Poupou's Corner of the Web

It's been two weeks since I started blogging (somewhat privately until now). I searched to a good simple tool and found that there are way TOO much blog tools available. However I didn't find the right tool for me (what a lame excuse for rolling my own ;-). I just wanted a simple, free, Windows rich-client application that could upload my blog via ftp. I had a near-miss with Blog 7.1 but it didn't support RSS :-(.

Am I alone using (or hoping for) such kind of blog software ?

Well after (too) much reading I still haven't found exactly how to use UsernameToken to sign a SOAP message. This is definitively not part of the original WS-Security specification (where UsernameToken is defined) or addendum but there is a rough and incomplete description about it in WS-Trust. So far I'd no luck implementing this for Mono::. I guess it's time to ask the newsgroups :-(

It seems that my two old articles on XKMS version 1.0 have been "semi-retired" from VeriSign's XML Trust Center. This is the proof that no one should trust the web memory ;-). Here are local links to copy of both outdated articles: Part I : Building a XKMS client using the .NET Framework and Part II: Building a XKMS service using ASP.NET.

I finally found the way to duplicate the undocumented (not found in MSDN's Unmanaged API Reference but present in StrongName.h) GetHashFromAssemblyFile results. It was simpler than expected as it only hash the metadata inside a PE file.

This gives me a way to compare if two assembly are identical except for their signature (like sn -D asm1 asm2). However it seems to be unrelated to the hash used to sign assemblies :-(. So it's not over yet...

Well it's now official on Mono home page - you can sign and verify Authenticode® compatible signatures using 100% managed and open source code. That's right you can now sign Windows executable files (EXE, DLL, OCX...) under Linux, FreeBSD and other operating systems supported by Mono::. I guess I should concentrate on strongname support now.