Monday, October 12, 2015

Loose hood lock on my old QX4

This post is definitely not about IT.

As almost everybody else in US I own a car. It's an old SUV - QX4. Being on visa does not let you to earn more to keep more, so I have to spend less to keep more :) And so I fix my own car.

Anyway, this particular model is known to have one common problem - loose front hood lock. In many forums you can find the problem described as "hood rattle". I've seen a lot of forum posts about this problem, but I never actually thought that I have this problem as well.

About a week ago I noticed that my hood...shakes. Nothing crazy, but it really did not feel like it was dead on where it was supposed to be. It was definitely a bit loose. And I bet that it was like that for all the previous year!

So after a very easy fix (undo 3 bolts, push the lock down as much as possible, level the lock, tighten the bolts) I took a car for a test drive and I was shocked. All the explainable rattle, muffled clanking on speed bumps and bunch of other symptoms are gone ! I was always blaming the suspension, mounts and any piece that has rubber in it, and all this time the problem was in a front hood lock.... Crazy!

Friday, October 9, 2015

Why does my PC refuse to fall asleep?

I have a Windows 8.1 machine, and it would not sleep no matter what.

The display would turn off, but it just never wanted to go into the Standby mode.

Long investigation revealed two issues:

  1. The common one - media streaming + the homegroup issue (this one is easy to google).
  2. My soundcard driver was keeping the PC awake using SetThreadExecutionState API.
If you are only looking for the first one, you can use powercfg.exe /requests, and look for any requests on the SYSTEM level. You can actually override such requests and if it is the only problem, then it will go away.

The other one can only be detected by running the powercfg.exe /energy command. It generates a report which includes information about everything that Windows knows about Just run that, read the report, read through everything in the Error section. Any problem related to preventing windows from sleeping has to be addressed. In my case I had to install a proper driver instead of a default one.

Btw, a side note on the first issue. In my cases tweaking media sharing settings or the homegroup settings did not actually help. The following this was still showing up in the report from powercfg /requests: "\FileSystem\srvnet"

At the end the solution was quite simple: stop and disable Homegroup Listener and Homegroup Provider services (I do not us the homegroup) and a service called "Windows Media Player Network Sharing Service". That was it, the request for staying awake was gone.

UPDATE: It has turned out that after the restart the sound card driver is still preventing my PC from sleeping. There are two applications that can be blamed for that: Steam and UPlay. Both have some well-known bugs that do not release the sound card resources, and that prevents the PC from entering the Sleep mode. So either have to close the apps, or press the sleep button manually. Eventually I will look into some brute force way of overriding this behavior - I would rather have my PC go to sleep when unattended than not go to sleep unless I remember to press the button...

Monday, July 13, 2015

Signing ClickOnce WPF application

So let's say you have a WPF application that you want to distribute using ClickOnce. Like I am doing with my Visual Task Map.

If you want your users to download and run your application without going through multiple scary red dialog windows with warnings, you need to sing it.

A lot of information on this topic is scattered all over the web. Microsoft has a good set of articles about it. There are bunch of answered questions on Stack Overflow. But sometimes you just want the short version. So here it is.


  1. To sing any code you need to buy a code signing certificate
  2. Update project settings to sign and timestamp the ClickOnce manifest.
  3. Add a BeforePublish target into your project to sign the executable before it becomes part of the ClickOnce package.
I am using Comodo timestamping server - http://timestamp.comodoca.com/authenticode, but there are plenty of other servers to chose from. For example you can use this one: http://timestamp.verisign.com/scripts/timstamp.dll. It does not make any difference, any timestamping server will work.

Signing the manifest is simple as you just go o the project properties, Signing tab, and use your certificate (the one that you just bought, the one that has the private key) to sign the manifest. That is also where you can specify the timestamping server that will be used to timestamp the manifest.

You might also assume that signing the executable is as easy as signing the manifest because there is one more checkbox in the same dialog that says "Sign the assembly". You would be wrong. This is where you provide a certificate, used to create a Strong Name for your assembly, and your awesome new certificate won't work. Also, you don;t actually care about the strong-naming your executable. This is a good article about the difference between what VS does and what you need.

So how do you sing the executable ? There are no easy project options that will allow you to do that. And when you are dealing with ClickOnce, it all becomes a bit more complicated as ClickOnce sources binaries from the Obj folder, not the usual Bin folder, and the executable in the Obj folder has to be signed precisely at the right time: after it was actually built, but before the ClickOnce publishing mechanism has picked it up.

You can read more details about this here, and then here.
But the short version is that you need to add a call to singtool.exe into your project file. Something like this:
<Target Name="BeforePublish" Condition="'$(Configuration)|$(Platform)' == 'Release|AnyCPU'">
  <Exec Command=""C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\signtool.exe" sign /n "My Name" /t http://timestamp.comodoca.com/authenticode $(ProjectDir)obj\$(ConfigurationName)\$(TargetFileName)" />
</Target>

One important thing to remember is that the BeforePublish action works incorrectly with WPF applications in VS2013 RTM (and AfterCompile option did not work for me either). But this problem has been resolved in VS2013 Update 4 - be sure to install it.

Where to get a code signing certificate

Recently I wanted to sign some code and I had to find and buy a certificate for that purpose.

Short version of the story: I got this one. It was frustrating and cheap. Had to notarize a personal statement, provide a photocopy of driver license, credit card and a utility bill. Also had to publish all my personal contact info on manta.com.

Now, the long version.

First of all, not all certificates are equal - it has to be a code signing certificate (or at least it has to include that capability).

But the majority of code signing certificates are the same. I found an interesting article on this topic.

I compared VeriSign, Thawte, Comodo, K-Software and StartSSL.

First two are crazy expensive and can/should only be used by enterprises that have extra money, so I decided to ignore them from the very beginning. Prices are above 300$

Comodo and K-Software are both selling same certificates (issues by Comodo), but K-Software offers them at lower price. This is the option that I ended up going with.

The last one is StartSSL. The price is very low (59$ for 2 years for the individual certificate). But they do not support time stamping, which means that once your certificate expires your code is no longer signed. (So all of sudden your users start getting errors and warnings and would be forced to contact support or just download the latest version).

About the actual process. K-Software side of the deal is very straightforward and it is very nice dealing with their support. Really nice and helpful.

But once you start to deal with the Comodo side of the deal, it feels like some parallel universe where nothing makes sense. From my conversations it looks like all of their staff is in India and their call center is in India. Those guys are trying their best to work with you, but they still fail.

To get a certificate you have to be authenticated as future owner of the certificate. This means that you will be asked to provide a government-issued photo ID (Driver License), a document that ties you to your home address (for example, a utility bill), and a document that ties you to a financial institution. (Credit card or bank statement). They ask you to fill in an notarize a personal statement about you being you and living where you said you are. This was easy, as any UPS store has a notary in it and it costs around 10$ to notarize that one statement.

The email from Comodo says that you must mail the papers overnight to them - that's extra 50-60$ right there. But a quick call to their support has revealed that it is not necessary - just scan the papers and submit online.

The most frustrating part about that process is that they must find your phone number online in one of the public databases, like www.whitepages.com or www.manta.com. If you own a company, then it's not a big deal - the phone number and the address of  your company are both public. But when you are an individual software engineer you do not want your contact information in the public directories.

Unfortunately there was no way to work around this requirement - I had to publish my info on manta.com, they took a phone number from there, a machine called me on that number and gave me some verification code.

After that you get your certificate. It will be installed straight into the certificate store on your machine, so don't be surprised when the final page just says "Success" and nothing else happens. Just export the certificate from the certificates store and you'll have your file.