Reviews
Anything I find that is consumable and worth talking about within the context of .Net
I am getting to know OneNote now that I am a laptop user. It has been very useful in meetings and very good for organizing my thinking/working, but I learned a couple new things last week that are worth noting:
- You can capture audio as a note. I am finding this very useful when listening to .NetRocks shows and I want to save a small part of it that I can get back to quickly. I can add my own text comments right there as well as relevant URLs, etc. Just change the audio input source to Wave Out Mix in the Options dialog box.
- You can capture screenshots into a note (Insert Menu -> Screen Clipping). This is only in OneNote Service Pack 1. I am currently in the design phase of an application and this is very handy. I can take a screenshot into the note and then share the note in meetings with the team. You can even do this when OneNote is closed using the OneNote icon in the system tray.
Last week I got to attend the Microsoft Security Summit in Detroit. The event lasted an entire business day, and was broken down into a keynote address followed by four sessions that covered three different tracks: 200 Level Networking, 300 Level Networking and 200 Level Developer. I personally attended all four Developer sessions.
The keynote address was given by Tom Button, VP of the Windows product management group. He gave a dynamic talk and clearly outlined Microsoft's broad range of security efforts. Most of the focus was on XP and Windows 2003 server. During his presentation there was a demo of XP sp2. It looked good, I need to see more so the XP sp2 RC1 CD that every attendee got will come in handy. Tom laid out an excellent view of Microsoft's vision of security as well as an overview of all the current intiatives and their future directions.
Of the four Developer sessions, three were OK and one was terrific. Of the three that were OK, much of the material was an overview or shallow demos (it is a 200 Level track). For instance cryptography and and impersonation were explained in the first session, with a demo of installing a SSL certificate and a demo of the authentication options for a web site. The second session covered different types of exploits like buffer overruns and SQL injection with simple demos. It was better than the first session, the speaker was much more excited about the topics and it came across in the presentation.
The third session was a winner. It covered threat modelling in detail, followed by an extensive demo of securing web.config in ASP.Net. The speaker covered a ton of great material there, information that I had to really dig for when I was first trying to secure web.config for my own projects. On top of that, he covered additional information about machine keys that I could really use. The demos in this session were much more in-depth that the previous two.
The last session fell into the pattern of the first two. Much more theoretical and less code.Some of the topics covered included .Net Code security, using the GAC, and using identity and principal objects. The session was better than the first two, but not as in-depth as the third.
Overall, I think Microsoft did an excellent job of presenting a wide range of material at the Summit. Since there was only one Developer track advertised at a 200 level, most of the information was somewhat basic, but if you were new to developing or to .Net it was certainly worthwhile. The speakers included enough advanced material to keep more experienced developers from losing out as well. It's a difficult balance to strike. For what was promised up front, the Summit delivered.
I got the chance to attend the ASP.Net Roadshow in Detroit/Ann Arbor this past Tuesday. It was given by Rob Howard, ASP.NET Program Manager and one of the driving forces behind www.asp.net.
Rob was a very engaging speaker, and despite working with ASP.Net for over a year, I didn't find the presentation to be dragging at all. There were nuggets for developers at all different levels throughout the presentation. The material was mostly basic, as the target audience was really developers and managers thinking about moving to ASP.Net. Rob performed most of the talk by writing code to demonstrate his points, which helped out the more experienced users in the audience. Much of the material he covered througout the presentation contained a fair amount of the “WOW” factor by demonstrating large effects with little code, such as autoformatting a datagrid or connecting to a database and fetching information.
The second half of the presentation focused on Security demos and Whidbey demos. The security demos focused around impersonationa and SQL injection. Good stuff for all ranges of developers to keep in mind.
For me, this was the first real exposure to Whidbey. A few things in particular stood out about what I saw:
- For ASP.Net, Whidbey takes an approach much more like VB6, focusing on the Visual design aspects and not much on the code. In fact, he repeatedly pointed out how much could be done without any code at all.
- The strong visual RAD aspects of Whidbey will draw lots of non-programmers to ASP.Net, much like VB6 did for the Visual Basic language.
- The RAD visual development aspects of Whidbey have much going on “Under the Hood“. This of course will require real trust for the developers. Is it really flexible, or will it turn out to be like the web controls that shipped with Visual Interdev 6.0 that in theory were great, but just didn't offer the flexibility? Only time and experience will tell us that.
- For so much to be going on “under the hood“, there must be a price to pay somewhere in overhead. Is it in the Viewstate? This wasn't mentioned, but it's got to be somewhere.
Overall, it was worth the three hours. I picked up information I can use today, and got a pretty good view of what is coming with Whidbey. Every person who turned in an evaluation got a copy of Microsoft ASP.Net Coding Strategies with the Microsoft ASP.Net Team, plus there was a giveaway at the end of some T-shirts and two Pocket PCs.
There a fascinating discussion going on at Tim Sneath's blog about the functionality of the business layer moving to compiled stored procedures in Yukon. At least in my project, we have been doing that very thing and struggled with the n-Tier issue as a result. In our case, the database is Oracle 8i, and the application is/was ASP, which we are now converting to .Net. We have some very complex business logic encapsulated in PL/SQL stored procedures. There were two concrete reasons for the decision:
- The amount of data that would need to be transferred was huge.
- Oracle is more efficient than ASP code at many of the operations involved.
With ADO.Net, some of the ineffieciency may be addressed, but the database is designed for efficiency at certain operations that ADO.Net won't be able to match.
We did not need to approach this from a scalability issue, as the app receives hundreds of hits per hour, not thousands or more. I still think it will scale OK as your business objects will have much shorter life spans and you can still pool and queue database connection objects if needed due to long-running stored procedures.