November 2004 - Posts
Somasegar reports on the reach of Zero Bug Bounce’ (ZBB) milestone for Beta2 of Visual Studio 2005! Right now they're entering the Security Push. Despite all rumours they seem to be on target with Visual Studio 2005. Great!
But will the SQL Server 2005 Yukon delay have an impact on the Visual Studio 2005 Whidbey-release schedule as Stefan thinks?
Next Thursday, December 2nd, Rudi Larno and myself will do a "Sneak Preview of Enterprise Library" at the MSDN Belux Event "Unleashing the Potential of the Microsoft Platform". Registration and complete agenda for the event can be found here.
Some of the topics that we'll cover:
- Why Enterprise Library?
- Introducing Enterprise Library: Consistency - Extensibility - Ease Of Use - Integration
- Application Blocks Overview
- Using the Enterprise Library: demo of some of the application blocks
Enterprise Library is a set of reusable software components designed to assist developers with common enterprise development challenges. Enterprise Library brings together new releases of the most widely used application blocks into a single integrated download.
See you there!
CBDI posted a interesting read on the justifying SOA.
Abstract: "In this commentary we look beyond the buzz words of adaptability, agility and flexibility. The problem with IT architecture initiatives is that they are hard to justify and we wonder whether this reflects the immaturity of the architecture discipline in the IT space? We compare SOA with a well known example of a highly controversial architectural project - the Sydney Opera House."
Available via the Microsoft Download Center: Connected Systems for Developers.ppt
The slide deck (with comments!) covers:
- Service Orientation/Service Oriented Architecture
Characteristics of connected systems
Service Orientation in .NET: How to build – services/objects/components
How to expose services
Prepare for the future
Indigo
Jurgen Postelmans has [finally] setup his weblog. Welcome to the blogosphere Jurgen!
As he's quite busy at the moment, I guess we'll have to wait how much time he will spend blogging ...
Google Scholar enables you to search specifically for scholarly literature, including peer-reviewed papers, theses, books, preprints, abstracts and technical reports from all broad areas of research. Use Google Scholar to find articles from a wide variety of academic publishers, professional societies, preprint repositories and universities, as well as scholarly articles available across the web.
Just as with Google Web Search, Google Scholar orders your search results by how relevant they are to your query, so the most useful references should appear at the top of the page. This relevance ranking takes into account the full text of each article as well as the article's author, the publication in which the article appeared and how often it has been cited in scholarly literature. Google Scholar also automatically analyzes and extracts citations and presents them as separate results, even if the documents they refer to are not online. This means your search results may include citations of older works and seminal articles that appear only in books or other offline publications.
More on Google Scholar here.
Doug has an update on his blog on "What is Codezone really"? As the conceptual look shows: Codezone is about connecting not integrating!
More about "community content" on Marie's blog. She explains the searching and installation (end-to-end) for a project template from the community in the Visual Studio 2005 Beta 2 release. Also other components such as Item Templates, Code Snippets, Controls, Add-Ins, Project Templates,... could be found and installed for use from within your develeopment IDE. So, in a few months almost everything could be integrated in Visual Studio: IM integration, RSS Feeds, blogging support, newsgroups access, ... Add to this the Visual Studio 2005 Team System functionalities and Team Foundation, and the Visual Studio 2005 IDE will be "the" communication environment for all day work!
Doug Seven has a draft document on his blog, describing the WW Codezone platform vision. Codezone is about connecting people with other community people and connecting communities with other communities.
After outlining the goals and non-goals of the Codezone platform Doug lists the Codezone business requirements.
I'm interested to see how this WW Codezone will move forward. Off course, once the platform has been provided it's up to the Individual Contributors, Communities, Influencers and User Groups to create the necessary "connectivity" (content) to make this a success. I already expressed some of my thoughts on the Codezone initiative here.
At the STARWEST 2004 Software Testing conference, Compuware has previewed and demonstrated two new DevPartner products that will launch early next year.
These new products, Compuware DevPartner Fault Simulator and Compuware DevPartner SecurityChecker, significantly extend the ability to detect and diagnose software quality errors in Microsoft-technology applications during the development process.
DevPartner Fault Simulator
DevPartner Fault Simulator is a tool to test and debug the error-handling code in your applications. Fault Simulator helps you troubleshoot error handlers without disrupting the operating or debugging environment by safely injecting simulated faults into the application code. Fault simulations are repeatable and reliable, and can mimic real-world situations without risking the application under test. Through fault simulation, you can uncover problems in your code prior to deployment.
Fault Simulator is available:
- Integrated into Visual Studio .NET — Analyze and debug error handlers in your source code.
Run as a Standalone — Simulate faults in a running program.
Executed from the Command Line — Use scripts and batch files to automate the testing of applications.
Fault Simulator supports hundreds of .NET Framework Class Library methods and can simulate a large number of exceptions defined for those methods. In addition, Fault Simulator can simulate environmental faults in applications built with unmanaged languages (C++).
Fault Simulator helps you perform your job more efficiently in several ways:
Within Visual Studio .NET, you can select a line of code ,and Fault Simulator identifies the list of exceptions that you can simulate at that location. This helps you understand what faults your code must handle.
Provides the means to safely simulate faults: You can simulate a .NET Framework fault on a line of code or one that is independent of location. You can also simulate an environmental failure in the target application. Properties, parameters, and conditions, associated with every fault allow you to further refine your simulation.
Provides comprehensive results: Fault Simulator displays information about the faults being simulated and how they are being handled as the simulation is taking place. Upon completion of the simulation, it also provides comprehensive results about the error handling in the application code. You can access the results from within the debugger or operating environment. This access includes logs of program functions, stack tracing, and fault details.
DevPartner SecurityChecker
DevPartner SecurityChecker is an Automatic Error Detection tool designed to find the following major types of errors in your ASP.NET application:
Insecure coding practices
Execution errors
Application integrity issues
Deployment issues
DevPartner SecurityChecker provides three types of analysis:
- Compile Time Analysis searches for vulnerabilities in source code, HTML files, and web.config files. Compile time analysis requires your code to compile cleanly, and can be used at any time throughout the development cycle. Because compile time analysis probes only static code, it runs quickly, fitting easily into the early development phase.
- Run time analysis will monitor your ASP.NET application at run time. It searches for security related errors associated with code access security, file system access, etc. Run time analysis can be used to locate hard to find security errors as you exercise your ASP.NET application.
- Integrity analysis will replay a series of known vulnerabilities against your ASP.NET application. It analyzes the application for security related issues including cross site scripting errors, SQL injection attacks, parameter tampering, etc. Any errors found are recorded and clearly presented to the developer along with a detailed description of the problem and possible solutions.
SecurityChecker gives you two options for analyzing your ASP.NET application: You can direct the analysis to specific pages, fields, and links on a page within your application. Or you can choose to let SecurityChecker automatically analyze each page in the application. These analysis options give you the ability to customize analysis to see specific pages, or to get “the big picture” of your application’s security. Once you have analyzed your application, you can generate different levels of reports and distribute the analysis results to your team. They can use the reports to correct security issues and validate that recent changes do not introduce new vulnerabilities.
Technical detail reports retain extensive details about the vulnerabilities discovered. Summary reports cover high level information such as the number of issues found and the category and severity of those issues. SecurityChecker can also export the results to an XML file so that you can use your own stylesheet to generate a custom report format.
When to use SecurityChecker during the application development cycle
Begin with regular Compile time analysis during the coding and building phase.
- Add Run time analysis as the project enters the testing phase.
Perform Integrity analysis at the completion of any work unit, as well as in the debugging phase. Because integrity analysis provides excellent field validation, it should be used often.
As you make changes and repair vulnerabilities, re-run SecurityChecker to verify that no new vulnerabilities have been introduced.
At Code Complete run a full analysis on the application to verify readiness for production.
DevPartner Fault Simulator and SecurityChecker will extend the DevPartner family to enable development teams to achieve still greater benefits in quality and productivity. As both DevPartner Fault Simulator and SecurityChecker are currently still in beta testing, more information concerning the general availability and pricing of these products will be announced at a later date.
Meanwhile I’m alpha/beta testing both products and, even in this early builds, I'm already amazed of the power of both products, especially the SecurityChecker functionality is great!
It should be clear that even with the introduction of the new quality assurance tools in Visual Studio 2005 Team System, these tools show that products like DevPartner can complement Visual Studio capabilities'. They greatly enhance the ability to analyze applications and help delivering guidance on software development best practices.
I'll post my findings later at this location. If you’re interested in the use of these products, drop me a mail!
If you really don't want to miss a webcast, here is a printable calendar of upcoming webcasts created by the MSDN Webcasts team.
A list of the November MSDN Webcasts is available here.
Looking forward to an official rss feed of upcoming webcasts.
ScrumMaster Chris Flaat has successfully completed his first Scrum sprint. In this post he shares his thoughts on:
the software tools to use to manage Scrum sprints
using Scrum inside a big organization
how to deal with specs and documentation in Scrum
I'm very interested to hear your thoughts and experiences using Scrum or any other agile processes to manage software development!
What will be part of "Enterprise Library 1.0" which will be released to the web in January 2005? Scott Densmore gives us the answers here and here. More info on the GDN workspace.
Microsoft released the Domain-Specific Language tools as a technical preview [Download]. Using this graphical designer hosted in Visual Studio 2005, you can create the domain-specific concepts for a custom diagram designer. The underlying technology was used to create the Class Designer and Distributed System Designers in Visual Studio 2005.
This walkthrough shows how to create:
Concepts
Relationships
Include-relationships
Inheritance
More DSL information can be found here:
White papers: Walkthrough of the Microsoft Tools for Domain Specific Languages
Jochen Seemann's Blog: The first technical preview
DSL Tools Newsgroup
Report Bugs and Suggestions
Jon Udell talks about "New directions in source code analysis" or why TDD and run-time checking are both useful techniques and are complementary.
[Full article: Source code analysis breaks new ground]
Microsoft recenly released an MSDN-article on testing a web part: "Checklist for Testing SharePoint Web Parts". [Via Tim Heuer]
As all your created web parts - your SharePoint building blocks - inherit from Microsoft.SharePoint.WebPartPages.WebPart, you should override various methods of this class to implement your own functionality. It's also worth mentioning that the WebPart class inherits from the System.Web.UI.Control class. This is the same class from which the class System.Web.UI.WebControls.WebControl inherits. So, both custom ASP.NET controls and web parts are almost exactly the same and behave as such:
they both have properties that are set during the design of the user interface,
they both have runtime behavior that is affected by the values of these properties,
and they both are usable from within Visual Studio .NET through the Visual Studio toolbox.
All this means that your developed web parts, just as your ASP.NET applications, should meet the same quality requirements. This can easliy be achieved by using DevPartner Studio for code review, performance analysis, code coverage and memory analysis or by using other tools like AutomatedQA AQTime 4 for performance profiling and memory debugging.
However if you don't have access to any of those products to ensure that your requirements are met, this checklist is a great place to start for SharePoint developers!
Yesterday the Thoughtworks guys released a new version (CCNet 0.7 RC-1) of their