securing software architect

Architectural Frameworks– Is Kruchten's 4+1 Still Relevant in an Agile World

 “The first matrix I designed was quite naturally perfect…. a triumph equaled only by its monumental failure. I have since come to understand that the answer eluded me because it required a lesser mind, or perhaps a mind less bound by the parameters of perfection.”

-The Architect. The Matrix Reloaded (Wachowski & Wachowski, 2003)

A lot has been changed in the world of architectural frameworks since the 1995 IEEE software (Volume:12, Issue: 6 ) paper by Philippe Kruchten on  Architectural Blueprints — The “4+1” View Model of Software Architecture was published.  Various other viewpoint and perspectives have been emerged including but not limited to RM-ODP, Siemens, SEI's Views and Beyond, Garland and Anthony (UML), Integrated architecture framework (IAF), Zachman, E2AF, Geram and TOGAF.

Architecture frameworks are the design methodologies used in architecture modeling. These frameworks provide a structure, organization and system to help design complex systems in an effective manner. The relevance of software architecture in agile world is a highly contested topic and it is hard to cover in a blog post. Simon Brown’s Coding the architecture is a great place to start understanding the place of architecture in an agile world. An excellent paper on Agility and Architecture—Can they coexist?  Software, IEEE  (Volume:27 ,  Issue: 2 ) also provide a good comparative analysis of pros’ and cons related to architecture in an agile space.

Abstract: Software architecture is taking a bad rap with many agile proponents; big up-front design, massive documentation, smell of waterfall, it is pictured as a non-agile practice, something we do not want to even consider; though everybody want to be called an architect. However, certain classes of system, ignoring architectural issues too long “hit a wall” and collapse by lack of an architectural focus. Agile architecture: a paradox, an oxymoron, two totally incompatible approaches? In this paper we review the real issues at stake, past the rhetoric and posturing, and we suggest that the two cultures can coexist and support each other, where appropriate.

Since 4+1 View Model was published, it has been a widely accepted idea in the architectural community that there is no single view of software architecture. Regardless of where you find yourself on the software-architecture-spectrum-battler, there are always various concurrent views, each of which addresses a specific set of concerns. The purpose of an Architects (albeit a coding one) is to capture the design decisions in multiple views and use the stories to illustrate and validate them. Considering the 4+1 model,

...the logical view describes the design's object model when an object-oriented design method is used. To design an application that is very data driven, you can use an alternative approach to develop some other form of logical view, such as an entity-relationship diagram. The process view describes the design's concurrency and synchronization aspects. The physical view describes the mapping of the software onto the hardware and reflects its distributed aspect. The development view describes the software's static organization in its development environment.

Happy coding!


Architectural Blueprints—The “4+1” View Model of Software Architecture

A comparative analysis of architecture frameworks

Software Systems Architecture: Working With Stakeholders Using Viewpoints and Perspectives

Alignment in Enterprise Architecture: A Comparative Analysis of Four Architectural Approaches


Cyber security for service oriented architectures in a Web 2.0 world: An overview of SOA vulnerabilities in financial services

My recently published IEEE Paper

Cyber security for service oriented architectures in a Web 2.0 world: An overview of SOA vulnerabilities

Service oriented architecture is fast becoming ubiquitous enterprise software architecture standard in public and private sector alike. Study of literature and current attacks suggests that with the proliferation of Web API and RESTFul services, the attack vectors prioritized by OWASP top 10, including but not limited to cross site scripting (XSS), cross site request forgery (CSRF), injection, direct object reference, broken authentication and session management now equally apply to web services. In addition service oriented architecture relies heavily on XML/RESTFul web services which are vulnerable to XML Signature Wrapping Attack, Oversize Payload, Coercive parsing, SOAP Action Spoofing, XML Injection, WSDL Scanning, Metadata Spoofing, Oversized Cryptography, BPEL State Deviation, Instantiation Flooding, Indirect Flooding, WS-Addressing spoofing and Middleware Hijacking to name a few. In this paper, we review various such security issues pertaining to service oriented architecture. These and similar techniques, have been employed by Anonymous and other hacktivists, resulting in denial of service attacks on financial applications. While discussing the national security perils of hacktivism, there is an excessive focus on network layer security, and the application layer perspective is not always part of the discussion. In this research, we provide background information and rationale for securing application layer vulnerabilities to facilitate true defense in depth approach for cyber security.

Published in:
Technologies for Homeland Security (HST), 2013 IEEE International Conference on

Date of Conference: 12-14 Nov. 2013

author={Masood, Adnan},
booktitle={Technologies for Homeland Security (HST), 2013 IEEE International Conference on},
title={Cyber security for service oriented architectures in a Web 2.0 world: An overview of SOA vulnerabilities in financial services},
keywords={Availability;Data security;Information security;Information systems;SOA;Service oriented architecture;Web services;cyber security;secure design;secure software development;security assessment;security awareness},

Go to Top