Microsoft is hosting the Devs4Devs again this Saturday if anyone is interested, you can still register for the event at:
https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032391093&Culture=en-ZA
There are some very cool topics being presented, and if the last one was anything to go by it should be an engrossing event. For more info please check out Eben De Wit’s blog:
http://dotnet.org.za/eben/archive/2008/09/10/devs4devs-saturday-18-oct-2008-jhb.aspx
I will be presenting a topic again (Yes, yes - they’re letting any old riff raff in 
) on Linq as a Unified Query Language, looking at the role of Linq in specialised data access as well as why it should be considered a staple for maintainable application design. Rather than focussing on the packaged set of Linq providers that Microsoft has... provided... (D’Oh!) I am instead going to look at a couple of the more specialised (LinqToXSD, LinqToObjects) and community (LinqToAD, LinqToExcel) Linq Providers. There is a vast plethora of cool providers available to us, the developer, to add to our arsenal. Now let’s just hope my Active Directory VM behaves itself...
LINQ - The Swiss Army Knife of Data Access
While much deserved hype has been lauded on Microsoft’s stable of Linq providers – LinqToSQL, xLinq, LinqToEntities, the power of Linq as a unified query language is such that you can ‘linq’ to virtually anything. Anything? Anything...
With community and commercial projects alike driving the development of custom Linq Providers to suit every possible need, as developers we find ourselves in a position of control over our over-arching data access strategies. This talk will highlight the flexible nature of Linq in various scenarios by highlighting a couple of the more mature Linq frameworks available, showing how knowledge in Linq empowers the developer to create a diverse array of functionality using the same core principles.
The task of expanding the stable of controls for Silverlight 2 has fallen to the same team responsible for the incredibly successful and community oriented ASP.NET AJAX Control Toolkit. Led by Shawn Burke there seems to be a lot of promise for Silverlight as a platform in the VERY near future, with their estimated ship date being PDC at the end of October. While Silverlight is a powerful and flexible platform, it's been a little shy in the rapid application development space with simple things often becoming very tedious to implement (well - for me at least 
). They plan to host the toolkit on codeplex after it hits 80% product completeness with frequent rolling releases; the only downside being that they don't plan on accepting customer fixes. But nevertheless the outlook is bright indeed..
Hit the linkage for more...
http://blogs.msdn.com/sburke/archive/2008/09/17/control-freak.aspx
http://silverlight.net/blogs/jesseliberty/archive/2008/10/04/silverlight-controls-controls-team-and-testing.aspx
I was clearing up my RSS backlog when I came across an incredible post on Oren Eini's blog. In the post he poses a very interesting take on the logging question:"Does your application have a blog?". While my first instinct was that it was a frivolous idea, I managed to squelch skepticism and carry on reading (If only to try and clear Google Reader). Anyone that's ever had to troll through reams and reams of poorly implemented log files will understand the need to improve application logging mechanisms, and, while there are many great flavours and alternatives, it never really seems to be worked into the project plan to implement properly. And no matter how good the logging framework is, sorry log4net, it's only as useful as the programmer's will let it be...
So, while the idea of a blogging application seems trivial at first, it does seem to address a couple very fundamental issues.Verbose Messages: What went wrong and why? What is the application going to do about it? Hey, why not tag the post with the exception type and namespace. That way you can view the 'logs' chronologically, by failure, or by area. Expose the blog internally. Set up an RSS feed to it that people can subscribe to if they want. Include it as a part of the application's knowledgebase. You know - the one you put all of the technical documentation on...
Definitely a cool idea if done properly, but could be quite a pain to do properly...
Tech Ed (IMHO) is always technology concentrate – too much to absorb at once. But now that the blur of sessions and binge drinking is past us we get to reflect upon what we learnt and experienced in a more meaningful manner – exploring the different avenues and options that these events inevitably open up to us. Personally, I took a different approach this year and rather than scattering myself over everything I focussed on Data Access technologies (Linq and Entity Framework) and Communications technologies (Yeah, let’s call a spade a spade – pretty much JUST WCF). I also only went to level 300+ sessions, which I will not do next year. I think some of the sessions were inappropriately marked, and I think next year I will target and follow specific speakers around.
Nevertheless, there were a number of speakers I did really enjoyed that I would like to bring your attention to - partly to thank them for the insight the provided me with, and also partly to draw attention to them. If you have the opportunity to attend a presentation by any of them, please please do yourself the favour.
Hilton Giesenow:
We (should) at least all know of Hilton, as he’s a member of our own community as well as one of our very own C# MVPs, so I’m pretty sure that this will be preaching to the choir. I went to all of his Linq to SQL sessions as well as his ASP.NET optimisation session, and they were worth their weight in gold. Although I disagree with his dislike for lazy loading (tale for another time), I really enjoyed his sharing of real world experience with this stuff. So often the canned examples we get fed are largely trivial and academic, but Hilton seems to consistently give ‘lessons from the trenches’. :P
I do have to apologise to him for monopolising his time after sessions, as I’m sure by the end of the week he was gatvol of seeing me standing in the queue of people too shy to ask questions in front of everyone.
http://dotnet.org.za/hiltong/
Shyam Pather:
Shyam Pather is a Principal Development Manager on the Data Programmability Team at Microsoft, and partly responsible for creating the ADO.NET Entity Framework. (Yeah – I stole that line from the Tech Ed site...)
I’d like to thank Microsoft SA for bringing him out as he spoke incredibly candidly regarding the stable of different data access methodologies (LinqToSQL / Entity Framework /Old School ADO.NET) and what their pro’s and con’s of each as well as Microsoft’s perspective on the future potential/development of the different platforms. I went to all of his sessions and found that he consistently provided a very honest and relevant perspective on the offerings. Considering his position working as a part of the Entity Framework team I would have thought he would have been more biased in his approach, however as I have already said – this was not the case.
I found his and Hilton’s sessions went very well hand in hand, as different perspectives on the same subject, and found that the value of the combined experience was far greater than either individually. These two speakers specifically gave me a lot to think about, but again a tale for another time (hopefully later this week).
Ron Jacobs
Although I only went to one of his sessions, Ron Jacobs is a great speaker – as can be expected of a senior Platform Evangelist I s’pose. I went to his talk about RESTful web services, which was very cool but I don’t think I’ll be moving away from SOAP for line of business apps. As with so much at this Tech Ed, I got the distinct impression that it’s ‘the right tool for the job’ stuff. Sometimes it’s appropriate to build REST web services, and when you do – never fear, WCF can do it too! Man I love WCF...
http://blogs.msdn.com/rjacobs/
Bart de Smet
I only went to see Bart’s last session on creating custom Linq providers, and I was immediately upset by the fact that I had missed the rest of his sessions. I have no idea how. He showed an incredibly deep and technical understanding of how Linq works at the base level, and gave the best explanations of the decomposing Linq expression tree. The Tech Ed site says that Bart is “A former Visual C# MVP, Bart De Smet now works at Microsoft Corporation on the WPF dev team in an SDE role”.
I have no idea what an SDE role is, but pretty pretty please Microsoft can we have him back to talk again. A good speaker that can explain incredibly complex concepts and make them seem intuitive – hell yeah!! As I speak I’m busy checking out the source for Nhibernate.Linq to dig into their custom providers thanks to this session. J But again, more on that later...
http://community.bartdesmet.net/blogs/bart/Default.aspx
Stephen Attenborough
Wow. What to say about this...
Never in my wildest dreams would I have thought someone would stand in front of me and present commercial space travel in sincerity. It was an absolutely mind blowing presentation, that words cannot do it justice. The footage was amazing. The speaker was amazing. It was just.... Amazing...
Please go take a look for yourselves. Do yourself a favour.
http://www.virgingalactic.com/
Tech Ed in general
There was a lot of discussion about Tech Ed moving from Sun City that I don’t really feel is necessary. The decision was made for capacity reasons, and so be it. I think the ICC is a great venue, I do however feel that it could have been used better. Another of my concerns is that at Sun City, no matter where you went there were Tech Ed delegates, but in Durban there was no central place for delegates to go to, so Durban seemed very empty indeed. I don’t know if there’s any way around that, and I know it shouldn’t make a big difference to the conference as a whole, but it is one of those niceties at Tech Ed – to be able to meet new people that share the same industry and focus towards technology that you do. (Ok ok, in truth I’m just sick of going to Rivets... It doesn’t have a patch on Traders ok?!) Also, I know that Eben and Ahmed put a lot of effort into planning the dev track, and they did a great job cramming in a whole lot more sessions. The only gripe that I personally had was that the Monday was sparsely populated with sessions that I was really interested in, and then there were too many sessions to go to on Tuesday afternoon and Wednesday morning... J I know that it is impossible to juggle all the options and keep everyone happy, and don’t get me wrong all-in-all they did a very good job at it - it’s just one of my few gripes. I’m also not sure who specifies the levels of the sessions. Are they set independently of who the speaker is? Because I found that some of the level 300s were not technically deep enough, and some of the 200’s were, because of the presenter, far more technical and detailed than expected – which was a good thing.
But these are all really very minor problems - completely and utterly overshadowed by the quality of some of the speakers invited.
Thanks for Tech Ed everyone involved, it rocked!
UPDATE:
Man that's bad - mental note: rememer to proof read AFTER publishing in Windows LIve Writer. Thank you Tinus for pointing out the duplicate paragraphs in my post. To everyone else - sorry for being a chop...
This has been around for a while, so I apologise if it’s ‘old hat’, but I found it both entertaining and enlightening. I found this list of common TDD Anti-Patterns off of a wikipedia link when I was searching for best (and obviously worst) practices for using TDD. I think an important part of knowing what the next step is, is knowing where you shouldn’t be stepping… (That made sense in my head, ok? :P )
Nevertheless, thank you very much Mr.Carr, this will be bookmarked…
http://blog.james-carr.org/?p=44
Seeing as we’re taking this whole blogging thang seriously, I thought I’d take a look at refining my processes (I know, I know. Not a phrase you often hear developers uttering )… I’d heard more than just whispers regarding Windows Live Writer, and I thought I’d try it on for size. So far it seems pretty feature-full, and very easy to setup. I was concerned that it may struggle to connect to Community Server, but my worries were all in vain, as the setup was detailed and included Community Server as one of it’s many supported blog engines. We’ll see how it pans out in the long run, but for the moment it seems like it’s going to work just fine.
Useful Linkage:
A step by step guide to setting it up, but I don’t think it’s really necessary.
http://www.rjdudley.com/blog/Configuring+Windows+Live+Writer+For+Live+Community+Server.aspx
UPDATE:
Oooookay. So, just as I finish the post and try and publish (despite doing a test run before this) our proxy server decides ‘orly?’ and throttles our connection – resulting in a resurgence of my arch nemesis, the timeout. AARGH!
The post did eventually publish, and just fine it seems, but still a pain in the posterior. I really hate proxy servers. You know, there are so many awesome applications that get built that just don’t have adequate proxy support, or they do and the domain admins become even more draconic about what the lock out. **sigh** Port 80 can only take so much…
I presented at an event this weekend called Devs4Devs, which
was a Microsoft hosted community event where Eben swindled a whole bunch of
developers to brave the early hours of Saturday to come and listen to other
devs preach about their flavour of the week – it was awesome...
It was my first time presenting at an event like this, but,
despite the nerves, it was a hell of a lot of fun. Thanks to Eben, Ahmed and
Microsoft for hosting the event and to everyone who attended for supporting the
community.
I especially want to thank everyone that stumbled into my
presentation; not only did you not throw stuff at me (like I mentioned the
nerves, this was a real concern), you seemed not to sleep through (although 20
mins is a little short to fall asleep in – Eben kept us on our toes) and some
of you even enjoyed the topic - thanks guys, you rock.
I have attached my Topic Abstract for posterity, and if I
figure out how I will attach the presentation and Demo application as well. If
there’s any need for it, I can expand on my explanation of the topic in another
post, but if not I’ll go onto some more interesting stuff.
As a note – async web service calls really work. They’ve
saved our bacon in a big way, and are currently being used in production. They
rock big time.
Liberating
Synchronous Processes from the Tyranny of Timeouts
SOAP Web services provide us with an open and extensible platform for
developing distributed applications driven by the implicit need to transport
data in a secure, efficient and accessible manner. While web services afford us
fantastic cross platform integration opportunities, they will most often be
consumed by data aware .NET client applications. As a practical consideration to this, one
which is particularly relevant in a local context, developers need to be aware of the shortfalls
of transmitting data over http, which are the limitation of bandwidth and
connection speed. Synchronous calls are sufficient in very simple implementations,
but as soon as any kind of significant processing happens on the server,
whether batch processing or large queries, the client application will begin
experiencing unresponsiveness and even timeouts.
The primary purpose of this presentation will be to
very simply illustrate the implementation of asynchronous web method calls to
replace costly synchronous operations. It will also go on to briefly explore
the utilising asynchronous calls to change the behaviour of the client
application to become more flexible and data aware without negatively impacting
responsiveness.
Points to discuss:
o
Basic 'Fire
and Forget' Service Calls
o
Binding
Callback Handlers to Web Service requests
o
Uniquely
identifying calls and responses using state
o
Practical
implementation of asynchronous web service calls in an essentially synchronous
process
o
Extending
the use of asynchronous calls beyond emulating the synchronous
AsyncExample.zip
Presentation.zip
This is fantastic!
https://downloads.channel8.msdn.com/
Microsoft has made some of their premier devlopment tools available to download for academic purposes. If you can verify that you are a student at a university in one of the countries they recognize (unfirtunately not SA), then you can freely download VS2008 Professional, Windows Server 2003, Expression Studio, and XNA Studio 2.0 (which is free anyway isn't it?).
This is the kinda suff that gets overlooked when people go M$ bashing, and while I appreciate that it's an attempt to give themselves exposure to developers at a grassroots level - it's still giving away the stuff. You look at scholar licenses (as in have to pay for) for other software and it's still pricey, usually has gimped functionality, and has splash screens / watermarks / other annoying stuff in it.
Very, very cool indeed - now only if they'll recognize SA.
Stumbled across something interesting while looking through
the Windows Live Labs site – Windows Live Volta - and with a bizarre project
name like that I had to take a look, but I really wasn’t expecting what I
found.
“The Volta technology preview is a developer toolset that enables you
to build multi-tier web applications by applying familiar techniques and
patterns. First, design and build your application as a .NET client
application, then assign the portions of the application to run on the server
and the client tiers late in the development process. The compiler creates
cross-browser JavaScript for the client tier, web services for the server tier,
and communication, serialization, synchronization, security, and other
boilerplate code to tie the tiers together.”
It appears to be a framework that, come compile time, splits
up the code on a form and generates all the appropriate boilerplate code for is
depending on the Attribute decoration of various methods - breaking a flat set
of code into several tiers of application. I’m not sure how practical it would
be in real world dev, considering that these are the kinda decisions you really
should be making early on in the lifecycle, but still a fascinating find. It’s
very cool to see Microsoft supporting projects like this, as well as the others
on the Live Labs site.
And here I thought it would have something to do with
Windows Live... :P
http://labs.live.com/volta/
We’ve needed
to batten down the hatches on the application we’ve been working on to make
sure that it will be secure come go live (which is today incidentally, I’ve
been sitting on this post for a while) and the task fell to me to delve into
the murky waters of Web Service Security (WSS in future for the TLA buffs). Our
application is, in a nutshell, a smart client forms app connecting to an
ASP.NET Web Service – both in C#, and we needed to secure the users calling the
web services, as well as prevent the ‘replayability’ of the soap requests. Now,
our initial login method call is secure as we can get it, of that we’re pretty confident,
so all we needed to do was secure the rest of it. Ok... Enough back story, but
two things first:
- An important point to make at this
juncture, is that a lot of what lies below is my hackery of concepts that form
the building blocks of the Web Service Extensions framework (WSE 1, 2, and 3).
The correct way to implement WSS
would be to use it, but unfortunately at this late stage of our project it
introduced an unacceptable risk for us to run with it. (This is the excuse
known as “my boss wouldn’t let me”... It’s my excuse and I’m sticking with it
so nyah.
- This is really the kind of stuff that
should be included from the ground up in your design. We were just very lucky
that we got away with doing it now, piggy backing of our request provider code.
Todo:
·
Ensure that
multiple (replayed) calls to the service fail
·
That the
user is authenticated against both the message sender as well as a
unique identifier kept in session on the server.
·
That the unique
identifier kept in session expires properly, and also gets renewed properly
·
The failing
of authentication fails gracefully on the user interface, but is also handled
locally so as to not happen mid query (pre-emptive).
Implementation:
·
Client
contacts the server using a secure login procedure, and as a part of this
procedure the server generates a Token comprised of a unique identifier
that it saves in a dictionary collection (which will contain some kind of
custom struct to hold all of the information) along with the creation time (to
facilitate session expiry) and then returns this Token to the client for
subsequent requests.
·
On
subsequent requests the client will generate it's own unique identifier in the
form of a Key with which to sign the request as unique (possibly just
use the MessageID). The Token will then be salt-ed with this Key
and then encrypted using sha1. The token will not be sent to the server, only
the final message Signature will be sent along with the originating user
and the Key.
·
On the
server side, this message will be received and the originating user validated
against (using its own unique identifier) the database. Then the Token will be retrieved from
the dictionary, and the same process of salt-ing and sha1-ing the Token
and Key will be performed and then matched against the message Signature
as well as against it's expiry date to
see whether or not to allow the request. If this does not match, then the
request will be discarded with a thrown exception, otherwise the service will
then proceed to check the Key against a stored collection of recently
used Keys to make sure that it isn't a replayed request. If the Key
is found, then the message is rejected with an exception, otherwise the Key
is stored for future comparison, the Token expiry is refreshed and
processing continues.
That's what we've done at a very high level, and it works. We've had some trouble with synchronising between the client and server, but we'll iron that out over time. For the moment what we do is throw a custom security exception and handle it elegantly on the client by prompting the user to log in again. This opens up a new kettle of fish though, because the ASP.NET web services do not propgate the custom exceptinos very well, but that is a discussion that'll have to wait for another day.
Here are the resources I found useful, and again please note that most of them are regarding WSE, and I would highly recommend using it - I will be in future:
http://www.codeproject.com/KB/webservices/WS-Security.aspx
http://en.wikipedia.org/wiki/WS-Security
http://msdn.microsoft.com/en-us/library/ms977317.aspx
Is this thing on?
Trying this puppy out a a potential new home..
UPDATE:
Ok, think I've beaten everything into a rough shape. Sooooo.....
Let the Chaos begin...