More on migrating partially-trusted managed assemblies to .NET 4

Some additional searching on changes to code access security revealed a very helpful article on migrating partially-trusted assemblies.  What I posted yesterday about preserving the previous behavior is found a little over halfway through the article, in the Level1 and Level2 section.

One thing this new article makes clear is that use of SecurityRuleset.Level1 should only be used as a temporary measure until code can be updated to support the new security model.

Upgrading .NET assemblies from .NET 3.5 to .NET 4.0

Code access security is one area that has changed quite significantly between .NET 3.5 and .NET 4.0.  Once an assembly has been upgraded, if it allowed partially-trusted callers under .NET 3.5, it would throw exceptions when called under .NET 4.0.  In order to make such assemblies continue to function after being upgraded, AssemblyInfo.cs needs to change from this:

[assembly: AllowPartiallyTrustedCallers]

to this:

[assembly: AllowPartiallyTrustedCallers]
[assembly: SecurityRules(SecurityRuleSet.Level1)]

Once this change has been made, the assembly will work under the same code access security rules that applied prior to .NET 4.0.

Why GDP Matters for Schoolkids

Planet Money, one of many podcasts I listen to in Beltway traffic, had a great episode recently attempting to explain why GDP is important.  The reporter contrasts the resources for a school in Kingston, Jamaica with a socioeconomically similar school in Barbados.  The difference in what a country can do with a per-capita GDP of approximately $15,000/year (Barbados) versus around $5600/year (Jamaica) turns out to be quite staggering.  Hearing about teachers paying for school materials out of their own pockets sounded a lot like what I’ve heard and read in news stories and features about inner-city schools here in the U.S.  One part of the piece that I believe has broader applications to how foreign direct investment (FDI) is used worldwide is when Jamaica’s minister of education (Andrew Holness) explained why the FDI Jamaica has received hasn’t resulted in the expected benefits to the country.  It boiled down to not having enough sufficiently-educated people to staff the projects being built, whether it was bauxite plants or anything else.

A paper by Peter Blair Henry (a Jamaican-born economist) goes into more detail on the comparison between Barbados and Jamaica.  There’s also a podcast of him from last year on the same subject.  I can’t vouch for these latter two links (yet), but the Planet Money episode is worth a listen if you’re at all interested in economics.

When 3rd-party dependencies attack

Lately, I’ve been making significant use of the ExecuteDDL task from the MSBuild Community Tasks project in one of my MSBuild scripts at work.  Today, someone on the development team got the following error when they ran the script:

“Could not load file or assembly ‘Microsoft.SqlServer.ConnectionInfo, Version=9.0.242.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91’

It turned out that the ExecuteDDL task has a dependency on a specific version of Microsoft.SqlServer.ConnectionInfo deployed by the installation of SQL Server 2005 Management Tools.  Without those tools on your machine, and without an automatic redirect in .NET to the latest version of the assembly, the error above results.  The fix for it is to add the following XML to the “assemblyBinding” tag in MSBuild.exe.config (in whichever .NET Framework version you’re using):

<dependentAssembly>
<assemblyIdentity name=”Microsoft.SqlServer.ConnectionInfo” publicKeyToken=”89845dcd8080cc91″ culture=”neutral” />
<bindingRedirect oldVersion=”0.0.0.0-9.9.9.9″ newVersion=”10.0.0.0″ />
</dependentAssembly>

Thanks to Justin Burtch for finding and fixing this bug.  I hope the MSBuild task gets updated to handle this somehow.

Continuous Integration Enters the Cloud

I came across this blog post in Google Reader and thought I’d share it.  The idea of being able to outsource the care and feeding of a continuous integration system to someone else is a very interesting one.  Having implemented and maintained such systems (which I’ve blogged about  in the past), I know it can be a lot of work (though using a product like TeamCity lightens the load considerably compared with CruiseControl.NET).  Stelligent isn’t the first company to come up the idea of CI in the cloud, but they may be the first using all free/open source tools to implement it.

I’ve read Paul Duvall’s book on continuous integration and highly recommend it to anyone who works with CI systems on a regular basis.  If anyone can make a service like this successful, Mr. Duvall can.